public void RemoveRole(string principal, string role, string adObject) { String id = null; String domain = DirectoryServices.GetDomain(principal, out id); Principal p = DirectoryServices.GetPrincipal(id, domain); DirectoryEntry target = DirectoryServices.GetDirectoryEntry(adObject); if (p == null) { throw new AdException($"Principal [{principal}] Can Not Be Found.", AdStatusType.DoesNotExist); } else if (target == null) { throw new AdException($"Target [{adObject}] Can Not Be Found.", AdStatusType.DoesNotExist); } if (Roles.ContainsKey(role)) { DirectoryServices.DeleteAccessRule(target, p, Roles[role].AdRights, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.All); } else { throw new AdException($"Role [{role}] Does Not Exist.", AdStatusType.DoesNotExist); } }
public UserPrincipal CreateUserPrincipal() { String name = this.Identity; String path = DirectoryServices.GetDomainDistinguishedName(); String domain = DirectoryServices.GetDomain( path ); UserPrincipal user = null; if ( DirectoryServices.IsDistinguishedName(this.Identity) ) user = DirectoryServices.CreateUserPrincipal( this.Identity, this.UserPrincipalName, this.SamAccountName ); if (this.Properties?.Count > 0) user.Save(); // User Must Exist Before Properties Can Be Updated. UpdateUserPrincipal( user ); return user; }
public void Handler_UserTestsSuccess() { String userName = $"testuser_{Utility.GenerateToken( 8 )}"; String userDistinguishedName = $"CN={userName},{workspaceName}"; Dictionary <string, string> parameters = new Dictionary <string, string>(); // Create User Console.WriteLine($"Creating User : [{userDistinguishedName}]"); parameters.Clear(); parameters.Add("returngroupmembership", "true"); parameters.Add("returnaccessrules", "true"); parameters.Add("identity", userDistinguishedName); parameters.Add("userprincipalname", $"{userName}1@{DirectoryServices.GetDomain(userDistinguishedName)}"); parameters.Add("samaccountname", userName.Substring(0, 19)); parameters.Add("displayName", $"Test User {userName}"); parameters.Add("description", $"Test User {userName} Description"); parameters.Add("password", "bi@02LL49_VWQ{b"); parameters.Add("enabled", "true"); parameters.Add("accountexpirationdate", DateTime.Now.AddDays(30).ToString()); parameters.Add("smartcardlogonrequired", "true"); parameters.Add("delegationpermitted", "true"); parameters.Add("homedirectory", "Temp"); parameters.Add("scriptpath", "D:\\Temp\\Scripts\\startup.bat"); parameters.Add("passwordnotrequired", "false"); parameters.Add("passwordneverexpires", "true"); parameters.Add("usercannotchangepassword", "false"); parameters.Add("allowreversiblepasswordencryption", "true"); parameters.Add("homedrive", "D"); parameters.Add("givenname", "Test"); parameters.Add("middlename", "Bartholomew"); parameters.Add("surname", "User"); parameters.Add("emailaddress", "*****@*****.**"); parameters.Add("voicetelephonenumber", "713-555-1212"); parameters.Add("employeeid", "42"); // Add Properties parameters.Add("initials", @"[ ""TBU"" ]"); parameters.Add("physicaldeliveryofficename", @"[ ""Company Plaza 2"" ]"); parameters.Add("othertelephone", @"[ ""713-555-1313"", ""7135551414"", ""713-555-1515"" ]"); parameters.Add("wwwhomepage", @"[ ""http://www.google.com"" ]"); parameters.Add("url", @"[ ""http://www.bing.com"", ""http://www.altavista.com"", ""http://www.cnn.com"", ""http://www.fakenews.fox.com"" ]"); parameters.Add("logonworkstation", @"[ ""Workstation001"" ]"); parameters.Add("userworkstations", @"[ ""Workstation002"" ]"); parameters.Add("c", @"[ ""US"" ]"); parameters.Add("l", @"[ ""Translyvania"" ]"); parameters.Add("st", @"[ ""Louisiana"" ]"); parameters.Add("streetaddress", @"[ ""13119 US-65"" ]"); parameters.Add("postofficebox", @"[ ""666"" ]"); parameters.Add("postalcode", @"[ ""71286"" ]"); parameters.Add("co", @"[ ""United States"" ]"); parameters.Add("countrycode", @"[ ""840"" ]"); parameters.Add("title", @"[ ""Laboratory Assistant"" ]"); parameters.Add("department", @"[ ""Vampire Studies"" ]"); parameters.Add("company", @"[ ""True Blood Inc."" ]"); parameters.Add("manager", $"[ \"{manager.DistinguishedName}\" ]"); parameters.Add("profilepath", @"[ ""D:\\Temp\\ProfilePath"" ]"); parameters.Add("homephone", @"[ ""832-555-1212"" ]"); parameters.Add("otherhomephone", @"[ ""832-555-1313"", ""832-555-1414"" ]"); parameters.Add("pager", @"[ ""281-555-1212"" ]"); parameters.Add("otherpager", @"[ ""281-555-1313"", ""281-555-1414"", ""281-555-1515"" ]"); parameters.Add("mobile", @"[ ""346-555-1212"" ]"); parameters.Add("othermobile", @"[ ""346-555-1313"" ]"); parameters.Add("facsimiletelephonenumber", @"[ ""318-555-1111"" ]"); parameters.Add("otherfacsimiletelephonenumber", @"[ ""318-555-2222"", ""318-555-3333"", ""318-555-4444"" ]"); parameters.Add("ipphone", @"[ ""504-555-1111"" ]"); parameters.Add("otheripphone", @"[ ""504-555-2222"", ""504-555-3333"" ]"); parameters.Add("info", @"[ ""Keep Out Of Direct Sunlight"" ]"); parameters.Add("lockouttime", $"[ \"0\" ]"); ActiveDirectoryHandlerResults result = Utility.CallPlan("CreateUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User.DistinguishedName, Is.EqualTo(userDistinguishedName)); Assert.That(result.Results[0].User.Properties["st"][0], Is.EqualTo("Louisiana")); Assert.That(result.Results[0].User.Groups, Is.Not.Null); Assert.That(result.Results[0].User.AccessRules, Is.Not.Null); string userPrincipalName = result.Results[0].User.UserPrincipalName; string samAccountName = result.Results[0].User.SamAccountName; string sid = result.Results[0].User.Sid; string guid = result.Results[0].User.Guid.ToString(); // Get User By Name Console.WriteLine($"Getting User By Name : [{userName}]"); parameters.Clear(); parameters.Add("returngroupmembership", "false"); parameters.Add("returnaccessrules", "false"); parameters.Add("returnobjectproperties", "false"); parameters.Add("returnobjects", "false"); parameters.Add("identity", userName); result = Utility.CallPlan("GetUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User, Is.Null); // Get User By DistinguishedName Console.WriteLine($"Getting User By DistinguishedName : [{userDistinguishedName}]"); parameters.Clear(); parameters.Add("returngroupmembership", "false"); parameters.Add("returnaccessrules", "false"); parameters.Add("returnobjectproperties", "false"); parameters.Add("returnobjects", "true"); parameters.Add("identity", userDistinguishedName); result = Utility.CallPlan("GetUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User.Groups, Is.Null); Assert.That(result.Results[0].User.AccessRules, Is.Null); Assert.That(result.Results[0].User.Properties, Is.Null); // Get User By UserPrincipalName Console.WriteLine($"Getting User By UserPrincipalName : [{userPrincipalName}]"); parameters.Clear(); parameters.Add("returngroupmembership", "true"); parameters.Add("returnaccessrules", "true"); parameters.Add("returnobjectproperties", "true"); parameters.Add("returnobjects", "true"); parameters.Add("identity", userPrincipalName); result = Utility.CallPlan("GetUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User.Groups, Is.Not.Null); Assert.That(result.Results[0].User.AccessRules, Is.Not.Null); Assert.That(result.Results[0].User.Properties, Is.Not.Null); // Get User By SamAccountName Console.WriteLine($"Getting User By SamAccountName : [{samAccountName}]"); parameters.Clear(); parameters.Add("identity", samAccountName); result = Utility.CallPlan("GetUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User, Is.Not.Null); Assert.That(result.Results[0].User.SamAccountName, Is.EqualTo(samAccountName)); // Get User By Sid Console.WriteLine($"Getting User By SecurityId : [{sid}]"); parameters.Clear(); parameters.Add("identity", sid); result = Utility.CallPlan("GetUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User, Is.Not.Null); Assert.That(result.Results[0].User.Sid, Is.EqualTo(sid)); // Get User By Guid Console.WriteLine($"Getting User By Guid : [{guid}]"); parameters.Clear(); parameters.Add("identity", guid); result = Utility.CallPlan("GetUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User, Is.Not.Null); Assert.That(result.Results[0].User.Guid.ToString(), Is.EqualTo(guid)); // Modify User Console.WriteLine($"Modifying User"); parameters.Clear(); parameters.Add("returnaccessrules", "true"); parameters.Add("identity", userDistinguishedName); parameters.Add("employeeid", "84"); parameters.Add("manager", $"[ \"~null~\" ]"); parameters.Add("otheripphone", @"[ ""504-555-7777"", ""~null~"", ""504-555-8888"" ]"); result = Utility.CallPlan("ModifyUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User.EmployeeId, Is.EqualTo("84")); Assert.That(result.Results[0].User.Properties.ContainsKey("manager"), Is.False); Assert.That(result.Results[0].User.Properties.ContainsKey("otheripphone"), Is.False); // AccessRules int initialRuleCount = result.Results[0].User.AccessRules.Count; // Add Access Rule Console.WriteLine($"Add Access Rule To User [{userDistinguishedName}]."); parameters.Clear(); parameters.Add("returnaccessrules", "true"); parameters.Add("identity", userDistinguishedName); parameters.Add("ruleidentity", manager.DistinguishedName); parameters.Add("ruletype", "Allow"); parameters.Add("rulerights", "GenericAll"); result = Utility.CallPlan("AddAccessRuleToUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User.AccessRules.Count, Is.EqualTo(initialRuleCount + 1)); // Remove Access Rule Console.WriteLine($"Remove Access Rule From User [{userDistinguishedName}]."); parameters.Clear(); parameters.Add("returnaccessrules", "true"); parameters.Add("identity", userDistinguishedName); parameters.Add("ruleidentity", manager.DistinguishedName); parameters.Add("ruletype", "Allow"); parameters.Add("rulerights", "GenericAll"); result = Utility.CallPlan("RemoveAccessRuleFromUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User.AccessRules.Count, Is.EqualTo(initialRuleCount)); // Set Access Rule Console.WriteLine($"Set Access Rule On User [{userDistinguishedName}]."); parameters.Clear(); parameters.Add("returnaccessrules", "true"); parameters.Add("identity", userDistinguishedName); parameters.Add("ruleidentity", manager.DistinguishedName); parameters.Add("ruletype", "Allow"); parameters.Add("rulerights", "GenericAll"); result = Utility.CallPlan("SetAccessRuleOnUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User.AccessRules.Count, Is.EqualTo(initialRuleCount + 1)); // Purge Access Rule Console.WriteLine($"Purge Access Rules On User [{userDistinguishedName}]."); parameters.Clear(); parameters.Add("returnaccessrules", "true"); parameters.Add("identity", userDistinguishedName); parameters.Add("ruleidentity", manager.DistinguishedName); parameters.Add("ruletype", "Allow"); parameters.Add("rulerights", "GenericAll"); result = Utility.CallPlan("PurgeAccessRulesOnUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].User.AccessRules.Count, Is.EqualTo(initialRuleCount)); // Delete User Console.WriteLine($"Deleting User"); parameters.Clear(); parameters.Add("identity", userDistinguishedName); result = Utility.CallPlan("DeleteUser", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); }