/// <summary> /// takes list of names of AD Groups and returns info(members etc.) about them /// </summary> /// <param name="domain"></param> /// <param name="group"></param> /// <returns></returns> static public List <AGroup> getGroupUsers3(List <string> ADgroups) { List <AGroup> allUsers = new List <AGroup>(); foreach (string currGroup in ADgroups) { Console.Write("\n Reading group: " + currGroup + " ..."); List <User> members = new List <User>(); GroupPrincipal grp = GroupPrincipal.FindByIdentity(principalContext, currGroup); if (grp == null) { Console.WriteFormatted("\n\t!!!Cannot read group: " + currGroup + " >> passing", Color.Red); continue; } List <User> gr1 = new List <User>(); List <User> gr2 = new List <User>(); var users = GetGroupMembersName(currGroup); //List<Principal> users = grp.GetMembers(true).ToList(); var task1 = Task.Factory.StartNew(() => gr1 = extractUsers(0, users.Count() / 2, users)); var task2 = Task.Factory.StartNew(() => gr2 = extractUsers(users.Count() / 2, users.Count(), users)); Task.WaitAll(task1, task2); members.AddRange(gr1); members.AddRange(gr2); allUsers.Add(new AGroup(members, currGroup)); grp.Dispose(); //showList(members, currGroup); } principalContext.Dispose(); return(allUsers); }
public static IEnumerable <string> GetUsers(string groupName) { var members = new Collection <string>(); using (var ctx = new PrincipalContext(ContextType.Domain, PrincipalHelper.DOMAIN_OFINA)) { GroupPrincipal grp = null; try { grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName); if (grp == null) { throw new InvalidOperationException( "We did not find that group in that domain, perhaps the group resides in a different domain?"); } else { foreach (var p in grp.GetMembers(true)) { members.Add(p.SamAccountName); } } } finally { grp?.Dispose(); } } return(members); }
public void GroupPrincipalConstructorTest() { GroupPrincipal group = new GroupPrincipal(domainContext); group.Dispose(); Assert.Inconclusive("TODO: Implement code to verify target"); }
public void Delete(string groupName) { GroupPrincipal gp = null; try { if (string.IsNullOrEmpty(groupName)) { throw new MissingFieldException("Users", "groupName"); } log.DebugFormat("Attempting to delete group {0}", groupName); pc = GetPrincipalContext(); gp = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, groupName); if (gp == null) { throw new NoMatchingPrincipalException(groupName); } gp.Delete(); } catch (Exception ex) { log.ErrorFormat("Error deleting group {0}. Exception: {1}", groupName, ex.ToString()); throw; } finally { if (gp != null) { gp.Dispose(); } } }
private bool IsMemberOfADGroup(string userName, string groupName) { bool isMember = false; //List<string> grpMembers = new List<string>(); using (PrincipalContext context = new PrincipalContext(ContextType.Domain)) { //UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, sUserName); GroupPrincipal group = GroupPrincipal.FindByIdentity(context, IdentityType.Name, groupName); if (group != null) { foreach (Principal p in group.GetMembers(true)) { if (p.SamAccountName.ToUpper() == userName.ToUpper()) { isMember = true; break; } } } group.Dispose(); } return(isMember); }
public List <String> QueryADGroupMembers(String sGroup) { List <String> ListADGroupMembers = new List <String>(); try { PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain); GroupPrincipal grpObj = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, sGroup); if (grpObj != null) { foreach (Principal p in grpObj.GetMembers(true)) { String sObjName = p.SamAccountName.ToString().Trim(); if (sObjName.Substring(sObjName.Length - 1, 1) == "$") { sObjName = sObjName.Substring(0, sObjName.Length - 1); } ListADGroupMembers.Add(sObjName); } grpObj.Dispose(); ctx.Dispose(); } return(ListADGroupMembers); } catch (Exception ex) { WriteBuffer("Error source: QueryADGroupMembers()" + " " + ex.Message); return(ListADGroupMembers); } }
/// <summary> /// Returns a list of Users for a specified group. /// </summary> /// <param name="groupName">The name of the active directory group.</param> /// <returns></returns> public List <string> ListUsersForGroup(string groupName) { string _groupName = string.Empty; List <string> _members = new List <string>(); // Retrieve the Group principal object for the group you need. // This will verify that the group exists on the specific domain. If gp = null, then it did not find that group. _groupName = groupName.ToString(); GroupPrincipal gp = GroupPrincipal.FindByIdentity(_myContext, _groupName); if (gp != null) { foreach (Principal p in gp.GetMembers(true)) { _members.Add(p.SamAccountName.ToString()); } } if (gp != null) { gp.Dispose(); } return(_members); }
/// <summary> /// Returns a list of groups of which the user is a member. It does so in a fashion that /// may seem strange since one can call UserPrincipal.GetGroups, but seems to be much faster /// in my tests. /// </summary> /// <param name="user"></param> /// <returns></returns> private static List <GroupPrincipal> GetGroups(UserPrincipal user) { List <GroupPrincipal> result = new List <GroupPrincipal>(); // Get all groups using a PrincipalSearcher and GroupPrincipal filter = new GroupPrincipal(m_machinePrincipal); using (PrincipalSearcher searcher = new PrincipalSearcher(filter)) { PrincipalSearchResult <Principal> sResult = searcher.FindAll(); foreach (Principal p in sResult) { if (p is GroupPrincipal) { GroupPrincipal gp = (GroupPrincipal)p; if (LocalAccount.IsUserInGroup(user, gp)) { result.Add(gp); } else { gp.Dispose(); } } else { p.Dispose(); } } } return(result); }
//Retrieve all groups public List <string> GetADGroupsList() { List <string> adGroups = new List <string>(); PrincipalContext context = GetContext(); if (context != null) { GroupPrincipal groups = new GroupPrincipal(context); //searcher to search groups PrincipalSearcher searcher = new PrincipalSearcher(groups); foreach (var found in searcher.FindAll()) { DirectoryEntry deFound = (DirectoryEntry)found.GetUnderlyingObject() as DirectoryEntry; if ((int)deFound.Properties["samAccountType"].Value == 536870912) { Console.WriteLine("Groups is Alias Object (BuiltIn) and will not be aded to list."); } else { adGroups.Add(found.ToString()); } } adGroups.Sort(); groups.Dispose(); searcher.Dispose(); context.Dispose(); } return(adGroups); }
public static bool AddUserToGroup(string samAccountName, string groupName, AdAdminConfig config) { if (IfUserExist(samAccountName, config)) { if (!IfUserExistInGroup(samAccountName, groupName, config)) { try { PrincipalContext ctx = new PrincipalContext(ContextType.Domain, config.ServerIpOrDomain, config.AdminAccount, config.AdminPwd); // find the group in question GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, groupName); UserPrincipal user = UserPrincipal.FindByIdentity(ctx, samAccountName); group.Members.Add(user); group.Save(); group.Dispose(); user.Dispose(); ctx.Dispose(); } catch (Exception ex) { return(false); } return(true); } return(false); } return(false); }
/// <summary> /// Makes user with given login name member of group with given name if exists. /// </summary> /// <param name="groupName">group name</param> public void AssignUserGroup(string loginName, string groupName) { // Find user entry by login name UserPrincipal userEntry = UserPrincipal.FindByIdentity(activeDirectoryDomain, IdentityType.SamAccountName, loginName); // Search for group with matching name PrincipalSearchResult <Principal> activeDirectoryGroups = this.ListGroupsByName( this.activeDirectoryDomain, groupName); if (activeDirectoryGroups.Count <Principal>() != 0) { GroupPrincipal group = (GroupPrincipal)activeDirectoryGroups.First <Principal>(); // make user member of group group.Members.Add(userEntry); // save changes group.Save(); group.Dispose(); } else { // throw exception to notify the group does not exists throw new ApplicationException("Domain group not found."); } // dispose the objects userEntry.Dispose(); activeDirectoryGroups.Dispose(); }
public static List <string> GetADSecurityGroupUsers(String sgAlias) { List <string> userList = new List <string>(); using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain)) { GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, sgAlias); if (grp != null) { foreach (Principal p in grp.GetMembers(true)) { userList.Add(p.SamAccountName); Console.WriteLine(p.SamAccountName); } grp.Dispose(); ctx.Dispose(); } else { Console.WriteLine("\nWe did not find that group in that domain, perhaps the group resides in a different domain?"); } } return(userList); }
public static bool IsUserGroupMember(string userPrincipalName, string groupname, PrincipalContext context) { GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupname); bool foundUser = false; foreach (var member in group.GetMembers(true)) { try { if (member.SamAccountName.Equals(userPrincipalName)) { foundUser = true; break; } } catch (Exception) { foundUser = false; } } group.Dispose(); return(foundUser); }
private void EscalateReturn_Load(object sender, EventArgs e) { string groupName = "Domain Users"; string domainName = "192.168.10.5"; //get AD users PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domainName); GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, groupName); try { foreach (Principal p in grp.GetMembers(false)) { if (p.DisplayName != null) { comboBox1.Items.Add(p.DisplayName); } } grp.Dispose(); ctx.Dispose(); } catch { MessageBox.Show("Server not available. Check internet connection"); } comboBox1.Sorted = true; }
public void ADGetUsersInGroup(string strGroup, List <string> listUserNames) { try { PrincipalContext ctx = new PrincipalContext(ContextType.Domain, this.Domain); GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, strGroup); if (grp != null) { foreach (Principal p in grp.GetMembers(true)) { listUserNames.Add(p.SamAccountName); } grp.Dispose(); ctx.Dispose(); } else { MessageBox.Show("The group [" + strGroup + "] was not found in the Active Direcotry.", "ADGetUsersInGroup(): Error Connecting to Active Directory"); } } catch (System.Exception x) { Jrfc.Exception.HandleException(x); } }
private void btnEditGroup_Click(object sender, EventArgs e) { if (lbGroups.SelectedItem == null) { MessageBox.Show("Please select a group"); return; } GroupPrincipal insGroupPrincipal = (GroupPrincipal)lbGroups.SelectedItem; frmProperties insFrmProperties = new frmProperties(insGroupPrincipal, ActionTypes.Save); insFrmProperties.ShowDialog(); if (insFrmProperties.DialogResult == DialogResult.OK) { try { insGroupPrincipal.Save(); insGroupPrincipal.Dispose(); MessageBox.Show("Group updated."); } catch (Exception ex) { MessageBox.Show(ex.Message); } ListGroups(); } }
/// <summary> /// Ajout un utilisateur dans un groupe donné. /// </summary> /// <param name="groupName"></param> /// <param name="user"></param> public void AddUserToGroup(string groupName, UserPrincipal user) { try { GroupPrincipal group = GroupPrincipal.FindByIdentity(_adConnection, IdentityType.Name, groupName); if (group != null) { if (!group.Members.Contains(user)) { Logger?.Info("Ajout de " + user.Name + " dans le groupe " + groupName); group.Members.Add(user); group.Save(); group.Dispose(); } else { Logger?.Warn(user.Name + " est déjà dans le groupe " + groupName); throw new UserExistInGroupException(user.Name + " est déjà dans le groupe " + groupName); } } else { Logger?.Warn("Le groupe : " + groupName + " n'existe pas !"); throw new GroupActiveDirectoryNotExistException("Le groupe : " + groupName + " n'existe pas !"); } } catch (Exception exception) { Logger?.Error("Error AddUserToGroup - groupName : " + groupName + " - userName : " + user.Name, exception); throw; } }
/// <summary> /// Provides the domain user full details. /// </summary> /// <param name="domainName">Name of the domain.</param> /// <returns></returns> public static DataSet ProvideDomainUserFullDetails(string domainName, string sessionID, string userSource, string defaultDepartment, string fullNameAttribute) { DataSet UsersList = new DataSet(); UsersList.Tables.Add(); UsersList.Tables[0].Columns.Add("REC_SYSID", typeof(string)); UsersList.Tables[0].Columns.Add("USER_ID", typeof(string)); UsersList.Tables[0].Columns.Add("SESSION_ID", typeof(string)); UsersList.Tables[0].Columns.Add("USR_SOURCE", typeof(string)); UsersList.Tables[0].Columns.Add("USR_ROLE", typeof(string)); UsersList.Tables[0].Columns.Add("DOMAIN", typeof(string)); UsersList.Tables[0].Columns.Add("FIRST_NAME", typeof(string)); UsersList.Tables[0].Columns.Add("LAST_NAME", typeof(string)); UsersList.Tables[0].Columns.Add("EMAIL", typeof(string)); UsersList.Tables[0].Columns.Add("RESIDENCE_ADDRESS", typeof(string)); UsersList.Tables[0].Columns.Add("COMPANY", typeof(string)); UsersList.Tables[0].Columns.Add("STATE", typeof(string)); UsersList.Tables[0].Columns.Add("COUNTRY", typeof(string)); UsersList.Tables[0].Columns.Add("PHONE", typeof(string)); UsersList.Tables[0].Columns.Add("EXTENSION", typeof(string)); UsersList.Tables[0].Columns.Add("FAX", typeof(string)); UsersList.Tables[0].Columns.Add("DEPARTMENT", typeof(string)); UsersList.Tables[0].Columns.Add("USER_NAME", typeof(string)); UsersList.Tables[0].Columns.Add("CN", typeof(string)); UsersList.Tables[0].Columns.Add("DISPLAY_NAME", typeof(string)); UsersList.Tables[0].Columns.Add("FULL_NAME", typeof(string)); UsersList.Tables[0].Columns.Add("C_DATE", typeof(string)); UsersList.Tables[0].Columns.Add("REC_ACTIVE", typeof(string)); UsersList.Tables[0].Columns.Add("AD_PIN", typeof(string)); UsersList.Tables[0].Columns.Add("AD_CARD", typeof(string)); string cardValue = ""; string pinValue = ""; int valuesCount = 0; PrincipalContext context = new PrincipalContext(ContextType.Domain, domainName); GroupPrincipal group = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, Constants.DOMAIN_USERS); if (group != null) { foreach (Principal principal in group.GetMembers(false)) { string userName = principal.SamAccountName; string department = ""; if (string.IsNullOrEmpty(department)) { department = defaultDepartment; } UsersList.Tables[0].Rows.Add(valuesCount, principal.SamAccountName, sessionID, userSource, "User", domainName, principal.Name, "", principal.UserPrincipalName, "", "", "", "", "", "", "", department, userName, "", principal.DisplayName, principal.SamAccountName, DateTime.Now.ToString(), "True", pinValue, cardValue); valuesCount++; } group.Dispose(); context.Dispose(); } return(UsersList); }
static void ReaadAD() { string groupName = "Domain Admins"; Console.Write("Domain: "); string domainName = Console.ReadLine(); Console.Write("Username: "******"Password: "******""; GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, groupName); if (grp != null) { foreach (Principal p in grp.GetMembers(false)) { Console.WriteLine(p.SamAccountName + " - " + p.DisplayName); } grp.Dispose(); //Console.ReadLine(); } else { Console.WriteLine("\nWe did not find that group in that domain, perhaps the group resides in a different domain?"); //Console.ReadLine(); } // define a "query-by-example" principal - here, we search for a GroupPrincipal UserPrincipal qbeGroup = new UserPrincipal(ctx); // create your principal searcher passing in the QBE principal PrincipalSearcher srch = new PrincipalSearcher(qbeGroup); // find all matches foreach (UserPrincipal found in srch.FindAll()) { Console.WriteLine(found.Name); foreach (GroupPrincipal g in found.GetGroups(ctx)) { Console.WriteLine("\t{0}", g.Name); } // do whatever here - "found" is of type "Principal" - it could be user, group, computer..... } }
public List <User> GetUsers(string groupName) { GroupPrincipal grp = null; List <User> users = new List <User>(); try { log.DebugFormat("Attempting to retrieve all users that are a direct member of {0}", groupName); pc = GetPrincipalContext(); grp = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, groupName); if (grp == null) { throw new NoMatchingPrincipalException(groupName); } else { log.DebugFormat("Found group {0}... Now attempting to retrieve direct members that are users.", groupName); foreach (var obj in grp.GetMembers(false)) { log.DebugFormat("Found object {0} of objectClass {1} when retrieving users from {2}", obj.Name, obj.StructuralObjectClass, groupName); if (obj.StructuralObjectClass.IndexOf("user") >= 0) { log.DebugFormat("Object {0} is a user! Adding to our list.", obj.Name); DirectoryEntry userDE = obj.GetUnderlyingObject() as DirectoryEntry; users.Add(new User() { UserGuid = (Guid)userDE.Properties["objectGUID"].Value, UserPrincipalName = userDE.Properties["UserPrincipalName"].Value.ToString(), Name = userDE.Properties["Name"].Value.ToString(), DisplayName = userDE.Properties["DisplayName"].Value.ToString() }); } else { log.DebugFormat("Object {0} was skipped since it was not a user", obj.Name); } } } return(users); } catch (Exception ex) { log.ErrorFormat("Error retrieving users that are a member of group {0}. Exception: {1}", groupName, ex.ToString()); throw; } finally { if (grp != null) { grp.Dispose(); } } }
//lage ny gruppe public bool CreateGroup() { PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "testdomene.local", "OU=Groups,OU=TEST,DC=testdomene,DC=local"); GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, Groupname); if (group != null) { MessageBox.Show("Gruppen finnes allerede i domenet"); return(false); } GroupPrincipal grp = new GroupPrincipal(ctx); if (Groupname != null && Groupname.Length > 0) { grp.Name = Groupname; } if (desc != null && desc.Length > 0) { grp.Description = desc; } grp.SamAccountName = "g-" + Groupname; grp.GroupScope = (System.DirectoryServices.AccountManagement.GroupScope)Enum.Parse(typeof(GroupScope), GroupScope); try { grp.Save(); } catch (Exception e) { MessageBox.Show("Kunne ikke opprette gruppen: " + e); grp.Dispose(); return(false); } grp.Dispose(); return(true); }
/// <summary> /// Removes a member from a group /// </summary> /// <param name="groupName"></param> /// <param name="objectToRemove"></param> /// <param name="objectIdentityType"></param> public void RemoveMember(string groupName, string objectToRemove, string objectIdentityType) { PrincipalContext pc = null; GroupPrincipal gp = null; try { // Replace whitespaces groupName = groupName.Replace(" ", string.Empty); objectToRemove = objectToRemove.Replace(" ", string.Empty); this.logger.Debug("Attempting to remove " + objectToRemove + " from group " + groupName); pc = new PrincipalContext(ContextType.Domain, this.domainController, this.username, this.password); gp = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, groupName); if (gp != null) { this.logger.Debug("Checking to see if " + groupName + " already contains " + objectToRemove + " as a member."); bool isMember = gp.Members.Contains(pc, GetIdentityType(objectIdentityType), objectToRemove); if (isMember) { gp.Members.Remove(pc, GetIdentityType(objectIdentityType), objectToRemove); gp.Save(); this.logger.Info("Successfully removed " + objectToRemove + " from group " + groupName); } else { this.logger.Debug("Object " + objectToRemove + " is already not a member of group " + groupName); } } else { throw new Exception("Unable to find the group " + groupName + " in the system."); } } catch (Exception ex) { this.logger.Error("Error removing member " + objectToRemove + " to group " + groupName, ex); throw; } finally { if (pc != null) { pc.Dispose(); } if (gp != null) { gp.Dispose(); } } }
public Boolean contains(string username) { // Check grouplist is fresh if (groupmtime != File.GetLastWriteTimeUtc(pathgroups)) { ReadInGroupsFile(); } // if the groups file is empty then we always check the passwords if (grouplist.Count == 0) { writeLog("No groups found. User's password will be validated.", EventLogEntryType.Information); return(true); } PrincipalContext ctx = null; GroupPrincipal groupCtx = null; ctx = new System.DirectoryServices.AccountManagement.PrincipalContext(ContextType.Domain); foreach (String groupname in grouplist) { //writeLog("trying [" + groupname + "]", EventLogEntryType.Information); groupCtx = GroupPrincipal.FindByIdentity(ctx, groupname); if (groupCtx != null) { //writeLog("found [" + groupCtx.ToString() + "]. Finding members", EventLogEntryType.Information); foreach (Principal user in groupCtx.GetMembers(true)) { if (user.SamAccountName == username) { writeLog("User " + username + " is in restricted group " + groupname + " and their password will be validated.", EventLogEntryType.Information); ctx.Dispose(); groupCtx.Dispose(); return(true); } } groupCtx.Dispose(); } } ctx.Dispose(); writeLog("User " + username + " is not in a restricted group", EventLogEntryType.Information); return(false); }
/// <summary> /// Agrega un grupo dados su nombre y descripción /// </summary> /// <param name="nombre">Nombre del grupo</param> /// <param name="descripción">Descripción del grupo</param> public void AgregarGrupo(string nombre, string descripción) { GroupPrincipal nuevoGrupo = new GroupPrincipal(_dominio); nuevoGrupo.Name = nombre; nuevoGrupo.Description = descripción; nuevoGrupo.Save(); nuevoGrupo.Dispose(); }
/// <summary> /// Adds access rights to the OU for a specific group /// </summary> /// <param name="ouDistinguishedName"></param> /// <param name="groupName"></param> public void AddAccessRights(string ouDistinguishedName, string groupName) { DirectoryEntry de = null; PrincipalContext pc = null; GroupPrincipal gp = null; try { de = new DirectoryEntry("LDAP://" + this.domainController + "/" + ouDistinguishedName, this.username, this.password); pc = new PrincipalContext(ContextType.Domain, this.domainController, this.username, this.password); // Search for the group gp = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, groupName.Replace(" ", string.Empty)); if (gp == null) { throw new Exception("Unable to find the group " + groupName + " in the system."); } else { // Add Read Property de.ObjectSecurity.AddAccessRule(new ActiveDirectoryAccessRule(gp.Sid, ActiveDirectoryRights.ReadProperty, AccessControlType.Allow)); // Add List Object de.ObjectSecurity.AddAccessRule(new ActiveDirectoryAccessRule(gp.Sid, ActiveDirectoryRights.ListObject, AccessControlType.Allow)); // Deny List Content de.ObjectSecurity.AddAccessRule(new ActiveDirectoryAccessRule(gp.Sid, ActiveDirectoryRights.ListChildren, AccessControlType.Deny)); de.CommitChanges(); } } catch (Exception ex) { this.logger.Error("Failed to add access rights to organizational unit " + ouDistinguishedName + " for group " + groupName, ex); throw; } finally { if (gp != null) { gp.Dispose(); } if (pc != null) { pc.Dispose(); } if (de != null) { de.Dispose(); } } }
public void GroupPrincipalConstructorTest() { if (DomainContext == null) { return; } GroupPrincipal group = new GroupPrincipal(DomainContext); group.Dispose(); }
public void AddRights(string distinguishedName, string groupName) { GroupPrincipal gp = null; try { if (string.IsNullOrEmpty(distinguishedName)) { throw new MissingFieldException("OrganizationalUnit", "DistinguishedName"); } if (string.IsNullOrEmpty(groupName)) { throw new MissingFieldException("OrganizationalUnit", "GroupName"); } log.DebugFormat("Adding rights to {0}", distinguishedName); de = GetDirectoryEntry(distinguishedName); pc = GetPrincipalContext(); string nospaceGroup = groupName.Replace(" ", string.Empty); log.DebugFormat("Attempting to find group {0}", nospaceGroup); gp = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, nospaceGroup); de.ObjectSecurity.AddAccessRule( new ActiveDirectoryAccessRule(gp.Sid, ActiveDirectoryRights.ReadProperty, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); de.ObjectSecurity.AddAccessRule( new ActiveDirectoryAccessRule(gp.Sid, ActiveDirectoryRights.ListObject, AccessControlType.Allow, ActiveDirectorySecurityInheritance.All)); de.ObjectSecurity.AddAccessRule( new ActiveDirectoryAccessRule(gp.Sid, ActiveDirectoryRights.ListChildren, AccessControlType.Deny, ActiveDirectorySecurityInheritance.All)); de.CommitChanges(); log.InfoFormat("Successfully adding access rights to {0} for group {1}", distinguishedName, nospaceGroup); } catch (Exception ex) { log.ErrorFormat("Error adding rights for {0} to {1}. Exception: {2}", groupName, distinguishedName, ex.ToString()); throw; } finally { if (gp != null) { gp.Dispose(); } } }
/// <summary> /// Verifies that user is a part of the specified group. /// </summary> public static bool IsUserInGroup(string username, string groupname) { PrincipalContext mPrincipalContext = new PrincipalContext(ContextType.Domain, APPSETTINGS.AD_Domain); var foundUserInGroup = false; GroupPrincipal mGroupPrincipal = null; try { mGroupPrincipal = GroupPrincipal.FindByIdentity(mPrincipalContext, groupname); } catch (Exception ex) { throw ex; } if (mGroupPrincipal != null) { foreach (var member in mGroupPrincipal.GetMembers(true)) { try { if (member.SamAccountName.Equals(username)) { foundUserInGroup = true; break; } } catch (Exception ex) { throw ex; } } } if (mGroupPrincipal != null) { mGroupPrincipal.Dispose(); } if (mPrincipalContext != null) { mPrincipalContext.Dispose(); } return(foundUserInGroup); }
private void AddUserToGroup(ADUser postUser, UserPrincipal newUser) { GroupPrincipal groupPrincipal = GroupPrincipal.FindByIdentity(RootSearchContext, postUser.Unit); if (groupPrincipal == null) { throw new Exception("Group doesn't exists"); } else { groupPrincipal.Members.Add(newUser); groupPrincipal.Save(); groupPrincipal.Dispose(); } }
/// <summary> /// Retire un utilisateur dans un groupe donné. /// </summary> /// <param name="groupName"></param> /// <param name="userName"></param> public void RemoveUserToGroup(string groupName, string userName) { try { GroupPrincipal group = GroupPrincipal.FindByIdentity(_adConnection, IdentityType.Name, groupName); if (group != null) { UserPrincipal user = GetUserPrincipal(userName); if (user != null) { if (group.Members.Contains(user)) { Logger?.Info("Suppresion de " + userName + " du groupe " + groupName); group.Members.Remove(user); group.Save(); group.Dispose(); } else { Logger?.Warn(userName + " n'est pas dans le groupe " + groupName); throw new UserNotInGroupException(userName + " n'est pas dans le groupe " + groupName); } } else { Logger?.Warn("L'utilisateur : " + userName + " n'existe pas !"); throw new UserNotExistException("L'utilisateur : " + userName + " n'existe pas !"); } } else { Logger?.Warn("Le groupe : " + groupName + " n'existe pas !"); throw new GroupActiveDirectoryNotExistException("Le groupe : " + groupName + " n'existe pas !"); } } catch (Exception exception) { Logger?.Error("Error RemoveUserToGroup - groupName : " + groupName + " - userName : " + userName, exception); throw; } }