public ActionResult CreateUser(CreateUserVM user)
{
if (ModelState.IsValid)
{
using (var db = new ADWebDB())
{
ADWeb.Core.Models.User newUser = Mapper.Map <User>(user);
ADDomain domain = new ADDomain();
// Get User Template Settings so that we can use it to create
// the user.
UserTemplate userTemplate = db.UserTemplate
.Find(user.UserTemplateID);
UserTemplateSettings userTemplateSettings = new UserTemplateSettings();
userTemplateSettings.ChangePasswordAtNextLogon = userTemplate.ChangePasswordAtNextLogon;
userTemplateSettings.UserCannotChangePassword = userTemplate.UserCannotChangePassword;
userTemplateSettings.PasswordNeverExpires = userTemplate.PasswordNeverExpires;
userTemplateSettings.AccountExpires = userTemplate.AccountExpires;
userTemplateSettings.ExpirationRange = userTemplate.ExpirationRange;
userTemplateSettings.ExpirationValue = userTemplate.ExpirationValue;
userTemplateSettings.DomainOU = userTemplate.DomainOU.DistinguishedName;
// When getting the groups associated with a user template, we
// are only interested in getting those groups that are active (i.e.
// they have not been removed by the admins of the application). If this is
// not done, then there will be an error if a group happens to have been
// added, removed and then added again by one of the administrators. This should
// be a rare occurrance, but we have to check just to make sure no errors occur
// when creating user accounts.
foreach (var group in userTemplate.Groups.Where(u => u.Enabled == true).ToList())
{
userTemplateSettings.Groups.Add(group.Name);
}
domain.CreateUserWithTemplate(newUser, userTemplateSettings);
ADUser currentUser = domain.GetUserByID(User.Identity.Name);
// Insert the account to the Database. Note: we are only
// interested in basic information
DomainUser newDomainUser = new DomainUser();
newDomainUser.DateCreated = DateTime.Now;
newDomainUser.CreatedBy = currentUser.GivenName + " " + currentUser.Surname;
newDomainUser.Username = newUser.Username;
db.DomainUsers.Add(newDomainUser);
db.SaveChanges();
TempData["user_created_successfully"] = newUser.FirstName + " " + newUser.LastName + " has been created successfully!";
return(RedirectToAction("ViewUser", new { user = user.Username }));
}
}
return(View());
}
public void CreateUserWithTemplate(User user, UserTemplateSettings userTemplateSettings)
{
using (PrincipalContext context = new PrincipalContext(ContextType.Domain, ServerName, userTemplateSettings.DomainOU, ContextOptions.Negotiate, ServiceUser, ServicePassword))
{
using (ADUser newUser = new ADUser(context))
{
newUser.SamAccountName = user.Username;
newUser.GivenName = user.FirstName;
newUser.MiddleName = user.MiddleName;
newUser.Surname = user.LastName;
newUser.EmailAddress = user.EmailAddress;
newUser.PhoneNumber = user.PhoneNumber;
newUser.Title = user.Title;
newUser.Department = user.Department;
newUser.Notes = "Created by ADWeb on " + DateTime.Now.ToString() + ".";
newUser.DisplayName = user.LastName + ", " + user.FirstName;
//newUser.Name = user.LastName + ", " + user.FirstName;
//newUser.CommonName = "CN=" + user.LastName + "\\, " + user.FirstName + "," + userTemplateSettings.DomainOU;
newUser.UserPrincipalName = user.Username + UPNSuffix;
newUser.Enabled = true;
// Settings from the User template
newUser.UserCannotChangePassword = userTemplateSettings.UserCannotChangePassword;
if (userTemplateSettings.ChangePasswordAtNextLogon)
{
// This will force the user to change their password
// the next time they login
newUser.ExpirePasswordNow();
}
newUser.PasswordNeverExpires = userTemplateSettings.PasswordNeverExpires;
if (userTemplateSettings.AccountExpires)
{
// We have to determine how long until the user's account
// will expire in relation to the date that it is being created.
DateTime?expirationDate = new DateTime();
switch (userTemplateSettings.ExpirationRange)
{
case UserExpirationRange.Days:
expirationDate = DateTime.Now.AddDays(userTemplateSettings.ExpirationValue.Value);
break;
case UserExpirationRange.Weeks:
int totalDays = 7 * userTemplateSettings.ExpirationValue.Value;
expirationDate = DateTime.Now.AddDays(totalDays);
break;
case UserExpirationRange.Months:
expirationDate = DateTime.Now.AddMonths(userTemplateSettings.ExpirationValue.Value);
break;
case UserExpirationRange.Years:
expirationDate = DateTime.Now.AddYears(userTemplateSettings.ExpirationValue.Value);
break;
default:
break;
}
newUser.AccountExpirationDate = expirationDate;
}
newUser.SetPassword(user.Password);
newUser.Save();
// Now now have to add the user to the groups associated with the user template.
// Note: We are using RootDSE for now because we are looking at the whole domain.
// This will need to be changed later on so that only certain OU's will be searched
// for groups
using (PrincipalContext groupContext = new PrincipalContext(ContextType.Domain, ServerName, null, ContextOptions.Negotiate, ServiceUser, ServicePassword))
{
foreach (var grp in userTemplateSettings.Groups)
{
using (GroupPrincipal group = GroupPrincipal.FindByIdentity(groupContext, grp))
{
if (group != null)
{
// This is being done to address Github Issue #79. For now we are using
// the underlying DirectoryEntry object so that the application can be
// hosted on a machine that is not part of the domain.
DirectoryEntry groupDE = (DirectoryEntry)group.GetUnderlyingObject();
groupDE.Invoke("Add", new object[] { "LDAP://" + ServerName + "/" + newUser.DistinguishedName });
groupDE.Close();
//group.Members.Add(newUser);
//group.Save();
}
}
}
}
}
}
}
public void CreateUserWithTemplate(User user, UserTemplateSettings userTemplateSettings)
{
using (PrincipalContext context = new PrincipalContext(ContextType.Domain, ServerName, userTemplateSettings.DomainOU, ContextOptions.Negotiate, ServiceUser, ServicePassword))
{
using (ADUser newUser = new ADUser(context))
{
newUser.SamAccountName = user.Username;
newUser.GivenName = user.FirstName;
newUser.MiddleName = user.MiddleName;
newUser.Surname = user.LastName;
newUser.EmailAddress = user.EmailAddress;
newUser.PhoneNumber = user.PhoneNumber;
newUser.Title = user.Title;
newUser.Department = user.Department;
newUser.Notes = "Created by ADWeb on " + DateTime.Now.ToString() + ".";
newUser.DisplayName = user.LastName + ", " + user.FirstName + " " + user.Initials;
newUser.UserPrincipalName = user.Username + UPNSuffix;
newUser.Enabled = true;
// Settings from the User template
newUser.UserCannotChangePassword = userTemplateSettings.UserCannotChangePassword;
if (userTemplateSettings.ChangePasswordAtNextLogon)
{
// This will force the user to change their password
// the next time they login
newUser.ExpirePasswordNow();
}
newUser.PasswordNeverExpires = userTemplateSettings.PasswordNeverExpires;
if (userTemplateSettings.AccountExpires)
{
// We have to determine how long until the user's account
// will expire in relation to the date that it is being created.
DateTime?expirationDate = new DateTime();
switch (userTemplateSettings.ExpirationRange)
{
case UserExpirationRange.Days:
expirationDate = DateTime.Now.AddDays(userTemplateSettings.ExpirationValue.Value);
break;
case UserExpirationRange.Weeks:
int totalDays = 7 * userTemplateSettings.ExpirationValue.Value;
expirationDate = DateTime.Now.AddDays(totalDays);
break;
case UserExpirationRange.Months:
expirationDate = DateTime.Now.AddMonths(userTemplateSettings.ExpirationValue.Value);
break;
case UserExpirationRange.Years:
expirationDate = DateTime.Now.AddYears(userTemplateSettings.ExpirationValue.Value);
break;
default:
break;
}
newUser.AccountExpirationDate = expirationDate;
}
newUser.SetPassword(user.Password);
newUser.Save();
// Now add the user to the groups associated with the user template
foreach (var grp in userTemplateSettings.Groups)
{
// We are using RootDSE for now because we are looking at the
// whole domain. This will need to be changed later on so that
// only certain OU's will be searched for groups
using (PrincipalContext groupContext = new PrincipalContext(ContextType.Domain, ServerName, null, ContextOptions.Negotiate, ServiceUser, ServicePassword))
{
GroupPrincipal group = GroupPrincipal.FindByIdentity(groupContext, grp);
if (group != null)
{
group.Members.Add(newUser);
group.Save();
}
}
}
}
}
}
