public static string GetDisplayNameForADObject(Guid id, ActiveDirectoryClient adClient)
{
string displayName = "";
if (adClient == null || id == Guid.Empty)
{
return(displayName);
}
else
{
string upnOrSpn = "";
var obj = adClient.GetADObject(new ADObjectFilterOptions()
{
Id = id.ToString(),
Paging = true,
});
if (obj != null)
{
displayName = obj.DisplayName;
if (obj is PSADUser)
{
upnOrSpn = ((PSADUser)obj).UserPrincipalName;
}
else if (obj is PSADServicePrincipal)
{
upnOrSpn = ((PSADServicePrincipal)obj).ServicePrincipalName;
}
}
return(displayName + (!string.IsNullOrWhiteSpace(upnOrSpn) ? (" (" + upnOrSpn + ")") : ""));
}
}
protected Guid GetObjectId(Guid objectId, string upn, string spn)
{
var filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
UPN = upn,
SPN = spn,
Paging = true,
};
var obj = ActiveDirectoryClient.GetADObject(filter);
if (obj == null && !string.IsNullOrWhiteSpace(upn))
{
filter = new ADObjectFilterOptions()
{
Mail = upn,
Paging = true,
};
obj = ActiveDirectoryClient.GetADObject(filter);
}
if (obj != null)
{
return(obj.Id);
}
else
{
throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.ADObjectNotFound, filter.ActiveFilter, ActiveDirectoryClient.GraphClient.TenantID));
}
}
public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient)
{
PSRoleDefinition roleDefinition = policyClient.GetRoleDefinition(role.Properties.RoleDefinitionId);
PSADObject adObject = activeDirectoryClient.GetADObject(new ADObjectFilterOptions {
Id = role.Properties.PrincipalId.ToString()
}) ?? new PSADObject()
{
Id = role.Properties.PrincipalId
};
if (adObject is PSADUser)
{
return(new PSUserRoleAssignment()
{
RoleAssignmentId = role.Id,
DisplayName = adObject.DisplayName,
Actions = roleDefinition.Actions,
NotActions = roleDefinition.NotActions,
RoleDefinitionName = roleDefinition.Name,
Scope = role.Properties.Scope,
UserPrincipalName = ((PSADUser)adObject).UserPrincipalName,
Mail = ((PSADUser)adObject).Mail,
ObjectId = adObject.Id
});
}
else if (adObject is PSADGroup)
{
return(new PSGroupRoleAssignment()
{
RoleAssignmentId = role.Id,
DisplayName = adObject.DisplayName,
Actions = roleDefinition.Actions,
NotActions = roleDefinition.NotActions,
RoleDefinitionName = roleDefinition.Name,
Scope = role.Properties.Scope,
Mail = ((PSADGroup)adObject).Mail,
ObjectId = adObject.Id
});
}
else if (adObject is PSADServicePrincipal)
{
return(new PSServiceRoleAssignment()
{
RoleAssignmentId = role.Id,
DisplayName = adObject.DisplayName,
Actions = roleDefinition.Actions,
NotActions = roleDefinition.NotActions,
RoleDefinitionName = roleDefinition.Name,
Scope = role.Properties.Scope,
ServicePrincipalName = ((PSADServicePrincipal)adObject).ServicePrincipalName,
ObjectId = adObject.Id
});
}
else
{
return(new PSRoleAssignment()
{
RoleAssignmentId = role.Id,
DisplayName = adObject.DisplayName,
Actions = roleDefinition.Actions,
NotActions = roleDefinition.NotActions,
RoleDefinitionName = roleDefinition.Name,
Scope = role.Properties.Scope,
ObjectId = adObject.Id
});
}
}