private ActiveDirectoryHandlerResults CallPlan(string planName, StartPlanEnvelope planEnvelope)
{
IExecuteController ec = GetExecuteControllerInstance();
StartPlanEnvelope pe = planEnvelope;
if (pe == null)
{
pe = new StartPlanEnvelope()
{
DynamicParameters = new Dictionary <string, string>()
}
}
;
IEnumerable <KeyValuePair <string, string> > queryString = this.Request.GetQueryNameValuePairs();
foreach (KeyValuePair <string, string> kvp in queryString)
{
pe.DynamicParameters.Add(kvp.Key, kvp.Value);
}
object reply = ec.StartPlanSync(pe, planName, setContentType: false);
ActiveDirectoryHandlerResults result = null;
Type replyType = reply.GetType();
if (replyType == typeof(string))
{
try
{
result = YamlHelpers.Deserialize <ActiveDirectoryHandlerResults>((string)reply);
}
catch (Exception e)
{
try
{
// Reply was not Json or Yaml. See if Xml
XmlDocument doc = new XmlDocument();
doc.LoadXml((string)reply);
result = XmlHelpers.Deserialize <ActiveDirectoryHandlerResults>(doc.InnerXml);
}
catch (Exception)
{
throw e;
}
}
}
else if (replyType == typeof(Dictionary <object, object>))
{
String str = YamlHelpers.Serialize(reply);
result = YamlHelpers.Deserialize <ActiveDirectoryHandlerResults>(str);
}
else if (replyType == typeof(XmlDocument))
{
XmlDocument doc = (XmlDocument)reply;
result = XmlHelpers.Deserialize <ActiveDirectoryHandlerResults>(doc.InnerXml);
}
return(result);
}
public static ActiveDirectoryHandlerResults CallPlan(string planName, Dictionary <string, string> dynamicParameters = null)
{
object output = CallRawPlan(planName, dynamicParameters);
ActiveDirectoryHandlerResults result = YamlHelpers.Deserialize <ActiveDirectoryHandlerResults>(output.ToString());
Console.WriteLine(YamlHelpers.Serialize(result));
return(result);
}
public void Handler_SearchTestsSuccess()
{
Dictionary <string, string> parameters = new Dictionary <string, string>();
// Create Objects To Search
UserPrincipal up1 = Utility.CreateUser(workspaceName);
UserPrincipal up2 = Utility.CreateUser(workspaceName);
UserPrincipal up3 = Utility.CreateUser(workspaceName);
UserPrincipal up4 = Utility.CreateUser(workspaceName);
GroupPrincipal gp1 = Utility.CreateGroup(workspaceName);
GroupPrincipal gp2 = Utility.CreateGroup(workspaceName);
// Search For Users
Console.WriteLine($"Searching For All Users In : [{workspaceName}]");
parameters.Clear();
parameters.Add("searchbase", workspaceName);
parameters.Add("filter", "(objectClass=User)");
parameters.Add("attributes", @"[ ""objectGUID"", ""objectSid"" ]");
ActiveDirectoryHandlerResults result = Utility.CallPlan("Search", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].SearchResults.Results.Count, Is.EqualTo(4));
// Search For Groups
Console.WriteLine($"Searching For All Groups In : [{workspaceName}]");
parameters.Clear();
parameters.Add("searchbase", workspaceName);
parameters.Add("filter", "(objectClass=Group)");
parameters.Add("attributes", @"[ ""objectGUID"", ""objectSid"" ]");
result = Utility.CallPlan("Search", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].SearchResults.Results.Count, Is.EqualTo(2));
// Check Group Membership (GetAllGroups)
DirectoryServices.AddGroupToGroup(gp1.DistinguishedName, gp2.DistinguishedName);
DirectoryServices.AddUserToGroup(up1.DistinguishedName, gp1.DistinguishedName);
Console.WriteLine($"Searching For All Groups For User : [{up1.DistinguishedName}]");
parameters.Clear();
parameters.Add("distinguishedname", up1.DistinguishedName);
result = Utility.CallPlan("GetAllGroups", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].SearchResults.Results.Count, Is.EqualTo(3));
// Delete Search Objects
Utility.DeleteUser(up1.DistinguishedName);
Utility.DeleteUser(up2.DistinguishedName);
Utility.DeleteUser(up3.DistinguishedName);
Utility.DeleteUser(up4.DistinguishedName);
Utility.DeleteGroup(gp1.DistinguishedName);
Utility.DeleteGroup(gp2.DistinguishedName);
}
public void Handler_PurgeAccessRuleBadTarget()
{
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"CN={userName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Purging AccessRule For User [{manager.DistinguishedName}] On Target [{userDistinguishedName}] Which Should Not Exist.");
parameters.Add("returnobjects", "true");
parameters.Add("identity", manager.DistinguishedName);
parameters.Add("ruleidentity", userDistinguishedName);
ActiveDirectoryHandlerResults result = Utility.CallPlan("PurgeAccessRulesOnUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.DoesNotExist));
Assert.That(result.Results[0].Statuses[0].Message, Contains.Substring("Can Not Be Found"));
}
public void Handler_DeleteUserDoesNotExist()
{
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"CN={userName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Deleting User [{userDistinguishedName}] Which Should Not Exist.");
parameters.Add("returngroupmembership", "true");
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
ActiveDirectoryHandlerResults result = Utility.CallPlan("DeleteUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.DoesNotExist));
Assert.That(result.Results[0].Statuses[0].Message, Contains.Substring("cannot be found"));
}
public void Handler_CreateUserBadDistName()
{
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"GW={userName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Create User With Bad Distinguished Name [{userDistinguishedName}]");
parameters.Add("returngroupmembership", "true");
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
ActiveDirectoryHandlerResults result = Utility.CallPlan("CreateUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.MissingInput));
Assert.That(result.Results[0].Statuses[0].Message, Contains.Substring("Must Be A Distinguished Name"));
}
public void Handler_PurgeAccessRulesBadGroup()
{
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"OU={groupName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Purging AccessRules For Group [{groupDistinguishedName}] Which Should Not Exist On Target [{workspaceName}].");
parameters.Add("returnobjects", "true");
parameters.Add("identity", workspaceName);
parameters.Add("ruleidentity", groupDistinguishedName);
ActiveDirectoryHandlerResults result = Utility.CallPlan("PurgeAccessRulesOnOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.DoesNotExist));
Assert.That(result.Results[0].Statuses[0].Message, Contains.Substring("Can Not Be Found"));
}
public void Handler_GetOrgUnitDoesNotExist()
{
String ouName = $"testou_{Utility.GenerateToken( 8 )}";
String ouDistinguishedName = $"OU={ouName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Getting OrgUnit [{ouDistinguishedName}] Which Should Not Exist.");
parameters.Add("returngroupmembership", "true");
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", ouDistinguishedName);
ActiveDirectoryHandlerResults result = Utility.CallPlan("GetOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.DoesNotExist));
Assert.That(result.Results[0].Statuses[0].Message, Contains.Substring("Was Not Found"));
}
public void Handler_CreateUserSimplePassword()
{
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"CN={userName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Creating User [{userDistinguishedName}] With A Simple Password.");
parameters.Add("returngroupmembership", "true");
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
parameters.Add("password", "password");
ActiveDirectoryHandlerResults result = Utility.CallPlan("CreateUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Unknown));
Assert.That(result.Results[0].Statuses[0].Message, Contains.Substring("The password does not meet the password policy requirements"));
}
public void Handler_SetAccessRuleBadTarget()
{
String ouName = $"testou_{Utility.GenerateToken( 8 )}";
String ouDistinguishedName = $"OU={ouName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Setting AccessRule For Group [{managedBy.DistinguishedName}] On Target [{ouDistinguishedName}] Which Should Not Exist.");
parameters.Add("returnobjects", "true");
parameters.Add("identity", ouDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
ActiveDirectoryHandlerResults result = Utility.CallPlan("SetAccessRuleOnOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.DoesNotExist));
Assert.That(result.Results[0].Statuses[0].Message, Contains.Substring("Can Not Be Found"));
}
public void Handler_RemoveAccessRuleBadGroup()
{
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Deleting AccessRule For Group [{groupDistinguishedName}] Which Should Not Exist From Target [{managedBy.DistinguishedName}]");
parameters.Add("returnobjects", "true");
parameters.Add("identity", groupDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
ActiveDirectoryHandlerResults result = Utility.CallPlan("RemoveAccessRuleFromGroup", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.DoesNotExist));
Assert.That(result.Results[0].Statuses[0].Message, Contains.Substring("Can Not Be Found"));
}
public void Handler_UserTestsSuccess()
{
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"CN={userName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
// Create User
Console.WriteLine($"Creating User : [{userDistinguishedName}]");
parameters.Clear();
parameters.Add("returngroupmembership", "true");
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
parameters.Add("userprincipalname", $"{userName}1@{DirectoryServices.GetDomain(userDistinguishedName)}");
parameters.Add("samaccountname", userName.Substring(0, 19));
parameters.Add("displayName", $"Test User {userName}");
parameters.Add("description", $"Test User {userName} Description");
parameters.Add("password", "bi@02LL49_VWQ{b");
parameters.Add("enabled", "true");
parameters.Add("accountexpirationdate", DateTime.Now.AddDays(30).ToString());
parameters.Add("smartcardlogonrequired", "true");
parameters.Add("delegationpermitted", "true");
parameters.Add("homedirectory", "Temp");
parameters.Add("scriptpath", "D:\\Temp\\Scripts\\startup.bat");
parameters.Add("passwordnotrequired", "false");
parameters.Add("passwordneverexpires", "true");
parameters.Add("usercannotchangepassword", "false");
parameters.Add("allowreversiblepasswordencryption", "true");
parameters.Add("homedrive", "D");
parameters.Add("givenname", "Test");
parameters.Add("middlename", "Bartholomew");
parameters.Add("surname", "User");
parameters.Add("emailaddress", "*****@*****.**");
parameters.Add("voicetelephonenumber", "713-555-1212");
parameters.Add("employeeid", "42");
// Add Properties
parameters.Add("initials", @"[ ""TBU"" ]");
parameters.Add("physicaldeliveryofficename", @"[ ""Company Plaza 2"" ]");
parameters.Add("othertelephone", @"[ ""713-555-1313"", ""7135551414"", ""713-555-1515"" ]");
parameters.Add("wwwhomepage", @"[ ""http://www.google.com"" ]");
parameters.Add("url", @"[ ""http://www.bing.com"", ""http://www.altavista.com"", ""http://www.cnn.com"", ""http://www.fakenews.fox.com"" ]");
parameters.Add("logonworkstation", @"[ ""Workstation001"" ]");
parameters.Add("userworkstations", @"[ ""Workstation002"" ]");
parameters.Add("c", @"[ ""US"" ]");
parameters.Add("l", @"[ ""Translyvania"" ]");
parameters.Add("st", @"[ ""Louisiana"" ]");
parameters.Add("streetaddress", @"[ ""13119 US-65"" ]");
parameters.Add("postofficebox", @"[ ""666"" ]");
parameters.Add("postalcode", @"[ ""71286"" ]");
parameters.Add("co", @"[ ""United States"" ]");
parameters.Add("countrycode", @"[ ""840"" ]");
parameters.Add("title", @"[ ""Laboratory Assistant"" ]");
parameters.Add("department", @"[ ""Vampire Studies"" ]");
parameters.Add("company", @"[ ""True Blood Inc."" ]");
parameters.Add("manager", $"[ \"{manager.DistinguishedName}\" ]");
parameters.Add("profilepath", @"[ ""D:\\Temp\\ProfilePath"" ]");
parameters.Add("homephone", @"[ ""832-555-1212"" ]");
parameters.Add("otherhomephone", @"[ ""832-555-1313"", ""832-555-1414"" ]");
parameters.Add("pager", @"[ ""281-555-1212"" ]");
parameters.Add("otherpager", @"[ ""281-555-1313"", ""281-555-1414"", ""281-555-1515"" ]");
parameters.Add("mobile", @"[ ""346-555-1212"" ]");
parameters.Add("othermobile", @"[ ""346-555-1313"" ]");
parameters.Add("facsimiletelephonenumber", @"[ ""318-555-1111"" ]");
parameters.Add("otherfacsimiletelephonenumber", @"[ ""318-555-2222"", ""318-555-3333"", ""318-555-4444"" ]");
parameters.Add("ipphone", @"[ ""504-555-1111"" ]");
parameters.Add("otheripphone", @"[ ""504-555-2222"", ""504-555-3333"" ]");
parameters.Add("info", @"[ ""Keep Out Of Direct Sunlight"" ]");
parameters.Add("lockouttime", $"[ \"0\" ]");
ActiveDirectoryHandlerResults result = Utility.CallPlan("CreateUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.DistinguishedName, Is.EqualTo(userDistinguishedName));
Assert.That(result.Results[0].User.Properties["st"][0], Is.EqualTo("Louisiana"));
Assert.That(result.Results[0].User.Groups, Is.Not.Null);
Assert.That(result.Results[0].User.AccessRules, Is.Not.Null);
string userPrincipalName = result.Results[0].User.UserPrincipalName;
string samAccountName = result.Results[0].User.SamAccountName;
string sid = result.Results[0].User.Sid;
string guid = result.Results[0].User.Guid.ToString();
// Get User By Name
Console.WriteLine($"Getting User By Name : [{userName}]");
parameters.Clear();
parameters.Add("returngroupmembership", "false");
parameters.Add("returnaccessrules", "false");
parameters.Add("returnobjectproperties", "false");
parameters.Add("returnobjects", "false");
parameters.Add("identity", userName);
result = Utility.CallPlan("GetUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User, Is.Null);
// Get User By DistinguishedName
Console.WriteLine($"Getting User By DistinguishedName : [{userDistinguishedName}]");
parameters.Clear();
parameters.Add("returngroupmembership", "false");
parameters.Add("returnaccessrules", "false");
parameters.Add("returnobjectproperties", "false");
parameters.Add("returnobjects", "true");
parameters.Add("identity", userDistinguishedName);
result = Utility.CallPlan("GetUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.Groups, Is.Null);
Assert.That(result.Results[0].User.AccessRules, Is.Null);
Assert.That(result.Results[0].User.Properties, Is.Null);
// Get User By UserPrincipalName
Console.WriteLine($"Getting User By UserPrincipalName : [{userPrincipalName}]");
parameters.Clear();
parameters.Add("returngroupmembership", "true");
parameters.Add("returnaccessrules", "true");
parameters.Add("returnobjectproperties", "true");
parameters.Add("returnobjects", "true");
parameters.Add("identity", userPrincipalName);
result = Utility.CallPlan("GetUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.Groups, Is.Not.Null);
Assert.That(result.Results[0].User.AccessRules, Is.Not.Null);
Assert.That(result.Results[0].User.Properties, Is.Not.Null);
// Get User By SamAccountName
Console.WriteLine($"Getting User By SamAccountName : [{samAccountName}]");
parameters.Clear();
parameters.Add("identity", samAccountName);
result = Utility.CallPlan("GetUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User, Is.Not.Null);
Assert.That(result.Results[0].User.SamAccountName, Is.EqualTo(samAccountName));
// Get User By Sid
Console.WriteLine($"Getting User By SecurityId : [{sid}]");
parameters.Clear();
parameters.Add("identity", sid);
result = Utility.CallPlan("GetUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User, Is.Not.Null);
Assert.That(result.Results[0].User.Sid, Is.EqualTo(sid));
// Get User By Guid
Console.WriteLine($"Getting User By Guid : [{guid}]");
parameters.Clear();
parameters.Add("identity", guid);
result = Utility.CallPlan("GetUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User, Is.Not.Null);
Assert.That(result.Results[0].User.Guid.ToString(), Is.EqualTo(guid));
// Modify User
Console.WriteLine($"Modifying User");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
parameters.Add("employeeid", "84");
parameters.Add("manager", $"[ \"~null~\" ]");
parameters.Add("otheripphone", @"[ ""504-555-7777"", ""~null~"", ""504-555-8888"" ]");
result = Utility.CallPlan("ModifyUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.EmployeeId, Is.EqualTo("84"));
Assert.That(result.Results[0].User.Properties.ContainsKey("manager"), Is.False);
Assert.That(result.Results[0].User.Properties.ContainsKey("otheripphone"), Is.False);
// AccessRules
int initialRuleCount = result.Results[0].User.AccessRules.Count;
// Add Access Rule
Console.WriteLine($"Add Access Rule To User [{userDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
parameters.Add("ruleidentity", manager.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("AddAccessRuleToUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.AccessRules.Count, Is.EqualTo(initialRuleCount + 1));
// Remove Access Rule
Console.WriteLine($"Remove Access Rule From User [{userDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
parameters.Add("ruleidentity", manager.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("RemoveAccessRuleFromUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.AccessRules.Count, Is.EqualTo(initialRuleCount));
// Set Access Rule
Console.WriteLine($"Set Access Rule On User [{userDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
parameters.Add("ruleidentity", manager.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("SetAccessRuleOnUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.AccessRules.Count, Is.EqualTo(initialRuleCount + 1));
// Purge Access Rule
Console.WriteLine($"Purge Access Rules On User [{userDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", userDistinguishedName);
parameters.Add("ruleidentity", manager.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("PurgeAccessRulesOnUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.AccessRules.Count, Is.EqualTo(initialRuleCount));
// Delete User
Console.WriteLine($"Deleting User");
parameters.Clear();
parameters.Add("identity", userDistinguishedName);
result = Utility.CallPlan("DeleteUser", parameters);
Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success));
}
public void Handler_OrgUnitTestsSuccess()
{
String ouName = $"testorgunit_{Utility.GenerateToken( 8 )}";
String ouDistinguishedName = $"OU={ouName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
// Create OrgUnit
Console.WriteLine($"Creating OrgUnit : [{ouDistinguishedName}]");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", ouDistinguishedName);
parameters.Add("description", $"Test OrgUnit {ouName} Description");
parameters.Add("managedby", managedBy.Name);
// Add Properties
Dictionary <string, string[]> properties = new Dictionary <string, string[]>();
properties.Add("c", new string[] { "US" });
properties.Add("l", new string[] { "Translyvania" });
properties.Add("st", new string[] { "Louisiana" });
properties.Add("street", new string[] { "13119 US-65" });
properties.Add("postalcode", new string[] { "71286" });
properties.Add("co", new string[] { "United States" });
properties.Add("countrycode", new string[] { "840" });
parameters.Add("properties", YamlHelpers.Serialize(properties, true, false));
ActiveDirectoryHandlerResults result = Utility.CallPlan("CreateOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit.DistinguishedName, Is.EqualTo(ouDistinguishedName));
Assert.That(result.Results[0].OrganizationalUnit.Properties["postalCode"][0], Is.EqualTo("71286"));
Assert.That(result.Results[0].OrganizationalUnit.Properties["managedBy"][0], Is.EqualTo(managedBy.DistinguishedName));
Assert.That(result.Results[0].OrganizationalUnit.AccessRules, Is.Not.Null);
string guid = result.Results[0].OrganizationalUnit.Guid.ToString();
int initialRuleCount = result.Results[0].OrganizationalUnit.AccessRules.Count;
// Get OrgUnit By Name
Console.WriteLine($"Getting OrgUnit By Name : [{ouName}]");
parameters.Clear();
parameters.Add("returnaccessrules", "false");
parameters.Add("returnobjectproperties", "false");
parameters.Add("returnobjects", "false");
parameters.Add("identity", ouName);
result = Utility.CallPlan("GetOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit, Is.Null);
// Get OrgUnit By DistinguishedName
Console.WriteLine($"Getting OrgUnit By DistinguishedName : [{ouDistinguishedName}]");
parameters.Clear();
parameters.Add("returnaccessrules", "false");
parameters.Add("returnobjectproperties", "false");
parameters.Add("returnobjects", "true");
parameters.Add("identity", ouDistinguishedName);
result = Utility.CallPlan("GetOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit.AccessRules, Is.Null);
Assert.That(result.Results[0].OrganizationalUnit.Properties, Is.Null);
// Get OrgUnit By Guid
Console.WriteLine($"Getting OrgUnit By Guid : [{guid}]");
parameters.Clear();
parameters.Add("identity", guid);
result = Utility.CallPlan("GetOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit, Is.Not.Null);
Assert.That(result.Results[0].OrganizationalUnit.Guid.ToString(), Is.EqualTo(guid));
// Modify OrgUnit
Console.WriteLine($"Modifying OrgUnit");
parameters.Clear();
parameters.Add("identity", ouDistinguishedName);
parameters.Add("managedby", $"~null~");
properties.Clear();
properties.Add("postalcode", new string[] { "90210" });
parameters.Add("properties", YamlHelpers.Serialize(properties, true, false));
result = Utility.CallPlan("ModifyOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit.Properties.ContainsKey("managedBy"), Is.False);
Assert.That(result.Results[0].OrganizationalUnit.Properties["postalCode"][0], Is.EqualTo("90210"));
// Add Access Rule
Console.WriteLine($"Add Access Rule To OrgUnit [{ouDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", ouDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("AddAccessRuleToOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit.AccessRules.Count, Is.EqualTo(initialRuleCount + 1));
// Remove Access Rule
Console.WriteLine($"Remove Access Rule From OrgUnit [{ouDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", ouDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("RemoveAccessRuleFromOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit.AccessRules.Count, Is.EqualTo(initialRuleCount));
// Set Access Rule
Console.WriteLine($"Set Access Rule On OrgUnit [{ouDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", ouDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("SetAccessRuleOnOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit.AccessRules.Count, Is.EqualTo(initialRuleCount + 1));
// Purge Access Rule
Console.WriteLine($"Purge Access Rules On OrgUnit [{ouDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", ouDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("PurgeAccessRulesOnOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].OrganizationalUnit.AccessRules.Count, Is.EqualTo(initialRuleCount));
// Delete OrgUnit
Console.WriteLine($"Deleting Group");
parameters.Clear();
parameters.Add("identity", ouDistinguishedName);
result = Utility.CallPlan("DeleteOrgUnit", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
}
public void Handler_GroupTestsSuccess()
{
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
Dictionary <string, string> parameters = new Dictionary <string, string>();
// Create Group
Console.WriteLine($"Creating Group : [{groupDistinguishedName}]");
parameters.Clear();
parameters.Add("returngroupmembership", "true");
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", groupDistinguishedName);
parameters.Add("scope", "Universal");
parameters.Add("description", $"Test Group {groupName} Description");
parameters.Add("securitygroup", "true");
parameters.Add("samaccountname", groupName.Substring(0, 19));
parameters.Add("managedby", managedBy.Name);
Dictionary <string, string[]> properties = new Dictionary <string, string[]>();
properties.Add("displayName", new string[] { groupName });
properties.Add("mail", new string[] { $"{groupName}@company.com" });
properties.Add("info", new string[] { $"Random Notes Here." });
parameters.Add("properties", YamlHelpers.Serialize(properties, true, false));
ActiveDirectoryHandlerResults result = Utility.CallPlan("CreateGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.DistinguishedName, Is.EqualTo(groupDistinguishedName));
Assert.That(result.Results[0].Group.Groups, Is.Not.Null);
Assert.That(result.Results[0].Group.AccessRules, Is.Not.Null);
string samAccountName = result.Results[0].Group.SamAccountName;
string sid = result.Results[0].Group.Sid;
string guid = result.Results[0].Group.Guid.ToString();
// Get Group By Name
Console.WriteLine($"Getting Group By Name : [{groupName}]");
parameters.Clear();
parameters.Add("returngroupmembership", "false");
parameters.Add("returnaccessrules", "false");
parameters.Add("returnobjectproperties", "false");
parameters.Add("returnobjects", "false");
parameters.Add("identity", groupName);
result = Utility.CallPlan("GetGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group, Is.Null);
// Get Group By DistinguishedName
Console.WriteLine($"Getting Group By DistinguishedName : [{groupDistinguishedName}]");
parameters.Clear();
parameters.Add("returngroupmembership", "false");
parameters.Add("returnaccessrules", "false");
parameters.Add("returnobjectproperties", "false");
parameters.Add("returnobjects", "true");
parameters.Add("identity", groupDistinguishedName);
result = Utility.CallPlan("GetGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.Groups, Is.Null);
Assert.That(result.Results[0].Group.AccessRules, Is.Null);
Assert.That(result.Results[0].Group.Properties, Is.Null);
// Get Group By SamAccountName
Console.WriteLine($"Getting Group By SamAccountName : [{samAccountName}]");
parameters.Clear();
parameters.Add("identity", samAccountName);
result = Utility.CallPlan("GetGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group, Is.Not.Null);
Assert.That(result.Results[0].Group.SamAccountName, Is.EqualTo(samAccountName));
// Get Group By Sid
Console.WriteLine($"Getting Group By SecurityId : [{sid}]");
parameters.Clear();
parameters.Add("identity", sid);
result = Utility.CallPlan("GetGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group, Is.Not.Null);
Assert.That(result.Results[0].Group.Sid, Is.EqualTo(sid));
// Get Group By Guid
Console.WriteLine($"Getting Group By Guid : [{guid}]");
parameters.Clear();
parameters.Add("identity", guid);
result = Utility.CallPlan("GetGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group, Is.Not.Null);
Assert.That(result.Results[0].Group.Guid.ToString(), Is.EqualTo(guid));
// Modify Group
Console.WriteLine($"Modifying Group");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", groupDistinguishedName);
parameters.Add("managedby", $"~null~");
parameters.Add("scope", "Global");
properties.Clear();
properties.Add("info", new string[] { $"Hello World" });
parameters.Add("properties", YamlHelpers.Serialize(properties, true, false));
result = Utility.CallPlan("ModifyGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.Properties.ContainsKey("managedBy"), Is.False);
Assert.That(result.Results[0].Group.GroupScope.ToString(), Is.EqualTo("Global"));
Assert.That(result.Results[0].Group.Properties["info"][0], Is.EqualTo("Hello World"));
// AccessRules
int initialRuleCount = result.Results[0].Group.AccessRules.Count;
// Add Access Rule
Console.WriteLine($"Add Access Rule To Group [{groupDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", groupDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("AddAccessRuleToGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.AccessRules.Count, Is.EqualTo(initialRuleCount + 1));
// Remove Access Rule
Console.WriteLine($"Remove Access Rule From Group [{groupDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", groupDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("RemoveAccessRuleFromGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.AccessRules.Count, Is.EqualTo(initialRuleCount));
// Set Access Rule
Console.WriteLine($"Set Access Rule On Group [{groupDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", groupDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("SetAccessRuleOnGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.AccessRules.Count, Is.EqualTo(initialRuleCount + 1));
// Purge Access Rule
Console.WriteLine($"Purge Access Rules On Group [{groupDistinguishedName}].");
parameters.Clear();
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", groupDistinguishedName);
parameters.Add("ruleidentity", managedBy.DistinguishedName);
parameters.Add("ruletype", "Allow");
parameters.Add("rulerights", "GenericAll");
result = Utility.CallPlan("PurgeAccessRulesOnGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.AccessRules.Count, Is.EqualTo(initialRuleCount));
// Delete Group
Console.WriteLine($"Deleting Group");
parameters.Clear();
parameters.Add("identity", groupDistinguishedName);
result = Utility.CallPlan("DeleteGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
}
public void Handler_GroupManagementTestsSuccess()
{
Dictionary <string, string> parameters = new Dictionary <string, string>();
// Users
UserPrincipal user = Utility.CreateUser(workspaceName);
UserPrincipalObject upo = DirectoryServices.GetUser(user.DistinguishedName, true, false, false);
int initialCount = upo.Groups.Count;
// Add User To Group
Console.WriteLine($"Adding User [{user.Name}] To Group [{targetGroup.Name}]");
parameters.Clear();
parameters.Add("returngroupmembership", "true");
parameters.Add("identity", user.DistinguishedName);
parameters.Add("memberof", targetGroup.DistinguishedName);
ActiveDirectoryHandlerResults result = Utility.CallPlan("AddUserToGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.Groups.Count, Is.EqualTo(initialCount + 1));
// Remove User From Group
Console.WriteLine($"Removing User [{user.Name}] From Group [{targetGroup.Name}]");
parameters.Clear();
parameters.Add("returngroupmembership", "true");
parameters.Add("identity", user.DistinguishedName);
parameters.Add("memberof", targetGroup.DistinguishedName);
result = Utility.CallPlan("RemoveUserFromGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].User.Groups.Count, Is.EqualTo(initialCount));
Utility.DeleteUser(user.DistinguishedName);
// Groups
GroupPrincipal group = Utility.CreateGroup(workspaceName);
GroupPrincipalObject gpo = DirectoryServices.GetGroup(group.DistinguishedName, true, false, false);
initialCount = gpo.Groups.Count;
// Add Group To Group
Console.WriteLine($"Adding Group [{group.Name}] To Group [{targetGroup.Name}]");
parameters.Clear();
parameters.Add("returngroupmembership", "true");
parameters.Add("identity", group.DistinguishedName);
parameters.Add("memberof", targetGroup.DistinguishedName);
result = Utility.CallPlan("AddGroupToGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.Groups.Count, Is.EqualTo(initialCount + 1));
// Remove Group From Group
Console.WriteLine($"Removing Group [{group.Name}] From Group [{targetGroup.Name}]");
parameters.Clear();
parameters.Add("returngroupmembership", "true");
parameters.Add("identity", group.DistinguishedName);
parameters.Add("memberof", targetGroup.DistinguishedName);
result = Utility.CallPlan("RemoveGroupFromGroup", parameters);
Assert.That(result.Results[0].Statuses[0].StatusId, Is.EqualTo(AdStatusType.Success));
Assert.That(result.Results[0].Group.Groups.Count, Is.EqualTo(initialCount));
Utility.DeleteGroup(group.DistinguishedName);
}
private ActiveDirectoryHandlerResults CallPlan(string planName, StartPlanEnvelope planEnvelope)
{
IExecuteController ec = GetExecuteControllerInstance();
StartPlanEnvelope pe = planEnvelope;
if (pe == null)
{
pe = new StartPlanEnvelope()
{
DynamicParameters = new Dictionary <string, string>()
}
}
;
// Add Query String values into Plan Envelope Exactly As Provided
IEnumerable <KeyValuePair <string, string> > queryString = this.Request.GetQueryNameValuePairs();
foreach (KeyValuePair <string, string> kvp in queryString)
{
pe.DynamicParameters.Add(kvp.Key, kvp.Value);
}
object reply = ec.StartPlanSync(pe, planName, setContentType: false);
ActiveDirectoryHandlerResults result = null;
Type replyType = reply.GetType();
if (replyType == typeof(Dictionary <object, object>))
{
String str = YamlHelpers.Serialize(reply);
result = YamlHelpers.Deserialize <ActiveDirectoryHandlerResults>(str);
}
else if (replyType == typeof(XmlDocument))
{
XmlDocument doc = (XmlDocument)reply;
result = XmlHelpers.Deserialize <ActiveDirectoryHandlerResults>(doc.InnerXml);
}
else
{
try
{
result = YamlHelpers.Deserialize <ActiveDirectoryHandlerResults>(reply.ToString());
}
catch (Exception)
{
try
{
// Reply was not Json or Yaml. See if Xml
XmlDocument doc = new XmlDocument();
doc.LoadXml(reply.ToString());
result = XmlHelpers.Deserialize <ActiveDirectoryHandlerResults>(doc.InnerXml);
}
catch (Exception)
{
// Reply was of unknown type. Put Raw Output In Return Object
result = new ActiveDirectoryHandlerResults();
ActiveDirectoryObjectResult error = new ActiveDirectoryObjectResult();
ActiveDirectoryStatus status = new ActiveDirectoryStatus();
status.StatusId = AdStatusType.NotSupported;
status.Message = $"Unable To Parse ObjectType [{replyType}].";
status.ActionId = ActionType.None;
error.Statuses.Add(status);
error.TypeId = AdObjectType.None;
error.Object = reply;
result.Add(error);
}
}
}
return(result);
}
