private void ProcessDelete(AdObject obj, bool returnObject = false) { ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult() { Type = obj.Type, Identity = obj.Identity }; ActiveDirectoryStatus status = new ActiveDirectoryStatus() { Action = config.Action, Status = AdStatusType.Success, Message = "Success", }; try { roleManager.CanPerformActionOrException(requestUser, ActionType.Delete, obj.Identity); switch (obj.Type) { case AdObjectType.User: AdUser user = (AdUser)obj; DirectoryServices.DeleteUser(user.Identity); result.Statuses.Add(status); break; case AdObjectType.Group: AdGroup group = (AdGroup)obj; DirectoryServices.DeleteGroup(group.Identity, isDryRun); result.Statuses.Add(status); break; case AdObjectType.OrganizationalUnit: AdOrganizationalUnit ou = (AdOrganizationalUnit)obj; DirectoryServices.DeleteOrganizationUnit(ou.Identity); result.Statuses.Add(status); break; default: throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported); } String message = $"{obj.Type} [{obj.Identity}] Deleted."; OnLogMessage("ProcessDelete", message); } catch (AdException ex) { ProcessActiveDirectoryException(result, ex, status.Action); } catch (Exception e) { OnLogMessage("ProcessDelete", e.Message); OnLogMessage("ProcessDelete", e.StackTrace); AdException le = new AdException(e); ProcessActiveDirectoryException(result, le, status.Action); } results.Add(result); }
public void Core_DeleteOrgUnitDoesNotExist() { // Get OrgUnit That Does Not Exist String ouName = $"testou_{Utility.GenerateToken( 8 )}"; String ouDistinguishedName = $"GW={ouName},{workspaceName}"; Console.WriteLine($"Deleting OrgUnuit [{ouDistinguishedName}] Which Should Not Exist."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.DeleteOrganizationUnit(ouDistinguishedName)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("cannot be found")); }
public void Core_ModifyOrgUnitBadData() { String badOuName = $"ou=BadOrgUnit,{workspaceName}"; DirectoryServices.CreateOrganizationUnit(badOuName, null); DirectoryEntryObject badOrgUnit = DirectoryServices.GetOrganizationalUnit(badOuName, false, true, false); Dictionary <string, List <string> > properties = new Dictionary <string, List <string> >(); DirectoryServices.AddProperty(properties, "managedBy", "BadManager"); Console.WriteLine($"Modify OrgUnit [{badOrgUnit.Name}] With Bad Property [ManagedBy]"); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.ModifyOrganizationUnit(badOrgUnit.Properties["distinguishedName"][0].ToString(), properties)); DirectoryServices.DeleteOrganizationUnit(badOrgUnit.DistinguishedName); }
public void Handler_ModifyOrgUnitBadProperty() { DirectoryServices.CreateOrganizationUnit($"ou=OuDoesNotExist,{workspaceName}", null); OrganizationalUnitObject ouo = DirectoryServices.GetOrganizationalUnit($"ou=OuDoesNotExist,{workspaceName}", false, true); Dictionary <string, string> parameters = new Dictionary <string, string>(); Console.WriteLine($"Modifying OrgUnit [{ouo.DistinguishedName}] With A Bad Property."); parameters.Add("returngroupmembership", "true"); parameters.Add("returnaccessrules", "true"); parameters.Add("identity", ouo.DistinguishedName); parameters.Add("st", "Louisiana"); // Properties Should Be An Array Of Values YamlDotNet.Core.SyntaxErrorException e = Assert.Throws <YamlDotNet.Core.SyntaxErrorException>(() => Utility.CallPlan("ModifyOrgUnit", parameters)); Console.WriteLine($"Exception Message : {e.Message}"); DirectoryServices.DeleteOrganizationUnit(ouo.DistinguishedName); }
public void Core_PurgeRuleBadUser() { // Get Group That Does Not Exist String groupName = $"testgroup_{Utility.GenerateToken( 8 )}"; String groupDistinguishedName = $"CN={groupName},{workspaceName}"; String testOuName = $"ou=TestOrgUnit001,{workspaceName}"; DirectoryServices.CreateOrganizationUnit(testOuName, null); DirectoryEntryObject ouo = DirectoryServices.GetOrganizationalUnit(testOuName, false, true, false); Console.WriteLine($"Purging AccessRule For Group [{groupName}] Which Should Not Exist From OrgUnit [{ouo.Name}]."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(ouo.DistinguishedName, groupName)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("Can Not Be Found")); DirectoryServices.DeleteOrganizationUnit(ouo.DistinguishedName); }
public void Core_SetRuleBadUser() { // Get Group That Does Not Exist String groupName = $"testgroup_{Utility.GenerateToken( 8 )}"; String groupDistinguishedName = $"CN={groupName},{workspaceName}"; String testOuName = $"ou=TestOrgUnit001,{workspaceName}"; DirectoryServices.CreateOrganizationUnit(testOuName, null); DirectoryEntryObject ouo = DirectoryServices.GetOrganizationalUnit(testOuName, false, true, false); Console.WriteLine($"Setting AccessRule For Group [{groupName}] Which Should Not Exist On OrgUnit [{ouo.Name}]."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SetAccessRule(ouo.DistinguishedName, groupName, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("Can Not Be Found")); DirectoryServices.DeleteOrganizationUnit(ouo.DistinguishedName); }
public void Core_OrgUnitTestSuccess() { // Setup Test String name = $"testou_{Utility.GenerateToken( 8 )}"; String distinguishedName = $"OU={name},{workspaceName}"; Dictionary <string, List <string> > properties = new Dictionary <string, List <string> >(); DirectoryServices.AddProperty(properties, "description", "Test OU"); // Create OrgUnit Console.WriteLine($"Creating OrgUnit : [{distinguishedName}]"); DirectoryServices.CreateOrganizationUnit(distinguishedName, properties); // Get OrgUnit By DistinguishedName Console.WriteLine($"Getting OrgUnit By DisginguishedName : [{distinguishedName}]"); DirectoryEntryObject ouo = DirectoryServices.GetOrganizationalUnit(distinguishedName, true, true, false); Assert.That(ouo, Is.Not.Null); String guid = ouo.Guid.ToString(); // Get OrgUnit By Name Console.WriteLine($"Getting OrgUnit By Name : [{name}]"); ouo = DirectoryServices.GetOrganizationalUnit(name, false, false, false); Assert.That(ouo, Is.Not.Null); // Get OrgUnit By Name Console.WriteLine($"Getting OrgUnit By Guid : [{guid}]"); ouo = DirectoryServices.GetOrganizationalUnit(guid, false, true, false); Assert.That(ouo, Is.Not.Null); Assert.That(ouo.Properties.ContainsKey("description"), Is.True); // Modify OrgUnit DirectoryServices.AddProperty(properties, "description", "~null~", true); DirectoryServices.ModifyOrganizationUnit(distinguishedName, properties); ouo = DirectoryServices.GetOrganizationalUnit(distinguishedName, false, true, false); Assert.That(ouo.Properties.ContainsKey("description"), Is.False); // Create AccessUser For AccessRule Tests (Below) DirectoryEntry orgUnit = DirectoryServices.GetDirectoryEntry(distinguishedName); UserPrincipal accessRuleUser = Utility.CreateUser(workspaceName); int ruleCount = DirectoryServices.GetAccessRules(orgUnit).Count; // Add Access Rule To OrgUnit Console.WriteLine($"Adding AccessRule For User [{accessRuleUser.Name}] To OrgUnit [{orgUnit.Name}]."); DirectoryServices.AddAccessRule(orgUnit, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None); int newRuleCount = DirectoryServices.GetAccessRules(orgUnit).Count; Assert.That(newRuleCount, Is.GreaterThan(ruleCount)); // Removing Access Rule From OrgUnit Console.WriteLine($"Removing AccessRule For User [{accessRuleUser.Name}] From OrgUnit [{orgUnit.Name}]."); DirectoryServices.DeleteAccessRule(orgUnit, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None); newRuleCount = DirectoryServices.GetAccessRules(orgUnit).Count; Assert.That(newRuleCount, Is.EqualTo(ruleCount)); // Seting Access Rule From OrgUnit Console.WriteLine($"Setting AccessRule For User [{accessRuleUser.Name}] On OrgUnit [{orgUnit.Name}]."); DirectoryServices.SetAccessRule(orgUnit, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None); newRuleCount = DirectoryServices.GetAccessRules(orgUnit).Count; Assert.That(newRuleCount, Is.GreaterThan(ruleCount)); // Purge Access Rule From OrgUnit Console.WriteLine($"Purging AccessRules For User [{accessRuleUser.Name}] From OrgUnit [{orgUnit.Name}]."); DirectoryServices.PurgeAccessRules(orgUnit, accessRuleUser); newRuleCount = DirectoryServices.GetAccessRules(orgUnit).Count; Assert.That(newRuleCount, Is.EqualTo(ruleCount)); // Delete AccessRule User Utility.DeleteUser(accessRuleUser.DistinguishedName); // Delete OrgUnit Console.WriteLine($"Deleting OrgUnit : [{distinguishedName}]"); DirectoryServices.DeleteOrganizationUnit(distinguishedName); ouo = DirectoryServices.GetOrganizationalUnit(distinguishedName, false, false, false); Assert.That(ouo, Is.Null); }