public void Core_GroupNotFound() { // Get Group That Does Not Exist String groupName = $"testgroup_{Utility.GenerateToken( 8 )}"; String groupDistinguishedName = $"CN={groupName},{workspaceName}"; Console.WriteLine($"Getting Group [{groupName}] Which Should Not Exist."); GroupPrincipalObject group = DirectoryServices.GetGroup(groupName, true, true, true); Assert.That(group, Is.Null); Console.WriteLine($"Getting Group Principal [{groupName}] Which Should Not Exist."); GroupPrincipal gp = DirectoryServices.GetGroupPrincipal(groupDistinguishedName); Assert.That(gp, Is.Null); }
private void ProcessModify(AdObject obj, bool returnObject = true) { ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult() { Type = obj.Type, Identity = obj.Identity }; ActiveDirectoryStatus status = new ActiveDirectoryStatus() { Action = config.Action, Status = AdStatusType.Success, Message = "Success", }; try { string statusAction = "Modified"; switch (obj.Type) { case AdObjectType.User: AdUser user = (AdUser)obj; UserPrincipal up = null; if (config.UseUpsert && !DirectoryServices.IsExistingUser(obj.Identity)) { if (DirectoryServices.IsDistinguishedName(obj.Identity)) { String path = DirectoryServices.GetParentPath(obj.Identity); roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path); up = user.CreateUserPrincipal(); statusAction = "Created"; } else { throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For User Creation.", AdStatusType.MissingInput); } } else { roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity); up = DirectoryServices.GetUserPrincipal(obj.Identity); if (up == null) { throw new AdException($"User [{obj.Identity}] Not Found.", AdStatusType.DoesNotExist); } user.UpdateUserPrincipal(up); } DirectoryServices.SaveUser(up, isDryRun); OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + "."); if (user.Groups != null) { ProcessGroupAdd(user, false); } result.Statuses.Add(status); break; case AdObjectType.Group: AdGroup group = (AdGroup)obj; GroupPrincipal gp = null; if (config.UseUpsert && !DirectoryServices.IsExistingGroup(obj.Identity)) { if (DirectoryServices.IsDistinguishedName(obj.Identity)) { String path = DirectoryServices.GetParentPath(obj.Identity); roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path); gp = group.CreateGroupPrincipal(); statusAction = "Created"; } else { throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For Group Creation.", AdStatusType.MissingInput); } } else { roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity); gp = DirectoryServices.GetGroupPrincipal(obj.Identity); if (gp == null) { throw new AdException($"Group [{obj.Identity}] Not Found.", AdStatusType.DoesNotExist); } group.UpdateGroupPrincipal(gp); } DirectoryServices.SaveGroup(gp, isDryRun); OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + "."); if (group.Groups != null) { ProcessGroupAdd(group, false); } result.Statuses.Add(status); break; case AdObjectType.OrganizationalUnit: AdOrganizationalUnit ou = (AdOrganizationalUnit)obj; // Get DistinguishedName from User or Group Identity for ManagedBy Property if (!String.IsNullOrWhiteSpace(ou.ManagedBy)) { if (ou.Properties == null) { ou.Properties = new Dictionary <string, List <string> >(); } if (!ou.Properties.ContainsKey("managedBy")) { String distinguishedName = DirectoryServices.GetDistinguishedName(ou.ManagedBy); if (distinguishedName == null) { distinguishedName = ou.ManagedBy; } List <String> values = new List <string>() { distinguishedName }; ou.Properties.Add("managedBy", values); } } if (config.UseUpsert && !DirectoryServices.IsExistingDirectoryEntry(obj.Identity)) { if (DirectoryServices.IsDistinguishedName(obj.Identity)) { String path = DirectoryServices.GetParentPath(obj.Identity); roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path); if (!String.IsNullOrWhiteSpace(ou.Description)) { DirectoryServices.AddProperty(ou.Properties, "description", ou.Description); } DirectoryServices.CreateOrganizationUnit(obj.Identity, ou.Properties, isDryRun); statusAction = "Created"; } else { throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For Organizational Unit Creation.", AdStatusType.MissingInput); } } else { roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity); if (!String.IsNullOrWhiteSpace(ou.Description)) { DirectoryServices.AddProperty(ou.Properties, "description", ou.Description); } DirectoryServices.ModifyOrganizationUnit(ou.Identity, ou.Properties, isDryRun); } OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + "."); result.Statuses.Add(status); break; default: throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported); } if (returnObject) { result.Object = GetActiveDirectoryObject(obj); } } catch (AdException ex) { ProcessActiveDirectoryException(result, ex, status.Action); } catch (Exception e) { OnLogMessage("ProcessCreate", e.Message); OnLogMessage("ProcessCreate", e.StackTrace); AdException le = new AdException(e); ProcessActiveDirectoryException(result, le, status.Action); } results.Add(result); }
public void Core_GroupTestSuccess() { // Get Group By Distinguished Name Console.WriteLine($"Getting Group By DisginguishedName : [{group.DistinguishedName}]"); GroupPrincipalObject gpo = DirectoryServices.GetGroup(group.DistinguishedName, true, true, true); Assert.That(gpo.DistinguishedName, Is.EqualTo(group.DistinguishedName)); String groupName = gpo.Name; String groupSamAccountName = gpo.SamAccountName; Guid? groupGuid = gpo.Guid; String groupSid = gpo.Sid; // Get Group By Name Console.WriteLine($"Getting Group By Name: [{groupName}]"); gpo = DirectoryServices.GetGroup(groupName, true, true, true); Assert.That(gpo.Name, Is.EqualTo(groupName)); // Get Group By SamAccountName Console.WriteLine($"Getting Group By SamAccountName : [{groupSamAccountName}]"); gpo = DirectoryServices.GetGroup(groupSamAccountName, true, true, true); Assert.That(gpo.SamAccountName, Is.EqualTo(groupSamAccountName)); // Get Group By Guid Console.WriteLine($"Getting Group By Guid : [{groupGuid}]"); gpo = DirectoryServices.GetGroup(groupGuid.ToString(), true, true, true); Assert.That(gpo.Guid, Is.EqualTo(groupGuid)); // Get Group By Sid Console.WriteLine($"Getting Group By Sid : [{groupSid}]"); gpo = DirectoryServices.GetGroup(groupSid, true, true, true); Assert.That(gpo.Sid, Is.EqualTo(groupSid)); // Modify Group Console.WriteLine($"Modifying Group : [{groupName}]"); GroupPrincipal gp = DirectoryServices.GetGroupPrincipal(groupName); gp.DisplayName = "Unit Test Group"; gp.Description = "Unit Test Description"; DirectoryServices.SaveGroup(gp); gpo = DirectoryServices.GetGroup(groupName, false, false, false); Assert.That(gpo.DisplayName, Is.EqualTo("Unit Test Group")); Assert.That(gpo.Description, Is.EqualTo("Unit Test Description")); // Create AccessUser For AccessRule Tests (Below) UserPrincipal accessRuleUser = Utility.CreateUser(workspaceName); int ruleCount = DirectoryServices.GetAccessRules(group).Count; // Add Access Rule To Group Console.WriteLine($"Adding AccessRule For User [{accessRuleUser.Name}] To Group [{group.Name}]."); DirectoryServices.AddAccessRule(group, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None); int newRuleCount = DirectoryServices.GetAccessRules(group).Count; Assert.That(newRuleCount, Is.GreaterThan(ruleCount)); // Removing Access Rule From Group Console.WriteLine($"Removing AccessRule For User [{accessRuleUser.Name}] From Group [{group.Name}]."); DirectoryServices.DeleteAccessRule(group, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None); newRuleCount = DirectoryServices.GetAccessRules(group).Count; Assert.That(newRuleCount, Is.EqualTo(ruleCount)); // Seting Access Rule From Group Console.WriteLine($"Setting AccessRule For User [{accessRuleUser.Name}] On Group [{group.Name}]."); DirectoryServices.SetAccessRule(group, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None); newRuleCount = DirectoryServices.GetAccessRules(group).Count; Assert.That(newRuleCount, Is.GreaterThan(ruleCount)); // Purge Access Rule From Group Console.WriteLine($"Purging AccessRules For User [{accessRuleUser.Name}] From Group [{group.Name}]."); DirectoryServices.PurgeAccessRules(group, accessRuleUser); newRuleCount = DirectoryServices.GetAccessRules(group).Count; Assert.That(newRuleCount, Is.EqualTo(ruleCount)); // Delete AccessRule User Utility.DeleteUser(accessRuleUser.DistinguishedName); }