private static Dictionary <string, int> GetAllPortalObjects(ADObjectType objType) { var resultNodes = GetAllPortalObjectsByADObjectTypeAndPath(objType, "/Root/IMS"); //var startPath = "/Root/IMS"; //var types = (objType == ADObjectType.AllContainers) // ? new[] { Common.GetNodeType(ADObjectType.OrgUnit).Name, Common.GetNodeType(ADObjectType.Container).Name, Common.GetNodeType(ADObjectType.Domain).Name } // : new[] { Common.GetNodeType(objType).Name }; //var settings = new QuerySettings { EnableAutofilters = FilterStatus.Disabled, EnableLifespanFilter = FilterStatus.Disabled }; //var result = ContentQuery.Query(SafeQueries.InTreeAndTypeIs, settings, startPath, types); var nodeList = new List <Node>(); foreach (var node in resultNodes) { try { if (!string.IsNullOrEmpty(node.GetProperty <string>("SyncGuid"))) { nodeList.Add(node); } } catch (Exception ex) { AdLog.LogError("Error caching nodes" + Environment.NewLine + "NodeId: " + node.Id + Environment.NewLine + "Node path: " + node.Path); AdLog.LogException(ex); throw ex; // rethrow, do not allow adsync to run. if there is something wrong with the syncguid property things can go wrong (content unintentionally deleted, etc.) } } var guidIdList = nodeList.Select(node => new { Guid = node.GetProperty <string>("SyncGuid").ToLower(), ID = node.Id }); return(guidIdList.ToDictionary(a => a.Guid, a => a.ID)); }
// gets members of an AD group and returns the corresponding list of <Guid, ADObjectType> objects private Dictionary <Guid, ADGroupMember> GetADGroupMembers(DirectoryEntry group, SyncTree syncTree) { var members = new Dictionary <Guid, ADGroupMember>(); var memberCount = group.Properties["member"].Count; AdLog.LogADObject(string.Format("Group contains {0} member(s).", memberCount), group.Path); for (int i = 0; i < memberCount; i++) { string sMemberDN = group.Properties["member"][i].ToString(); var objSyncTree = GetSyncTreeForObject(sMemberDN); if (objSyncTree == null) { AdLog.LogWarning(string.Format("AD group contains an object that is not contained in any of the synctrees, group's synctree will be used to retrieve the object (group: {0}, object: {1})", group.Path, sMemberDN)); objSyncTree = syncTree; } using (DirectoryEntry oADMember = objSyncTree.ConnectToObject(sMemberDN)) { if (oADMember != null) { var guid = Common.GetADObjectGuid(oADMember, _config.GuidProp); if (guid != null) { var userNameProp = oADMember.Properties[_config.UserNameProp]; var userNameValue = userNameProp == null ? null : userNameProp.Value; if (userNameValue == null) { AdLog.LogError(string.Format("Property {0} of AD group member \"{1}\" is missing or value is null", _config.UserNameProp, sMemberDN)); continue; } members.Add( ((Guid)guid), new ADGroupMember() { objType = Common.GetADObjectType(oADMember, _config.NovellSupport), Path = oADMember.Path, SamAccountName = userNameValue.ToString() }); } } else { AdLog.LogWarning(string.Format("AD group member could not be retrieved (group: {0}, object: {1})", group.Path, sMemberDN)); } } } return(members); }
public void DeleteADObject(string nodePath, Guid?guid) { IUser originalUser = User.Current; Common.ChangeToAdminAccount(); try { if (!IsSyncedObject(nodePath)) { return; } AdLog.LogPortalObject("Deleting AD object", nodePath); //var guid = Common.GetPortalObjectGuid(node); if (guid.HasValue) { SyncTreeADObject ADObject = GetADObjectByGuid((Guid)guid); using (DirectoryEntry entry = ADObject.entry) { if (entry != null) { // disable users under AD object and move them to specific folder var deletedPath = ADObject.syncTree.DeletedADObjectsPath; bool entryDeleted = false; using (DirectoryEntry deletedParent = ADObject.syncTree.ConnectToObject(deletedPath)) { using (SearchResultCollection resultColl = ADObject.syncTree.GetUsersUnderADObject(entry)) { foreach (SearchResult result in resultColl) { using (DirectoryEntry userEntry = result.GetDirectoryEntry()) { var userPath = userEntry.Path; // disable user and move to deleted folder if (deletedParent != null) { userEntry.MoveTo(deletedParent); } else { AdLog.LogError("Folder for deleted users could not be found on AD server!"); } Common.DisableUserAccount(userEntry); Common.DisableADObjectCustomProperties(userEntry, _propertyMappings, _config.ADNameMaxLength, _config.ADsAMAccountNameMaxLength); userEntry.CommitChanges(); // ha a parent objektum maga egy user volt, akkor őt később már nem kell törölni if (entry.Path == userPath) { entryDeleted = true; } } } } } // delete remaining entries under this entry including itself (if it has not been deleted yet) if (!entryDeleted) { // double check user containment: if it still contains users, raise an error! using (SearchResultCollection resultColl = ADObject.syncTree.GetUsersUnderADObject(entry)) { if (resultColl.Count == 0) { entry.DeleteTree(); } else { AdLog.LogErrorADObject("AD container cannot be deleted, it contains users!", entry.Path); } } } } else { AdLog.LogErrorPortalObject(string.Format("AD object with the given GUID ({0}) does not exist", guid.ToString()), nodePath); } } } else { AdLog.LogErrorPortalObject("Portal node does not have a syncguid", nodePath); } } catch (Exception ex) { AdLog.LogException(ex); throw new Exception(ex.Message, ex); } }
private void UpdatePortalGroupProperties(DirectoryEntry entry, Node node, SyncTree syncTree) { AdLog.LogObjects("Updating portal group properties", entry.Path, node.Path); node.Name = Common.GetADObjectName(entry.Name); // set members var group = (Group)node; var portalMembers = group.Members; var adMembers = GetADGroupMembers(entry, syncTree); var removeMembers = new List <Node>(); // add new members: foreach (Guid guid in adMembers.Keys) { try { //bool validResult; //Node portalNode = GetNodeByGuid(guid, adMembers[guid].objType, out validResult); //string adPath = adMembers[guid].Path; //var portalNodePath = syncTree.GetPortalPath(adPath); //portalNodePath = portalNodePath.Substring(0, portalNodePath.LastIndexOf('/')); //portalNodePath = RepositoryPath.Combine(portalNodePath, adMembers[guid].SamAccountName); //Node portalNode = Node.Load<Node>(portalNodePath); Node portalNode = null; string guidStr = guid.ToString(); if (_useOnTheFlyMemberQuery) { portalNode = Common.GetPortalObjectByGuid(guid); } else { switch (adMembers[guid].objType) { case ADObjectType.User: portalNode = (_portalUsers.ContainsKey(guidStr)) ? Node.LoadNode(_portalUsers[guidStr]) : null; break; case ADObjectType.Group: portalNode = (_portalGroups.ContainsKey(guidStr)) ? Node.LoadNode(_portalGroups[guidStr]) : null; break; default: break; } } if (portalNode != null) { if (!portalMembers.Any(n => n.Id == portalNode.Id)) { switch (adMembers[guid].objType) { case ADObjectType.Group: group.AddMember((IGroup)portalNode); break; case ADObjectType.User: group.AddMember((IUser)portalNode); break; default: // log: AD group membere se nem user, se nem group AdLog.LogErrorObjects("Member is neither a user nor a group", adMembers[guid].Path, portalNode.Path); break; } } } else { // log: a group a portálon nem létező user-t tartalmaz // a synctree-k elvileg tartalmazzák, mert a GetADGroupMembers csak synctree által tartalmazott objektumokat ad vissza AdLog.LogErrorADObject("Member does not exist in portal", adMembers[guid].Path); } } catch { AdLog.LogErrorADObject("Could not add member to group", adMembers[guid].Path); } } // remove old members // add nodes of portal group members to removeMembers list, // that have no corresponding AD objects in AD group foreach (Node member in portalMembers) { string guidStr = member["SyncGuid"] as string; if (guidStr != null) { if (!adMembers.Keys.Contains(new Guid(guidStr))) { removeMembers.Add(member); } } else { // log: a portál csoport szinkronizálatlan objektumot is tartalmaz AdLog.LogError(string.Format("Portal group contains unsynchronized object (group: {0}, object: {1}", group.Path, member.Path)); } } // remove members from portal group foreach (Node member in removeMembers) { var portalUser = member as IUser; if (portalUser != null) { group.RemoveMember(portalUser); } else { var portalGroup = member as IGroup; if (portalGroup != null) { group.RemoveMember(portalGroup); } } } // node.Save() nem kell, később mentődik }