/// <summary>
/// CheckMFAUser method implmentation
/// </summary>
private bool CheckMFAUser(UsersADDSRecord Parameters, string identity)
{
try
{
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password))
{
string qryldap = "(&(objectCategory=person)(objectClass=user)(" + ADDSClaimsUtilities.GetADDSSearchAttribute() + "=" + identity + "))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
dsusr.PropertiesToLoad.Clear();
dsusr.PropertiesToLoad.Add("objectGUID");
dsusr.PropertiesToLoad.Add("userPrincipalName");
dsusr.PropertiesToLoad.Add("sAMAccountName");
dsusr.PropertiesToLoad.Add("msDS-PrincipalName");
dsusr.ReferralChasing = ReferralChasingOption.All;
SearchResult sr = dsusr.FindOne();
if (sr != null)
{
return(sr.Properties["objectGUID"][0] != null);
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000);
// throw new Exception(ex.Message);
}
return(false);
}
/// <summary>
/// DoImportUser method implementation
/// </summary>
private void DoImportUser(DirectoryEntry DirEntry, MFAUniqueUserList users, UsersADDSRecord Parameters, bool disableall = false)
{
if (DirEntry.Properties["objectGUID"].Value != null)
{
MFAUser reg = new MFAUser();
try
{
reg.ID = new Guid((byte[])DirEntry.Properties["objectGUID"].Value).ToString();
if (DirEntry.Properties[ADDSClaimsUtilities.GetADDSUserAttribute()] != null)
{
if (DirEntry.Properties[ADDSClaimsUtilities.GetADDSUserAttribute()].Count > 0)
{
reg.UPN = DirEntry.Properties[ADDSClaimsUtilities.GetADDSUserAttribute()][0].ToString();
if (!string.IsNullOrEmpty(Parameters.MailAttribute))
{
if (DirEntry.Properties[Parameters.MailAttribute].Value != null)
{
reg.MailAddress = DirEntry.Properties[Parameters.MailAttribute].Value.ToString();
}
}
else
{
if (DirEntry.Properties["otherMailbox"].Value != null)
{
reg.MailAddress = DirEntry.Properties["otherMailbox"].Value.ToString();
}
else if (DirEntry.Properties["mail"].Value != null)
{
reg.MailAddress = DirEntry.Properties["mail"].Value.ToString();
}
}
if (!string.IsNullOrEmpty(Parameters.PhoneAttribute))
{
if (DirEntry.Properties[Parameters.PhoneAttribute].Value != null)
{
reg.PhoneNumber = DirEntry.Properties[Parameters.PhoneAttribute].Value.ToString();
}
}
else
{
if (DirEntry.Properties["mobile"].Value != null)
{
reg.PhoneNumber = DirEntry.Properties["mobile"].Value.ToString();
}
else if (DirEntry.Properties["otherMobile"].Value != null)
{
reg.PhoneNumber = DirEntry.Properties["otherMobile"].Value.ToString();
}
else if (DirEntry.Properties["telephoneNumber"].Value != null)
{
reg.PhoneNumber = DirEntry.Properties["telephoneNumber"].Value.ToString();
}
}
reg.PreferredMethod = Parameters.Method;
reg.OverrideMethod = string.Empty;
if (disableall)
{
reg.Enabled = false;
}
else if (DirEntry.Properties["userAccountControl"] != null)
{
int v = Convert.ToInt32(DirEntry.Properties["userAccountControl"].Value);
reg.Enabled = ((v & 2) == 0);
}
else
{
reg.Enabled = true;
}
users.AddOrUpdate(reg);
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry("User ID : " + reg.ID + " Error : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 20104);
}
}
}
/// <summary>
/// ImportMFAUsers method implementation
/// </summary>
public virtual MFAUserList ImportMFAUsers(UsersADDSRecord Parameters, bool disableall = false)
{
if (!string.IsNullOrEmpty(Parameters.LDAPPath))
{
Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldap://", "");
Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldaps://", "");
Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAP://", "");
Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAPS://", "");
}
MFAUniqueUserList registrations = new MFAUniqueUserList();
try
{
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, Parameters.LDAPPath))
{
string qryldap = string.Empty;
string subldap = string.Empty;
bool hasval1 = false;
bool hasval2 = false;
qryldap = "(|(&(objectCategory=group)(objectClass=group))(&(objectCategory=user)(objectClass=user)";
if (Parameters.CreatedSince.HasValue)
{
subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
hasval1 = true;
}
if (Parameters.ModifiedSince.HasValue)
{
subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
hasval2 = true;
}
if (hasval1 && hasval2)
{
qryldap += "(|" + subldap + ")";
}
else if (hasval1 || hasval2)
{
qryldap += subldap;
}
qryldap += "))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute);
dsusr.SizeLimit = 100000; // Set maxrows
dsusr.PageSize = 5000;
SearchResultCollection src = dsusr.FindAll();
if (src != null)
{
foreach (SearchResult sr in src)
{
using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr))
{
int k = IsImportUser(DirEntry.Properties["objectClass"].Value);
switch (k)
{
case 1:
DoImportUser(DirEntry, registrations, Parameters, disableall);
break;
case 2:
if (!Parameters.NoRecurse)
{
DoImportGroup(DirEntry, registrations, Parameters, disableall);
}
break;
default:
break;
}
}
}
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry("Root : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
// throw new Exception(ex.Message);
}
return(registrations);
}
/// <summary>
/// DoImportGroup method implementation
/// </summary>
private void DoImportGroup(DirectoryEntry DirEntry, MFAUniqueUserList users, UsersADDSRecord Parameters, bool disableall)
{
string distinguishedName = string.Empty;
string sidstr = string.Empty;
try
{
distinguishedName = DirEntry.Properties["distinguishedName"].Value.ToString();
byte[] SD = (byte[])DirEntry.Properties["objectSID"].Value;
string sid = new SecurityIdentifier(SD, 0).ToString();
sidstr = sid.Substring(sid.LastIndexOf("-") + 1);
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password)) // Binding Root
{
string qryldap = string.Empty;
string subldap = string.Empty;
bool hasval1 = false;
bool hasval2 = false;
qryldap = "(| (&(objectCategory=group)(objectClass=group)(memberof=" + distinguishedName + ")) (&(objectCategory=user)(objectClass=user)(|(memberof=" + distinguishedName + ")(primaryGroupID=" + sidstr + "))";
if (Parameters.CreatedSince.HasValue)
{
subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
hasval1 = true;
}
if (Parameters.ModifiedSince.HasValue)
{
subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
hasval2 = true;
}
if (hasval1 && hasval2)
{
qryldap += "(|" + subldap + ")";
}
else if (hasval1 || hasval2)
{
qryldap += subldap;
}
qryldap += "))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute);
dsusr.SizeLimit = 100000; // Set maxrows
dsusr.PageSize = 5000;
SearchResultCollection src = dsusr.FindAll();
if (src != null)
{
foreach (SearchResult sr in src)
{
using (DirectoryEntry SubDirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr))
{
int k = IsImportUser(SubDirEntry.Properties["objectClass"].Value);
switch (k)
{
case 1:
DoImportUser(SubDirEntry, users, Parameters, disableall);
break;
case 2:
if (!Parameters.NoRecurse)
{
DoImportGroup(SubDirEntry, users, Parameters, disableall);
}
break;
default:
break;
}
}
}
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry("DN : " + distinguishedName + " SID : " + sidstr + " Error : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
// throw new Exception(ex.Message);
}
}
/// <summary>
/// CleanMFAUsers method implementation
/// </summary>
public virtual List <string> CleanMFAUsers(UsersADDSRecord Parameters)
{
MFAUniqueDeletedUserList registrations = new MFAUniqueDeletedUserList();
try
{
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password))
{
string qryldap = string.Empty;
qryldap = "(&(objectClass=user)(isDeleted=TRUE))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
AddPropertiesToLoadForDeleted(dsusr);
dsusr.SizeLimit = 10000; // Set maxrows
dsusr.PageSize = 5000;
dsusr.ExtendedDN = ExtendedDN.Standard;
dsusr.Tombstone = true;
SearchResultCollection src = dsusr.FindAll();
if (src != null)
{
foreach (SearchResult sr in src)
{
string upn = string.Empty;
string sam = string.Empty;
if (sr.Properties.Contains("userPrincipalName"))
{
upn = sr.Properties["userPrincipalName"][0].ToString();
}
if (sr.Properties.Contains("sAMAccountName"))
{
sam = sr.Properties["sAMAccountName"][0].ToString();
}
if (!string.IsNullOrEmpty(upn) && !string.IsNullOrEmpty(sam))
{
string identity = string.Empty;
if (ADDSClaimsUtilities.GetADDSSearchAttribute().Equals("userPrincipalName"))
{
identity = upn;
}
else
{
identity = sam;
}
if (!CheckMFAUser(Parameters, identity))
{
registrations.AddOrUpdate(identity);
}
}
}
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
throw new Exception(ex.Message);
}
return(registrations);
}