public HttpResponseMessage Delete(string computer, [FromUri] string accessToken)
{
bool isAuth = CheckpointAuth.CheckCheckpointToken(accessToken);
HttpResponseMessage response = new HttpResponseMessage();
ComputerAccountResult result = new ComputerAccountResult();
if (isAuth)
{
result = ActiveDirectory.DeleteComputerAccount(computer);
response = Request.CreateResponse(HttpStatusCode.OK, result);
}
else
{
result.action = "delete";
result.message = "Invalid token.";
result.serverName = computer;
response = Request.CreateResponse(HttpStatusCode.Forbidden, result);
}
return(response);
}
/// <summary>
/// This method receives a string containing the server name, and deletes it's computer account.
/// </summary>
/// <param name="serverName">a string containing the server name.</param>
/// <returns>A ComputerAccountResult containing the action performed, a success/failure message,
/// the name of the server which the computer account belongs to and the path of the object in AD.</returns>
public static ComputerAccountResult DeleteComputerAccount(string serverName)
{
// Set up the result object.
ComputerAccountResult result = new ComputerAccountResult()
{
action = "delete",
message = string.Empty,
serverName = serverName,
objectADPath = string.Empty
};
// Set up domain context.
PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain);
// Check if an existing computer account exists in AD.
ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(pc, serverName);
if (computer != null)
{
result.objectADPath = computer.DistinguishedName;
computer.Delete();
result.message = "Computer Account deleted successfully.";
}
else
{
result.message = "No such Computer Account.";
}
return(result);
}
public static ComputerAccountResult GenerateResultForTooLongCANameProd()
{
ComputerAccountResult result = new ComputerAccountResult();
result.action = "create";
result.message = "Computer Account name longer than 15 characters.";
result.serverName = TestConstants.TooLongComputerAccountNameProd;
return(result);
}
public static ComputerAccountResult GenerateResultForInvalidEnvironmentTest()
{
ComputerAccountResult result = new ComputerAccountResult();
result.action = "create";
result.message = "Invalid site/environment provided.";
result.serverName = TestConstants.NewComputerAccountTest;
result.objectADPath = string.Empty;
return(result);
}
public static ComputerAccountResult GenerateResultForNonExistingCADeleteProd(string site)
{
ComputerAccountResult result = new ComputerAccountResult();
result.action = "delete";
result.serverName = TestConstants.NonExistingComputerAccountToDeleteProd;
result.message = "No such Computer Account.";
result.objectADPath = string.Empty;
return(result);
}
public static ComputerAccountResult GenerateResultForCADeleteProd(string site)
{
ComputerAccountResult result = new ComputerAccountResult();
result.action = "delete";
result.serverName = TestConstants.NewComputerAccountProd;
result.message = "Computer Account deleted successfully.";
result.objectADPath =
$"CN={TestConstants.NewComputerAccountProd},OU={TestConstants.ExistingOrganizationalUnitProd},OU={site},[DEFAULT_DIRECTORY_PATH]";
return(result);
}
public static ComputerAccountResult GenerateResultForExistingCAInProd(string site)
{
ComputerAccountResult result = new ComputerAccountResult();
result.action = "create";
result.message = "Computer Account already exists.";
result.serverName = TestConstants.ExistingComputerAccountProd;
site = StringHandler.ToTitleCase(site);
result.objectADPath =
$"CN={TestConstants.ExistingComputerAccountProd},OU={TestConstants.ExistingOrganizationalUnitProd},OU={site},[DEFAULT_DIRECTORY_PATH]";
return(result);
}
public static ComputerAccountResult GenerateResultForNewCAInProd(bool newOU, string site)
{
ComputerAccountResult result = new ComputerAccountResult();
result.action = "create";
result.message = "Computer Account created successfully.";
result.serverName = TestConstants.NewComputerAccountProd;
site = StringHandler.ToTitleCase(site);
if (newOU)
{
result.objectADPath =
$"LDAP://CN={TestConstants.NewComputerAccountProd},OU={TestConstants.NewOrganizationalUnitProd},OU={site},[DEFAULT_DIRECTORY_PATH]";
}
else
{
result.objectADPath =
$"LDAP://CN={TestConstants.NewComputerAccountProd},OU={TestConstants.ExistingOrganizationalUnitProd},OU={site},[DEFAULT_DIRECTORY_PATH]";
}
return(result);
}
public HttpResponseMessage Post([FromUri] string accessToken, [FromBody] ComputerAccountRequest caRequest)
{
bool isAuth = CheckpointAuth.CheckCheckpointToken(accessToken);
HttpResponseMessage response = new HttpResponseMessage();
ComputerAccountResult result = new ComputerAccountResult();
if (isAuth)
{
if (caRequest.serverName.Length > 15)
{
result.action = "create";
result.message = "Computer Account name longer than 15 characters.";
result.serverName = caRequest.serverName;
response = Request.CreateResponse(HttpStatusCode.BadRequest, result);
}
else
{
result = ActiveDirectory.CreateComputerAccount(caRequest);
response = Request.CreateResponse(HttpStatusCode.OK, result);
}
}
else
{
result.action = "create";
result.message = "Invalid token.";
result.serverName = caRequest.serverName;
response = Request.CreateResponse(HttpStatusCode.Forbidden, result);
}
return(response);
}
/// <summary>
/// This method receives a ComputerAccountRequest object containing the server name,
/// The site name and the project name and creates the computer account, a new OU
/// will be created if necessary.
/// </summary>
/// <param name="request">A ComputerAccountRequest object containing the server name,
/// the site name and the project name.</param>
public static void CreateComputerAccountVoid(ComputerAccountRequest request)
{
// Set up the result object.
ComputerAccountResult result = new ComputerAccountResult()
{
action = "create",
message = string.Empty,
serverName = request.serverName,
objectADPath = string.Empty
};
// Set up domain context.
PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain);
// Check if an existing computer account exists in AD.
ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(pc, request.serverName);
// Creating DirectoryEntry object.
DirectoryEntry adSiteRoot;
DirectoryEntry newOU;
DirectoryEntry newCA;
while (computer != null)
{
computer = ComputerPrincipal.FindByIdentity(pc, request.serverName);
}
if (computer == null)
{
// No such computer account, creating.
// Initializing DirectoryEntry object.
adSiteRoot = GetDirectoryEntryBySite(request);
if (adSiteRoot == null)
{
result.message = "Invalid site/environment provided.";
result.objectADPath = string.Empty;
}
else
{
// Generating path of the target OU by project name.
newOU = adSiteRoot.Children.Add($"OU={request.projectName}", "OrganizationalUnit");
// Checking if the OU already exists.
if (!DirectoryEntry.Exists(newOU.Path))
{
// OU doesn't exist, Creating new OU for the Computer Account.
newOU.CommitChanges();
}
// Creating new Computer Account in the OU.
newCA = newOU.Children.Add($"CN={request.serverName}", "computer");
// Applying Server Name in uppercase as the sAMAccountName because by default AD generates a random
// GUID for new servers.
// Adding a trailing $ due to pre-windows 2000 server name requirements.
newCA.Properties["sAMAccountName"].Value = request.serverName.ToUpper() + "$";
// Defining the properties PASSWD_NOTREQD and WORKSTATION_TRUST_ACCOUNT.
newCA.Properties["userAccountControl"].Value = 0x1020;
newCA.CommitChanges();
result.message = "Computer Account created successfully.";
result.objectADPath = newCA.Path;
}
}
else
{
// Computer already exists in AD.
result.message = "Computer Account already exists.";
result.objectADPath = computer.DistinguishedName;
}
}
