private void ProcessDelete(AdObject obj, bool returnObject = false)
{
ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult()
{
Type = obj.Type,
Identity = obj.Identity
};
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = config.Action,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Delete, obj.Identity);
switch (obj.Type)
{
case AdObjectType.User:
AdUser user = (AdUser)obj;
DirectoryServices.DeleteUser(user.Identity);
result.Statuses.Add(status);
break;
case AdObjectType.Group:
AdGroup group = (AdGroup)obj;
DirectoryServices.DeleteGroup(group.Identity, isDryRun);
result.Statuses.Add(status);
break;
case AdObjectType.OrganizationalUnit:
AdOrganizationalUnit ou = (AdOrganizationalUnit)obj;
DirectoryServices.DeleteOrganizationUnit(ou.Identity);
result.Statuses.Add(status);
break;
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
String message = $"{obj.Type} [{obj.Identity}] Deleted.";
OnLogMessage("ProcessDelete", message);
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("ProcessDelete", e.Message);
OnLogMessage("ProcessDelete", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
results.Add(result);
}
public void Core_DeleteOrgUnitDoesNotExist()
{
// Get OrgUnit That Does Not Exist
String ouName = $"testou_{Utility.GenerateToken( 8 )}";
String ouDistinguishedName = $"GW={ouName},{workspaceName}";
Console.WriteLine($"Deleting OrgUnuit [{ouDistinguishedName}] Which Should Not Exist.");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.DeleteOrganizationUnit(ouDistinguishedName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("cannot be found"));
}
public void Core_ModifyOrgUnitBadData()
{
String badOuName = $"ou=BadOrgUnit,{workspaceName}";
DirectoryServices.CreateOrganizationUnit(badOuName, null);
DirectoryEntryObject badOrgUnit = DirectoryServices.GetOrganizationalUnit(badOuName, false, true, false);
Dictionary <string, List <string> > properties = new Dictionary <string, List <string> >();
DirectoryServices.AddProperty(properties, "managedBy", "BadManager");
Console.WriteLine($"Modify OrgUnit [{badOrgUnit.Name}] With Bad Property [ManagedBy]");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.ModifyOrganizationUnit(badOrgUnit.Properties["distinguishedName"][0].ToString(), properties));
DirectoryServices.DeleteOrganizationUnit(badOrgUnit.DistinguishedName);
}
public void Handler_ModifyOrgUnitBadProperty()
{
DirectoryServices.CreateOrganizationUnit($"ou=OuDoesNotExist,{workspaceName}", null);
OrganizationalUnitObject ouo = DirectoryServices.GetOrganizationalUnit($"ou=OuDoesNotExist,{workspaceName}", false, true);
Dictionary <string, string> parameters = new Dictionary <string, string>();
Console.WriteLine($"Modifying OrgUnit [{ouo.DistinguishedName}] With A Bad Property.");
parameters.Add("returngroupmembership", "true");
parameters.Add("returnaccessrules", "true");
parameters.Add("identity", ouo.DistinguishedName);
parameters.Add("st", "Louisiana"); // Properties Should Be An Array Of Values
YamlDotNet.Core.SyntaxErrorException e = Assert.Throws <YamlDotNet.Core.SyntaxErrorException>(() => Utility.CallPlan("ModifyOrgUnit", parameters));
Console.WriteLine($"Exception Message : {e.Message}");
DirectoryServices.DeleteOrganizationUnit(ouo.DistinguishedName);
}
public void Core_PurgeRuleBadUser()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
String testOuName = $"ou=TestOrgUnit001,{workspaceName}";
DirectoryServices.CreateOrganizationUnit(testOuName, null);
DirectoryEntryObject ouo = DirectoryServices.GetOrganizationalUnit(testOuName, false, true, false);
Console.WriteLine($"Purging AccessRule For Group [{groupName}] Which Should Not Exist From OrgUnit [{ouo.Name}].");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(ouo.DistinguishedName, groupName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
DirectoryServices.DeleteOrganizationUnit(ouo.DistinguishedName);
}
public void Core_SetRuleBadUser()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
String testOuName = $"ou=TestOrgUnit001,{workspaceName}";
DirectoryServices.CreateOrganizationUnit(testOuName, null);
DirectoryEntryObject ouo = DirectoryServices.GetOrganizationalUnit(testOuName, false, true, false);
Console.WriteLine($"Setting AccessRule For Group [{groupName}] Which Should Not Exist On OrgUnit [{ouo.Name}].");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SetAccessRule(ouo.DistinguishedName, groupName, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
DirectoryServices.DeleteOrganizationUnit(ouo.DistinguishedName);
}
public void Core_OrgUnitTestSuccess()
{
// Setup Test
String name = $"testou_{Utility.GenerateToken( 8 )}";
String distinguishedName = $"OU={name},{workspaceName}";
Dictionary <string, List <string> > properties = new Dictionary <string, List <string> >();
DirectoryServices.AddProperty(properties, "description", "Test OU");
// Create OrgUnit
Console.WriteLine($"Creating OrgUnit : [{distinguishedName}]");
DirectoryServices.CreateOrganizationUnit(distinguishedName, properties);
// Get OrgUnit By DistinguishedName
Console.WriteLine($"Getting OrgUnit By DisginguishedName : [{distinguishedName}]");
DirectoryEntryObject ouo = DirectoryServices.GetOrganizationalUnit(distinguishedName, true, true, false);
Assert.That(ouo, Is.Not.Null);
String guid = ouo.Guid.ToString();
// Get OrgUnit By Name
Console.WriteLine($"Getting OrgUnit By Name : [{name}]");
ouo = DirectoryServices.GetOrganizationalUnit(name, false, false, false);
Assert.That(ouo, Is.Not.Null);
// Get OrgUnit By Name
Console.WriteLine($"Getting OrgUnit By Guid : [{guid}]");
ouo = DirectoryServices.GetOrganizationalUnit(guid, false, true, false);
Assert.That(ouo, Is.Not.Null);
Assert.That(ouo.Properties.ContainsKey("description"), Is.True);
// Modify OrgUnit
DirectoryServices.AddProperty(properties, "description", "~null~", true);
DirectoryServices.ModifyOrganizationUnit(distinguishedName, properties);
ouo = DirectoryServices.GetOrganizationalUnit(distinguishedName, false, true, false);
Assert.That(ouo.Properties.ContainsKey("description"), Is.False);
// Create AccessUser For AccessRule Tests (Below)
DirectoryEntry orgUnit = DirectoryServices.GetDirectoryEntry(distinguishedName);
UserPrincipal accessRuleUser = Utility.CreateUser(workspaceName);
int ruleCount = DirectoryServices.GetAccessRules(orgUnit).Count;
// Add Access Rule To OrgUnit
Console.WriteLine($"Adding AccessRule For User [{accessRuleUser.Name}] To OrgUnit [{orgUnit.Name}].");
DirectoryServices.AddAccessRule(orgUnit, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None);
int newRuleCount = DirectoryServices.GetAccessRules(orgUnit).Count;
Assert.That(newRuleCount, Is.GreaterThan(ruleCount));
// Removing Access Rule From OrgUnit
Console.WriteLine($"Removing AccessRule For User [{accessRuleUser.Name}] From OrgUnit [{orgUnit.Name}].");
DirectoryServices.DeleteAccessRule(orgUnit, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None);
newRuleCount = DirectoryServices.GetAccessRules(orgUnit).Count;
Assert.That(newRuleCount, Is.EqualTo(ruleCount));
// Seting Access Rule From OrgUnit
Console.WriteLine($"Setting AccessRule For User [{accessRuleUser.Name}] On OrgUnit [{orgUnit.Name}].");
DirectoryServices.SetAccessRule(orgUnit, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None);
newRuleCount = DirectoryServices.GetAccessRules(orgUnit).Count;
Assert.That(newRuleCount, Is.GreaterThan(ruleCount));
// Purge Access Rule From OrgUnit
Console.WriteLine($"Purging AccessRules For User [{accessRuleUser.Name}] From OrgUnit [{orgUnit.Name}].");
DirectoryServices.PurgeAccessRules(orgUnit, accessRuleUser);
newRuleCount = DirectoryServices.GetAccessRules(orgUnit).Count;
Assert.That(newRuleCount, Is.EqualTo(ruleCount));
// Delete AccessRule User
Utility.DeleteUser(accessRuleUser.DistinguishedName);
// Delete OrgUnit
Console.WriteLine($"Deleting OrgUnit : [{distinguishedName}]");
DirectoryServices.DeleteOrganizationUnit(distinguishedName);
ouo = DirectoryServices.GetOrganizationalUnit(distinguishedName, false, false, false);
Assert.That(ouo, Is.Null);
}
