private IList <SearchResult> GetGroups(JitGroupMapping mapping)
{
string filter = $"(&(objectCategory=group))";
string path = $"LDAP://{mapping.GroupOU}";
return(this.GetObjects(path, SearchScope.OneLevel, filter));
}
public JitGroupMappingViewModel(JitGroupMapping model, ILogger <JitGroupMappingViewModel> logger, IDialogCoordinator dialogCoordinator, IModelValidator <JitGroupMappingViewModel> validator, IDiscoveryServices discoveryServices, IObjectSelectionProvider objectSelectionProvider)
{
this.logger = logger;
this.dialogCoordinator = dialogCoordinator;
this.Model = model;
this.objectSelectionProvider = objectSelectionProvider;
this.Validator = validator;
this.discoveryServices = discoveryServices;
}
public void SerializeJitGroupMapping()
{
JitGroupMapping s = new JitGroupMapping();
s.ComputerOU = TestContext.CurrentContext.Random.GetString();
s.GroupOU = TestContext.CurrentContext.Random.GetString();
s.GroupNameTemplate = TestContext.CurrentContext.Random.GetString();
s.GroupType = GroupType.Global;
JitGroupMapping n = JsonConvert.DeserializeObject <JitGroupMapping>(JsonConvert.SerializeObject(s));
Assert.AreEqual(s.ComputerOU, n.ComputerOU);
Assert.AreEqual(s.GroupOU, n.GroupOU);
Assert.AreEqual(s.GroupNameTemplate, n.GroupNameTemplate);
Assert.AreEqual(s.GroupType, n.GroupType);
}
private void PerformSync(JitGroupMapping mapping, CancellationToken cancellationToken)
{
this.ThrowOnMappingConfigurationError(mapping);
if (!this.deltaInformation.TryGetValue(mapping.ComputerOU, out SearchParameters usnData))
{
usnData = new SearchParameters
{
Server = mapping.PreferredDC,
DnsDomain = this.discoveryServices.GetDomainNameDns(mapping.ComputerOU),
LastUsn = 0
};
this.deltaInformation.Add(mapping.ComputerOU, usnData);
}
cancellationToken.ThrowIfCancellationRequested();
if (this.deltaSyncInterval <= 0 || DateTime.UtcNow > usnData.LastFullSync.AddMinutes(this.fullSyncInterval))
{
this.logger.LogTrace("Resetting for a full sync");
usnData.Server = mapping.PreferredDC;
usnData.LastUsn = 0;
}
this.PopulateUsnDataWithFallback(usnData);
cancellationToken.ThrowIfCancellationRequested();
if (usnData.LastUsn == usnData.HighestUsn)
{
this.logger.LogTrace($"No directory changes detected on {usnData.Server}");
return;
}
if (usnData.LastUsn == 0)
{
this.PerformFullSync(mapping, usnData, cancellationToken);
usnData.LastFullSync = DateTime.UtcNow;
}
else
{
this.PerformPartialSync(mapping, usnData, cancellationToken);
}
usnData.LastUsn = usnData.HighestUsn;
}
private void PerformPartialSync(JitGroupMapping mapping, SearchParameters data)
{
this.logger.LogTrace($"Performing delta JIT group synchronization for domain {data.DnsDomain} against server {data.Server}");
var computers = GetComputers(mapping, data);
var expectedGroupNames = GetExpectedGroupNames(computers, mapping.GroupNameTemplate).ToList();
if (expectedGroupNames.Count > 0)
{
this.logger.LogTrace($"{expectedGroupNames.Count} groups to create");
this.CreateGroups(expectedGroupNames, mapping.GroupOU, mapping.GroupDescription, mapping.GroupType);
}
else
{
this.logger.LogTrace("No groups need to be created");
}
}
private void PerformFullSync(JitGroupMapping mapping, SearchParameters data, CancellationToken cancellationToken)
{
this.logger.LogTrace($"Performing full JIT group synchronization for domain {data.DnsDomain} against server {data.Server}");
cancellationToken.ThrowIfCancellationRequested();
var computers = GetComputers(mapping, data);
cancellationToken.ThrowIfCancellationRequested();
var groups = GetGroups(mapping);
cancellationToken.ThrowIfCancellationRequested();
var expectedGroupNames = GetExpectedGroupNames(computers, mapping.GroupNameTemplate).ToList();
var currentGroupNames = groups.Select(t => t.GetPropertyString("cn")).ToList();
var groupsToCreate = expectedGroupNames.Except(currentGroupNames, StringComparer.CurrentCultureIgnoreCase).ToList();
if (groupsToCreate.Count > 0)
{
this.logger.LogTrace($"{groupsToCreate.Count} groups to create");
this.CreateGroups(groupsToCreate, mapping.GroupOU, mapping.GroupDescription, mapping.GroupType, cancellationToken);
}
else
{
this.logger.LogTrace("No groups need to be created");
}
if (mapping.EnableJitGroupDeletion)
{
var groupsToDelete = groups
.Where(t => !expectedGroupNames.Contains(t.GetPropertyString("cn"), StringComparer.CurrentCultureIgnoreCase))
.Select(t => t.GetPropertyString("msDS-PrincipalName")).ToList();
if (groupsToDelete.Count > 0)
{
this.logger.LogTrace($"{groupsToDelete.Count} groups to delete");
this.DeleteGroups(groupsToDelete, cancellationToken);
}
else
{
this.logger.LogTrace("No groups need to be deleted");
}
}
}
private void ThrowOnMappingConfigurationError(JitGroupMapping mapping)
{
if (string.IsNullOrWhiteSpace(mapping.ComputerOU))
{
throw new ConfigurationException("A JIT group mapping contains a null ComputerOU field");
}
if (string.IsNullOrWhiteSpace(mapping.GroupOU))
{
throw new ConfigurationException("A JIT group mapping contains a null GroupOU field");
}
if (string.IsNullOrWhiteSpace(mapping.GroupNameTemplate))
{
throw new ConfigurationException("A JIT group mapping had a null GroupNameTemplate field");
}
if (!this.groupResolver.IsTemplatedName(mapping.GroupNameTemplate))
{
throw new ConfigurationException(
$"The mapping for computers in OU '{mapping.ComputerOU}' contains a template without the %computerName% placeholder and cannot be processed");
}
}
public JitGroupMappingViewModel CreateViewModel(JitGroupMapping model)
{
return(new JitGroupMappingViewModel(model, validator));
}
public JitGroupMappingViewModel CreateViewModel(JitGroupMapping model)
{
return(new JitGroupMappingViewModel(model, logger, dialogCoordinator, validator.Invoke(), discoveryServices, objectSelectionProvider));
}
private IList <SearchResult> GetComputers(JitGroupMapping mapping, SearchParameters searchParams)
{
return(this.GetObjects(searchParams.Server, mapping.ComputerOU, "computer",
mapping.Subtree ? SearchScope.Subtree : SearchScope.OneLevel, searchParams.LastUsn, searchParams.HighestUsn));
}
public JitGroupMappingViewModel(JitGroupMapping model, IModelValidator <JitGroupMappingViewModel> validator)
{
this.Model = model;
this.Validator = validator;
}
