protected void GetUserMembership(IADsGroup group, string userName, string propertyName, List <string> userGroups) { try { string userAccountName; string groupAccountName = String.Empty; IADsMembers membership = group.Members(); foreach (object obj in membership) { userAccountName = DirectoryServicesUtils.GetObjectAccountName((IADs)obj, propertyName); if (StringUtil.CompareIgnoreCase(userAccountName, userName)) { if (!StringUtil.IsStringInitialized(groupAccountName)) { groupAccountName = DirectoryServicesUtils.GetObjectAccountName(group, propertyName); } userGroups.Add(groupAccountName); } } } catch (Exception exc) { Log.WriteWarning("Failed to obtain user membership. Details : {0}", exc.Message); } }
private static void AddUserToGroup(Session session, string account, string groupName) { bool isMachine; GroupPrincipal group = CustomActions.FindInDomainOrMachine(groupName, out isMachine) as GroupPrincipal; if (group == null) { throw new NoMatchingPrincipalException($"The group {groupName} could not be found"); } UserPrincipal user = (UserPrincipal)CustomActions.FindInDomainOrMachine(account, out isMachine); if (user == null) { throw new NoMatchingPrincipalException($"The user {account} could not be found"); } DirectoryEntry gde = (DirectoryEntry)group.GetUnderlyingObject(); IADsGroup nativeGroup = (IADsGroup)gde.NativeObject; foreach (object item in nativeGroup.Members()) { byte[] s = (byte[])item.GetType().InvokeMember("ObjectSid", System.Reflection.BindingFlags.GetProperty, null, item, null); SecurityIdentifier sid = new SecurityIdentifier(s, 0); if (user.Sid == sid) { session.Log($"User {account} was already in group {groupName}"); return; } } session.Log($"User {account} was not in group {groupName}"); try { if (gde.Path.StartsWith("winnt", StringComparison.OrdinalIgnoreCase)) { session.Log($"Adding WINNT://{user.Sid} to group {gde.Path}"); nativeGroup.Add($"WINNT://{user.Sid}"); } else { DirectoryEntry ude = (DirectoryEntry)user.GetUnderlyingObject(); session.Log($"Adding {ude.Path} to group {gde.Path}"); nativeGroup.Add(ude.Path); } } catch (System.Runtime.InteropServices.COMException e) { if (e.HResult == -2147019886) //unchecked((int)0x80071392)) { session.Log($"User {account} was already in group {groupName} - 0x80071392"); return; } throw; } }