public void CreateUser(UsersObject newUser)
{
CPDatabase database = null;
ADGroup ldapGroup = null;
ADUser ldapUser = null;
CloudPanelTransaction newUserTransaction = new CloudPanelTransaction();
try
{
// Insert into database
database = new CPDatabase();
// Make sure the user doesn't already exist
var foundUser = (from u in database.Users
where u.UserPrincipalName == newUser.UserPrincipalName
select u).FirstOrDefault();
if (foundUser != null)
ThrowEvent(AlertID.FAILED, "User already exists " + newUser.UserPrincipalName);
else
{
// Get the company's OU where we need to save the user
var companyDistinguishedName = (from c in database.Companies
where !c.IsReseller
where c.CompanyCode == newUser.CompanyCode
select c.DistinguishedName).First();
// Check if they are using a custom user's OU
if (!string.IsNullOrEmpty(StaticSettings.UsersOU))
companyDistinguishedName = string.Format("OU={0},{1}", StaticSettings.UsersOU, companyDistinguishedName);
ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
UsersObject createdUser = ldapUser.NewUser(newUser, companyDistinguishedName, StaticSettings.AllowCustomNameAttribute);
newUserTransaction.NewUser(createdUser.UserPrincipalName);
// Add the users to the groups
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.AddMember("AllUsers@" + newUser.CompanyCode, createdUser.UserPrincipalName, "upn");
if (newUser.IsCompanyAdmin)
ldapGroup.AddMember("Admins@" + newUser.CompanyCode, createdUser.UserPrincipalName, "upn");
// Insert into database
User sqlUser = new User();
sqlUser.UserGuid = createdUser.UserGuid;
sqlUser.CompanyCode = createdUser.CompanyCode;
sqlUser.sAMAccountName = createdUser.sAMAccountName;
sqlUser.UserPrincipalName = createdUser.UserPrincipalName;
sqlUser.DistinguishedName = createdUser.DistinguishedName;
sqlUser.DisplayName = createdUser.DisplayName;
sqlUser.Firstname = createdUser.Firstname;
sqlUser.Middlename = createdUser.Middlename;
sqlUser.Lastname = createdUser.Lastname;
sqlUser.Email = string.Empty;
sqlUser.Department = createdUser.Department;
sqlUser.IsResellerAdmin = createdUser.IsResellerAdmin;
sqlUser.IsCompanyAdmin = createdUser.IsCompanyAdmin;
sqlUser.MailboxPlan = 0;
sqlUser.TSPlan = 0;
sqlUser.LyncPlan = 0;
sqlUser.Created = DateTime.Now;
sqlUser.AdditionalMB = 0;
sqlUser.ActiveSyncPlan = 0;
database.Users.Add(sqlUser);
// Insert permissions into database
if (createdUser.IsCompanyAdmin)
{
UserPermission newPermissions = new UserPermission();
newPermissions.UserID = sqlUser.ID;
newPermissions.EnableExchange = createdUser.EnableExchangePerm;
newPermissions.DisableExchange = createdUser.DisableExchangePerm;
newPermissions.AddDomain = createdUser.AddDomainPerm;
newPermissions.DeleteDomain = createdUser.DeleteDomainPerm;
newPermissions.EnableAcceptedDomain = createdUser.EnableAcceptedDomainPerm;
newPermissions.DisableAcceptedDomain = createdUser.DisableAcceptedDomainPerm;
database.UserPermissions.Add(newPermissions);
}
database.SaveChanges();
}
}
catch (Exception ex)
{
ThrowEvent(AlertID.FAILED, ex.Message);
// Rollback on error
newUserTransaction.RollBack();
}
finally
{
if (ldapUser != null)
ldapUser.Dispose();
if (ldapGroup != null)
ldapGroup.Dispose();
if (database != null)
database.Dispose();
}
}
public void UpdateUser(UsersObject updateUser, bool isSuperOrResellerAdmin)
{
CPDatabase database = null;
ADGroup ldapGroup = null;
ADUser ldapUser = null;
try
{
database = new CPDatabase();
// Get the user from the database
var foundUser = (from u in database.Users
where u.UserPrincipalName == updateUser.UserPrincipalName
select u).FirstOrDefault();
if (foundUser == null)
ThrowEvent(AlertID.FAILED, "Unknown user " + updateUser.UserPrincipalName);
else
{
this.logger.Debug("Found user " + foundUser.UserPrincipalName + " in the database. Continuing...");
// Update the user values
foundUser.Firstname = updateUser.Firstname;
foundUser.Middlename = updateUser.Middlename;
foundUser.Lastname = updateUser.Lastname;
foundUser.DisplayName = updateUser.DisplayName;
foundUser.Department = updateUser.Department;
// Update user in Active Directory
ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapUser.UpdateUser(updateUser, StaticSettings.AllowCustomNameAttribute);
// Only update these values if super admin or reseller admin is modifying the user
if (isSuperOrResellerAdmin)
{
this.logger.Debug("Super admin or reseller is updating user so we can check comapny admin permissions and reseller permissions");
foundUser.IsCompanyAdmin = updateUser.IsCompanyAdmin;
foundUser.IsResellerAdmin = updateUser.IsResellerAdmin;
// Get permissions from database
var userPermissions = (from p in database.UserPermissions
where p.UserID == foundUser.ID
select p).FirstOrDefault();
// If the user is no longer a company admin then remove permissions from the database
if (userPermissions != null && !updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " is no longer a comapny admin. Need to remove rights from database and security group");
database.UserPermissions.Remove(userPermissions);
// Remove from Admins@ security group
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.RemoveMember("Admins@" + updateUser.CompanyCode, updateUser.UserPrincipalName, "upn");
}
else if (userPermissions != null && updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " is a company admin. Need to update company admin rights in database.");
// If user permissions was found and the user is company admin then update the values
userPermissions.EnableExchange = updateUser.EnableExchangePerm;
userPermissions.DisableExchange = updateUser.DisableExchangePerm;
userPermissions.AddDomain = updateUser.AddDomainPerm;
userPermissions.DeleteDomain = updateUser.DeleteDomainPerm;
userPermissions.EnableAcceptedDomain = updateUser.EnableAcceptedDomainPerm;
userPermissions.DisableAcceptedDomain = updateUser.DisableAcceptedDomainPerm;
}
else if (userPermissions == null && updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " does not have any existing company admin rights. We need to add them to the database.");
// No existing permissions were found and we need to add to database
userPermissions = new UserPermission();
userPermissions.UserID = foundUser.ID;
userPermissions.EnableExchange = updateUser.EnableExchangePerm;
userPermissions.DisableExchange = updateUser.DisableExchangePerm;
userPermissions.AddDomain = updateUser.AddDomainPerm;
userPermissions.DeleteDomain = updateUser.DeleteDomainPerm;
userPermissions.EnableAcceptedDomain = updateUser.EnableAcceptedDomainPerm;
userPermissions.DisableAcceptedDomain = updateUser.DisableAcceptedDomainPerm;
database.UserPermissions.Add(userPermissions);
// Add to Admins@ security group
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.AddMember("Admins@" + updateUser.CompanyCode, updateUser.UserPrincipalName, "upn");
}
}
else
this.logger.Debug("User making changes to " + updateUser.UserPrincipalName + " is not a super admin or reseller admin. We cannot update company admin or reseller admin permissions unless the user making changes is a super or reseller admin.");
// Update database
database.SaveChanges();
}
}
catch (Exception ex)
{
this.logger.Debug("Error updating user " + updateUser.UserPrincipalName, ex);
ThrowEvent(AlertID.FAILED, ex.Message);
}
finally
{
if (ldapUser != null)
ldapUser.Dispose();
if (ldapGroup != null)
ldapGroup.Dispose();
if (database != null)
database.Dispose();
}
}
/// <summary>
/// Creates a new reseller
/// </summary>
/// <param name="reseller"></param>
/// <param name="baseOrganizationalUnit"></param>
public void NewReseller(ResellerObject reseller, string baseOrganizationalUnit)
{
CPDatabase database = null;
// Rollback class in case something goes wrong we can undo changes
CloudPanelTransaction events = new CloudPanelTransaction();
try
{
database = new CPDatabase();
// Generate the company code
string companyCode = ResellerObject.GenerateCompanyCode(reseller.CompanyName);
// Loop and make sure one does exist or find one that does
int count = 0;
for (int i = 0; i < 1000; i++)
{
if (Validation.DoesCompanyCodeExist(companyCode))
{
this.logger.Info("Tried to create a new reseller with company code " + companyCode + " but it already existed... trying another code");
companyCode = companyCode + count.ToString();
count++;
}
else
{
reseller.CompanyCode = companyCode; // Assign company code to object
break;
}
}
// Create the reseller in Active Directory
ADOrganizationalUnit adOrg = new ADOrganizationalUnit(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
string distinguishedName = adOrg.CreateReseller(StaticSettings.HostingOU, reseller);
events.NewOrganizationalUnitEvent(distinguishedName);
// Create the security group
ADGroup adGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
adGroup.Create(distinguishedName, "GPOAccess@" + companyCode, "", true, false);
events.NewSecurityGroup("GPOAccess@" + companyCode);
// Add the new group to the GPOAccess@Hosting group for group policy permissions
adGroup.AddMember("GPOAccess@Hosting", "GPOAccess@" + companyCode, "name");
// Add access rights
adOrg.AddAccessRights(distinguishedName, "GPOAccess@" + companyCode);
// Insert into database
Company company = new Company();
company.IsReseller = true;
company.CompanyName = reseller.CompanyName;
company.CompanyCode = companyCode;
company.Street = reseller.Street;
company.City = reseller.City;
company.State = reseller.State;
company.ZipCode = reseller.ZipCode;
company.Country = reseller.Country;
company.PhoneNumber = reseller.Telephone;
company.AdminName = reseller.AdminName;
company.AdminEmail = reseller.AdminEmail;
company.Created = DateTime.Now;
company.DistinguishedName = distinguishedName;
database.Companies.Add(company);
database.SaveChanges();
// Notify success
ThrowEvent(AlertID.SUCCESS, "Successfully created new reseller " + reseller.CompanyName);
}
catch (Exception ex)
{
ThrowEvent(AlertID.FAILED, ex.Message);
// Rollback on error
events.RollBack();
}
finally
{
if (database != null)
database.Dispose();
}
}
/// <summary>
/// Creates a new company
/// </summary>
/// <param name="company"></param>
/// <param name="resellerCode"></param>
public void NewCompany(CompanyObject company, string resellerCode)
{
CPDatabase database = null;
// Rollback class in case something goes wrong we can undo changes
CloudPanelTransaction events = new CloudPanelTransaction();
try
{
database = new CPDatabase();
// Generate the company code
string companyCode = CompanyObject.GenerateCompanyCode(company.CompanyName, company.UseCompanyNameInsteadofCompanyCode);
// Loop and make sure one does exist or find one that does
int count = 0;
for (int i = 0; i < 1000; i++)
{
if (Validation.DoesCompanyCodeExist(companyCode))
{
this.logger.Info("Tried to create a new company with company code " + companyCode + " but it already existed... trying another code");
companyCode = companyCode + count.ToString();
count++;
}
else
{
company.CompanyCode = companyCode; // Assign company code to object
break;
}
}
// Get the resellers distinguished name
var resellerDistinguishedName = (from r in database.Companies
where r.IsReseller
where r.CompanyCode == resellerCode
select r.DistinguishedName).First();
#region Create Organizational Units
//
// Create organizational units
//
ADOrganizationalUnit adOrg = new ADOrganizationalUnit(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
// Check if resellers are enabled and create the organizational unit in the correct place
string newCompanyDistinguishedName = string.Empty;
if (!StaticSettings.ResellersEnabled)
newCompanyDistinguishedName = adOrg.CreateCompany(StaticSettings.HostingOU, company);
else
newCompanyDistinguishedName = adOrg.CreateCompany(resellerDistinguishedName, company);
events.NewOrganizationalUnitEvent(newCompanyDistinguishedName);
adOrg.RemoveAuthUsersRights(newCompanyDistinguishedName); // Removes authenticated users from the OU;
// Create the Exchange OU
string exchangeOU = adOrg.CreateOU(newCompanyDistinguishedName, "Exchange", company.Domains[0]);
events.NewOrganizationalUnitEvent(exchangeOU);
adOrg.RemoveAuthUsersRights(exchangeOU); // Removes authenticated users from the OU;
// Create the Applications OU
string applicationsOU = adOrg.CreateOU(newCompanyDistinguishedName, "Applications", company.Domains[0]);
events.NewOrganizationalUnitEvent(applicationsOU);
adOrg.RemoveAuthUsersRights(applicationsOU); // Removes authenticated users from the OU;
// Create the custom users OU if there is one
string customUsersOU = string.Empty;
if (!string.IsNullOrEmpty(StaticSettings.UsersOU))
{
customUsersOU = adOrg.CreateOU(newCompanyDistinguishedName, StaticSettings.UsersOU, company.Domains[0]);
events.NewOrganizationalUnitEvent(customUsersOU);
adOrg.RemoveAuthUsersRights(customUsersOU); // Removes authenticated users from the OU;
}
#endregion
#region Create Security Groups
//
// Create Security Groups
//
ADGroup adGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
// Create the Admins security group
adGroup.Create(newCompanyDistinguishedName, "Admins@" + companyCode, "", true, false);
events.NewSecurityGroup("Admins@" + companyCode);
// Create the All Users security group
adGroup.Create(newCompanyDistinguishedName, "AllUsers@" + companyCode, "", true, false);
events.NewSecurityGroup("AllUsers@" + companyCode);
// Create the AllTSUsers security groups
adGroup.Create(newCompanyDistinguishedName, "AllTSUsers@" + companyCode, "", true, false);
events.NewSecurityGroup("AllTSUsers@" + companyCode);
// Add AllTSUsers to the AllTSUsers@Hosting group
adGroup.AddMember("AllTSUsers@Hosting", "AllTSUsers@" + companyCode, "name");
// Check the GPOAccess and see if we are using resellers or not. Then add the group to the GPOAccess security group
if (StaticSettings.ResellersEnabled)
{
adGroup.AddMember("GPOAccess@"+ resellerCode, "AllTSUsers@" + companyCode, "name");
}
else
{
adGroup.AddMember("GPOAccess@Hosting", "AllTSUsers@" + companyCode, "name");
}
#endregion
#region Add read rights to organizational units
//
// Now add read rights
//
adOrg.AddAccessRights(newCompanyDistinguishedName, "AllUsers@ " + companyCode);
adOrg.AddAccessRights(exchangeOU, "AllUsers@" + companyCode);
adOrg.AddAccessRights(applicationsOU, "AllUsers@" + companyCode);
if (!string.IsNullOrEmpty(StaticSettings.UsersOU))
adOrg.AddAccessRights(customUsersOU, "AllUsers@" + companyCode);
#endregion
// Insert into database
Company newCompanyDb = new Company();
newCompanyDb.IsReseller = false;
newCompanyDb.CompanyName = company.CompanyName;
newCompanyDb.CompanyCode = company.CompanyCode;
newCompanyDb.ResellerCode = resellerCode;
newCompanyDb.Street = company.Street;
newCompanyDb.City = company.City;
newCompanyDb.State = company.State;
newCompanyDb.ZipCode = company.ZipCode;
newCompanyDb.Country = company.Country;
newCompanyDb.PhoneNumber = company.Telephone;
newCompanyDb.AdminName = company.AdminName;
newCompanyDb.AdminEmail = company.AdminEmail;
newCompanyDb.DistinguishedName = newCompanyDistinguishedName;
newCompanyDb.Created = DateTime.Now;
database.Companies.Add(newCompanyDb);
database.SaveChanges();
events.InsertCompanyToDatabase(newCompanyDb.CompanyCode);
// Insert domain into database
Domain newDomain = new Domain();
newDomain.CompanyCode = newCompanyDb.CompanyCode;
newDomain.Domain1 = company.Domains[0];
newDomain.IsAcceptedDomain = false;
newDomain.IsLyncDomain = false;
newDomain.IsSubDomain = false;
database.Domains.Add(newDomain);
database.SaveChanges();
// Notify success
ThrowEvent(AlertID.SUCCESS, "Successfully created new company " + newCompanyDb.CompanyName);
}
catch (Exception ex)
{
ThrowEvent(AlertID.FAILED, ex.Message);
// Rollback on error
events.RollBack();
}
finally
{
if (database != null)
database.Dispose();
}
}
private void Delete_Group(string groupname)
{
ADGroup group = null;
try
{
this.logger.Warn("Rolling back action... Deleting group " + groupname);
group = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
group.Delete(groupname);
this.logger.Warn("Successfully deleted " + groupname);
}
catch (Exception ex)
{
this.logger.Error("Failed to roll back action... Deleting group " + groupname, ex);
}
}