public static string CreateAdGroup(string name, string adPath)
{
string grpSid = String.Empty;
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
//DirectoryEntry directoryEntry = new DirectoryEntry(DomainPath);
//DirectoryEntry ou = directoryEntry.Children.Find(adPath);
//DirectoryEntry group = ou.Children.Add($"CN={name}", "group");
//group.Properties["samAccountName"].Value = name;
//group.CommitChanges();
bool groupIsExist = false;
DirectoryEntry directoryEntry = new DirectoryEntry(DomainPath);
using (directoryEntry)
{
//Если пользователь существует
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", name);
SearchResult resultGroup = search.FindOne();
groupIsExist = resultGroup != null && resultGroup.Properties.Contains("sAMAccountName");
if (!groupIsExist)
{
DirectoryEntry ou = directoryEntry.Children.Find(adPath);
DirectoryEntry group = ou.Children.Add($"CN={name}", "group");
group.Properties["samAccountName"].Value = name;
group.CommitChanges();
SecurityIdentifier sid = new SecurityIdentifier((byte[])group.Properties["objectsid"][0],
0);
grpSid = sid.Value;
}
else
{
SecurityIdentifier sid = new SecurityIdentifier((byte[])resultGroup.Properties["objectsid"][0],
0);
grpSid = sid.Value;
}
}
}
return grpSid;
}
public static bool UserIs(IPrincipal user, params AdGroup[] groups)
{
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
var context = new PrincipalContext(ContextType.Domain);
var userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, user.Identity.Name);
if (userPrincipal == null) return false;
//if (userPrincipal.IsMemberOf(context, IdentityType.Sid, AdUserGroup.GetSidByAdGroup(AdGroup.SuperAdmin))) { return true; }//Если юзер Суперадмин
foreach (var grp in groups)
{
if (userPrincipal.IsMemberOf(context, IdentityType.Sid, AdUserGroup.GetSidByAdGroup(grp)))
{
return true;
}
}
return false;
}
}
public static string CreateSimpleAdUser(string username, string password, string name, string description, string adPath = "OU=Users,OU=UNIT,DC=UN1T,DC=GROUP")
{
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
bool userIsExist = false;
DirectoryEntry directoryEntry = new DirectoryEntry(DomainPath);
using (directoryEntry)
{
//Если пользователь существует
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", username);
SearchResult resultUser = search.FindOne();
userIsExist = resultUser != null && resultUser.Properties.Contains("sAMAccountName");
}
if (!userIsExist)
{
//Создаем аккаунт в AD
using (
var pc = new PrincipalContext(ContextType.Domain, "UN1T", adPath))
{
using (var up = new UserPrincipal(pc))
{
up.SamAccountName = username;
up.UserPrincipalName = username + "@unitgroup.ru";
up.SetPassword(password);
up.Enabled = true;
up.PasswordNeverExpires = true;
up.UserCannotChangePassword = true;
up.Description = description;
//up.DistinguishedName = "DC=unitgroup.ru";
try
{
up.Save();
}
catch (PrincipalOperationException ex)
{
}
up.UnlockAccount();
}
}
}
directoryEntry = new DirectoryEntry(DomainPath);
using (directoryEntry)
{
//DirectoryEntry user = directoryEntry.Children.Add("CN=" + username, "user");
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", username);
search.PropertiesToLoad.Add("objectsid");
search.PropertiesToLoad.Add("samaccountname");
search.PropertiesToLoad.Add("userPrincipalName");
search.PropertiesToLoad.Add("mail");
search.PropertiesToLoad.Add("usergroup");
search.PropertiesToLoad.Add("displayname");
search.PropertiesToLoad.Add("givenName");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("title");
search.PropertiesToLoad.Add("telephonenumber");
search.PropertiesToLoad.Add("homephone");
search.PropertiesToLoad.Add("mobile");
search.PropertiesToLoad.Add("manager");
search.PropertiesToLoad.Add("l");
search.PropertiesToLoad.Add("company");
search.PropertiesToLoad.Add("department");
SearchResult resultUser = search.FindOne();
if (resultUser == null) return String.Empty;
DirectoryEntry user = resultUser.GetDirectoryEntry();
//SetProp(ref user, ref resultUser, "mail", mail);
SetProp(ref user, ref resultUser, "displayname", name);
SetProp(ref user, ref resultUser, "givenName", username);
SetProp(ref user, ref resultUser, "sn", name);
SetProp(ref user, ref resultUser, "title", description);
//SetProp(ref user, ref resultUser, "telephonenumber", workNum);
//SetProp(ref user, ref resultUser, "mobile", mobilNum);
SetProp(ref user, ref resultUser, "l", description);
SetProp(ref user, ref resultUser, "company", name);
SetProp(ref user, ref resultUser, "department", "-");
//SetProp(ref user, ref resultUser, "manager", "");
//user.Properties["jpegPhoto"].Clear();
//SetProp(ref user, ref resultUser, "jpegPhoto", photo);
user.CommitChanges();
SecurityIdentifier sid = new SecurityIdentifier((byte[])resultUser.Properties["objectsid"][0],
0);
return sid.Value;
}
return String.Empty;
}
}
public static bool UserInGroup(IPrincipal user, params AdGroup[] groups)
{
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
string fakseLogin = null;
if (ConfigurationManager.AppSettings["UserProxy"] == "True")
{
fakseLogin = ConfigurationManager.AppSettings["UserProxyLogin"];
}
string login = fakseLogin ?? user.Identity.Name;
var context = new PrincipalContext(ContextType.Domain);
var userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, login);
if (userPrincipal == null) return false;
if (userPrincipal.IsMemberOf(context, IdentityType.Sid, AdUserGroup.GetSidByAdGroup(AdGroup.SuperAdmin))) { return true; }//Если юзер Суперадмин
//using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
//using (UserPrincipal user = UserPrincipal.FindByIdentity(context, userName))
//using (PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups())
//{
// return groups.OfType<GroupPrincipal>().Any(g => g.Name.Equals(groupName, StringComparison.OrdinalIgnoreCase));
//}
foreach (var grp in groups)
{
if (userPrincipal.IsMemberOf(context, IdentityType.Sid, AdUserGroup.GetSidByAdGroup(grp)))
{
return true;
}
}
return false;
//return groups.Select(grp => GroupPrincipal.FindByIdentity(context, IdentityType.Sid, AdUserGroup.GetSidByAdGroup(grp))).Where(g => g != null).Any(g => g.GetMembers(true).Cast<UserPrincipal>().Any(usr => usr.SamAccountName == login));
}
}
//public static void GetEmployeeManager(Employee emp, out string managerUsername)
//{
// managerUsername = String.Empty;
// if (emp.Department == null) return;
// if (!Department.CheckUserIsChief(emp.Department.Id, emp.Id))
// {
// managerUsername = emp.Manager != null ? GetLoginFromEmail(emp.Manager.Email) : String.Empty;
// }
// if (String.IsNullOrEmpty(managerUsername))
// {
// Department currDep = new Department(emp.Department.Id);
// GetParentDepChief(currDep, out managerUsername);
// }
//}
//public static void GetParentDepChief(Department dep, out string managerUsername)
//{
// managerUsername = String.Empty;
// if (dep.ParentDepartment != null && dep.ParentDepartment.Id > 0)
// {
// var parentDep = new Department(dep.ParentDepartment.Id);
// var overManager = new Employee(parentDep.Chief.Id);
// managerUsername = GetLoginFromEmail(overManager.Email);
// if (String.IsNullOrEmpty(managerUsername))
// {
// GetParentDepChief(parentDep, out managerUsername);
// }
// }
//}
public static string SaveUser(Employee emp)
{
if (!emp.HasAdAccount) return String.Empty;
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
string username = String.IsNullOrEmpty(emp.AdLogin) ? GetLoginFromEmail(emp.Email) : StringHelper.Trim(emp.AdLogin);
if (String.IsNullOrEmpty(username.Trim())) return string.Empty;
string mail = StringHelper.Trim(emp.Email);
string fullName = StringHelper.Trim(emp.FullName);
string surname = StringHelper.Trim(emp.Surname);
string name = StringHelper.Trim(emp.Name);
string position = emp.Position != null ? emp.Position.Id > 0 && String.IsNullOrEmpty(emp.Position.Name) ? new Position(emp.Position.Id).Name : emp.Position.Name : String.Empty;
string workNum = StringHelper.Trim(emp.WorkNum);
string mobilNum = StringHelper.Trim(emp.MobilNum);
string city = emp.City != null ? StringHelper.Trim(emp.City.Name) : String.Empty;
string org = emp.Organization != null ? emp.Organization.Id > 0 && String.IsNullOrEmpty(emp.Organization.Name) ? new Organization(emp.Organization.Id).Name : emp.Organization.Name : String.Empty;
string dep = emp.Department != null ? emp.Department.Id > 0 && String.IsNullOrEmpty(emp.Department.Name) ? new Department(emp.Department.Id).Name : emp.Department.Name : String.Empty;
var photo = emp.Photo != null && emp.Photo.Length > 0 ? emp.Photo : null;
Employee manager = new Employee(emp.Manager.Id);
string managerUsername = String.IsNullOrEmpty(manager.AdLogin)
? GetLoginFromEmail(manager.Email)
: manager.AdLogin;
//GetEmployeeManager(emp, out managerUsername);
string managerName = String.Empty;
bool userIsExist = false;
DirectoryEntry directoryEntry = new DirectoryEntry(DomainPath);
using (directoryEntry)
{
//Если пользователь существует
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", username);
SearchResult resultUser = search.FindOne();
userIsExist = resultUser != null && resultUser.Properties.Contains("sAMAccountName");
}
if (!String.IsNullOrEmpty(managerUsername.Trim()))
{
using (directoryEntry)
{
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", managerUsername);
search.PropertiesToLoad.Add("DistinguishedName");
SearchResult resultManager = search.FindOne();
if (resultManager != null)
managerName = (string)resultManager.Properties["DistinguishedName"][0];
}
}
if (!userIsExist)
{
//Создаем аккаунт в AD
using (
var pc = new PrincipalContext(ContextType.Domain, "UN1T", "OU=Users,OU=UNIT,DC=UN1T,DC=GROUP"))
{
using (var up = new UserPrincipal(pc))
{
up.SamAccountName = username;
up.UserPrincipalName = username + "@unitgroup.ru";
up.SetPassword("z-123456");
up.Enabled = true;
up.ExpirePasswordNow();
try
{
up.Save();
}
catch (PrincipalOperationException ex)
{
}
}
}
//Создаем аккаунт в Exchange
//Создаем аккаунт в Lync
}
//Еще один путь для изменения параметров
//if (up.GetUnderlyingObjectType() == typeof(DirectoryEntry))
//{
// DirectoryEntry entry = (DirectoryEntry)up.GetUnderlyingObject();
// entry.Properties["streetAddress"].Value = address;
// entry.CommitChanges();
//}
directoryEntry = new DirectoryEntry(DomainPath);
using (directoryEntry)
{
//DirectoryEntry user = directoryEntry.Children.Add("CN=" + username, "user");
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", username);
search.PropertiesToLoad.Add("objectsid");
search.PropertiesToLoad.Add("samaccountname");
search.PropertiesToLoad.Add("userPrincipalName");
search.PropertiesToLoad.Add("mail");
search.PropertiesToLoad.Add("usergroup");
search.PropertiesToLoad.Add("displayname");
search.PropertiesToLoad.Add("givenName");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("title");
search.PropertiesToLoad.Add("telephonenumber");
search.PropertiesToLoad.Add("homephone");
search.PropertiesToLoad.Add("mobile");
search.PropertiesToLoad.Add("manager");
search.PropertiesToLoad.Add("l");
search.PropertiesToLoad.Add("company");
search.PropertiesToLoad.Add("department");
//search.PropertiesToLoad.Add("modifyTimeStamp");
//search.PropertiesToLoad.Add("whenChanged");
//search.PropertiesToLoad.Add("whenCreated");
SearchResult resultUser = search.FindOne();
if (resultUser == null) return String.Empty;
//string s = resultUser.Properties["modifyTimeStamp"][0].ToString();
//string s1 = resultUser.Properties["whenChanged"][0].ToString();
//string s2 = resultUser.Properties["whenCreated"][0].ToString();
//DateTime d = DateTime.FromFileTime((Int64)resultUser.Properties["uSNChanged"][0]);
DirectoryEntry user = resultUser.GetDirectoryEntry();
//user.Properties["sAMAccountName"].Value =username;
//user.Properties["userPrincipalName"].Value =username;
SetProp(ref user, ref resultUser, "mail", mail);
SetProp(ref user, ref resultUser, "displayname", fullName);
SetProp(ref user, ref resultUser, "givenName", surname);
SetProp(ref user, ref resultUser, "sn", name);
SetProp(ref user, ref resultUser, "title", position);
SetProp(ref user, ref resultUser, "telephonenumber", workNum);
SetProp(ref user, ref resultUser, "mobile", mobilNum);
SetProp(ref user, ref resultUser, "l", city);
SetProp(ref user, ref resultUser, "company", org);
SetProp(ref user, ref resultUser, "department", dep);
SetProp(ref user, ref resultUser, "manager", managerName);
user.Properties["jpegPhoto"].Clear();
SetProp(ref user, ref resultUser, "jpegPhoto", photo);
//using (WindowsImpersonationContextFacade impersonationContext= new WindowsImpersonationContextFacade(nc))
//{
user.CommitChanges();
//}
SecurityIdentifier sid = new SecurityIdentifier((byte[])resultUser.Properties["objectsid"][0],
0);
return sid.Value;
}
return String.Empty;
}
}
public static void IncludeUser2AdGroup(string userSid, params string[] groupSidList)
{
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
var context = new PrincipalContext(ContextType.Domain);
var userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.Sid, userSid);
if (userPrincipal == null) return;
foreach (var grpSid in groupSidList)
{
//Если пользователь не является членом группы то включаем
if (userPrincipal.IsMemberOf(context, IdentityType.Sid, grpSid))
{
continue;
}
else
{
var group = GroupPrincipal.FindByIdentity(context, IdentityType.Sid, grpSid);
if (group != null)
{
group.Members.Add(userPrincipal);
group.Save();
}
}
}
}
}
public static IEnumerable<KeyValuePair<string, string>> GetUserListByAdGroup(string grpSid)
{
var list = new Dictionary<string, string>();
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
var domain = new PrincipalContext(ContextType.Domain);
var group = GroupPrincipal.FindByIdentity(domain, IdentityType.Sid, grpSid);
if (group != null)
{
var members = group.GetMembers(true);
foreach (var principal in members)
{
var userPrincipal = UserPrincipal.FindByIdentity(domain, principal.SamAccountName);
if (userPrincipal != null)
{
var name = Employee.ShortName(userPrincipal.DisplayName);
var sid = userPrincipal.Sid.Value;
list.Add(sid, name);
}
}
}
}
return list.OrderBy(x => x.Value);
}
public static EmployeeSm GetUserBySid(string sid)
{
var result = new EmployeeSm();
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
var context = new PrincipalContext(ContextType.Domain);
var userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.Sid, sid);
if (userPrincipal != null)
{
result.AdSid = sid;
result.FullName = userPrincipal.DisplayName;
result.DisplayName = Employee.ShortName(result.FullName);
}
}
return result;
}
public static MailAddress[] GetRecipientsFromAdGroup(AdGroup group)
{
var list = new List<MailAddress>();
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
string sid = AdUserGroup.GetSidByAdGroup(group);
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, sid);
if (grp != null)
{
foreach (Principal p in grp.GetMembers(true))
{
string email = new Employee(p.Sid.Value).Email;
if (String.IsNullOrEmpty(email)) continue;
list.Add(new MailAddress(email));
}
grp.Dispose();
}
ctx.Dispose();
return list.ToArray();
}
}
public static IEnumerable<KeyValuePair<string, string>> GetGroupListByAdOrg(AdOrg org)
{
var list = new Dictionary<string, string>();
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
var domain = new PrincipalContext(ContextType.Domain, "UN1T.GROUP", String.Format("{0}, DC=UN1T,DC=GROUP", AdOrganization.GetAdPathByAdOrg(org)));
GroupPrincipal groupList = new GroupPrincipal(domain, "*");
PrincipalSearcher ps = new PrincipalSearcher(groupList);
foreach (var grp in ps.FindAll())
{
list.Add(grp.Sid.Value, grp.Name);
}
}
return list;
}
public static string GetADGroupNameBySid(string sid)
{
string name = null;
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
//Если пользователь существует
var context = new PrincipalContext(ContextType.Domain);
var gp = GroupPrincipal.FindByIdentity(context, IdentityType.Sid, sid);
name = gp.SamAccountName;
}
return name;
}
public static string GenerateLoginByName(string surname, string name)
{
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
string login = String.Empty;
int maxLoginLength = 19; //-1 - потомучто будет точка
var trans = new Transliteration();
string surnameTranslit = trans.GetTranslit(surname);
string nameTranslit = trans.GetTranslit(name);
//Если длина транслита превышает максимальное значение
if (surnameTranslit.Length > maxLoginLength)
{
surnameTranslit = surnameTranslit.Substring(0, maxLoginLength);
nameTranslit = String.Empty;
}
else if (surnameTranslit.Length + nameTranslit.Length > maxLoginLength)
{
nameTranslit = nameTranslit.Substring(0, maxLoginLength - surnameTranslit.Length);
}
bool flag = false;
int i = 0;
int j = 1;
string nameAccount = nameTranslit;
string surnameAccount = surnameTranslit;
do
{
if (i >= 1 && i < nameTranslit.Length)
{
nameAccount = nameTranslit.Substring(0, i);
}
else if (i >= 1 && i >= nameTranslit.Length)
{
login = "******";
break;
//nameAccount = String.Format("{1}{0}", nameTranslit, j++);
}
login = String.Format("{0}.{1}", nameAccount, surnameAccount).ToLower();
DirectoryEntry directoryEntry = new DirectoryEntry(DomainPath);
using (directoryEntry)
{
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", login);
SearchResult result = search.FindOne();
flag = result != null && result.Properties.Contains("sAMAccountName");
}
i++;
} while (flag);
return login;
}
}
public static void ExcludeUserFromAdGroup(string userSid, params AdGroup[] groups)
{
using (WindowsImpersonationContextFacade impersonationContext
= new WindowsImpersonationContextFacade(
nc))
{
var context = new PrincipalContext(ContextType.Domain);
var userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.Sid, userSid);
if (userPrincipal == null) return;
foreach (var grp in groups)
{
//Если пользователь является членом группы то исключаем
if (userPrincipal.IsMemberOf(context, IdentityType.Sid, AdUserGroup.GetSidByAdGroup(grp)))
{
var group = GroupPrincipal.FindByIdentity(context, IdentityType.Sid, AdUserGroup.GetSidByAdGroup(grp));
if (group != null)
{
group.Members.Remove(userPrincipal);
group.Save();
}
}
else
{
continue;
}
}
}
}
