private UserPrincipal CreateOrGetUserPrincipal(UserInformation userInfo)
{
UserPrincipal user = null;
if (!LocalAccount.UserExists(userInfo.Username))
{
// See note about MS bug in CreateOrGetGroupPrincipal to understand the mix of DE/Principal here:
using (user = new UserPrincipal(m_machinePrincipal))
{
user.Name = userInfo.Username;
user.SetPassword(userInfo.Password);
user.Save();
// Sync via DE
SyncUserPrincipalInfo(user, userInfo);
// We have to re-fetch to get changes made via underlying DE
return(GetUserPrincipal(user.Name));
}
}
user = GetUserPrincipal(userInfo.Username);
if (user != null)
{
return(user);
}
else
{
throw new Exception(
String.Format("Unable to get user principal for account that apparently exists: {0}", userInfo.Username));
}
}
// Load userInfo.Username's group list and populate userInfo.Groups accordingly
public static void SyncLocalGroupsToUserInfo(UserInformation userInfo)
{
ILog logger = LogManager.GetLogger("LocalAccount.SyncLocalGroupsToUserInfo");
try
{
SecurityIdentifier EveryoneSid = new SecurityIdentifier("S-1-1-0");
SecurityIdentifier AuthenticatedUsersSid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
if (LocalAccount.UserExists(userInfo.Username))
{
using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username))
{
foreach (GroupPrincipal group in LocalAccount.GetGroups(user))
{
// Skip "Authenticated Users" and "Everyone" as these are generated
if (group.Sid == EveryoneSid || group.Sid == AuthenticatedUsersSid)
{
continue;
}
userInfo.AddGroup(new GroupInformation()
{
Name = group.Name,
Description = group.Description,
SID = group.Sid
});
}
}
}
}
catch (Exception e)
{
logger.ErrorFormat("Unexpected error while syncing local groups, skipping rest: {0}", e);
}
}