/// <summary> /// DoImportGroup method implementation /// </summary> private void DoImportGroup(DirectoryEntry DirEntry, MFAUniqueUserList users, UsersADDSRecord Parameters, bool disableall) { string distinguishedName = string.Empty; string sidstr = string.Empty; try { distinguishedName = DirEntry.Properties["distinguishedName"].Value.ToString(); byte[] SD = (byte[])DirEntry.Properties["objectSID"].Value; string sid = new SecurityIdentifier(SD, 0).ToString(); sidstr = sid.Substring(sid.LastIndexOf("-") + 1); using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password)) // Binding Root { string qryldap = string.Empty; string subldap = string.Empty; bool hasval1 = false; bool hasval2 = false; qryldap = "(| (&(objectCategory=group)(objectClass=group)(memberof=" + distinguishedName + ")) (&(objectCategory=user)(objectClass=user)(|(memberof=" + distinguishedName + ")(primaryGroupID=" + sidstr + "))"; if (Parameters.CreatedSince.HasValue) { subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")"; hasval1 = true; } if (Parameters.ModifiedSince.HasValue) { subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")"; hasval2 = true; } if (hasval1 && hasval2) { qryldap += "(|" + subldap + ")"; } else if (hasval1 || hasval2) { qryldap += subldap; } qryldap += "))"; using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap)) { AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute); dsusr.SizeLimit = 100000; // Set maxrows dsusr.PageSize = 5000; SearchResultCollection src = dsusr.FindAll(); if (src != null) { foreach (SearchResult sr in src) { using (DirectoryEntry SubDirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr)) { int k = IsImportUser(SubDirEntry.Properties["objectClass"].Value); switch (k) { case 1: DoImportUser(SubDirEntry, users, Parameters, disableall); break; case 2: if (!Parameters.NoRecurse) { DoImportGroup(SubDirEntry, users, Parameters, disableall); } break; default: break; } } } } } } } catch (Exception ex) { DataLog.WriteEntry("DN : " + distinguishedName + " SID : " + sidstr + " Error : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100); // throw new Exception(ex.Message); } }
/// <summary> /// CleanMFAUsers method implementation /// </summary> public virtual List <string> CleanMFAUsers(UsersADDSRecord Parameters) { MFAUniqueDeletedUserList registrations = new MFAUniqueDeletedUserList(); try { using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password)) { string qryldap = string.Empty; qryldap = "(&(objectClass=user)(isDeleted=TRUE))"; using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap)) { AddPropertiesToLoadForDeleted(dsusr); dsusr.SizeLimit = 10000; // Set maxrows dsusr.PageSize = 5000; dsusr.ExtendedDN = ExtendedDN.Standard; dsusr.Tombstone = true; SearchResultCollection src = dsusr.FindAll(); if (src != null) { foreach (SearchResult sr in src) { string upn = string.Empty; string sam = string.Empty; if (sr.Properties.Contains("userPrincipalName")) { upn = sr.Properties["userPrincipalName"][0].ToString(); } if (sr.Properties.Contains("sAMAccountName")) { sam = sr.Properties["sAMAccountName"][0].ToString(); } if (!string.IsNullOrEmpty(upn) && !string.IsNullOrEmpty(sam)) { string identity = string.Empty; if (ADDSClaimsUtilities.GetADDSSearchAttribute().Equals("userPrincipalName")) { identity = upn; } else { identity = sam; } if (!CheckMFAUser(Parameters, identity)) { registrations.AddOrUpdate(identity); } } } } } } } catch (Exception ex) { DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100); throw new Exception(ex.Message); } return(registrations); }
/// <summary> /// ImportMFAUsers method implementation /// </summary> public virtual MFAUserList ImportMFAUsers(UsersADDSRecord Parameters, bool disableall = false) { if (!string.IsNullOrEmpty(Parameters.LDAPPath)) { Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldap://", ""); Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldaps://", ""); Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAP://", ""); Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAPS://", ""); } MFAUniqueUserList registrations = new MFAUniqueUserList(); try { using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, Parameters.LDAPPath)) { string qryldap = string.Empty; string subldap = string.Empty; bool hasval1 = false; bool hasval2 = false; qryldap = "(|(&(objectCategory=group)(objectClass=group))(&(objectCategory=user)(objectClass=user)"; if (Parameters.CreatedSince.HasValue) { subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")"; hasval1 = true; } if (Parameters.ModifiedSince.HasValue) { subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")"; hasval2 = true; } if (hasval1 && hasval2) { qryldap += "(|" + subldap + ")"; } else if (hasval1 || hasval2) { qryldap += subldap; } qryldap += "))"; using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap)) { AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute); dsusr.SizeLimit = 100000; // Set maxrows dsusr.PageSize = 5000; SearchResultCollection src = dsusr.FindAll(); if (src != null) { foreach (SearchResult sr in src) { using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr)) { int k = IsImportUser(DirEntry.Properties["objectClass"].Value); switch (k) { case 1: DoImportUser(DirEntry, registrations, Parameters, disableall); break; case 2: if (!Parameters.NoRecurse) { DoImportGroup(DirEntry, registrations, Parameters, disableall); } break; default: break; } } } } } } } catch (Exception ex) { DataLog.WriteEntry("Root : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100); // throw new Exception(ex.Message); } return(registrations); }
/// <summary> /// ImportMFAUsers method implementation /// </summary> public virtual MFAUserList ImportMFAUsers(string domain, string username, string password, string ldappath, DateTime?created, DateTime?modified, string mailattribute, string phoneattribute, PreferredMethod meth, bool usessl, bool disableall = false) { if (!string.IsNullOrEmpty(ldappath)) { ldappath = ldappath.Replace("ldap://", ""); ldappath = ldappath.Replace("ldaps://", ""); ldappath = ldappath.Replace("LDAP://", ""); ldappath = ldappath.Replace("LDAPS://", ""); } MFAUserList registrations = new MFAUserList(); try { using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(domain, username, password, ldappath, usessl)) { string qryldap = string.Empty; qryldap = "(&"; qryldap += "(objectCategory=user)(objectClass=user)" + ClaimsUtilities.BuildADDSUserFilter("*"); if (created.HasValue) { qryldap += "(whenCreated>=" + created.Value.ToString("yyyyMMddHHmmss.0Z") + ")"; } if (modified.HasValue) { qryldap += "(whenChanged>=" + modified.Value.ToString("yyyyMMddHHmmss.0Z") + ")"; } qryldap += ")"; using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap)) { dsusr.PropertiesToLoad.Clear(); dsusr.PropertiesToLoad.Add("objectGUID"); dsusr.PropertiesToLoad.Add("userPrincipalName"); dsusr.PropertiesToLoad.Add("sAMAccountName"); dsusr.PropertiesToLoad.Add("msDS-PrincipalName"); dsusr.PropertiesToLoad.Add("userAccountControl"); if (!string.IsNullOrEmpty(mailattribute)) { dsusr.PropertiesToLoad.Add(mailattribute); } else { dsusr.PropertiesToLoad.Add("mail"); dsusr.PropertiesToLoad.Add("otherMailbox"); } if (!string.IsNullOrEmpty(phoneattribute)) { dsusr.PropertiesToLoad.Add(phoneattribute); } else { dsusr.PropertiesToLoad.Add("mobile"); dsusr.PropertiesToLoad.Add("otherMobile"); dsusr.PropertiesToLoad.Add("telephoneNumber"); } dsusr.SizeLimit = 0; // _host.MaxRows; SearchResultCollection src = dsusr.FindAll(); if (src != null) { foreach (SearchResult sr in src) { MFAUser reg = new MFAUser(); using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(domain, username, password, sr, usessl)) { if (DirEntry.Properties["objectGUID"].Value != null) { reg.ID = new Guid((byte[])DirEntry.Properties["objectGUID"].Value).ToString(); if (sr.Properties[ClaimsUtilities.GetADDSUserAttribute()][0] != null) { reg.UPN = sr.Properties[ClaimsUtilities.GetADDSUserAttribute()][0].ToString(); if (!string.IsNullOrEmpty(mailattribute)) { if (DirEntry.Properties[mailattribute].Value != null) { reg.MailAddress = DirEntry.Properties[mailattribute].Value.ToString(); } } else { if (DirEntry.Properties["otherMailbox"].Value != null) { reg.MailAddress = DirEntry.Properties["otherMailbox"].Value.ToString(); } else if (DirEntry.Properties["mail"].Value != null) { reg.MailAddress = DirEntry.Properties["mail"].Value.ToString(); } } if (!string.IsNullOrEmpty(phoneattribute)) { if (DirEntry.Properties[phoneattribute].Value != null) { reg.PhoneNumber = DirEntry.Properties[phoneattribute].Value.ToString(); } } else { if (DirEntry.Properties["mobile"].Value != null) { reg.PhoneNumber = DirEntry.Properties["mobile"].Value.ToString(); } else if (DirEntry.Properties["otherMobile"].Value != null) { reg.PhoneNumber = DirEntry.Properties["otherMobile"].Value.ToString(); } else if (DirEntry.Properties["telephoneNumber"].Value != null) { reg.PhoneNumber = DirEntry.Properties["telephoneNumber"].Value.ToString(); } } reg.PreferredMethod = meth; reg.OverrideMethod = string.Empty; if (disableall) { reg.Enabled = false; } else if (DirEntry.Properties["userAccountControl"] != null) { int v = Convert.ToInt32(DirEntry.Properties["userAccountControl"].Value); reg.Enabled = ((v & 2) == 0); } else { reg.Enabled = true; } registrations.Add(reg); } } }; } } } } } catch (Exception ex) { DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100); throw new Exception(ex.Message); } return(registrations); }