public string UpdateThisGroup(string newOU, string newName) { PrincipalContext pc = new PrincipalContext(ContextType.Domain); GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, Name); // zoek de OU op waarin deze groep zich bevindt DirectoryEntry dirEntryGroup = (DirectoryEntry)gp.GetUnderlyingObject(); string oldOU = dirEntryGroup.Parent.Path; if (newOU.Substring(0, 4) != "LDAP") { newOU = ActiveDirectory.LDAPShort + newOU; } //indien nieuwe OU verschillend van oude OU : verplaatsen if (newOU != oldOU) { DirectoryEntry directoryEntryNewOU = new DirectoryEntry(newOU); dirEntryGroup.MoveTo(directoryEntryNewOU); } try { dirEntryGroup.Rename("CN=" + newName); dirEntryGroup.CommitChanges(); } catch (Exception fout) { return(fout.Message); } return(""); }
public static string GetGroupOrganizationUnit(string groupName) { try { using (PrincipalContext context = new PrincipalContext(ContextType.Domain)) { using (GroupPrincipal user = GroupPrincipal.FindByIdentity(context, groupName)) { if (user != null) { using (DirectoryEntry deGroup = user.GetUnderlyingObject() as DirectoryEntry) { if (deGroup != null) { using (DirectoryEntry deGroupContainer = deGroup.Parent) { return(deGroupContainer.Properties["Name"].Value.ToString()); } } } } } } } catch { // ignored } return(null); }
public void SetPropertiesFromGroupPrincipal(GroupPrincipal gp, bool getAccessRules, bool getObjectProperties) { if (gp == null) { return; } SetPropertiesFromPrincipal(gp, getAccessRules); object obj = gp.GetUnderlyingObject(); if (obj.GetType() == typeof(DirectoryEntry) && getObjectProperties) { DirectoryEntry gde = (DirectoryEntry)obj; Properties = DirectoryServices.GetProperties(gde); } GroupScope = gp.GroupScope; IsSecurityGroup = gp.IsSecurityGroup; if (gp.Members?.Count > 0) { Members = new List <PrincipalObject>(); foreach (Principal p in gp.Members) { Members.Add(new PrincipalObject(p)); } } }
public static List <string> ListImoGroups() { var domainContext = new PrincipalContext(ContextType.Domain, null, "OU=Restricted Access Groups,OU=NETCOM,OU=Fort Carson,OU=Carson,OU=Installations,DC=nanw,DC=ds,DC=army,DC=mil"); GroupPrincipal imoGroup = null; try { using (imoGroup = GroupPrincipal.FindByIdentity(domainContext, "CARSON IMO Managers")) { var directoryEntryObject = imoGroup.GetUnderlyingObject() as DirectoryEntry; var parentContainer = directoryEntryObject.Parent; var imoGroups = parentContainer.Children; var imoGroupList = new List <string>(); foreach (DirectoryEntry group in imoGroups) { imoGroupList.Add(group.Name); } return(imoGroupList); } } catch { } return(null); }
public GroupsInOU(string OUPath) { if (OUPath.Substring(0, 4) != "LDAP") { OUPath = ActiveDirectory.LDAPShort + OUPath; } Groups = new List <Group>(); DirectorySearcher zoeker = new DirectorySearcher(new DirectoryEntry(OUPath)) { Filter = "(objectCategory=group)", SearchScope = SearchScope.OneLevel }; foreach (SearchResult resultaat in zoeker.FindAll()) { PrincipalContext pc = new PrincipalContext(ContextType.Domain); GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, resultaat.Properties["name"][0].ToString()); Group group = new Group(); group.Name = Helper.HandleNull(resultaat.Properties["name"][0]); // zoek de OU op waarin deze groep zich bevindt DirectoryEntry dirEntryGroup = (DirectoryEntry)gp.GetUnderlyingObject(); DirectoryEntry dirEntOU = dirEntryGroup.Parent; group.OU = dirEntOU.Path.Replace("LDAP://", ""); group.UserMembers = new UsersInGroup(resultaat.Properties["sAMAccountName"][0].ToString()).Users; group.GroupMembers = new GroupsInGroups(resultaat.Properties["sAMAccountName"][0].ToString()).Groups; Groups.Add(group); } }
private static void AddUserToGroup(Session session, string account, string groupName) { bool isMachine; GroupPrincipal group = CustomActions.FindInDomainOrMachine(groupName, out isMachine) as GroupPrincipal; if (group == null) { throw new NoMatchingPrincipalException($"The group {groupName} could not be found"); } UserPrincipal user = (UserPrincipal)CustomActions.FindInDomainOrMachine(account, out isMachine); if (user == null) { throw new NoMatchingPrincipalException($"The user {account} could not be found"); } DirectoryEntry gde = (DirectoryEntry)group.GetUnderlyingObject(); IADsGroup nativeGroup = (IADsGroup)gde.NativeObject; foreach (object item in nativeGroup.Members()) { byte[] s = (byte[])item.GetType().InvokeMember("ObjectSid", System.Reflection.BindingFlags.GetProperty, null, item, null); SecurityIdentifier sid = new SecurityIdentifier(s, 0); if (user.Sid == sid) { session.Log($"User {account} was already in group {groupName}"); return; } } session.Log($"User {account} was not in group {groupName}"); try { if (gde.Path.StartsWith("winnt", StringComparison.OrdinalIgnoreCase)) { session.Log($"Adding WINNT://{user.Sid} to group {gde.Path}"); nativeGroup.Add($"WINNT://{user.Sid}"); } else { DirectoryEntry ude = (DirectoryEntry)user.GetUnderlyingObject(); session.Log($"Adding {ude.Path} to group {gde.Path}"); nativeGroup.Add(ude.Path); } } catch (System.Runtime.InteropServices.COMException e) { if (e.HResult == -2147019886) //unchecked((int)0x80071392)) { session.Log($"User {account} was already in group {groupName} - 0x80071392"); return; } throw; } }
public void AddUserToGroups(string userId, List <string> groups) { using (PrincipalContext userContext = new PrincipalContext(ContextType.Domain, ServerName, null, ContextOptions.Negotiate, ServiceUser, ServicePassword)) { ADUser user = ADUser.FindByIdentity(userContext, userId); if (user != null) { foreach (var grp in groups) { using (PrincipalContext groupContext = new PrincipalContext(ContextType.Domain, ServerName, null, ContextOptions.Negotiate, ServiceUser, ServicePassword)) { // This is the 'hack' I have implemented to get this application to // run on a machine that is not part of the domain. We are basically // bypassing the built in Group objects and relying on the good old // DirectoryEntry objects to manipulate groups (i.e. adding users if // needed). This is highly inefficient, but I'll just have to live // with this for now while I work on this small application. If this // were ever to go live on a server (or a machine that's on the domain) // then the code you see below would need to be commented out and uncomment // out the code where I am uysing a group principal object instead. // // See Github Issue #79 for more information on this issue and // why I have employed this hack to get this application working on // my machines at home. GroupPrincipal group = GroupPrincipal.FindByIdentity(groupContext, grp); DirectoryEntry groupDE = (DirectoryEntry)group.GetUnderlyingObject(); var isUserMember = (bool)groupDE.Invoke("IsMember", new object[] { "LDAP://" + ServerName + "/" + user.DistinguishedName }); if (!isUserMember) { groupDE.Invoke("Add", new object[] { "LDAP://" + ServerName + "/" + user.DistinguishedName }); } groupDE.Close(); /*if(group != null) * { * // Github Issue #79 causes an error when this code runs * // when running on a computer that's not part of the domain. * // To get this to work property, I have to add the IP address * // of the domain controller which I don't want to do. I'll have * // to re-write this part of the application so that it uses * //if(!user.IsMemberOf(group)) * if(!group.GetMembers().Contains(user)) * { * group.Members.Add(user); * group.Save(); * } * }*/ } } } } }
public Group(string samAccountName) { SamAccountName = samAccountName; PrincipalContext principalContext = new PrincipalContext(ContextType.Domain); GroupPrincipal = GroupPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, samAccountName); if (GroupPrincipal == null) { throw new Exception($"{samAccountName} kon niet gevonden worden in AD"); } DirectoryEntry = (DirectoryEntry)GroupPrincipal.GetUnderlyingObject(); }
/// <summary> /// Adds the user for a given group /// </summary> /// <param name="sUserName">The user you want to add to a group</param> /// <param name="sGroupName">The group you want the user to be added in</param> /// <returns>Returns true if successful</returns> public bool AddUserToGroup(string sUserName, string sGroupName) { bool success = false; try { DirectoryEntry RootDirEntry = new DirectoryEntry("LDAP://RootDSE"); Object distinguishedName = RootDirEntry.Properties["defaultNamingContext"].Value; string strDN = distinguishedName.ToString(); using (PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, Environment.UserDomainName, strDN)) { UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(oPrincipalContext, sUserName); GroupPrincipal oGroupPrincipal = GroupPrincipal.FindByIdentity(oPrincipalContext, sGroupName); if (oUserPrincipal != null && oGroupPrincipal != null) { bool isMember = oGroupPrincipal.Members.Contains(oUserPrincipal); if (!isMember) { oGroupPrincipal.Members.Add(oUserPrincipal); oGroupPrincipal.Save(); DirectoryEntry entry = (DirectoryEntry)oGroupPrincipal.GetUnderlyingObject(); entry.RefreshCache(new string[] { "member" }); success = true; } } } } catch (Exception ex) { List <string> logLines = new List <string>(); DateTime time = DateTime.Now; string header = string.Format("###########################################################"); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), header)); string message = string.Format("Exception while trying to add User: {0} to Group: {1}", sUserName, sGroupName); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), message)); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), ex.Message)); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), ex.StackTrace)); if (ex.InnerException != null) { string innerMessage = string.Format("Inner Exception..."); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), innerMessage)); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), ex.InnerException.Message)); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), ex.InnerException.StackTrace)); } System.IO.File.AppendAllLines("LogFile.txt", logLines); } return(success); }
public JsonResult MembersOfGroup(string groupName = "_Agency_BI_Agency") { if (groupName != "") { PrincipalContext principalContext = new PrincipalContext(ContextType.Domain); GroupPrincipal group = GroupPrincipal.FindByIdentity(principalContext, groupName); //Grup yöneticisini bulma DirectoryEntry obj = (DirectoryEntry)group.GetUnderlyingObject(); var owner = obj.Properties["managedBy"]; // Grup üyelerinin tutulacağı liste var members = new List <ActiveDirectoryMember>(); foreach (Principal principal in group.Members) { // Admin hariç tüm üyeler üye listesine ekleniyor. // Admin daha sonra bulunup, listenin en başına eklenecek. if (owner.Value == null || principal.DistinguishedName.ToString() != owner.Value.ToString()) { ActiveDirectoryMember currentMember = new ActiveDirectoryMember(); currentMember.userName = principal.Name; currentMember.userMail = principal.UserPrincipalName; currentMember.isAdmin = false; members.Add(currentMember); } } if (owner.Value != null) { // Admin'in mail adresinin bulunması için, kullanıcı aranıyor. UserPrincipal userAdmin = UserPrincipal.FindByIdentity(principalContext, owner.Value.ToString()); ActiveDirectoryMember admin = new ActiveDirectoryMember(); admin.userName = userAdmin.Name; admin.userMail = userAdmin.UserPrincipalName; admin.isAdmin = true; if (!members.Contains(admin)) { members.Insert(0, admin); } } return(Json(members, JsonRequestBehavior.AllowGet)); } else { return(Json(true)); } }
/// <summary> /// Removes user from a given group /// </summary> /// <param name="sUserName">The user you want to remove from a group</param> /// <param name="sGroupName">The group you want the user to be removed from</param> /// <returns>Returns true if successful</returns> public bool RemoveUserFromGroup(string sUserName, string sGroupName) { bool success = false; try { using (PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, Environment.UserDomainName, sServiceUser, sServicePassword)) { UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(oPrincipalContext, sUserName); GroupPrincipal oGroupPrincipal = GroupPrincipal.FindByIdentity(oPrincipalContext, sGroupName); if (oUserPrincipal != null && oGroupPrincipal != null) { bool isMember = oGroupPrincipal.Members.Contains(oUserPrincipal); if (isMember) { oGroupPrincipal.Members.Remove(oUserPrincipal); oGroupPrincipal.Save(); DirectoryEntry entry = (DirectoryEntry)oGroupPrincipal.GetUnderlyingObject(); entry.RefreshCache(new string[] { "member" }); success = true; } } } } catch (Exception ex) { List <string> logLines = new List <string>(); DateTime time = DateTime.Now; string header = string.Format("###########################################################"); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), header)); string message = string.Format("Exception while trying to remove User: {0} from Group: {1}", sUserName, sGroupName); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), message)); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), ex.Message)); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), ex.StackTrace)); if (ex.InnerException != null) { string innerMessage = string.Format("Inner Exception..."); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), innerMessage)); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), ex.InnerException.Message)); logLines.Add(string.Format("{0,-20}{1}", time.ToLongTimeString(), ex.InnerException.StackTrace)); } System.IO.File.AppendAllLines("LogFile.txt", logLines); } return(success); }
public bool RemoveUserFromGroup(string sUserName, string sGroupName) { bool success = false; //bool isOwner = IsUserGroupOwner(sGroupName); //if (!isOwner) //return false; try { using (System.Web.Hosting.HostingEnvironment.Impersonate()) { string dlManagerUserName = AppCredentials.Instance.UserName; string dlManagerPassword = AppCredentials.Instance.Password; using (PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, Environment.UserDomainName, dlManagerUserName, dlManagerPassword)) { UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(oPrincipalContext, sUserName); GroupPrincipal oGroupPrincipal = GroupPrincipal.FindByIdentity(oPrincipalContext, sGroupName); if (oUserPrincipal != null && oGroupPrincipal != null) { bool isMember = oGroupPrincipal.Members.Contains(oUserPrincipal); if (isMember) { oGroupPrincipal.Members.Remove(oUserPrincipal); oGroupPrincipal.Save(); DirectoryEntry entry = (DirectoryEntry)oGroupPrincipal.GetUnderlyingObject(); entry.RefreshCache(new string[] { "member" }); success = true; } } } } } catch (Exception ex) { StringBuilder additionalInfo = new StringBuilder(); additionalInfo.Append("Exception while trying to remove user: '******' from the group: '"); additionalInfo.Append(sGroupName); additionalInfo.Append("'."); LoggingHelper.Instance.LogError(LogOptions.RemoveUsers, ex, additionalInfo.ToString()); } return(success); }
public void UpdateGroupPrincipal(GroupPrincipal group) { if (this.SamAccountName != null) { group.SamAccountName = SetValueOrNull(this.SamAccountName); } if (this.Description != null) { group.Description = SetValueOrNull(this.Description); } if (this.IsSecurityGroup != null) { group.IsSecurityGroup = this.IsSecurityGroup; } if (this.Scope != null) { group.GroupScope = this.Scope; } // Get DistinguishedName from User or Group Identity for ManagedBy Property if (this.ManagedBy != null && group.GetUnderlyingObjectType() == typeof(DirectoryEntry)) { String distinguishedName = DirectoryServices.GetDistinguishedName(this.ManagedBy); if (distinguishedName == null) { distinguishedName = this.ManagedBy; // Cant' Find As User Or Group, Pass Raw Value (Might Be ~null~) } DirectoryServices.SetProperty((DirectoryEntry)group.GetUnderlyingObject(), "managedby", distinguishedName); } if (group.GetUnderlyingObjectType() == typeof(DirectoryEntry) && this.Properties?.Count > 0) { DirectoryServices.SetProperties((DirectoryEntry)group.GetUnderlyingObject(), this.Properties); } }
public bool IsUserGroupOwner(string group) { bool isOwner = true; try { using (System.Web.Hosting.HostingEnvironment.Impersonate()) { string userName = HttpContext.Current.User.Identity.Name; string dlManagerUserName = AppCredentials.Instance.UserName; string dlManagerPassword = AppCredentials.Instance.Password; using (PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, Environment.UserDomainName, dlManagerUserName, dlManagerPassword)) { UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(oPrincipalContext, userName); GroupPrincipal oGroupPrincipal = GroupPrincipal.FindByIdentity(oPrincipalContext, group); if (oUserPrincipal != null && oGroupPrincipal != null) { DirectoryEntry dE = (DirectoryEntry)oGroupPrincipal.GetUnderlyingObject(); isOwner = dE.Properties["managedBy"].Value != null && ((string)dE.Properties["managedBy"].Value).Equals(oUserPrincipal.DistinguishedName); if (dE.Properties["msexchcomanagedbylink"].Value != null) { object[] msExchangeValues = dE.Properties["msexchcomanagedbylink"].Value as object[]; foreach (object msExchangeValue in msExchangeValues) { string value = (string)msExchangeValue; Console.WriteLine("MSExchange Managed By: " + value); isOwner = isOwner || value.Equals(oUserPrincipal.DistinguishedName); } } } } } } catch (Exception ex) { LoggingHelper.Instance.LogError(LogOptions.CheckAdmin, ex); } return(isOwner); }
//Gets group details, identify if members of the group are of type user of it's a nested group public ADGroup GetADGroupDetails(string groupVal) { ADGroup adGroup = new ADGroup(); adGroup.GroupName = groupVal; adGroup.GroupObjects = new List <ADGroupObject>(); adGroup.GroupObjectsNames = new List <string>(); PrincipalContext context = GetContext(); if (context != null) { GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupVal); if (group != null) { DirectoryEntry deGroupObject = group.GetUnderlyingObject() as DirectoryEntry; foreach (Principal p in group.GetMembers()) { if (p.SamAccountName != AppAuth["Username"]) { if (p.SamAccountName != null) { DirectoryEntry deP = p.GetUnderlyingObject() as DirectoryEntry; adGroup.GroupObjectsNames.Add(p.SamAccountName); ADGroupObject adGroupObject = new ADGroupObject(); adGroupObject.SamAccountName = p.SamAccountName; adGroupObject.ObjectType = (int)deP.Properties["sAMAccountType"].Value; if (adGroupObject.ObjectType == 268435456 || adGroupObject.ObjectType == 268435457) { adGroupObject.ObjectTypeString = "group"; } else { adGroupObject.ObjectTypeString = "user"; } adGroup.GroupObjects.Add(adGroupObject); } } } group.Dispose(); } context.Dispose(); } return(adGroup); }
private IEnumerable <PrincipalInfo> EnumerateActiveDirectoryGroup(GroupPrincipal group) { List <PrincipalInfo> userInfos = new List <PrincipalInfo>(); if (!resolvedIdentities.Contains(group.DistinguishedName)) { resolvedIdentities.Add(group.DistinguishedName); try { DirectoryEntry groupEntry = (DirectoryEntry)group.GetUnderlyingObject(); foreach (string dn in groupEntry.Properties["member"]) { try { DirectoryEntry memberEntry = new DirectoryEntry("LDAP://" + dn); PropertyCollection userProps = memberEntry.Properties; object[] objectClass = (object[])userProps["objectClass"].Value; if (objectClass.Contains("group")) { userInfos.AddRange(EnumerateActiveDirectoryGroup(IdentityType.DistinguishedName, userProps["distinguishedName"].Value.ToString())); continue; } if (objectClass.Contains("foreignSecurityPrincipal")) { userInfos.AddRange(EnumerateForeignSecurityPrincipal(memberEntry)); continue; } PrincipalInfo userInfo = ResolveActiveDirectoryUser(IdentityType.DistinguishedName, dn); if (userInfo != null) { userInfos.Add(userInfo); } } catch (Exception ex) { userInfos.Add(ExceptionHandler(new ADPrincipalResolveException(IdentityType.DistinguishedName, dn, ex))); } } } catch (ADPrincipalResolveException) { throw; } catch (Exception ex) { userInfos.Add(ExceptionHandler(new ADPrincipalResolveException(IdentityType.DistinguishedName, group.DistinguishedName, ex))); } } return(userInfos); }
/// <summary> /// getNestedGroups will return an array with the DNs of all groups contained /// in the group that was passed in as a parameter /// </summary> /// <param name="strGroupDN">DN of the group, which the nested groups should be retrieved from</param> /// <returns>ArrayList containing the DNs of each group contained in the group apssed in asa parameter</returns> public ArrayList getNestedGroups(string strGroupDN) { ArrayList groupMembers = new ArrayList(); using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain)) { Principal prototype = new GroupPrincipal(ctx); PrincipalSearcher searcher = new PrincipalSearcher(prototype); PropertyValueCollection email; foreach (var gp in searcher.FindAll()) { using (gp) { GroupPrincipal group = gp as GroupPrincipal; using (DirectoryEntry groupEntry = ((DirectoryEntry)group.GetUnderlyingObject())) { email = groupEntry.Properties["mail"]; //if (email.Value != null) //{ groupMembers.Add(group.Name); //} } } } } //// find all nested groups in this group ////string strDomains = "playasur,mtvn,mtvne,viacom_corp,mtvnasia,paramount,ad,corp"; //ds.Filter = String.Format("(&(memberOf={0})(objectClass=group))", "CITRIX-CF-OFFSHORE REMOTE DESKTOP"); //ds.PropertiesToLoad.Add("distinguishedName"); //foreach (SearchResult sr in ds.FindAll()) //{ // groupMembers.Add(sr.Properties["distinguishedName"][0].ToString()); //} return(groupMembers); }
/// <summary> /// This method receives a GroupInfoResult object containing a groupname to check /// and get fields from the group's AD object /// </summary> /// <param name="infoResult">A GroupInfoResult object containing the groupname</param> /// <returns>A GroupInfoResult containing the groupname and additional AD fields</returns> public static GroupInfoResult GetGroupInfoByGroupname(GroupInfoResult infoResult) { // Set up domain context. PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain); // Find the group in AD. GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, infoResult.sAMAccountName); if (group != null) { infoResult.code = 0; // Get directory entry for group to extract extra properties. DirectoryEntry de = group.GetUnderlyingObject() as DirectoryEntry; // Checking extra properties to make sure they exist and add them to result. if (de.Properties.Contains("cn")) { infoResult.cn = de.Properties["cn"].Value.ToString(); } if (de.Properties.Contains("displayName")) { infoResult.displayName = de.Properties["displayName"].Value.ToString(); } if (de.Properties.Contains("description")) { infoResult.description = de.Properties["description"].Value.ToString(); } if (de.Properties.Contains("mail")) { infoResult.mail = de.Properties["mail"].Value.ToString(); } } else { // Group not found in AD. infoResult.code = 1; } return(infoResult); }
/// <summary> /// Maps a given group principal to a new group object /// </summary> private BaseActiveDirectoryGroup MapGroupPrincipalToGroup(GroupPrincipal groupPrincipal, bool loadSubProperties) { var adGroup = new BaseActiveDirectoryGroup { Id = ConvertSidToString(groupPrincipal.Sid), NameOrDescription = groupPrincipal.Name, }; //Check to load subproperties if (loadSubProperties) { //Load groups additional data var directoryEntry = (DirectoryEntry)groupPrincipal.GetUnderlyingObject(); adGroup.Path = directoryEntry.Path; adGroup.CreationDate = (DateTime?)directoryEntry.InvokeGet(whenCreatedKey); adGroup.Owner = (string)directoryEntry.InvokeGet(managedByKey); if (!string.IsNullOrEmpty(adGroup.Owner)) { adGroup.Owner = adGroup.Owner.Substring(3, (adGroup.Owner.IndexOf("OU=") - 3)).RemoveSpecialChars(); } //Load group users var groupUsersList = groupPrincipal.GetMembers() .Where(m => m.GetType() == typeof(UserPrincipal)) .Cast <UserPrincipal>() .Select(gul => new BaseIdentification { Id = ConvertSidToString(gul.Sid), NameOrDescription = gul.SamAccountName }); //Add users inside current AD group adGroup.Users.AddRange(groupUsersList); } return(adGroup); }
public static adGroups adGrpDetailsFinder(PrincipalContext context, string adGroup) { adGroups ladGrp = new adGroups(); GroupPrincipal grp = GroupPrincipal.FindByIdentity(context, adGroup); if (grp != null) { System.DirectoryServices.DirectoryEntry underlayingFields = grp.GetUnderlyingObject() as System.DirectoryServices.DirectoryEntry; ladGrp.Name = grp.Name; ladGrp.DN = grp.DistinguishedName; ladGrp.Description = grp.Description; ladGrp.Scope = grp.GroupScope.Value.ToString(); if (grp.IsSecurityGroup == true) { ladGrp.Type = "Security"; } else { ladGrp.Type = "Distribution"; } if (underlayingFields.Properties.Contains("info")) { ladGrp.Notes = underlayingFields.Properties["info"].Value.ToString(); } if (underlayingFields.Properties.Contains("whenCreated")) { ladGrp.CreationDate = underlayingFields.Properties["whenCreated"].Value.ToString(); } if (underlayingFields.Properties.Contains("whenChanged")) { ladGrp.ChangedDate = underlayingFields.Properties["whenChanged"].Value.ToString(); } } return(ladGrp); }
/// <summary> /// Displays the list of users in a group /// </summary> /// <param name="id"></param> /// <param name="id2">"1" if the sub groups are to display too, "0" otherwise</param> /// <returns></returns> public ActionResult DetailGroup(string id, string id2 = "0") { if (!string.IsNullOrEmpty(id)) { GroupPrincipal group = GroupPrincipal.FindByIdentity(new PrincipalContext(ContextType.Domain, Settings.Default.ADPath), id); if (group != null) { List <UserModel> users = new List <UserModel>(); List <GroupModel> groups = new List <GroupModel>(); var members = group.GetMembers(id2 != "0"); foreach (var member in members) { if (member is UserPrincipal) { users.Add(new UserModel(member.GetUnderlyingObject() as DirectoryEntry)); } } var subgroups = group.GetMembers(); foreach (var subgroup in subgroups) { if (subgroup is GroupPrincipal) { groups.Add(new GroupModel(subgroup.GetUnderlyingObject() as DirectoryEntry)); } } ViewBag.Group = new GroupModel(group.GetUnderlyingObject() as DirectoryEntry); ViewBag.Users = users.ToArray(); ViewBag.Groups = groups.ToArray(); ViewBag.Recursive = id2 != "0"; return(View()); } } return(RedirectToAction("FindGroup")); }
public static void AddUserToGroup(string userId, string groupName) { var domainGroups = ConfigurationManager.AppSettings["domainForGroups"]; var domainUsers = ConfigurationManager.AppSettings["domain"]; var adContextUser = ConfigurationManager.AppSettings["adContextUser"]; var adContextPassword = ConfigurationManager.AppSettings["adContextPassword"]; userId = userId.Replace(domainUsers + "\\", ""); using (PrincipalContext pcSMI = new PrincipalContext(ContextType.Domain, domainUsers)) { using (PrincipalContext pcAPAC = new PrincipalContext(ContextType.Domain, domainGroups, adContextUser, adContextPassword)) { using (UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(pcSMI, IdentityType.SamAccountName, userId)) { if (userPrincipal != null) { using (GroupPrincipal groupPrincipal = GroupPrincipal.FindByIdentity(pcAPAC, groupName)) { if (groupPrincipal != null) { if (!userPrincipal.IsMemberOf(groupPrincipal)) { string userSid = string.Format("<SID={0}>", userPrincipal.Sid.ToString()); DirectoryEntry groupDirectoryEntry = (DirectoryEntry)groupPrincipal.GetUnderlyingObject(); groupDirectoryEntry.Properties["member"].Add(userSid); groupDirectoryEntry.CommitChanges(); } } } } } } } }
public void CreateUserWithTemplate(User user, UserTemplateSettings userTemplateSettings) { using (PrincipalContext context = new PrincipalContext(ContextType.Domain, ServerName, userTemplateSettings.DomainOU, ContextOptions.Negotiate, ServiceUser, ServicePassword)) { using (ADUser newUser = new ADUser(context)) { newUser.SamAccountName = user.Username; newUser.GivenName = user.FirstName; newUser.MiddleName = user.MiddleName; newUser.Surname = user.LastName; newUser.EmailAddress = user.EmailAddress; newUser.PhoneNumber = user.PhoneNumber; newUser.Title = user.Title; newUser.Department = user.Department; newUser.Notes = "Created by ADWeb on " + DateTime.Now.ToString() + "."; newUser.DisplayName = user.LastName + ", " + user.FirstName; //newUser.Name = user.LastName + ", " + user.FirstName; //newUser.CommonName = "CN=" + user.LastName + "\\, " + user.FirstName + "," + userTemplateSettings.DomainOU; newUser.UserPrincipalName = user.Username + UPNSuffix; newUser.Enabled = true; // Settings from the User template newUser.UserCannotChangePassword = userTemplateSettings.UserCannotChangePassword; if (userTemplateSettings.ChangePasswordAtNextLogon) { // This will force the user to change their password // the next time they login newUser.ExpirePasswordNow(); } newUser.PasswordNeverExpires = userTemplateSettings.PasswordNeverExpires; if (userTemplateSettings.AccountExpires) { // We have to determine how long until the user's account // will expire in relation to the date that it is being created. DateTime?expirationDate = new DateTime(); switch (userTemplateSettings.ExpirationRange) { case UserExpirationRange.Days: expirationDate = DateTime.Now.AddDays(userTemplateSettings.ExpirationValue.Value); break; case UserExpirationRange.Weeks: int totalDays = 7 * userTemplateSettings.ExpirationValue.Value; expirationDate = DateTime.Now.AddDays(totalDays); break; case UserExpirationRange.Months: expirationDate = DateTime.Now.AddMonths(userTemplateSettings.ExpirationValue.Value); break; case UserExpirationRange.Years: expirationDate = DateTime.Now.AddYears(userTemplateSettings.ExpirationValue.Value); break; default: break; } newUser.AccountExpirationDate = expirationDate; } newUser.SetPassword(user.Password); newUser.Save(); // Now now have to add the user to the groups associated with the user template. // Note: We are using RootDSE for now because we are looking at the whole domain. // This will need to be changed later on so that only certain OU's will be searched // for groups using (PrincipalContext groupContext = new PrincipalContext(ContextType.Domain, ServerName, null, ContextOptions.Negotiate, ServiceUser, ServicePassword)) { foreach (var grp in userTemplateSettings.Groups) { using (GroupPrincipal group = GroupPrincipal.FindByIdentity(groupContext, grp)) { if (group != null) { // This is being done to address Github Issue #79. For now we are using // the underlying DirectoryEntry object so that the application can be // hosted on a machine that is not part of the domain. DirectoryEntry groupDE = (DirectoryEntry)group.GetUnderlyingObject(); groupDE.Invoke("Add", new object[] { "LDAP://" + ServerName + "/" + newUser.DistinguishedName }); groupDE.Close(); //group.Members.Add(newUser); //group.Save(); } } } } } } }