/// <summary>
/// Remove Group
/// </summary>
/// <param name="groupInfo">ADGroupRequest</param>
/// <returns>ResponseMessage</returns>
public ResponseMessage RemoveGroup(ADGroupRequest groupInfo)
{
ResponseMessage status = new ResponseMessage();
status.Message = string.Empty;
status.IsSuccessful = false;
Session stat = ValidateSession( groupInfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
string uri = FixADURI( groupInfo.DomainInfo.ADHost , groupInfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , groupInfo.DomainInfo.BindingUserName , groupInfo.DomainInfo.BindingUserPassword );
try
{
GroupPrincipal group = FindADGroup( groupInfo.GroupName , groupInfo.DomainInfo );
if ( group != null )
{
group.Delete();
status.Message = @"The group has been removed successfully";
status.IsSuccessful = true;
return status;
}
else
{
status.Message = @"The given Group doesn't exist ";
return status;
}
}
catch ( Exception ex )
{
status.Message = status.Message = "error has accured while adding the desgnated group" + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// Delete AD User Account
/// </summary>
/// <param name="userinfo">ADUserRequest object</param>
/// <returns>ResponseMessage</returns>
public ResponseMessage RemoveADUser( ADUserRequest userinfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( userinfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
string uri = FixADURI( userinfo.DomainInfo.ADHost , userinfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , userinfo.DomainInfo.BindingUserName , userinfo.DomainInfo.BindingUserPassword );
try
{
UserPrincipal usr = FindADUser( userinfo.SamAccountName , userinfo.DomainInfo );
if ( usr != null )
{
usr.Delete();
status.Message = " user Account has been Deleted";
status.IsSuccessful = true;
return status;
}
else
{
status.Message = " Can't delete user account. please check with administrator";
return status;
}
}
catch ( Exception ex )
{
status.Message = @"Failed to create PrincipalContext: " + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// Remove user from a certain group
/// </summary>
/// <param name="userinfo">UserGroupRequest</param>
/// <returns>ResponseMessage</returns>
public ResponseMessage RemoveADUserFromGroup( UserGroupRequest userinfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( userinfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
PrincipalContext principalContext = null;
string uri = FixADURI( userinfo.DomainInfo.ADHost , userinfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , userinfo.DomainInfo.BindingUserName , userinfo.DomainInfo.BindingUserPassword );
try
{
GroupPrincipal group = FindADGroup( userinfo.GroupName , userinfo.DomainInfo );
if ( group != null )
{
group.Members.Remove( principalContext , IdentityType.SamAccountName , userinfo.SamAccountName );
group.Save();
status.Message = "User has been removed successfuly from the designated Group";
status.IsSuccessful = true;
return status;
}
else
{
status.Message = @"Group Doesn't Exist: ";
return status;
}
}
catch ( Exception ex )
{
status.Message = status.Message = "error has accured while removing the user to the designated group" + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// enable or Disable Machine Object in Active Directory
/// </summary>
/// <param name="computerInfo">ADMachineRequest</param>
/// <returns>ResponseMessage</returns>
public ResponseMessage EnableComputer( ADMachineRequest computerInfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( computerInfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
string uri = FixADURI( computerInfo.DomainInfo.ADHost , computerInfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , computerInfo.DomainInfo.BindingUserName , computerInfo.DomainInfo.BindingUserPassword );
try
{
ComputerPrincipal computer = FindADComputer( computerInfo.SamAccountName , computerInfo.DomainInfo );
if ( computer != null )
{
computer.Enabled = computerInfo.IsEnabled;
status.Message = @"Operation was done successfully";
status.IsSuccessful = true;
return status;
}
else
{
status.Message = @"Computer Object doesn't exist with the correspondent name ";
return status;
}
}
catch ( Exception ex )
{
status.Message = status.Message = "error has accured while adding the desgnated group" + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// Move AD Object from one place to another
/// </summary>
/// <param name="objectInfo">ADMoveObjectRequest</param>
/// <returns>ResponseMessage</returns>
public ResponseMessage MoveObject( RequestMoveObject objectInfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( objectInfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
string uriFrom = FixADURI( objectInfo.DomainInfo.ADHost , objectInfo.DomainInfo.ContainerPath );
string uriTo = FixADURI( objectInfo.DomainInfo.ADHost , objectInfo.NewParentObjectPath );
if ( string.IsNullOrWhiteSpace( uriFrom ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWiteFrom = CheckWriteOermission( uriFrom , objectInfo.DomainInfo.BindingUserName , objectInfo.DomainInfo.BindingUserPassword );
bool isAllowWiteTo = CheckWriteOermission( uriTo , objectInfo.DomainInfo.BindingUserName , objectInfo.DomainInfo.BindingUserPassword );
try
{
DirectoryEntry objTo = new DirectoryEntry( uriTo.Replace( @"GC://" , @"LDAP://" ) , objectInfo.DomainInfo.BindingUserName , objectInfo.DomainInfo.BindingUserPassword );
switch ( objectInfo.TypeOfObject )
{
case ObjectType.USER:
UserPrincipal usrFrom = FindADUser( objectInfo.ObjectName , objectInfo.DomainInfo );
if ( usrFrom != null )
{
var userObj = (DirectoryEntry)usrFrom.GetUnderlyingObject();
userObj.MoveTo( objTo );
userObj.CommitChanges();
userObj.Close();
objTo.Close();
status.Message = " User has been Moved successfuly";
status.IsSuccessful = true;
}
else
{
status.Message = " No such user exists";
}
break;
case ObjectType.GROUP:
GroupPrincipal groupFrom = FindADGroup( objectInfo.ObjectName , objectInfo.DomainInfo );
if ( groupFrom != null )
{
var groupObj = (DirectoryEntry)groupFrom.GetUnderlyingObject();
groupObj.MoveTo( objTo );
groupObj.CommitChanges();
groupObj.Close();
objTo.Close();
status.Message = " Group Has been Moved successfuly";
status.IsSuccessful = true;
}
else
{
status.Message = " No such Group exists";
}
break;
case ObjectType.COMPUTER:
ComputerPrincipal computerFrom = FindADComputer( objectInfo.ObjectName , objectInfo.DomainInfo );
if ( computerFrom != null )
{
var computerObj = (DirectoryEntry)computerFrom.GetUnderlyingObject();
computerObj.MoveTo( objTo );
computerObj.CommitChanges();
computerObj.Close();
objTo.Close();
status.Message = " Computer Has been Moved successfuly";
status.IsSuccessful = true;
}
else
{
status.Message = " No such Group exists";
}
break;
default:
status.Message = " Transaction type is not applicable";
status.IsSuccessful = false;
break;
}
return status;
}
catch ( Exception ex )
{
status.Message = "An error occurred please check with system admin " + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// Create AD User in a container
/// </summary>
/// <param name="userinfo">ADUser object</param>
/// <returns></returns>
public ResponseMessage AddADUser( RequestUserCreate userinfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( userinfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
PrincipalContext principalContext = null;
string uri = FixADURI( userinfo.DomainInfo.ADHost , userinfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , userinfo.DomainInfo.BindingUserName , userinfo.DomainInfo.BindingUserPassword );
try
{
UserPrincipal usr = FindADUser( userinfo.UserLogonName , userinfo.DomainInfo );
if ( usr != null )
{
status.Message = " user already exists. Please use a different User Logon Name";
return status;
}
else
{
principalContext = new PrincipalContext( ContextType.Domain , userinfo.DomainInfo.DomainName , userinfo.DomainInfo.ContainerPath , userinfo.DomainInfo.BindingUserName , userinfo.DomainInfo.BindingUserPassword );
}
}
catch ( Exception ex )
{
status.Message = @"Failed to create PrincipalContext: " + ex;
return status;
}
// Create the new UserPrincipal object
UserPrincipal userPrincipal = new UserPrincipal( principalContext );
if ( !string.IsNullOrWhiteSpace( userinfo.LastName ) )
userPrincipal.Surname = userinfo.LastName;
if ( !string.IsNullOrWhiteSpace( userinfo.FirstName ) )
userPrincipal.GivenName = userinfo.FirstName;
if ( !string.IsNullOrWhiteSpace( userinfo.LastName ) && !string.IsNullOrWhiteSpace( userinfo.FirstName ) )
userPrincipal.DisplayName = userinfo.FirstName + " " + userinfo.LastName;
if ( !string.IsNullOrWhiteSpace( userinfo.Description ) )
userPrincipal.Description = userinfo.Description;
if ( !string.IsNullOrWhiteSpace( userinfo.EmployeeID ) )
userPrincipal.EmployeeId = userinfo.EmployeeID;
if ( !string.IsNullOrWhiteSpace( userinfo.EmailAddress ) )
userPrincipal.EmailAddress = userinfo.EmailAddress;
if ( !string.IsNullOrWhiteSpace( userinfo.Telephone ) )
userPrincipal.VoiceTelephoneNumber = userinfo.Telephone;
if ( !string.IsNullOrWhiteSpace( userinfo.UserLogonName ) )
userPrincipal.SamAccountName = userinfo.UserLogonName;
if ( !string.IsNullOrWhiteSpace( userinfo.Password ) )
userPrincipal.SetPassword( userinfo.Password );
userPrincipal.Enabled = true;
userPrincipal.ExpirePasswordNow();
try
{
userPrincipal.Save();
DirectoryEntry de = (DirectoryEntry)userPrincipal.GetUnderlyingObject();
FillUserExtraAttributes( ref de , userinfo );
de.CommitChanges();
status.Message = "Account has been created successfuly";
status.IsSuccessful = true;
}
catch ( Exception ex )
{
status.Message = "Exception creating user object. " + ex;
status.IsSuccessful = false;
return status;
}
return status;
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// ADD Active Directory Computer Obbject
/// </summary>
/// <param name="computerInfo">ADComputerRequest</param>
/// <returns>ResponseMessage</returns>
public ResponseMessage AddMachine( RequestComputerCreate computerInfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( computerInfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
string uri = FixADURI( computerInfo.DomainInfo.ADHost , computerInfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , computerInfo.DomainInfo.BindingUserName , computerInfo.DomainInfo.BindingUserPassword );
try
{
ComputerPrincipal computer = FindADComputer( computerInfo.SamAccountName , computerInfo.DomainInfo );
if ( computer != null )
{
status.Message = @"There is a existing computer with the provided name, kindly choose another name";
return status;
}
else
{
var principalContext = new PrincipalContext( ContextType.Domain , computerInfo.DomainInfo.DomainName , computerInfo.DomainInfo.ContainerPath , computerInfo.DomainInfo.BindingUserName , computerInfo.DomainInfo.BindingUserPassword );
computer = new ComputerPrincipal( principalContext );
computer.DisplayName = computerInfo.DisplayName;
computer.Description = computerInfo.Description;
computer.SamAccountName = computerInfo.SamAccountName;
computer.Enabled = true;
computer.SetPassword( GenerateADPassword( uri , computerInfo.DomainInfo.BindingUserName , computerInfo.DomainInfo.BindingUserPassword ) );
computer.Save();
status.Message = @"Computer has been added successfully ";
status.IsSuccessful = true;
return status;
}
}
catch ( Exception ex )
{
status.Message = status.Message = "error has accured while adding the desgnated group" + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// Add AD Group
/// </summary>
/// <param name="groupInfo">CreateGroupRequest</param>
/// <returns>ResponseMessage</returns>
public ResponseMessage AddGroup( RequestGroupCreate groupInfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( groupInfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
PrincipalContext principalContext = null;
string uri = FixADURI( groupInfo.DomainInfo.ADHost , groupInfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , groupInfo.DomainInfo.BindingUserName , groupInfo.DomainInfo.BindingUserPassword );
try
{
GroupPrincipal group = FindADGroup( groupInfo.GroupName , groupInfo.DomainInfo );
if ( group != null )
{
status.Message = @"There is a existing group with the provided name, kindly choose another name";
return status;
}
else
{
principalContext = new PrincipalContext( ContextType.Domain , groupInfo.DomainInfo.DomainName , groupInfo.DomainInfo.ContainerPath , groupInfo.DomainInfo.BindingUserName , groupInfo.DomainInfo.BindingUserPassword );
group = new GroupPrincipal( principalContext , groupInfo.GroupName );
group.DisplayName = groupInfo.DisplayName;
group.Description = groupInfo.Description;
group.GroupScope = groupInfo.OGroupScope;
group.IsSecurityGroup = groupInfo.IsSecurityGroup;
group.Save();
status.Message = @"Group has been added successfully ";
status.IsSuccessful = true;
return status;
}
}
catch ( Exception ex )
{
status.Message = status.Message = "error has accured while adding the desgnated group" + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// Disable or unlock AD User Account
/// </summary>
/// <param name="userinfo"></param>
/// <returns>ResponseMessage</returns>
public ResponseMessage UnlockADAccount( UserLockRequest userinfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( userinfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
string uri = FixADURI( userinfo.DomainInfo.ADHost , userinfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , userinfo.DomainInfo.BindingUserName , userinfo.DomainInfo.BindingUserPassword );
try
{
UserPrincipal usr = FindADUser( userinfo.SamAccountName , userinfo.DomainInfo );
if ( usr != null )
{
if ( userinfo.LockUser == true )
{
if ( usr.IsAccountLockedOut() )
usr.UnlockAccount();
}
else
usr.Enabled = false;
usr.Save();
status.Message = " Transaction has been executed successfully.";
status.IsSuccessful = true;
return status;
}
else
{
status.Message = "User doesn't exist";
return status;
}
}
catch ( Exception ex )
{
status.Message = @"Failed to create PrincipalContext: " + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}
/// <summary>
/// Reset User Password
/// </summary>
/// <param name="userinfo">ADUserInfo</param>
/// <returns></returns>
public ResponseMessage ResetADUserPassword( UserPasswordRequest userinfo )
{
ResponseMessage status = new ResponseMessage();
status.IsSuccessful = false;
status.Message = string.Empty;
Session stat = ValidateSession( userinfo.DomainInfo.SessionKey );
if ( stat.IsAuthenticated == true )
{
string uri = FixADURI( userinfo.DomainInfo.ADHost , userinfo.DomainInfo.ContainerPath );
if ( string.IsNullOrWhiteSpace( uri ) )
{
status.Message = status.Message = "AD Host is not allowed to be empty, kindly provide the AD Host";
return status;
}
bool isAllowWite = CheckWriteOermission( uri , userinfo.DomainInfo.BindingUserName , userinfo.DomainInfo.BindingUserPassword );
try
{
UserPrincipal usr = FindADUser( userinfo.SamAccountName , userinfo.DomainInfo );
if ( usr != null )
{
if ( userinfo.IsAutoGeneratedPassword == true )
userinfo.NewPassword = GenerateADPassword( uri , userinfo.DomainInfo.BindingUserName , userinfo.DomainInfo.BindingUserPassword );
if ( userinfo.IsOldPasswordProvided == true )
usr.ChangePassword( userinfo.OldPassword , userinfo.NewPassword );
else
usr.SetPassword( userinfo.NewPassword );
if ( userinfo.WithPasswordExpiration == true )
usr.ExpirePasswordNow();
usr.Enabled = true;
usr.Save();
status.Message = " Password has been reseted Successfully";
status.IsSuccessful = true;
return status;
}
else
{
status.Message = "User doesn't exist";
return status;
}
}
catch ( Exception ex )
{
status.Message = @"Failed to create PrincipalContext: " + ex;
return status;
}
}
else
{
status.Message = "Kindly authenticate first";
return status;
}
}