public async Task <ActionResult> UpdateUser(UpdateUserModel model) { List <ResultsItem> items = new List <ResultsItem>(); if (ModelState.IsValid) { try { var azureClient = GraphAuthService.GetActiveDirectoryClient(ConfigHelper.UseApplicationPermissions); Tuple <bool, string, string> tup = await usersService.UpdateUser(azureClient, model.UserEmailAddress, model.Jobtitle, model.department, model.City, model.phone); Microsoft.Azure.ActiveDirectory.GraphClient.User user = (Microsoft.Azure.ActiveDirectory.GraphClient.User)azureClient.Users.Where(u => u.Mail.Equals( model.UserEmailAddress, StringComparison.CurrentCultureIgnoreCase) || u.UserPrincipalName.Equals(model.UserEmailAddress, StringComparison.CurrentCultureIgnoreCase)).ExecuteAsync().Result.CurrentPage.FirstOrDefault(); return(View("ShowUser", new Tuple <bool, string, string, Microsoft.Azure.ActiveDirectory.GraphClient.User>( tup.Item1, tup.Item2, model.UserEmailAddress, user))); } catch (Exception ex) { model.status = false; model.resultantMessage = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : ""); } } return(View("UpdateUser", model)); }
private static void UpdateProperty(PeopleManager peopleManager, GraphApi.User user, Property prop) { var propertyNewValue = typeof(GraphApi.User).GetProperty(prop.ADAttributeName).GetValue(user); if (propertyNewValue != null || prop.WriteIfBlank) { if (prop.IsMulti) { peopleManager.SetMultiValuedProfileProperty(UserProfilePrefix + user.UserPrincipalName, prop.UserProfileAttributeName, new List <string>() { }); } else { peopleManager.SetSingleValueProfileProperty(UserProfilePrefix + user.UserPrincipalName, prop.UserProfileAttributeName, propertyNewValue == null ? string.Empty : propertyNewValue.ToString()); } Console.WriteLine("Updated User: {0} Property: {1} New Value: {2}", user.DisplayName, prop.UserProfileAttributeName, propertyNewValue); } //logic to write only if different }
public async Task <Tuple <bool, string, string> > UpdateUser(ActiveDirectoryClient azureGraphclient, string UserEmailAddress, string title, string Department, string City, string Phone) { string userObjectID = string.Empty; bool ActionStatus = false; string message = string.Empty; if (azureGraphclient == null || string.IsNullOrEmpty(UserEmailAddress)) { return(new Tuple <bool, string, string>(ActionStatus, "Invalid input", null)); } else { try { Microsoft.Azure.ActiveDirectory.GraphClient.User userInstance = (Microsoft.Azure.ActiveDirectory.GraphClient.User) azureGraphclient.Users.Where(a => a.Mail.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) || a.UserPrincipalName.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase)).ExecuteAsync().Result.CurrentPage.FirstOrDefault(); if (userInstance != null) { userObjectID = userInstance.ObjectId; userInstance.JobTitle = title; userInstance.Department = Department; userInstance.City = City; userInstance.TelephoneNumber = Phone; await userInstance.UpdateAsync(); userInstance.GetContext().SaveChanges(); ActionStatus = true; message = "Successfully updated user"; } else { message = "Invalid user"; } } catch (Exception ex) { message = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : ""); } } return(new Tuple <bool, string, string>(ActionStatus, message, userObjectID.ToString())); }
private static bool UserIsMemberOfGroup(GraphConnection graphConnection, string userUPN, string groupDisplayName) { // Get the group for which we want to check membership FilterGenerator filter = new FilterGenerator(); Expression filterExpression = ExpressionHelper.CreateEqualsExpression(typeof(Group), GraphProperty.DisplayName, groupDisplayName); filter.QueryFilter = filterExpression; PagedResults<Group> groupToCheckResults = graphConnection.List<Group>(null, filter); if (groupToCheckResults.Results.Count == 1) { // Add group to our groups to check list Group groupToCheck = groupToCheckResults.Results[0] as Group; IList<String> groupsList = new List<string>(); groupsList.Add(groupToCheck.ObjectId); // Get the user for which we want to check the group membership FilterGenerator userFilter = new FilterGenerator(); Expression userFilterExpression = ExpressionHelper.CreateEqualsExpression(typeof(User), GraphProperty.UserPrincipalName, userUPN); userFilter.QueryFilter = userFilterExpression; User retrievedUser = new User(); PagedResults<User> pagedUserResults = graphConnection.List<User>(null, userFilter); if (pagedUserResults.Results.Count == 1) { retrievedUser = pagedUserResults.Results[0] as User; // Check if the user belongs to any of the passed groups IList<String> memberships = graphConnection.CheckMemberGroups(retrievedUser, groupsList); // If the passed group is returned back then the user is a member if (memberships.Contains(groupToCheck.ObjectId)) { return true; } else { return false; } } else { throw new ArgumentException(String.Format("Group {0} does not exist", groupDisplayName)); } } else { throw new ArgumentException(String.Format("User {0} does not exist", userUPN)); } }
public async Task <ActionResult> AssignExtAttribToUser(ManageApplicationExtensionsAssignment model) { List <ResultsItem> items = new List <ResultsItem>(); if (ModelState.IsValid) { try { var azureClient = GraphAuthService.GetActiveDirectoryClient(ConfigHelper.UseApplicationPermissions); Tuple <bool, string, string, string, string> tup = await usersService.AssignExtensionAttributeToUser(azureClient, model.UserEmailAddress, model.AppName, model.AppExtAttribName, model.ExtAttribValue); Microsoft.Azure.ActiveDirectory.GraphClient.User user = (Microsoft.Azure.ActiveDirectory.GraphClient.User)azureClient.Users.Where(u => u.Mail.Equals( model.UserEmailAddress, StringComparison.CurrentCultureIgnoreCase) || u.UserPrincipalName.Equals(model.UserEmailAddress, StringComparison.CurrentCultureIgnoreCase) ).ExecuteAsync().Result.CurrentPage.FirstOrDefault(); if (user != null) { foreach (var s in user.GetExtendedProperties()) { items.Add(new ResultsItem() { Id = s.Key, Display = (s.Value == null ? "" : s.Value.ToString()) }); } } return(View("ListuserExtAttributes", new Tuple <bool, string, string, List <ResultsItem> >(tup.Item1, tup.Item2, model.UserEmailAddress, items))); } catch (Exception ex) { model.isOk = false; model.message = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : ""); } } return(View("AssignExtAttribToUser", model)); }
/// <summary> /// Get the groups that the user is a member of. /// </summary> /// <param name="user">User whose group membership should be queried.</param> /// <param name="securityEnabledOnly">Get the security enabled groups only.</param> /// <returns>List of group object ids that user is a part of.</returns> public virtual IList<string> GetMemberGroups(User user, bool securityEnabledOnly) { Utils.ValidateGraphObject(user, "user"); List<string> memberGroups = new List<string>(); Uri requestUri = Utils.GetRequestUri<User>( this, user.ObjectId, Constants.ActionGetMemberGroups); Logger.Instance.Info("POSTing to {0}", requestUri); Dictionary<string, string> parameters = new Dictionary<string, string>(); parameters["securityEnabledOnly"] = securityEnabledOnly.ToString(); string requestJson = JsonConvert.SerializeObject(parameters); string responseJson = this.ClientConnection.UploadString( requestUri, HttpVerb.POST, requestJson, null, null); PagedResults<GraphObject> pagedResults = SerializationHelper.DeserializeJsonResponse<GraphObject>(responseJson, requestUri); memberGroups.AddRange(pagedResults.MixedResults); return memberGroups; }
/// <summary> /// Gets the group membership of a user /// </summary> /// <param name="userToAugment"></param> /// <param name="coco"></param> /// <returns></returns> private List<AzurecpResult> GetUserMembership(User userToAugment, AzureTenant coco) { List<AzurecpResult> searchResults = new List<AzurecpResult>(); IUserFetcher retrievedUserFetcher = userToAugment; IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result; do { List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList(); foreach (IDirectoryObject directoryObject in directoryObjects) { if (directoryObject is Group) { AzurecpResult result = new AzurecpResult(); Group group = directoryObject as Group; result.DirectoryObjectResult = group; result.TenantId = coco.TenantId; searchResults.Add(result); } //if (directoryObject is DirectoryRole) //{ // DirectoryRole role = directoryObject as DirectoryRole; //} } pagedCollection = pagedCollection.GetNextPageAsync().Result; } while (pagedCollection != null && pagedCollection.MorePagesAvailable); return searchResults; }
public ViewResult GetUser(GuestUserModel model) { List <Tuple <string, List <ResultsItem> > > tupAppRoles = new List <Tuple <string, List <ResultsItem> > >(); List <ResultsItem> lstUserAppRoles = new List <ResultsItem>(); List <ResultsItem> exts = new List <ResultsItem>(); List <string> groups = new List <string>(); Microsoft.Azure.ActiveDirectory.GraphClient.User myuser = null; if (ModelState.IsValid) { try { var azureClient = GraphAuthService.GetActiveDirectoryClient(ConfigHelper.UseApplicationPermissions); var user = azureClient.Users.Where(a => a.UserPrincipalName.Equals(model.UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) || a.Mail.Equals(model.UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) ).Expand(p => p.AppRoleAssignments).ExecuteAsync().Result.CurrentPage.FirstOrDefault(); if (user != null) { var cc = user.AppRoleAssignments; var approlesassigns = AzureADExtensions.EnumerateAllAsync(cc).Result; var filtered = approlesassigns.Where(a => a.PrincipalType == "User"); //now get role names for those var fapplications = azureClient.Applications.ExecuteAsync().Result; if (fapplications != null) { IEnumerable <IApplication> allapps = AzureADExtensions.EnumerateAllAsync(fapplications).Result; foreach (IApplication app in allapps) { string applicationname = app.DisplayName; var fapplication = azureClient.Applications.Where(a => a.DisplayName == applicationname).ExecuteAsync().Result; if (fapplication != null) { lstUserAppRoles = new List <ResultsItem>(); var myroles = fapplication.CurrentPage.FirstOrDefault().AppRoles.Where(a => filtered.Select(b => b.Id).Contains(a.Id)); foreach (AppRole r in myroles) { lstUserAppRoles.Add(new ResultsItem() { Id = r.DisplayName, Display = r.Description }); } tupAppRoles.Add(new Tuple <string, List <ResultsItem> >(app.DisplayName, lstUserAppRoles)); } } } //get extension attributes myuser = (Microsoft.Azure.ActiveDirectory.GraphClient.User)user; foreach (var s in myuser.GetExtendedProperties()) { exts.Add(new ResultsItem() { Id = s.Key, Display = (s.Value == null ? "" : s.Value.ToString()) }); } IUserFetcher retrievedUserFetcher = myuser; Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.IPagedCollection <IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result; List <IDirectoryObject> directoryObjects = pagedCollection.EnumerateAllAsync().Result.ToList(); foreach (IDirectoryObject directoryObject in directoryObjects) { if (directoryObject is Microsoft.Azure.ActiveDirectory.GraphClient.Group) { Microsoft.Azure.ActiveDirectory.GraphClient.Group group = directoryObject as Microsoft.Azure.ActiveDirectory.GraphClient.Group; groups.Add(group.DisplayName); } } } return(View("GetUserDetails", new UserDetails() { isOk = true, message = "", exts = exts, tupAppRoles = tupAppRoles, user = myuser, Groups = groups })); } catch (Exception ex) { model.status = false; model.resultantMessage = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : ""); } } return(View("GetUser", model)); }
//public async Task GetUserAndAddToGrop(String userPrincipalName, Group group) //{ // User user = await this.GetUser(userPrincipalName); // if(user!=null) // { // await this.AddUserToGroup(user, group); // } // return; //} private async Task<bool> CheckUserWhetherExsitADGroup(User user, Group group) { if (group.ObjectId != null) { IGroupFetcher retrievedGroupFetcher = group; IPagedCollection<IDirectoryObject> membersPagedCollection = await retrievedGroupFetcher.Members.ExecuteAsync(); if (membersPagedCollection != null) { do { List<IDirectoryObject> templist = membersPagedCollection.CurrentPage.ToList(); foreach (IDirectoryObject member in templist) { if (member is User) { User usertemp = member as User; if (usertemp.UserPrincipalName.Equals(user.UserPrincipalName)) { return true; } } } membersPagedCollection = await membersPagedCollection.GetNextPageAsync(); } while (membersPagedCollection != null && membersPagedCollection.MorePagesAvailable); } } return false; }
private async Task AddUserToGroup(User user, Group group) { //Adding users to groups broke with ADAL 2.0.2, commenting out while //the fix is determined. README.md has been updated to let folks //know they should manually add the users to the groups. //client.Context.AddLink(group, "members", user); //await client.Context.SaveChangesAsync(); return; }
private async Task<User> CreateUser(String displayName, String userPrincipalName, String mailNickname, String password) { User newUser = new User(); newUser.DisplayName = displayName; newUser.UserPrincipalName = userPrincipalName; newUser.AccountEnabled = true; newUser.MailNickname = mailNickname; newUser.PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = true }; newUser.UsageLocation = "US"; await this.client.Users.AddUserAsync(newUser); return newUser; }
/// This is a sample console application that shows a End to End Provisioning scenario: /// 1. Create a Customer with the CREST API. /// 2. Add an Exchange Subscription with the CREST API. /// 3. Associate a custom domain with the Azure AD Graph API. /// 4. Get new domain TXT record for verification with the Azure AD Graph API. /// 5. Verify domain TXT record configuration with the Azure AD Graph API. /// 6. Create a new user with the Azure AD Graph API. /// 7. Assign the new user a Exchange license with the Azure AD Graph API. static void Main(string[] args) { try { #region Initialize APIs & Tokens crestApiHelper = new CrestApiHelper(); azureADGraphApiHelper = new AzureADGraphApiHelper(); #endregion #region 1. Create a Customer with the CREST API // New customer information dynamic newCustomer = new { domain_prefix = "createit" + new Random().Next(9999), user_name = "admin", password = "******", profile = new { first_name = "Create", last_name = "It", email = "*****@*****.**", company_name = "Create It", culture = "en-US", language = "en", type = "organization", // Note: This data/location depends on your CSP tenant location // It will be validated by Microsoft and will fail if not valid default_address = new { first_name = "Create", last_name = "It", address_line1 = "One Microsoft Way", city = "Redmond", region = "WA", postal_code = "98052-6399", country = "US", phone_number = "19165767760", } } }; // Create customer Guid customerId = CreateCustomer(newCustomer); // Created customer base information var customer = new Customer() { CustomerId = customerId, TenantDomainName = newCustomer.domain_prefix + ".onmicrosoft.com" }; #endregion #region 2. Add an Exchange Subscription with the CREST API. // New order information dynamic newOrder = new { recipient_customer_id = customer.CustomerId, line_items = new[] { new { line_item_number = 0, offer_uri = "/3c95518e-8c37-41e3-9627-0ca339200f53/offers/195416c1-3447-423a-b37b-ee59a99a19c4", quantity = 20, friendly_name = "Exchange Online (Plan 1)", } } }; // Place order dynamic placedOrder = PlaceOrder(newOrder); #endregion #region 3. Associate a custom domain with the Azure AD Graph API. // NOTE: From here we initialize the Azure AD Graph API helper with the new customer tenant domain // Azure AD Graph API operations will be against the customer tenant, using the Pre-Consent delegated access azureADGraphApiHelper = new AzureADGraphApiHelper(customer.TenantDomainName); // New domain information var tenantDomainName = customer.TenantDomainName; //string domainName = new Random().Next(9999) + "." + tenantDomainName; string domainName = "create.pt"; // Add domain dynamic newDomain = AddCustomerDomain(domainName); #endregion #region 4. Get new domain TXT record for verification with the Azure AD Graph API. dynamic newDomainVerificationRecords = GetCustomerDomainVerificationRecords(domainName); // Note: You now need to go to your DNS service provider and place the TXT record #endregion #region 5. Verify domain TXT record configuration with the Azure AD Graph API. // Note: Will only have success if the TXT record is present in the DNS VerifyCustomerDomain(domainName); #endregion #region 6. Create a new user with the Azure AD Graph API. // New user information GraphClient.IUser newUser = new GraphClient.User() { DisplayName = "createitUser" + new Random().Next(9999), AccountEnabled = true, UsageLocation = "US", PasswordProfile = new GraphClient.PasswordProfile() { ForceChangePasswordNextLogin = true, Password = "******", }, }; newUser.MailNickname = newUser.DisplayName; newUser.UserPrincipalName = newUser.DisplayName + "@" + tenantDomainName; GraphClient.IUser addedUser = AddCustomerUser(newUser); #endregion #region 7. Assign the new user a Exchange license with the Azure AD Graph API. // Get the customer subscribed Skus to determine the Sku id to use in the license assignment IReadOnlyList<GraphClient.ISubscribedSku> subscribedSkus = GetSubscribedSkus(); if (subscribedSkus != null && subscribedSkus.Count > 0) { // Filter the license to assign GraphClient.ISubscribedSku subscribeSkuToUser = subscribedSkus .FirstOrDefault(x => x.SkuPartNumber == "EXCHANGESTANDARD"); // License to assign information GraphClient.AssignedLicense addLicense = new GraphClient.AssignedLicense() { SkuId = subscribeSkuToUser.SkuId }; // Assign license GraphClient.IUser newUserWithLicenseAssigned = AssignOrRemoveLicensesToUser(newUser.UserPrincipalName, addLicense); // Check proper license assignment if (newUserWithLicenseAssigned != null && newUserWithLicenseAssigned.AssignedLicenses != null && newUserWithLicenseAssigned.AssignedLicenses.Count > 0) { GraphClient.AssignedLicense checkAssignedLicense = newUserWithLicenseAssigned.AssignedLicenses .SingleOrDefault(x => x.SkuId == subscribeSkuToUser.SkuId); Debug.Assert(checkAssignedLicense != null, "User assigned license not validated"); } } #endregion } catch (Exception ex) { Console.Write("Error: " + ex.ToString()); } Console.Write("\n\n\nHit enter to exit the app..."); Console.ReadLine(); }
public async Task <Tuple <bool, string, string, string, string> > AssignExtensionAttributeToUser(ActiveDirectoryClient azureGraphclient, string UserEmailAddress, string AppName, string AppExtAttribName, string ExtAttribValue) { Guid userObjectID = Guid.Empty, approleid = Guid.Empty, srvpr = Guid.Empty; bool ActionStatus = false; string message = string.Empty; if (azureGraphclient == null || string.IsNullOrEmpty(AppName) || string.IsNullOrEmpty(AppExtAttribName) || string.IsNullOrEmpty(ExtAttribValue)) { return(new Tuple <bool, string, string, string, string>(ActionStatus, "Invalid input", null, null, null)); } else { try { //get instance of extension attribute var appi = azureGraphclient.Applications.Where(s => s.DisplayName == AppName).ExecuteAsync().Result.CurrentPage.FirstOrDefault(); if (appi != null) { var exts = azureGraphclient.Applications[appi.ObjectId].ExtensionProperties.ExecuteAsync().Result.EnumerateAllAsync().Result; //var appexts = ((Application)appi).ExtensionProperties; IExtensionProperty extAttrib = exts.Where(a => a.Name == AppExtAttribName).FirstOrDefault(); if (extAttrib != null) { Microsoft.Azure.ActiveDirectory.GraphClient.User userInstance = (Microsoft.Azure.ActiveDirectory.GraphClient.User) azureGraphclient.Users.Where(a => a.Mail.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) || a.UserPrincipalName.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase)).ExecuteAsync().Result.CurrentPage.FirstOrDefault(); if (userInstance != null) { userInstance.SetExtendedProperty(AppExtAttribName, ExtAttribValue); await userInstance.UpdateAsync(); userInstance.GetContext().SaveChanges(); ActionStatus = true; message = "Successfully assigned application extension property to user"; } else { message = "Invalid user"; } } else { message = "Attribute name not associated with application"; } } else { message = "Invalid application"; } } catch (Exception ex) { message = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : ""); } } return(new Tuple <bool, string, string, string, string>(ActionStatus, message, userObjectID.ToString(), approleid.ToString(), srvpr.ToString())); }
public ActionResult Delete(User user) { //Get the access token as we need it to make a call to the Graph API string accessToken = AuthUtils.GetAuthToken(Request, HttpContext); if (accessToken == null) { // // The user needs to re-authorize. Show them a message to that effect. // ViewBag.ErrorMessage = "AuthorizationRequired"; return View(); } try { // Setup Graph API connection and delete User Guid ClientRequestId = Guid.NewGuid(); GraphSettings graphSettings = new GraphSettings(); graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion; GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings); graphConnection.Delete(user); return RedirectToAction("Index"); } catch(Exception exception) { ModelState.AddModelError("", exception.Message); return View(user); } }
private static void Main() { // record start DateTime of execution string currentDateTime = DateTime.Now.ToUniversalTime().ToString(); #region Setup Active Directory Client //********************************************************************* // setup Active Directory Client //********************************************************************* ActiveDirectoryClient activeDirectoryClient; try { activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsApplication(); } catch (AuthenticationException ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message); if (ex.InnerException != null) { //You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx //InnerException Message will contain the HTTP error status codes mentioned in the link above Console.WriteLine("Error detail: {0}", ex.InnerException.Message); } Console.ResetColor(); Console.ReadKey(); return; } #endregion #region TenantDetails //********************************************************************* // Get Tenant Details // Note: update the string TenantId with your TenantId. // This can be retrieved from the login Federation Metadata end point: // https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml // Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization // The returned value from the first xml node "EntityDescriptor", will have a STS URL // containing your TenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com //********************************************************************* VerifiedDomain initialDomain = new VerifiedDomain(); VerifiedDomain defaultDomain = new VerifiedDomain(); ITenantDetail tenant = null; Console.WriteLine("\n Retrieving Tenant Details"); try { List<ITenantDetail> tenantsList = activeDirectoryClient.TenantDetails .Where(tenantDetail => tenantDetail.ObjectId.Equals(Constants.TenantId)) .ExecuteAsync().Result.CurrentPage.ToList(); if (tenantsList.Count > 0) { tenant = tenantsList.First(); } } catch (Exception e) { Console.WriteLine("\nError getting TenantDetails {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (tenant == null) { Console.WriteLine("Tenant not found"); } else { TenantDetail tenantDetail = (TenantDetail)tenant; Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName); // Get the Tenant's Verified Domains initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value); Console.WriteLine("Initial Domain Name: " + initialDomain.Name); defaultDomain = tenantDetail.VerifiedDomains.First(x => [email protected] && [email protected]); Console.WriteLine("Default Domain Name: " + defaultDomain.Name); // Get Tenant's Tech Contacts foreach (string techContact in tenantDetail.TechnicalNotificationMails) { Console.WriteLine("Tenant Tech Contact: " + techContact); } } #endregion #region Create a new User IUser newUser = new User(); if (defaultDomain.Name != null) { newUser.DisplayName = "Sample App Demo User (Manager)"; newUser.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name; newUser.AccountEnabled = true; newUser.MailNickname = "SampleAppDemoUserManager"; newUser.PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = true }; newUser.UsageLocation = "US"; try { activeDirectoryClient.Users.AddUserAsync(newUser).Wait(); Console.WriteLine("\nNew User {0} was created", newUser.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region List of max 4 Users by UPN //********************************************************************* // Demonstrate Getting a list of Users with paging (get 4 users), sorted by displayName //********************************************************************* int maxUsers = 4; try { Console.WriteLine("\n Retrieving Users"); List<IUser> users = activeDirectoryClient.Users.OrderBy(user => user.UserPrincipalName).Take(maxUsers).ExecuteAsync().Result.CurrentPage.ToList(); foreach (IUser user in users) { Console.WriteLine("UserObjectId: {0} UPN: {1}", user.ObjectId, user.UserPrincipalName); } } catch (Exception e) { Console.WriteLine("\nError getting Users. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Create a User with a temp Password //********************************************************************************************* // Create a new User with a temp Password //********************************************************************************************* IUser userToBeAdded = new User(); userToBeAdded.DisplayName = "Sample App Demo User"; userToBeAdded.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name; userToBeAdded.AccountEnabled = true; userToBeAdded.MailNickname = "SampleAppDemoUser"; userToBeAdded.PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = true }; userToBeAdded.UsageLocation = "US"; try { activeDirectoryClient.Users.AddUserAsync(userToBeAdded).Wait(); Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new user. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Update newly created User //******************************************************************************************* // update the newly created user's Password, PasswordPolicies and City //********************************************************************************************* if (userToBeAdded.ObjectId != null) { // update User's city and reset their User's Password userToBeAdded.City = "Seattle"; userToBeAdded.Country = "UK"; PasswordProfile PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = false }; userToBeAdded.PasswordProfile = PasswordProfile; userToBeAdded.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword"; try { userToBeAdded.UpdateAsync().Wait(); Console.WriteLine("\nUser {0} was updated", userToBeAdded.DisplayName); } catch (Exception e) { Console.WriteLine("\nError Updating the user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Search User by UPN // search for a single user by UPN string searchString = "admin@" + initialDomain.Name; Console.WriteLine("\n Retrieving user with UPN {0}", searchString); User retrievedUser = new User(); List<IUser> retrievedUsers = null; try { retrievedUsers = activeDirectoryClient.Users .Where(user => user.UserPrincipalName.Equals(searchString)) .ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting new user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } // should only find one user with the specified UPN if (retrievedUsers != null && retrievedUsers.Count == 1) { retrievedUser = (User)retrievedUsers.First(); } else { Console.WriteLine("User not found {0}", searchString); } #endregion #region User Operations if (retrievedUser.UserPrincipalName != null) { Console.WriteLine("\n Found User: "******" UPN: " + retrievedUser.UserPrincipalName); #region Assign User a Manager //Assigning User a new manager. if (newUser.ObjectId != null) { Console.WriteLine("\n Assign User {0}, {1} as Manager.", retrievedUser.DisplayName, newUser.DisplayName); retrievedUser.Manager = newUser as DirectoryObject; try { newUser.UpdateAsync().Wait(); Console.Write("User {0} is successfully assigned {1} as Manager.", retrievedUser.DisplayName, newUser.DisplayName); } catch (Exception e) { Console.WriteLine("\nError assigning manager to user. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get User's Manager //Get the retrieved user's manager. Console.WriteLine("\n Retrieving User {0}'s Manager.", retrievedUser.DisplayName); DirectoryObject usersManager = retrievedUser.Manager; if (usersManager != null) { User manager = usersManager as User; if (manager != null) { Console.WriteLine("User {0} Manager details: \nManager: {1} UPN: {2}", retrievedUser.DisplayName, manager.DisplayName, manager.UserPrincipalName); } } else { Console.WriteLine("Manager not found."); } #endregion #region Get User's Direct Reports //********************************************************************* // get the user's Direct Reports //********************************************************************* if (newUser.ObjectId != null) { Console.WriteLine("\n Getting User{0}'s Direct Reports.", newUser.DisplayName); IUserFetcher newUserFetcher = (IUserFetcher)newUser; try { IPagedCollection<IDirectoryObject> directReports = newUserFetcher.DirectReports.ExecuteAsync().Result; do { List<IDirectoryObject> directoryObjects = directReports.CurrentPage.ToList(); foreach (IDirectoryObject directoryObject in directoryObjects) { if (directoryObject is User) { User directReport = directoryObject as User; Console.WriteLine("User {0} Direct Report is {1}", newUser.UserPrincipalName, directReport.UserPrincipalName); } } directReports = directReports.GetNextPageAsync().Result; } while (directReports != null); } catch (Exception e) { Console.WriteLine("\nError getting direct reports of user. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get list of Group IDS, user is member of //********************************************************************* // get a list of Group IDs that the user is a member of //********************************************************************* //const bool securityEnabledOnly = false; //IEnumerable<string> memberGroups = retrievedUser.GetMemberGroupsAsync(securityEnabledOnly).Result; //Console.WriteLine("\n {0} is a member of the following Groups (IDs)", retrievedUser.DisplayName); //foreach (String memberGroup in memberGroups) //{ // Console.WriteLine("Member of Group ID: " + memberGroup); //} #endregion #region Get User's Group And Role Membership, Getting the complete set of objects //********************************************************************* // get the User's Group and Role membership, getting the complete set of objects //********************************************************************* Console.WriteLine("\n {0} is a member of the following Group and Roles (IDs)", retrievedUser.DisplayName); IUserFetcher retrievedUserFetcher = retrievedUser; try { IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result; do { List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList(); foreach (IDirectoryObject directoryObject in directoryObjects) { if (directoryObject is Group) { Group group = directoryObject as Group; Console.WriteLine(" Group: {0} Description: {1}", group.DisplayName, group.Description); } if (directoryObject is DirectoryRole) { DirectoryRole role = directoryObject as DirectoryRole; Console.WriteLine(" Role: {0} Description: {1}", role.DisplayName, role.Description); } } pagedCollection = pagedCollection.GetNextPageAsync().Result; } while (pagedCollection != null); } catch (Exception e) { Console.WriteLine("\nError getting user's groups and roles memberships. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion } #endregion #region Search for User (People Picker) //********************************************************************* // People picker // Search for a user using text string "Us" match against userPrincipalName, displayName, giveName, surname //********************************************************************* searchString = "Us"; Console.WriteLine("\nSearching for any user with string {0} in UPN,DisplayName,First or Last Name", searchString); List<IUser> usersList = null; IPagedCollection<IUser> searchResults = null; try { IUserCollection userCollection = activeDirectoryClient.Users; searchResults = userCollection.Where(user => user.UserPrincipalName.StartsWith(searchString) || user.DisplayName.StartsWith(searchString) || user.GivenName.StartsWith(searchString) || user.Surname.StartsWith(searchString)).ExecuteAsync().Result; usersList = searchResults.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting User {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (usersList != null && usersList.Count > 0) { do { usersList = searchResults.CurrentPage.ToList(); foreach (IUser user in usersList) { Console.WriteLine("User DisplayName: {0} UPN: {1}", user.DisplayName, user.UserPrincipalName); } searchResults = searchResults.GetNextPageAsync().Result; } while (searchResults != null); } else { Console.WriteLine("User not found"); } #endregion #region Search for Group using StartWith filter //********************************************************************* // Search for a group using a startsWith filter (displayName property) //********************************************************************* Group retrievedGroup = new Group(); searchString = "My"; List<IGroup> foundGroups = null; try { foundGroups = activeDirectoryClient.Groups .Where(group => group.DisplayName.StartsWith(searchString)) .ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting Group {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (foundGroups != null && foundGroups.Count > 0) { retrievedGroup = foundGroups.First() as Group; } else { Console.WriteLine("Group Not Found"); } #endregion #region Assign Member to Group if (retrievedGroup.ObjectId != null) { try { retrievedGroup.Members.Add(newUser as DirectoryObject); retrievedGroup.UpdateAsync().Wait(); } catch (Exception e) { Console.WriteLine("\nError assigning member to group. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get Group members if (retrievedGroup.ObjectId != null) { Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description); //********************************************************************* // get the groups' membership - // Note this method retrieves ALL links in one request - please use this method with care - this // may return a very large number of objects //********************************************************************* IGroupFetcher retrievedGroupFetcher = retrievedGroup; try { IPagedCollection<IDirectoryObject> members = retrievedGroupFetcher.Members.ExecuteAsync().Result; Console.WriteLine(" Members:"); do { List<IDirectoryObject> directoryObjects = members.CurrentPage.ToList(); foreach (IDirectoryObject member in directoryObjects) { if (member is User) { User user = member as User; Console.WriteLine("User DisplayName: {0} UPN: {1}", user.DisplayName, user.UserPrincipalName); } if (member is Group) { Group group = member as Group; Console.WriteLine("Group DisplayName: {0}", group.DisplayName); } if (member is Contact) { Contact contact = member as Contact; Console.WriteLine("Contact DisplayName: {0}", contact.DisplayName); } } members = members.GetNextPageAsync().Result; } while (members != null); } catch (Exception e) { Console.WriteLine("\nError getting groups' membership. {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Add User to Group //********************************************************************************************* // Add User to the "WA" Group //********************************************************************************************* if (retrievedGroup.ObjectId != null) { try { retrievedGroup.Members.Add(userToBeAdded as DirectoryObject); retrievedGroup.UpdateAsync().Wait(); } catch (Exception e) { Console.WriteLine("\nAdding user to group failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Create a new Group //********************************************************************************************* // Create a new Group //********************************************************************************************* Group californiaEmployees = new Group { DisplayName = "California Employees" + Helper.GetRandomString(8), Description = "Employees in the state of California", MailNickname = "CalEmployees", MailEnabled = false, SecurityEnabled = true }; try { activeDirectoryClient.Groups.AddGroupAsync(californiaEmployees).Wait(); Console.WriteLine("\nNew Group {0} was created", californiaEmployees.DisplayName); } catch (Exception e) { Console.WriteLine("\nError creating new Group {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Delete User //********************************************************************************************* // Delete the user that we just created //********************************************************************************************* if (userToBeAdded.ObjectId != null) { try { userToBeAdded.DeleteAsync().Wait(); Console.WriteLine("\nUser {0} was deleted", userToBeAdded.DisplayName); } catch (Exception e) { Console.WriteLine("Deleting User failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } if (newUser.ObjectId != null) { try { newUser.DeleteAsync().Wait(); Console.WriteLine("\nUser {0} was deleted", newUser.DisplayName); } catch (Exception e) { Console.WriteLine("Deleting User failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Delete Group //********************************************************************************************* // Delete the Group that we just created //********************************************************************************************* if (californiaEmployees.ObjectId != null) { try { californiaEmployees.DeleteAsync().Wait(); Console.WriteLine("\nGroup {0} was deleted", californiaEmployees.DisplayName); } catch (Exception e) { Console.WriteLine("Deleting Group failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Get All Roles //********************************************************************* // Get All Roles //********************************************************************* List<IDirectoryRole> foundRoles = null; try { foundRoles = activeDirectoryClient.DirectoryRoles.ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting Roles {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (foundRoles != null && foundRoles.Count > 0) { foreach (IDirectoryRole role in foundRoles) { Console.WriteLine("\n Found Role: {0} {1} {2} ", role.DisplayName, role.Description, role.ObjectId); } } else { Console.WriteLine("Role Not Found {0}", searchString); } #endregion #region Get Service Principals //********************************************************************* // get the Service Principals //********************************************************************* IPagedCollection<IServicePrincipal> servicePrincipals = null; try { servicePrincipals = activeDirectoryClient.ServicePrincipals.ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("\nError getting Service Principal {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (servicePrincipals != null) { do { List<IServicePrincipal> servicePrincipalsList = servicePrincipals.CurrentPage.ToList(); foreach (IServicePrincipal servicePrincipal in servicePrincipalsList) { Console.WriteLine("Service Principal AppId: {0} Name: {1}", servicePrincipal.AppId, servicePrincipal.DisplayName); } servicePrincipals = servicePrincipals.GetNextPageAsync().Result; } while (servicePrincipals != null); } #endregion #region Get Applications //********************************************************************* // get the Application objects //********************************************************************* IPagedCollection<IApplication> applications = null; try { applications = activeDirectoryClient.Applications.Take(999).ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("\nError getting Applications {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (applications != null) { do { List<IApplication> appsList = applications.CurrentPage.ToList(); foreach (IApplication app in appsList) { Console.WriteLine("Application AppId: {0} Name: {1}", app.AppId, app.DisplayName); } applications = applications.GetNextPageAsync().Result; } while (applications != null); } #endregion #region User License Assignment //********************************************************************************************* // User License Assignment - assign EnterprisePack license to new user, and disable SharePoint service // first get a list of Tenant's subscriptions and find the "Enterprisepack" one // Enterprise Pack includes service Plans for ExchangeOnline, SharePointOnline and LyncOnline // validate that Subscription is Enabled and there are enough units left to assign to users //********************************************************************************************* IPagedCollection<ISubscribedSku> skus = null; try { skus = activeDirectoryClient.SubscribedSkus.ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("\nError getting Applications {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (skus != null) { do { List<ISubscribedSku> subscribedSkus = skus.CurrentPage.ToList(); foreach (ISubscribedSku sku in subscribedSkus) { if (sku.SkuPartNumber == "ENTERPRISEPACK") { if ((sku.PrepaidUnits.Enabled.Value > sku.ConsumedUnits) && (sku.CapabilityStatus == "Enabled")) { // create addLicense object and assign the Enterprise Sku GUID to the skuId // AssignedLicense addLicense = new AssignedLicense { SkuId = sku.SkuId.Value }; // find plan id of SharePoint Service Plan foreach (ServicePlanInfo servicePlan in sku.ServicePlans) { if (servicePlan.ServicePlanName.Contains("SHAREPOINT")) { addLicense.DisabledPlans.Add(servicePlan.ServicePlanId.Value); break; } } IList<AssignedLicense> licensesToAdd = new[] { addLicense }; IList<Guid> licensesToRemove = new Guid[] { }; // attempt to assign the license object to the new user try { if (newUser.ObjectId != null) { newUser.AssignLicenseAsync(licensesToAdd, licensesToRemove).Wait(); Console.WriteLine("\n User {0} was assigned license {1}", newUser.DisplayName, addLicense.SkuId); } } catch (Exception e) { Console.WriteLine("\nLicense assingment failed {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } } } skus = skus.GetNextPageAsync().Result; } while (skus != null); } #endregion #region Switch to OAuth Authorization Code Grant (Acting as a user) activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsUser(); #endregion #region Create Application //********************************************************************************************* // Create a new Application object with App Role Assignment (Direct permission) //********************************************************************************************* Application appObject = new Application { DisplayName = "Test-Demo App" + Helper.GetRandomString(8) }; appObject.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid()); appObject.ReplyUrls.Add("https://localhost/demo"); AppRole appRole = new AppRole(); appRole.Id = Guid.NewGuid(); appRole.IsEnabled = true; appRole.AllowedMemberTypes.Add("User"); appRole.DisplayName = "Something"; appRole.Description = "Anything"; appRole.Value = "policy.write"; appObject.AppRoles.Add(appRole); // created Keycredential object for the new App object KeyCredential keyCredential = new KeyCredential { StartDate = DateTime.UtcNow, EndDate = DateTime.UtcNow.AddYears(1), Type = "Symmetric", Value = Convert.FromBase64String("g/TMLuxgzurjQ0Sal9wFEzpaX/sI0vBP3IBUE/H/NS4="), Usage = "Verify" }; appObject.KeyCredentials.Add(keyCredential); try { activeDirectoryClient.Applications.AddApplicationAsync(appObject).Wait(); Console.WriteLine("New Application created: " + appObject.ObjectId); } catch (Exception e) { Console.WriteLine("Application Creation execption: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Create Service Principal //********************************************************************************************* // create a new Service principal //********************************************************************************************* ServicePrincipal newServicePrincpal = new ServicePrincipal(); if (appObject != null) { newServicePrincpal.DisplayName = appObject.DisplayName; newServicePrincpal.AccountEnabled = true; newServicePrincpal.AppId = appObject.AppId; try { activeDirectoryClient.ServicePrincipals.AddServicePrincipalAsync(newServicePrincpal).Wait(); Console.WriteLine("New Service Principal created: " + newServicePrincpal.ObjectId); } catch (Exception e) { Console.WriteLine("Service Principal Creation execption: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Create an Extension Property ExtensionProperty linkedInUserId = new ExtensionProperty { Name = "linkedInUserId", DataType = "String", TargetObjects = { "User" } }; try { appObject.ExtensionProperties.Add(linkedInUserId); appObject.UpdateAsync().Wait(); Console.WriteLine("\nUser object extended successfully."); } catch (Exception e) { Console.WriteLine("\nError extending the user object {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Manipulate an Extension Property try { if (retrievedUser != null && retrievedUser.ObjectId != null) { retrievedUser.SetExtendedProperty(linkedInUserId.Name, "ExtensionPropertyValue"); retrievedUser.UpdateAsync().Wait(); Console.WriteLine("\nUser {0}'s extended property set successully.", retrievedUser.DisplayName); } } catch (Exception e) { Console.WriteLine("\nError Updating the user object {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Get an Extension Property try { if (retrievedUser != null && retrievedUser.ObjectId != null) { IReadOnlyDictionary<string, object> extendedProperties = retrievedUser.GetExtendedProperties(); object extendedProperty = extendedProperties[linkedInUserId.Name]; Console.WriteLine("\n Retrieved User {0}'s extended property value is: {1}.", retrievedUser.DisplayName, extendedProperty); } } catch (Exception e) { Console.WriteLine("\nError Updating the user object {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Assign Direct Permission try { User user = (User)activeDirectoryClient.Users.ExecuteAsync().Result.CurrentPage.ToList().FirstOrDefault(); if (appObject.ObjectId != null && user != null && newServicePrincpal.ObjectId != null) { AppRoleAssignment appRoleAssignment = new AppRoleAssignment(); appRoleAssignment.Id = appRole.Id; appRoleAssignment.ResourceId = Guid.Parse(newServicePrincpal.ObjectId); appRoleAssignment.PrincipalType = "User"; appRoleAssignment.PrincipalId = Guid.Parse(user.ObjectId); user.AppRoleAssignments.Add(appRoleAssignment); user.UpdateAsync().Wait(); Console.WriteLine("User {0} is successfully assigned direct permission.", retrievedUser.DisplayName); } } catch (Exception e) { Console.WriteLine("Direct Permission Assignment failed: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Get Devices //********************************************************************************************* // Get a list of Mobile Devices from tenant //********************************************************************************************* Console.WriteLine("\nGetting Devices"); IPagedCollection<IDevice> devices = null; try { devices = activeDirectoryClient.Devices.ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("/nError getting devices {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (devices != null) { do { List<IDevice> devicesList = devices.CurrentPage.ToList(); foreach (IDevice device in devicesList) { if (device.ObjectId != null) { Console.WriteLine("Device ID: {0}, Type: {1}", device.DeviceId, device.DeviceOSType); IPagedCollection<IDirectoryObject> registeredOwners = device.RegisteredOwners; if (registeredOwners != null) { do { List<IDirectoryObject> registeredOwnersList = registeredOwners.CurrentPage.ToList(); foreach (IDirectoryObject owner in registeredOwnersList) { Console.WriteLine("Device Owner ID: " + owner.ObjectId); } registeredOwners = registeredOwners.GetNextPageAsync().Result; } while (registeredOwners != null); } } } devices = devices.GetNextPageAsync().Result; } while (devices != null); } #endregion #region Create New Permission //********************************************************************************************* // Create new permission object //********************************************************************************************* OAuth2PermissionGrant permissionObject = new OAuth2PermissionGrant(); permissionObject.ConsentType = "AllPrincipals"; permissionObject.Scope = "user_impersonation"; permissionObject.StartTime = DateTime.Now; permissionObject.ExpiryTime = (DateTime.Now).AddMonths(12); // resourceId is objectId of the resource, in this case objectId of AzureAd (Graph API) permissionObject.ResourceId = "52620afb-80de-4096-a826-95f4ad481686"; //ClientId = objectId of servicePrincipal permissionObject.ClientId = newServicePrincpal.ObjectId; try { activeDirectoryClient.Oauth2PermissionGrants.AddOAuth2PermissionGrantAsync(permissionObject).Wait(); Console.WriteLine("New Permission object created: " + permissionObject.ObjectId); } catch (Exception e) { Console.WriteLine("Permission Creation exception: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion #region Get All Permissions //********************************************************************************************* // get all Permission Objects //********************************************************************************************* Console.WriteLine("\n Getting Permissions"); IPagedCollection<IOAuth2PermissionGrant> permissions = null; try { permissions = activeDirectoryClient.Oauth2PermissionGrants.ExecuteAsync().Result; } catch (Exception e) { Console.WriteLine("Error: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } if (permissions != null) { do { List<IOAuth2PermissionGrant> perms = permissions.CurrentPage.ToList(); foreach (IOAuth2PermissionGrant perm in perms) { Console.WriteLine("Permission: {0} Name: {1}", perm.ClientId, perm.Scope); } permissions = permissions.GetNextPageAsync().Result; } while (permissions != null); } #endregion #region Delete Application //********************************************************************************************* // Delete Application Objects //********************************************************************************************* if (appObject.ObjectId != null) { try { appObject.DeleteAsync().Wait(); Console.WriteLine("Deleted Application object: " + appObject.ObjectId); } catch (Exception e) { Console.WriteLine("Application Deletion execption: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } } #endregion #region Batch Operations //********************************************************************************************* // Show Batching with 3 operators. Note: up to 5 operations can be in a batch //********************************************************************************************* IReadOnlyQueryableSet<User> userQuery = activeDirectoryClient.DirectoryObjects.OfType<User>(); IReadOnlyQueryableSet<Group> groupsQuery = activeDirectoryClient.DirectoryObjects.OfType<Group>(); IReadOnlyQueryableSet<DirectoryRole> rolesQuery = activeDirectoryClient.DirectoryObjects.OfType<DirectoryRole>(); try { IBatchElementResult[] batchResult = activeDirectoryClient.Context.ExecuteBatchAsync(userQuery, groupsQuery, rolesQuery).Result; int responseCount = 1; foreach (IBatchElementResult result in batchResult) { if (result.FailureResult != null) { Console.WriteLine("Failed: {0} ", result.FailureResult.InnerException); } if (result.SuccessResult != null) { Console.WriteLine("Batch Item Result {0} succeeded", responseCount++); } } } catch (Exception e) { Console.WriteLine("Batch execution failed. : {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } #endregion //********************************************************************************************* // End of Demo Console App //********************************************************************************************* Console.WriteLine("\nCompleted at {0} \n Press Any Key to Exit.", currentDateTime); Console.ReadKey(); }
public override void Execute() { var client = _generator.DataHelper.GetADClient(); List<ITenantDetail> tenantsList = client.TenantDetails .ExecuteAsync().Result.CurrentPage.ToList(); ITenantDetail tenant = tenantsList.First(); var defaultDomain = tenant.VerifiedDomains.First(x => [email protected] && [email protected]); if (WorkingDefinition.NumberOfUsersToCreate > 0) { try { int batchcounter = 0; HashSet<Tuple<string, string>> usedNames = new HashSet<Tuple<string, string>>(); for (int i = 0; i < WorkingDefinition.NumberOfUsersToCreate; i++) { try { var firstName = SampleData.GetSampleValueRandom(SampleData.FirstNames); var lastName = SampleData.GetSampleValueRandom(SampleData.LastNames); while (usedNames.Contains(new Tuple<string, string>(firstName, lastName))) { firstName = SampleData.GetSampleValueRandom(SampleData.FirstNames); lastName = SampleData.GetSampleValueRandom(SampleData.LastNames); } usedNames.Add(new Tuple<string, string>(firstName, lastName)); var userPrincipal = new User(); userPrincipal.Surname = lastName; userPrincipal.AccountEnabled = true; userPrincipal.GivenName = firstName; userPrincipal.MailNickname = userPrincipal.GivenName.ToLower() + "." + userPrincipal.Surname.ToLower(); userPrincipal.UserPrincipalName = userPrincipal.MailNickname + "@" + defaultDomain.Name; userPrincipal.DisplayName = userPrincipal.GivenName + " " + userPrincipal.Surname; userPrincipal.UsageLocation = "US"; userPrincipal.PasswordProfile = new PasswordProfile { Password = "******", ForceChangePasswordNextLogin = false, }; client.Users.AddUserAsync(userPrincipal, true).Wait(); batchcounter++; if (batchcounter >= 50) { client.Context.SaveChangesAsync().Wait(); Owner.IncrementCurrentTaskProgress(string.Format("Created {0}/{1} users", i + 1, WorkingDefinition.NumberOfUsersToCreate), batchcounter); batchcounter = 0; } } catch (Exception ex) { Errors.Log(ex); } } if (batchcounter > 0) { client.Context.SaveChangesAsync().Wait(); Owner.IncrementCurrentTaskProgress(string.Format("Created {0} users", WorkingDefinition.NumberOfUsersToCreate), batchcounter); } } catch (Exception ex) { Errors.Log(ex); } } if (WorkingDefinition.NumberOfSecurityGroupsToCreate > 0) { try { HashSet<string> usedGroupNames = new HashSet<string>(); int batchCounter = 0; for (int i = 0; i < WorkingDefinition.NumberOfSecurityGroupsToCreate; i++) { try { var displayName = SampleData.GetSampleValueRandom(SampleData.Accounts); while (usedGroupNames.Contains(displayName)) { displayName = SampleData.GetSampleValueRandom(SampleData.Accounts); } usedGroupNames.Add(displayName); var mailNickname = Regex.Replace(displayName, @"[^a-z0-9]", ""); Group group = new Group(); group.DisplayName = displayName; group.MailEnabled = false; group.SecurityEnabled = true; group.MailNickname = mailNickname; batchCounter++; client.Groups.AddGroupAsync(group, true).Wait(); if (batchCounter >= 50) { client.Context.SaveChangesAsync().Wait(); Owner.IncrementCurrentTaskProgress(string.Format("Created {0}/{1} security groups", i + 1, WorkingDefinition.NumberOfSecurityGroupsToCreate), batchCounter); batchCounter = 0; } } catch (Exception ex) { Errors.Log(ex); } } if (batchCounter > 0) { client.Context.SaveChangesAsync().Wait(); Owner.IncrementCurrentTaskProgress(string.Format("Created {0} security groups", WorkingDefinition.NumberOfSecurityGroupsToCreate), batchCounter); } if (WorkingDefinition.NumberOfSecurityGroupsToCreate > 0 && WorkingDefinition.MaxNumberOfUsersInCreatedSecurityGroups > 0) { Owner.IncrementCurrentTaskProgress("Retriving groups and users.", 0); var allGroups = _generator.DataHelper.GetAvailableGroupObjectsInDirectory(); var allUsers = _generator.DataHelper.GetAvailableUserObjectsInDirectory(); Owner.IncrementCurrentTaskProgress("Adding users to groups.", 0); foreach (var @group in allGroups) { if (usedGroupNames.Contains(@group.DisplayName)) { var userGroupMaxCount = Math.Min(WorkingDefinition.MaxNumberOfUsersInCreatedSecurityGroups, allUsers.Count); var userGroupCount = SampleData.GetRandomNumber(0, userGroupMaxCount); if (userGroupCount > 0) { allUsers.Shuffle(); foreach (var user in allUsers.Take(userGroupCount)) { group.Members.Add(user); // progressDetail(string.Format("Added {0} user to {1} security group", user.DisplayName, @group.DisplayName)); } group.UpdateAsync().Wait(); Owner.IncrementCurrentTaskProgress(string.Format("Added {0} users to {1} security group", userGroupCount, @group.DisplayName)); } } } } } catch (Exception ex) { Errors.Log(ex); } } }
public ActionResult Delete(User user) { string accessToken = null; string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value; if (tenantId != null) { accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId); } if (accessToken == null) { // // If refresh is set to true, the user has clicked the link to be authorized again. // if (Request.QueryString["reauth"] == "True") { // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // ViewBag.ErrorMessage = "AuthorizationRequired"; return View(); } try { // Setup Graph API connection and delete User Guid ClientRequestId = Guid.NewGuid(); GraphSettings graphSettings = new GraphSettings(); graphSettings.ApiVersion = graphApiVersion; GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings); graphConnection.Delete(user); return RedirectToAction("Index"); } catch(Exception exception) { ModelState.AddModelError("", exception.Message); return View(user); } }
static void Main() { // get OAuth token using Client Credentials string tenantName = "GraphDir1.onMicrosoft.com"; string authString = "https://login.windows.net/" + tenantName; AuthenticationContext authenticationContext = new AuthenticationContext(authString,false); // Config for OAuth client credentials string clientId = "118473c2-7619-46e3-a8e4-6da8d5f56e12"; string clientSecret = "hOrJ0r0TZ4GQ3obp+vk3FZ7JBVP+TX353kNo6QwNq7Q="; ClientCredential clientCred = new ClientCredential(clientId, clientSecret); string resource = "https://graph.windows.net"; string token; try { AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred); token = authenticationResult.AccessToken; } catch (AuthenticationException ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message); if (ex.InnerException != null) { //You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx //InnerException Message will contain the HTTP error status codes mentioned in the link above Console.WriteLine("Error detail: {0}", ex.InnerException.Message); } Console.ResetColor(); Console.ReadKey(); return; } // record start DateTime of execution string CurrentDateTime = DateTime.Now.ToUniversalTime().ToString(); //********************************************************************* // setup Graph connection //********************************************************************* Guid ClientRequestId = Guid.NewGuid(); GraphSettings graphSettings = new GraphSettings(); graphSettings.ApiVersion = "2013-11-08"; graphSettings.GraphDomainName = "graph.windows.net"; GraphConnection graphConnection = new GraphConnection(token, ClientRequestId,graphSettings); VerifiedDomain initialDomain = new VerifiedDomain(); VerifiedDomain defaultDomain = new VerifiedDomain(); //********************************************************************* // Get Tenant Details // Note: update the string tenantId with your TenantId. // This can be retrieved from the login Federation Metadata end point: // https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml // Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization // The returned value from the first xml node "EntityDescriptor", will have a STS URL // containing your tenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com //********************************************************************* string tenantId = "4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34"; GraphObject tenant = graphConnection.Get(typeof(TenantDetail), tenantId); if (tenant == null) { Console.WriteLine("Tenant not found"); } else { TenantDetail tenantDetail = (TenantDetail)tenant; Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName); // Get the Tenant's Verified Domains initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value); Console.WriteLine("Initial Domain Name: " + initialDomain.Name); defaultDomain = tenantDetail.VerifiedDomains.First(x => x.Default.HasValue && x.Default.Value); Console.WriteLine("Default Domain Name: " + defaultDomain.Name); foreach (string techContact in tenantDetail.TechnicalNotificationMails) { Console.WriteLine("Tenant Tech Contact: " + techContact); } } //********************************************************************* // Demonstrate Getting a list of Users with paging (get 4 users), sort by displayName //********************************************************************* Console.WriteLine("\n Retrieving Users"); FilterGenerator userFilter = new FilterGenerator(); userFilter.Top = 4; userFilter.OrderByProperty = GraphProperty.DisplayName; PagedResults<User> users = graphConnection.List<User>(null, userFilter); foreach (User user in users.Results) { Console.WriteLine("UserObjectId: {0} UPN: {1}", user.ObjectId, user.UserPrincipalName); } // if there are more users to retrieve, get the rest of the users, and specify maximum page size 999 do { userFilter.Top = 999; if (users.PageToken != null) { users = graphConnection.List<User>(users.PageToken, userFilter); Console.WriteLine("\n Next page of results"); } foreach (User user in users.Results) { Console.WriteLine("DisplayName: {0} UPN: {1}", user.DisplayName, user.UserPrincipalName); } } while (users.PageToken != null); // search for a single user by UPN string searchString = "adam@" + initialDomain.Name; FilterGenerator filter = new FilterGenerator(); Expression filterExpression = ExpressionHelper.CreateEqualsExpression(typeof(User), GraphProperty.UserPrincipalName, searchString ); filter.QueryFilter = filterExpression; User retrievedUser = new User(); PagedResults<User> pagedUserResults = graphConnection.List<User>(null, filter); // should only find one user with the specified UPN if (pagedUserResults.Results.Count == 1) { retrievedUser = pagedUserResults.Results[0] as User; } else { Console.WriteLine("User not found {0}", searchString); } if (retrievedUser.UserPrincipalName != null) { Console.WriteLine("\n Found User: "******" UPN: " + retrievedUser.UserPrincipalName); // get the user's Manager int count = 0; PagedResults<GraphObject> managers = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.Manager, null); foreach (GraphObject managerObject in managers.Results) { if (managerObject.ODataTypeName.Contains("User")) { User manager = (User)managers.Results[count]; Console.WriteLine(" Manager: {0} UPN: {1}", manager.DisplayName, manager.UserPrincipalName); } count++; } //********************************************************************* // get the user's Direct Reports //********************************************************************* int top = 99; PagedResults<GraphObject> directReportObjects = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.DirectReports, null, top); foreach (GraphObject graphObject in directReportObjects.Results) { if (graphObject.ODataTypeName.Contains("User")) { User User = (User)graphObject; Console.WriteLine(" DirectReport {0}: {1} UPN: {2}", User.ObjectType, User.DisplayName, User.UserPrincipalName); } if (graphObject.ODataTypeName.Contains("Contact")) { Contact Contact = (Contact)graphObject; Console.WriteLine(" DirectReport {0}: {1} Mail: {2} ", Contact.ObjectType, Contact.DisplayName, Contact.Mail); } } //********************************************************************* // get a list of Group IDs that the user is a member of //********************************************************************* Console.WriteLine("\n {0} is a member of the following Groups (IDs)", retrievedUser.DisplayName); bool securityGroupsOnly = false; IList<string> usersGroupMembership = graphConnection.GetMemberGroups(retrievedUser, securityGroupsOnly); foreach (String groupId in usersGroupMembership) { Console.WriteLine("Member of Group ID: "+ groupId); } //********************************************************************* // get the User's Group and Role membership, getting the complete set of objects //********************************************************************* PagedResults<GraphObject> memberOfObjects = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.MemberOf, null, top); foreach (GraphObject graphObject in memberOfObjects.Results) { if (graphObject.ODataTypeName.Contains("Group")) { Group Group = (Group)graphObject; Console.WriteLine(" Group: {0} Description: {1}", Group.DisplayName, Group.Description); } if (graphObject.ODataTypeName.Contains("Role")) { Role Role = (Role)graphObject; Console.WriteLine(" Role: {0} Description: {1}", Role.DisplayName, Role.Description); } } } //********************************************************************* // People picker // Search for a user using text string "ad" match against userPrincipalName, proxyAddresses, displayName, giveName, surname //********************************************************************* searchString = "ad"; Console.WriteLine("\nSearching for any user with string {0} in UPN,ProxyAddresses,DisplayName,First or Last Name", searchString); FilterGenerator userMatchFilter = new FilterGenerator(); userMatchFilter.Top = 19; Expression firstExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.UserPrincipalName, searchString); Expression secondExpression = ExpressionHelper.CreateAnyExpression(typeof(User), GraphProperty.ProxyAddresses, "smtp:" + searchString); userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(firstExpression, secondExpression, ExpressionType.Or); Expression thirdExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.DisplayName, searchString); userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, thirdExpression, ExpressionType.Or); Expression fourthExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.GivenName, searchString); userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, fourthExpression, ExpressionType.Or); Expression fifthExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.Surname, searchString); userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, fifthExpression, ExpressionType.Or); PagedResults<User> serachResults = graphConnection.List<User>(null, userMatchFilter); if (serachResults.Results.Count > 0) { foreach (User User in serachResults.Results) { Console.WriteLine("User DisplayName: {0} UPN: {1}", User.DisplayName, User.UserPrincipalName); } } else { Console.WriteLine("User not found"); } //********************************************************************* // Search for a group using a startsWith filter (displayName property) //********************************************************************* Group retrievedGroup = new Group(); searchString = "Wash"; filter.QueryFilter = ExpressionHelper.CreateStartsWithExpression(typeof(Group), GraphProperty.DisplayName, searchString); filter.Top = 99; PagedResults<Group> pagedGroupResults = graphConnection.List<Group>(null, filter); if (pagedGroupResults.Results.Count > 0) { retrievedGroup = pagedGroupResults.Results[0] as Group; } else { Console.WriteLine("Group Not Found"); } if (retrievedGroup.ObjectId != null) { Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description); //********************************************************************* // get the groups' membership using GetAllDirectLinks - // Note this method retrieves ALL links in one request - please use this method with care - this // may return a very large number of objects //********************************************************************* GraphObject graphObj = (GraphObject)retrievedGroup; IList<GraphObject> members = graphConnection.GetAllDirectLinks(graphObj, LinkProperty.Members); if (members.Count > 0) { Console.WriteLine(" Members:"); foreach (GraphObject graphObject in members) { if (graphObject.ODataTypeName.Contains("User")) { User User = (User)graphObject; Console.WriteLine("User DisplayName: {0} UPN: {1}", User.DisplayName, User.UserPrincipalName); } if (graphObject.ODataTypeName.Contains("Group")) { Group Group = (Group)graphObject; Console.WriteLine("Group DisplayName: {0}", Group.DisplayName); } if (graphObject.ODataTypeName.Contains("Contact")) { Contact Contact = (Contact)graphObject; Console.WriteLine("Contact DisplayName: {0}", Contact.DisplayName); } } } } //********************************************************************* // Search for a Role by displayName //********************************************************************* searchString = "Company Administrator"; filter.QueryFilter = ExpressionHelper.CreateStartsWithExpression(typeof(Role), GraphProperty.DisplayName, searchString); PagedResults<Role> pagedRoleResults = graphConnection.List<Role>(null, null); if (pagedRoleResults.Results.Count > 0) { foreach (GraphObject graphObject in pagedRoleResults.Results) { Role role = graphObject as Role; if (role.DisplayName == searchString.Trim()) { Console.WriteLine("\n Found Role: {0} {1} {2} ", role.DisplayName, role.Description, role.ObjectId); } } } else { Console.WriteLine("Role Not Found {0}",searchString); } //********************************************************************* // get the Service Principals //********************************************************************* filter.Top = 999; filter.QueryFilter = null; PagedResults<ServicePrincipal> servicePrincipals = new PagedResults<ServicePrincipal>(); do { servicePrincipals = graphConnection.List<ServicePrincipal>(servicePrincipals.PageToken, filter); if (servicePrincipals != null) { foreach (ServicePrincipal servicePrincipal in servicePrincipals.Results) { Console.WriteLine("Service Principal AppId: {0} Name: {1}", servicePrincipal.AppId, servicePrincipal.DisplayName); } } } while (servicePrincipals.PageToken != null); //********************************************************************* // get the Application objects //********************************************************************* filter.Top = 999; PagedResults<Application> applications = new PagedResults<Application>(); do { applications = graphConnection.List<Application>(applications.PageToken, filter); if (applications != null) { foreach (Application application in applications.Results) { Console.WriteLine("Application AppId: {0} Name: {1}", application.AppId, application.DisplayName); } } }while (applications.PageToken != null); string targetAppId = applications.Results[0].ObjectId; //******************************************************************************************** // We'll now switch to Authenticating using OAuth Authorization Code Grant // which includes user Authentication/Delegation //********************************************************************************************* var redirectUri = new Uri("https://localhost"); string clientIdForUserAuthn = "66133929-66a4-4edc-aaee-13b04b03207d"; AuthenticationResult userAuthnResult = null; try { userAuthnResult = authenticationContext.AcquireToken(resource, clientIdForUserAuthn, redirectUri, PromptBehavior.Always); token = userAuthnResult.AccessToken; Console.WriteLine("\n Welcome " + userAuthnResult.UserInfo.GivenName + " " + userAuthnResult.UserInfo.FamilyName); } catch (AuthenticationException ex) { string message = ex.Message; if (ex.InnerException != null) message += "InnerException : " + ex.InnerException.Message; Console.WriteLine(message); Console.ReadKey(); return; } // re-establish Graph connection using the new token graphConnection = new GraphConnection(token, ClientRequestId, graphSettings); //********************************************************************************************* // Create a new User with a temp password //********************************************************************************************* User userToBeAdded = new User(); userToBeAdded.DisplayName = "Sample App Demo User"; userToBeAdded.UserPrincipalName = "SampleAppDemoUser@" + defaultDomain.Name; userToBeAdded.AccountEnabled = true; userToBeAdded.MailNickname = "SampleAppDemoUser"; userToBeAdded.PasswordProfile = new PasswordProfile(); userToBeAdded.PasswordProfile.Password = "******"; userToBeAdded.PasswordProfile.ForceChangePasswordNextLogin = true; userToBeAdded.UsageLocation = "US"; User newlyCreatedUser = new User(); try { newlyCreatedUser = graphConnection.Add<User>(userToBeAdded); Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName); } catch (GraphException graphException) { Console.WriteLine("\nError creating new user {0} {1}", graphException.Code, graphException.Message); } //********************************************************************************************* // update the newly created user's Password, PasswordPolicies and City //********************************************************************************************* if (newlyCreatedUser.ObjectId != null) { string userObjectId = newlyCreatedUser.ObjectId; // update User's city and reset their User's password User updateUser = graphConnection.Get<User>(userObjectId); updateUser.City = "Seattle"; PasswordProfile passwordProfile = new PasswordProfile(); passwordProfile.Password = "******"; passwordProfile.ForceChangePasswordNextLogin = false; updateUser.PasswordProfile = passwordProfile; updateUser.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword"; try { graphConnection.Update(updateUser); Console.WriteLine("\nUser {0} was updated", updateUser.DisplayName); } catch (GraphException graphException) { Console.WriteLine("\nError Updating the user {0} {1}", graphException.Code, graphException.Message); } //********************************************************************************************* // Add, then retrieve a thumbnailPhoto for the newly created user //********************************************************************************************* Bitmap thumbnailPhoto = new Bitmap(20, 20); thumbnailPhoto.SetPixel(5, 5, Color.Beige); thumbnailPhoto.SetPixel(5, 6, Color.Beige); thumbnailPhoto.SetPixel(6, 5, Color.Beige); thumbnailPhoto.SetPixel(6, 6, Color.Beige); using (MemoryStream ms = new MemoryStream()) { thumbnailPhoto.Save(ms, ImageFormat.Jpeg); graphConnection.SetStreamProperty(newlyCreatedUser, GraphProperty.ThumbnailPhoto, ms, "image/jpeg"); // graphConnection.SetStreamProperty(newlyCreatedUser, "thumbnailPhoto", ms, "image/jpeg"); } using (Stream ms = graphConnection.GetStreamProperty(newlyCreatedUser, GraphProperty.ThumbnailPhoto, "image/jpeg")) { Image jpegImage = Image.FromStream(ms); } //********************************************************************************************* // User License Assignment - assign EnterprisePack license to new user, and disable SharePoint service // first get a list of Tenant's subscriptions and find the "Enterprisepack" one // Enterprise Pack includes service Plans for ExchangeOnline, SharePointOnline and LyncOnline // validate that Subscription is Enabled and there are enough units left to assign to users //********************************************************************************************* PagedResults<SubscribedSku> skus = graphConnection.List<SubscribedSku>(null, null); foreach (SubscribedSku sku in skus.Results) { if (sku.SkuPartNumber == "ENTERPRISEPACK") if ((sku.PrepaidUnits.Enabled.Value > sku.ConsumedUnits) && (sku.CapabilityStatus == "Enabled")) { // create addLicense object and assign the Enterprise Sku GUID to the skuId // AssignedLicense addLicense = new AssignedLicense(); addLicense.SkuId = sku.SkuId.Value; // find plan id of SharePoint Service Plan foreach (ServicePlanInfo servicePlan in sku.ServicePlans) { if (servicePlan.ServicePlanName.Contains("SHAREPOINT")) { addLicense.DisabledPlans.Add(servicePlan.ServicePlanId.Value); break; } } IList<AssignedLicense> licensesToAdd = new AssignedLicense[] { addLicense }; IList<Guid> licensesToRemove = new Guid[] { }; // attempt to assign the license object to the new user try { graphConnection.AssignLicense(newlyCreatedUser, licensesToAdd, licensesToRemove); Console.WriteLine("\n User {0} was assigned license {1}", newlyCreatedUser.DisplayName, addLicense.SkuId); } catch (GraphException graphException) { Console.WriteLine("\nLicense assingment failed {0} {1}", graphException.Code, graphException.Message); } } } //********************************************************************************************* // Add User to the "WA" Group //********************************************************************************************* if (retrievedGroup.ObjectId != null) { try { graphConnection.AddLink(retrievedGroup, newlyCreatedUser, LinkProperty.Members); Console.WriteLine("\nUser {0} was added to Group {1}", newlyCreatedUser.DisplayName, retrievedGroup.DisplayName); } catch (GraphException graphException) { Console.WriteLine("\nAdding user to group failed {0} {1}", graphException.Code, graphException.Message); } } //********************************************************************************************* // Create a new Group //********************************************************************************************* Group CaliforniaEmployees = new Group(); CaliforniaEmployees.DisplayName = "California Employees"; CaliforniaEmployees.Description = "Employees in the state of California"; CaliforniaEmployees.MailNickname = "CalEmployees"; CaliforniaEmployees.MailEnabled = false; CaliforniaEmployees.SecurityEnabled = true; Group newGroup = null; try { newGroup = graphConnection.Add<Group>(CaliforniaEmployees); Console.WriteLine("\nNew Group {0} was created", newGroup.DisplayName); } catch (GraphException graphException) { Console.WriteLine("\nError creating new Group {0} {1}", graphException.Code, graphException.Message); } //********************************************************************************************* // Add the new User member to the new Group //********************************************************************************************* if (newGroup.ObjectId != null) { try { graphConnection.AddLink(newGroup, newlyCreatedUser, LinkProperty.Members); Console.WriteLine("\nUser {0} was added to Group {1}", newlyCreatedUser.DisplayName, newGroup.DisplayName); } catch (GraphException graphException) { Console.WriteLine("\nAdding user to group failed {0} {1}", graphException.Code, graphException.Message); } } //********************************************************************************************* // Delete the user that we just created //********************************************************************************************* if (newlyCreatedUser.ObjectId != null) { try { graphConnection.Delete(newlyCreatedUser); Console.WriteLine("\nUser {0} was deleted", newlyCreatedUser.DisplayName); } catch (GraphException graphException) { Console.WriteLine("Deleting User failed {0} {1}", graphException.Code, graphException.Message); } } //********************************************************************************************* // Delete the Group that we just created //********************************************************************************************* if (newGroup.ObjectId != null) { try { graphConnection.Delete(newGroup); Console.WriteLine("\nGroup {0} was deleted", newGroup.DisplayName); } catch (GraphException graphException) { Console.WriteLine("Deleting Group failed: {0} {1}", graphException.Code, graphException.Message); } } } //********************************************************************************************* // Get a list of Mobile Devices from tenant //********************************************************************************************* Console.WriteLine("\nGetting Devices"); FilterGenerator deviceFilter = new FilterGenerator(); deviceFilter.Top = 999; PagedResults<Device> devices = graphConnection.List<Device>(null, deviceFilter); foreach(Device device in devices.Results) { if (device.ObjectId !=null) { Console.WriteLine("Device ID: {0}, Type: {1}", device.DeviceId, device.DeviceOSType); foreach (GraphObject owner in device.RegisteredOwners) { Console.WriteLine("Device Owner ID: " + owner.ObjectId); } } } //********************************************************************************************* // Create a new Application object //********************************************************************************************* Application appObject = new Application(); appObject.DisplayName = "Test-Demo App"; appObject.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid().ToString()); appObject.ReplyUrls.Add("https://localhost/demo"); // created Keycredential object for the new App object KeyCredential KeyCredential = new KeyCredential(); KeyCredential.StartDate = DateTime.UtcNow; KeyCredential.EndDate = DateTime.UtcNow.AddYears(1); KeyCredential.Type = "Symmetric"; KeyCredential.Value = Convert.FromBase64String("g/TMLuxgzurjQ0Sal9wFEzpaX/sI0vBP3IBUE/H/NS4="); KeyCredential.Usage = "Verify"; appObject.KeyCredentials.Add(KeyCredential); GraphObject newApp = null; try { newApp = graphConnection.Add(appObject); Console.WriteLine("New Application created: " + newApp.ObjectId); } catch (GraphException graphException) { Console.WriteLine("Application Creation execption: {0} {1}", graphException.Code, graphException.Message); } // Get the application object that was just created if (newApp != null) { GraphObject app = graphConnection.Get(typeof(Application), newApp.ObjectId); Application retrievedApp = (Application)app; //********************************************************************************************* // create a new Service principal //********************************************************************************************* ServicePrincipal newServicePrincpal = new ServicePrincipal(); newServicePrincpal.DisplayName = "Test-Demo App"; newServicePrincpal.AccountEnabled = true; newServicePrincpal.AppId = retrievedApp.AppId; GraphObject newSP = null; try { newSP = graphConnection.Add<ServicePrincipal>(newServicePrincpal); // newSP = graphConnection.Add(newServicePrincpal); Console.WriteLine("New Service Principal created: " + newSP.ObjectId); } catch (GraphException graphException) { Console.WriteLine("Service Principal Creation execption: {0} {1}", graphException.Code, graphException.Message); } //********************************************************************************************* // get all Permission Objects //********************************************************************************************* Console.WriteLine("\n Getting Permissions"); filter.Top = 999; PagedResults<Permission> permissions = new PagedResults<Permission>(); do { try { permissions = graphConnection.List<Permission>(permissions.PageToken, filter); } catch (GraphException graphException) { Console.WriteLine("Error: {0} {1}", graphException.Code, graphException.Message); break; } foreach (Permission permission in permissions.Results) { Console.WriteLine("Permission: {0} Name: {1}", permission.ClientId, permission.Scope); } } while (permissions.PageToken != null); //********************************************************************************************* // Create new permission object //********************************************************************************************* Permission permissionObject = new Permission(); permissionObject.ConsentType = "AllPrincipals"; permissionObject.Scope = "user_impersonation"; permissionObject.StartTime = DateTime.Now; permissionObject.ExpiryTime = (DateTime.Now).AddMonths(12); // resourceId is objectId of the resource, in this case objectId of AzureAd (Graph API) permissionObject.ResourceId = "dbf73c3e-e80b-495b-a82f-2f772bb0a417"; //ClientId = objectId of servicePrincipal permissionObject.ClientId = newSP.ObjectId; GraphObject newPermission = null; try { newPermission = graphConnection.Add(permissionObject); Console.WriteLine("New Permission object created: " + newPermission.ObjectId); } catch (GraphException graphException) { Console.WriteLine("Permission Creation exception: {0} {1}", graphException.Code, graphException.Message); } //********************************************************************************************* // Delete Application Objects //********************************************************************************************* if (retrievedApp.ObjectId != null) { try { graphConnection.Delete(retrievedApp); Console.WriteLine("Deleting Application object: " + retrievedApp.ObjectId); } catch (GraphException graphException) { Console.WriteLine("Application Deletion execption: {0} {1}", graphException.Code, graphException.Message); } } } //********************************************************************************************* // Show Batching with 3 operators. Note: up to 5 operations can be in a batch //********************************************************************************************* // get users Console.WriteLine("\n Executing Batch Request"); BatchRequestItem firstItem = new BatchRequestItem( "GET", false, Utils.GetListUri<User>(graphConnection, null, new FilterGenerator()), null, String.Empty); // get members of a Group Uri membersUri = Utils.GetRequestUri<Group>(graphConnection, retrievedGroup.ObjectId, "members"); BatchRequestItem secondItem = new BatchRequestItem( "GET", false, new Uri(membersUri.ToString()), null, String.Empty); // update an existing group's Description property retrievedGroup.Description = "New Employees in Washington State"; BatchRequestItem thirdItem = new BatchRequestItem( "Patch", true, Utils.GetRequestUri<Group>(graphConnection,retrievedGroup.ObjectId), null, retrievedGroup.ToJson(true)); // Execute the batch requst IList<BatchRequestItem> batchRequest = new BatchRequestItem[] { firstItem, secondItem, thirdItem }; IList<BatchResponseItem> batchResponses = graphConnection.ExecuteBatch(batchRequest); int responseCount = 0; foreach (BatchResponseItem responseItem in batchResponses) { if (responseItem.Failed) { Console.WriteLine("Failed: {0} {1}", responseItem.Exception.Code, responseItem.Exception.ErrorMessage); } else { Console.WriteLine("Batch Item Result {0} succeeded {1}", responseCount++, !responseItem.Failed); } } // this next section shows how to access the signed-in user's mailbox. // First we get a new token for Office365 Exchange Online Resource // using the multi-resource refresh token tha was included when the previoius // token was acquired. // We can now request a new token for Office365 Exchange Online. // string office365Emailresource = "https://outlook.office365.com/"; string office365Token = null; if (userAuthnResult.IsMultipleResourceRefreshToken) { userAuthnResult = authenticationContext.AcquireTokenByRefreshToken(userAuthnResult.RefreshToken, clientIdForUserAuthn, office365Emailresource); office365Token = userAuthnResult.AccessToken; // // Call the Office365 API and retrieve the top item from the user's mailbox. // string requestUrl = "https://outlook.office365.com/EWS/OData/Me/Inbox/Messages?$top=1"; WebRequest getMailboxRequest; getMailboxRequest = WebRequest.Create(requestUrl); getMailboxRequest.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + office365Token); Console.WriteLine("\n Getting the User's Mailbox Contents \n"); // // Read the contents of the user's mailbox, and display to the console. // Stream objStream = null; try { objStream = getMailboxRequest.GetResponse().GetResponseStream(); StreamReader objReader = new StreamReader(objStream); string sLine = ""; int i = 0; while (sLine != null) { i++; sLine = objReader.ReadLine(); if (sLine != null) { Console.WriteLine("{0}:{1}", i, sLine); } } } catch (Exception ex) { Console.WriteLine("\n Error Getting User's Mailbox: {0} \n", ex.Message); } } //********************************************************************************************* // End of Demo Console App //********************************************************************************************* Console.WriteLine("\nCompleted at {0} \n ClientRequestId: {1}", CurrentDateTime, ClientRequestId); Console.ReadKey(); return; }
public async Task<ActionResult> Edit( User user, FormCollection values) { try { ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient(); IUser toUpdate = await client.Users.GetByObjectId(user.ObjectId).ExecuteAsync(); Helper.CopyUpdatedValues(toUpdate, user, values); await toUpdate.UpdateAsync(); return RedirectToAction("Index"); } catch (Exception exception) { ModelState.AddModelError("", exception.Message); return View(); } }
/// <summary> /// Assign license to a user. /// </summary> /// <param name="user">User whose licenses need to be manipulated.</param> /// <param name="addLicenses">List of licenses to be assigned.</param> /// <param name="removeLicenses">Licenses to be disabled.</param> /// <returns>Updated user object.</returns> public virtual User AssignLicense(User user, IList<AssignedLicense> addLicenses, IList<Guid> removeLicenses) { Utils.ValidateGraphObject(user, "user"); if (addLicenses == null) { throw new ArgumentNullException("addLicenses"); } if (removeLicenses == null) { throw new ArgumentNullException("removeLicenses"); } Uri requestUri = Utils.GetRequestUri<User>( this, user.ObjectId, Constants.ActionAssignLicense); Dictionary<string, object> parameters = new Dictionary<string, object>(); parameters["addLicenses"] = addLicenses; parameters["removeLicenses"] = removeLicenses; string requestJson = JsonConvert.SerializeObject(parameters); string responseJson = this.ClientConnection.UploadString( requestUri, HttpVerb.POST, requestJson, null, null); PagedResults<User> pagedResults = SerializationHelper.DeserializeJsonResponse<User>(responseJson, requestUri); if (pagedResults != null && pagedResults.Results.Count > 0) { return pagedResults.Results[0]; } // TODO: Should we throw an exception? return null; }
public async Task<ActionResult> Delete(User user) { try { ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient(); IUser toDelete = await client.Users.GetByObjectId(user.ObjectId).ExecuteAsync(); await toDelete.DeleteAsync(); return RedirectToAction("Index"); } catch (Exception exception) { ModelState.AddModelError("", exception.Message); return View(user); } }
public ActionResult ShowThumbnail(string id) { string accessToken = AuthUtils.GetAuthToken(Request, HttpContext); if (accessToken == null) { // // The user needs to re-authorize. Show them a message to that effect. // ViewBag.ErrorMessage = "AuthorizationRequired"; return View(); } // Setup Graph API connection and get Group membership Guid ClientRequestId = Guid.NewGuid(); GraphSettings graphSettings = new GraphSettings(); graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion; GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings); // User user = graphConnection.Get<User>(id); User user = new User(); user.ObjectId = id; try { Stream ms = graphConnection.GetStreamProperty(user, GraphProperty.ThumbnailPhoto, "image/jpeg"); user.ThumbnailPhoto = ms; } catch { user.ThumbnailPhoto = null; } if (user.ThumbnailPhoto != null) { return File(user.ThumbnailPhoto, "image/jpeg"); } return View(); }
static void RetrieveUpdatedUser(string userUPN) { // search for a single user by UPN User retrievedUser = new User(); List<IUser> retrievedUsers = null; try { retrievedUsers = activeDirectoryClient.Users.Where(user => user.UserPrincipalName.Equals(userUPN)).ExecuteAsync().Result.CurrentPage.ToList(); } catch (Exception e) { Console.WriteLine("\nError getting new user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : ""); } // should only find one user with the specified UPN if (retrievedUsers != null && retrievedUsers.Count == 1) { retrievedUser = (User)retrievedUsers.First(); var newUser = new UserEntity(retrievedUser.ObjectId, retrievedUser.UserPrincipalName.Contains("#EXT#") ? retrievedUser.UserPrincipalName.Replace("#EXT#", "_") : retrievedUser.UserPrincipalName); newUser.DisplayName = retrievedUser.DisplayName; newUser.MailNickname = retrievedUser.MailNickname; newUser.AccountEnabled = (bool)retrievedUser.AccountEnabled; newUser.UserType = retrievedUser.UserType; newUser.UsageLocation = retrievedUser.UsageLocation; userTableOper.InsertEntity(newUser); } }