public async Task <ActionResult> UpdateUser(UpdateUserModel model)
{
List <ResultsItem> items = new List <ResultsItem>();
if (ModelState.IsValid)
{
try
{
var azureClient = GraphAuthService.GetActiveDirectoryClient(ConfigHelper.UseApplicationPermissions);
Tuple <bool, string, string> tup = await usersService.UpdateUser(azureClient, model.UserEmailAddress, model.Jobtitle,
model.department, model.City, model.phone);
Microsoft.Azure.ActiveDirectory.GraphClient.User user = (Microsoft.Azure.ActiveDirectory.GraphClient.User)azureClient.Users.Where(u => u.Mail.Equals(
model.UserEmailAddress, StringComparison.CurrentCultureIgnoreCase) ||
u.UserPrincipalName.Equals(model.UserEmailAddress, StringComparison.CurrentCultureIgnoreCase)).ExecuteAsync().Result.CurrentPage.FirstOrDefault();
return(View("ShowUser", new Tuple <bool, string, string, Microsoft.Azure.ActiveDirectory.GraphClient.User>(
tup.Item1, tup.Item2, model.UserEmailAddress, user)));
}
catch (Exception ex)
{
model.status = false;
model.resultantMessage = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : "");
}
}
return(View("UpdateUser", model));
}
private static void UpdateProperty(PeopleManager peopleManager, GraphApi.User user, Property prop)
{
var propertyNewValue = typeof(GraphApi.User).GetProperty(prop.ADAttributeName).GetValue(user);
if (propertyNewValue != null || prop.WriteIfBlank)
{
if (prop.IsMulti)
{
peopleManager.SetMultiValuedProfileProperty(UserProfilePrefix + user.UserPrincipalName,
prop.UserProfileAttributeName, new List <string>()
{
});
}
else
{
peopleManager.SetSingleValueProfileProperty(UserProfilePrefix + user.UserPrincipalName,
prop.UserProfileAttributeName,
propertyNewValue == null ? string.Empty : propertyNewValue.ToString());
}
Console.WriteLine("Updated User: {0} Property: {1} New Value: {2}",
user.DisplayName, prop.UserProfileAttributeName, propertyNewValue);
}
//logic to write only if different
}
public async Task <Tuple <bool, string, string> > UpdateUser(ActiveDirectoryClient azureGraphclient, string UserEmailAddress, string title,
string Department, string City, string Phone)
{
string userObjectID = string.Empty;
bool ActionStatus = false;
string message = string.Empty;
if (azureGraphclient == null || string.IsNullOrEmpty(UserEmailAddress))
{
return(new Tuple <bool, string, string>(ActionStatus, "Invalid input", null));
}
else
{
try
{
Microsoft.Azure.ActiveDirectory.GraphClient.User userInstance = (Microsoft.Azure.ActiveDirectory.GraphClient.User)
azureGraphclient.Users.Where(a => a.Mail.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) ||
a.UserPrincipalName.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase)).ExecuteAsync().Result.CurrentPage.FirstOrDefault();
if (userInstance != null)
{
userObjectID = userInstance.ObjectId;
userInstance.JobTitle = title;
userInstance.Department = Department;
userInstance.City = City;
userInstance.TelephoneNumber = Phone;
await userInstance.UpdateAsync();
userInstance.GetContext().SaveChanges();
ActionStatus = true;
message = "Successfully updated user";
}
else
{
message = "Invalid user";
}
}
catch (Exception ex)
{
message = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : "");
}
}
return(new Tuple <bool, string, string>(ActionStatus, message, userObjectID.ToString()));
}
private static bool UserIsMemberOfGroup(GraphConnection graphConnection, string userUPN, string groupDisplayName)
{
// Get the group for which we want to check membership
FilterGenerator filter = new FilterGenerator();
Expression filterExpression = ExpressionHelper.CreateEqualsExpression(typeof(Group), GraphProperty.DisplayName, groupDisplayName);
filter.QueryFilter = filterExpression;
PagedResults<Group> groupToCheckResults = graphConnection.List<Group>(null, filter);
if (groupToCheckResults.Results.Count == 1)
{
// Add group to our groups to check list
Group groupToCheck = groupToCheckResults.Results[0] as Group;
IList<String> groupsList = new List<string>();
groupsList.Add(groupToCheck.ObjectId);
// Get the user for which we want to check the group membership
FilterGenerator userFilter = new FilterGenerator();
Expression userFilterExpression = ExpressionHelper.CreateEqualsExpression(typeof(User), GraphProperty.UserPrincipalName, userUPN);
userFilter.QueryFilter = userFilterExpression;
User retrievedUser = new User();
PagedResults<User> pagedUserResults = graphConnection.List<User>(null, userFilter);
if (pagedUserResults.Results.Count == 1)
{
retrievedUser = pagedUserResults.Results[0] as User;
// Check if the user belongs to any of the passed groups
IList<String> memberships = graphConnection.CheckMemberGroups(retrievedUser, groupsList);
// If the passed group is returned back then the user is a member
if (memberships.Contains(groupToCheck.ObjectId))
{
return true;
}
else
{
return false;
}
}
else
{
throw new ArgumentException(String.Format("Group {0} does not exist", groupDisplayName));
}
}
else
{
throw new ArgumentException(String.Format("User {0} does not exist", userUPN));
}
}
public async Task <ActionResult> AssignExtAttribToUser(ManageApplicationExtensionsAssignment model)
{
List <ResultsItem> items = new List <ResultsItem>();
if (ModelState.IsValid)
{
try
{
var azureClient = GraphAuthService.GetActiveDirectoryClient(ConfigHelper.UseApplicationPermissions);
Tuple <bool, string, string, string, string> tup = await usersService.AssignExtensionAttributeToUser(azureClient, model.UserEmailAddress, model.AppName,
model.AppExtAttribName, model.ExtAttribValue);
Microsoft.Azure.ActiveDirectory.GraphClient.User user = (Microsoft.Azure.ActiveDirectory.GraphClient.User)azureClient.Users.Where(u => u.Mail.Equals(
model.UserEmailAddress, StringComparison.CurrentCultureIgnoreCase) ||
u.UserPrincipalName.Equals(model.UserEmailAddress, StringComparison.CurrentCultureIgnoreCase)
).ExecuteAsync().Result.CurrentPage.FirstOrDefault();
if (user != null)
{
foreach (var s in user.GetExtendedProperties())
{
items.Add(new ResultsItem()
{
Id = s.Key, Display = (s.Value == null ? "" : s.Value.ToString())
});
}
}
return(View("ListuserExtAttributes", new Tuple <bool, string, string, List <ResultsItem> >(tup.Item1, tup.Item2, model.UserEmailAddress, items)));
}
catch (Exception ex)
{
model.isOk = false;
model.message = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : "");
}
}
return(View("AssignExtAttribToUser", model));
}
/// <summary>
/// Get the groups that the user is a member of.
/// </summary>
/// <param name="user">User whose group membership should be queried.</param>
/// <param name="securityEnabledOnly">Get the security enabled groups only.</param>
/// <returns>List of group object ids that user is a part of.</returns>
public virtual IList<string> GetMemberGroups(User user, bool securityEnabledOnly)
{
Utils.ValidateGraphObject(user, "user");
List<string> memberGroups = new List<string>();
Uri requestUri = Utils.GetRequestUri<User>(
this, user.ObjectId, Constants.ActionGetMemberGroups);
Logger.Instance.Info("POSTing to {0}", requestUri);
Dictionary<string, string> parameters = new Dictionary<string, string>();
parameters["securityEnabledOnly"] = securityEnabledOnly.ToString();
string requestJson = JsonConvert.SerializeObject(parameters);
string responseJson = this.ClientConnection.UploadString(
requestUri, HttpVerb.POST, requestJson, null, null);
PagedResults<GraphObject> pagedResults =
SerializationHelper.DeserializeJsonResponse<GraphObject>(responseJson, requestUri);
memberGroups.AddRange(pagedResults.MixedResults);
return memberGroups;
}
/// <summary>
/// Gets the group membership of a user
/// </summary>
/// <param name="userToAugment"></param>
/// <param name="coco"></param>
/// <returns></returns>
private List<AzurecpResult> GetUserMembership(User userToAugment, AzureTenant coco)
{
List<AzurecpResult> searchResults = new List<AzurecpResult>();
IUserFetcher retrievedUserFetcher = userToAugment;
IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
AzurecpResult result = new AzurecpResult();
Group group = directoryObject as Group;
result.DirectoryObjectResult = group;
result.TenantId = coco.TenantId;
searchResults.Add(result);
}
//if (directoryObject is DirectoryRole)
//{
// DirectoryRole role = directoryObject as DirectoryRole;
//}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null && pagedCollection.MorePagesAvailable);
return searchResults;
}
public ViewResult GetUser(GuestUserModel model)
{
List <Tuple <string, List <ResultsItem> > > tupAppRoles = new List <Tuple <string, List <ResultsItem> > >();
List <ResultsItem> lstUserAppRoles = new List <ResultsItem>();
List <ResultsItem> exts = new List <ResultsItem>();
List <string> groups = new List <string>();
Microsoft.Azure.ActiveDirectory.GraphClient.User myuser = null;
if (ModelState.IsValid)
{
try
{
var azureClient = GraphAuthService.GetActiveDirectoryClient(ConfigHelper.UseApplicationPermissions);
var user = azureClient.Users.Where(a => a.UserPrincipalName.Equals(model.UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) ||
a.Mail.Equals(model.UserEmailAddress, StringComparison.InvariantCultureIgnoreCase)
).Expand(p => p.AppRoleAssignments).ExecuteAsync().Result.CurrentPage.FirstOrDefault();
if (user != null)
{
var cc = user.AppRoleAssignments;
var approlesassigns = AzureADExtensions.EnumerateAllAsync(cc).Result;
var filtered = approlesassigns.Where(a => a.PrincipalType == "User");
//now get role names for those
var fapplications = azureClient.Applications.ExecuteAsync().Result;
if (fapplications != null)
{
IEnumerable <IApplication> allapps = AzureADExtensions.EnumerateAllAsync(fapplications).Result;
foreach (IApplication app in allapps)
{
string applicationname = app.DisplayName;
var fapplication = azureClient.Applications.Where(a => a.DisplayName == applicationname).ExecuteAsync().Result;
if (fapplication != null)
{
lstUserAppRoles = new List <ResultsItem>();
var myroles = fapplication.CurrentPage.FirstOrDefault().AppRoles.Where(a => filtered.Select(b => b.Id).Contains(a.Id));
foreach (AppRole r in myroles)
{
lstUserAppRoles.Add(new ResultsItem()
{
Id = r.DisplayName, Display = r.Description
});
}
tupAppRoles.Add(new Tuple <string, List <ResultsItem> >(app.DisplayName, lstUserAppRoles));
}
}
}
//get extension attributes
myuser = (Microsoft.Azure.ActiveDirectory.GraphClient.User)user;
foreach (var s in myuser.GetExtendedProperties())
{
exts.Add(new ResultsItem()
{
Id = s.Key, Display = (s.Value == null ? "" : s.Value.ToString())
});
}
IUserFetcher retrievedUserFetcher = myuser;
Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.IPagedCollection <IDirectoryObject> pagedCollection =
retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
List <IDirectoryObject> directoryObjects = pagedCollection.EnumerateAllAsync().Result.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Microsoft.Azure.ActiveDirectory.GraphClient.Group)
{
Microsoft.Azure.ActiveDirectory.GraphClient.Group group = directoryObject as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
groups.Add(group.DisplayName);
}
}
}
return(View("GetUserDetails", new UserDetails()
{
isOk = true, message = "", exts = exts, tupAppRoles = tupAppRoles, user = myuser, Groups = groups
}));
}
catch (Exception ex)
{
model.status = false;
model.resultantMessage = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : "");
}
}
return(View("GetUser", model));
}
//public async Task GetUserAndAddToGrop(String userPrincipalName, Group group)
//{
// User user = await this.GetUser(userPrincipalName);
// if(user!=null)
// {
// await this.AddUserToGroup(user, group);
// }
// return;
//}
private async Task<bool> CheckUserWhetherExsitADGroup(User user, Group group)
{
if (group.ObjectId != null)
{
IGroupFetcher retrievedGroupFetcher = group;
IPagedCollection<IDirectoryObject> membersPagedCollection = await retrievedGroupFetcher.Members.ExecuteAsync();
if (membersPagedCollection != null)
{
do
{
List<IDirectoryObject> templist = membersPagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject member in templist)
{
if (member is User)
{
User usertemp = member as User;
if (usertemp.UserPrincipalName.Equals(user.UserPrincipalName))
{
return true;
}
}
}
membersPagedCollection = await membersPagedCollection.GetNextPageAsync();
} while (membersPagedCollection != null && membersPagedCollection.MorePagesAvailable);
}
}
return false;
}
private async Task AddUserToGroup(User user, Group group)
{
//Adding users to groups broke with ADAL 2.0.2, commenting out while
//the fix is determined. README.md has been updated to let folks
//know they should manually add the users to the groups.
//client.Context.AddLink(group, "members", user);
//await client.Context.SaveChangesAsync();
return;
}
private async Task<User> CreateUser(String displayName, String userPrincipalName, String mailNickname, String password)
{
User newUser = new User();
newUser.DisplayName = displayName;
newUser.UserPrincipalName = userPrincipalName;
newUser.AccountEnabled = true;
newUser.MailNickname = mailNickname;
newUser.PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = true
};
newUser.UsageLocation = "US";
await this.client.Users.AddUserAsync(newUser);
return newUser;
}
/// This is a sample console application that shows a End to End Provisioning scenario:
/// 1. Create a Customer with the CREST API.
/// 2. Add an Exchange Subscription with the CREST API.
/// 3. Associate a custom domain with the Azure AD Graph API.
/// 4. Get new domain TXT record for verification with the Azure AD Graph API.
/// 5. Verify domain TXT record configuration with the Azure AD Graph API.
/// 6. Create a new user with the Azure AD Graph API.
/// 7. Assign the new user a Exchange license with the Azure AD Graph API.
static void Main(string[] args)
{
try
{
#region Initialize APIs & Tokens
crestApiHelper = new CrestApiHelper();
azureADGraphApiHelper = new AzureADGraphApiHelper();
#endregion
#region 1. Create a Customer with the CREST API
// New customer information
dynamic newCustomer = new
{
domain_prefix = "createit" + new Random().Next(9999),
user_name = "admin",
password = "******",
profile = new
{
first_name = "Create",
last_name = "It",
email = "*****@*****.**",
company_name = "Create It",
culture = "en-US",
language = "en",
type = "organization",
// Note: This data/location depends on your CSP tenant location
// It will be validated by Microsoft and will fail if not valid
default_address = new
{
first_name = "Create",
last_name = "It",
address_line1 = "One Microsoft Way",
city = "Redmond",
region = "WA",
postal_code = "98052-6399",
country = "US",
phone_number = "19165767760",
}
}
};
// Create customer
Guid customerId = CreateCustomer(newCustomer);
// Created customer base information
var customer = new Customer()
{
CustomerId = customerId,
TenantDomainName = newCustomer.domain_prefix + ".onmicrosoft.com"
};
#endregion
#region 2. Add an Exchange Subscription with the CREST API.
// New order information
dynamic newOrder = new
{
recipient_customer_id = customer.CustomerId,
line_items = new[]
{
new
{
line_item_number = 0,
offer_uri = "/3c95518e-8c37-41e3-9627-0ca339200f53/offers/195416c1-3447-423a-b37b-ee59a99a19c4",
quantity = 20,
friendly_name = "Exchange Online (Plan 1)",
}
}
};
// Place order
dynamic placedOrder = PlaceOrder(newOrder);
#endregion
#region 3. Associate a custom domain with the Azure AD Graph API.
// NOTE: From here we initialize the Azure AD Graph API helper with the new customer tenant domain
// Azure AD Graph API operations will be against the customer tenant, using the Pre-Consent delegated access
azureADGraphApiHelper = new AzureADGraphApiHelper(customer.TenantDomainName);
// New domain information
var tenantDomainName = customer.TenantDomainName;
//string domainName = new Random().Next(9999) + "." + tenantDomainName;
string domainName = "create.pt";
// Add domain
dynamic newDomain = AddCustomerDomain(domainName);
#endregion
#region 4. Get new domain TXT record for verification with the Azure AD Graph API.
dynamic newDomainVerificationRecords = GetCustomerDomainVerificationRecords(domainName);
// Note: You now need to go to your DNS service provider and place the TXT record
#endregion
#region 5. Verify domain TXT record configuration with the Azure AD Graph API.
// Note: Will only have success if the TXT record is present in the DNS
VerifyCustomerDomain(domainName);
#endregion
#region 6. Create a new user with the Azure AD Graph API.
// New user information
GraphClient.IUser newUser = new GraphClient.User()
{
DisplayName = "createitUser" + new Random().Next(9999),
AccountEnabled = true,
UsageLocation = "US",
PasswordProfile = new GraphClient.PasswordProfile()
{
ForceChangePasswordNextLogin = true,
Password = "******",
},
};
newUser.MailNickname = newUser.DisplayName;
newUser.UserPrincipalName = newUser.DisplayName + "@" + tenantDomainName;
GraphClient.IUser addedUser = AddCustomerUser(newUser);
#endregion
#region 7. Assign the new user a Exchange license with the Azure AD Graph API.
// Get the customer subscribed Skus to determine the Sku id to use in the license assignment
IReadOnlyList<GraphClient.ISubscribedSku> subscribedSkus = GetSubscribedSkus();
if (subscribedSkus != null && subscribedSkus.Count > 0)
{
// Filter the license to assign
GraphClient.ISubscribedSku subscribeSkuToUser = subscribedSkus
.FirstOrDefault(x => x.SkuPartNumber == "EXCHANGESTANDARD");
// License to assign information
GraphClient.AssignedLicense addLicense = new GraphClient.AssignedLicense()
{
SkuId = subscribeSkuToUser.SkuId
};
// Assign license
GraphClient.IUser newUserWithLicenseAssigned =
AssignOrRemoveLicensesToUser(newUser.UserPrincipalName, addLicense);
// Check proper license assignment
if (newUserWithLicenseAssigned != null && newUserWithLicenseAssigned.AssignedLicenses != null
&& newUserWithLicenseAssigned.AssignedLicenses.Count > 0)
{
GraphClient.AssignedLicense checkAssignedLicense = newUserWithLicenseAssigned.AssignedLicenses
.SingleOrDefault(x => x.SkuId == subscribeSkuToUser.SkuId);
Debug.Assert(checkAssignedLicense != null, "User assigned license not validated");
}
}
#endregion
}
catch (Exception ex)
{
Console.Write("Error: " + ex.ToString());
}
Console.Write("\n\n\nHit enter to exit the app...");
Console.ReadLine();
}
public async Task <Tuple <bool, string, string, string, string> > AssignExtensionAttributeToUser(ActiveDirectoryClient azureGraphclient, string UserEmailAddress, string AppName,
string AppExtAttribName, string ExtAttribValue)
{
Guid userObjectID = Guid.Empty, approleid = Guid.Empty, srvpr = Guid.Empty;
bool ActionStatus = false;
string message = string.Empty;
if (azureGraphclient == null || string.IsNullOrEmpty(AppName) || string.IsNullOrEmpty(AppExtAttribName) || string.IsNullOrEmpty(ExtAttribValue))
{
return(new Tuple <bool, string, string, string, string>(ActionStatus, "Invalid input", null, null, null));
}
else
{
try
{
//get instance of extension attribute
var appi = azureGraphclient.Applications.Where(s => s.DisplayName == AppName).ExecuteAsync().Result.CurrentPage.FirstOrDefault();
if (appi != null)
{
var exts = azureGraphclient.Applications[appi.ObjectId].ExtensionProperties.ExecuteAsync().Result.EnumerateAllAsync().Result;
//var appexts = ((Application)appi).ExtensionProperties;
IExtensionProperty extAttrib = exts.Where(a => a.Name == AppExtAttribName).FirstOrDefault();
if (extAttrib != null)
{
Microsoft.Azure.ActiveDirectory.GraphClient.User userInstance = (Microsoft.Azure.ActiveDirectory.GraphClient.User)
azureGraphclient.Users.Where(a => a.Mail.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase) ||
a.UserPrincipalName.Equals(UserEmailAddress, StringComparison.InvariantCultureIgnoreCase)).ExecuteAsync().Result.CurrentPage.FirstOrDefault();
if (userInstance != null)
{
userInstance.SetExtendedProperty(AppExtAttribName, ExtAttribValue);
await userInstance.UpdateAsync();
userInstance.GetContext().SaveChanges();
ActionStatus = true;
message = "Successfully assigned application extension property to user";
}
else
{
message = "Invalid user";
}
}
else
{
message = "Attribute name not associated with application";
}
}
else
{
message = "Invalid application";
}
}
catch (Exception ex)
{
message = ex.Message + (ex.InnerException != null ? Environment.NewLine + ex.InnerException.Message : "");
}
}
return(new Tuple <bool, string, string, string, string>(ActionStatus, message, userObjectID.ToString(), approleid.ToString(), srvpr.ToString()));
}
public ActionResult Delete(User user)
{
//Get the access token as we need it to make a call to the Graph API
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
try
{
// Setup Graph API connection and delete User
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
graphConnection.Delete(user);
return RedirectToAction("Index");
}
catch(Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View(user);
}
}
private static void Main()
{
// record start DateTime of execution
string currentDateTime = DateTime.Now.ToUniversalTime().ToString();
#region Setup Active Directory Client
//*********************************************************************
// setup Active Directory Client
//*********************************************************************
ActiveDirectoryClient activeDirectoryClient;
try
{
activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsApplication();
}
catch (AuthenticationException ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message);
if (ex.InnerException != null)
{
//You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx
//InnerException Message will contain the HTTP error status codes mentioned in the link above
Console.WriteLine("Error detail: {0}", ex.InnerException.Message);
}
Console.ResetColor();
Console.ReadKey();
return;
}
#endregion
#region TenantDetails
//*********************************************************************
// Get Tenant Details
// Note: update the string TenantId with your TenantId.
// This can be retrieved from the login Federation Metadata end point:
// https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml
// Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization
// The returned value from the first xml node "EntityDescriptor", will have a STS URL
// containing your TenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com
//*********************************************************************
VerifiedDomain initialDomain = new VerifiedDomain();
VerifiedDomain defaultDomain = new VerifiedDomain();
ITenantDetail tenant = null;
Console.WriteLine("\n Retrieving Tenant Details");
try
{
List<ITenantDetail> tenantsList = activeDirectoryClient.TenantDetails
.Where(tenantDetail => tenantDetail.ObjectId.Equals(Constants.TenantId))
.ExecuteAsync().Result.CurrentPage.ToList();
if (tenantsList.Count > 0)
{
tenant = tenantsList.First();
}
}
catch (Exception e)
{
Console.WriteLine("\nError getting TenantDetails {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (tenant == null)
{
Console.WriteLine("Tenant not found");
}
else
{
TenantDetail tenantDetail = (TenantDetail)tenant;
Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName);
// Get the Tenant's Verified Domains
initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value);
Console.WriteLine("Initial Domain Name: " + initialDomain.Name);
defaultDomain = tenantDetail.VerifiedDomains.First(x => [email protected] && [email protected]);
Console.WriteLine("Default Domain Name: " + defaultDomain.Name);
// Get Tenant's Tech Contacts
foreach (string techContact in tenantDetail.TechnicalNotificationMails)
{
Console.WriteLine("Tenant Tech Contact: " + techContact);
}
}
#endregion
#region Create a new User
IUser newUser = new User();
if (defaultDomain.Name != null)
{
newUser.DisplayName = "Sample App Demo User (Manager)";
newUser.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name;
newUser.AccountEnabled = true;
newUser.MailNickname = "SampleAppDemoUserManager";
newUser.PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = true
};
newUser.UsageLocation = "US";
try
{
activeDirectoryClient.Users.AddUserAsync(newUser).Wait();
Console.WriteLine("\nNew User {0} was created", newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new user {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region List of max 4 Users by UPN
//*********************************************************************
// Demonstrate Getting a list of Users with paging (get 4 users), sorted by displayName
//*********************************************************************
int maxUsers = 4;
try
{
Console.WriteLine("\n Retrieving Users");
List<IUser> users = activeDirectoryClient.Users.OrderBy(user =>
user.UserPrincipalName).Take(maxUsers).ExecuteAsync().Result.CurrentPage.ToList();
foreach (IUser user in users)
{
Console.WriteLine("UserObjectId: {0} UPN: {1}", user.ObjectId, user.UserPrincipalName);
}
}
catch (Exception e)
{
Console.WriteLine("\nError getting Users. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Create a User with a temp Password
//*********************************************************************************************
// Create a new User with a temp Password
//*********************************************************************************************
IUser userToBeAdded = new User();
userToBeAdded.DisplayName = "Sample App Demo User";
userToBeAdded.UserPrincipalName = Helper.GetRandomString(10) + "@" + defaultDomain.Name;
userToBeAdded.AccountEnabled = true;
userToBeAdded.MailNickname = "SampleAppDemoUser";
userToBeAdded.PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = true
};
userToBeAdded.UsageLocation = "US";
try
{
activeDirectoryClient.Users.AddUserAsync(userToBeAdded).Wait();
Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new user. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Update newly created User
//*******************************************************************************************
// update the newly created user's Password, PasswordPolicies and City
//*********************************************************************************************
if (userToBeAdded.ObjectId != null)
{
// update User's city and reset their User's Password
userToBeAdded.City = "Seattle";
userToBeAdded.Country = "UK";
PasswordProfile PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = false
};
userToBeAdded.PasswordProfile = PasswordProfile;
userToBeAdded.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword";
try
{
userToBeAdded.UpdateAsync().Wait();
Console.WriteLine("\nUser {0} was updated", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError Updating the user {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Search User by UPN
// search for a single user by UPN
string searchString = "admin@" + initialDomain.Name;
Console.WriteLine("\n Retrieving user with UPN {0}", searchString);
User retrievedUser = new User();
List<IUser> retrievedUsers = null;
try
{
retrievedUsers = activeDirectoryClient.Users
.Where(user => user.UserPrincipalName.Equals(searchString))
.ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting new user {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
// should only find one user with the specified UPN
if (retrievedUsers != null && retrievedUsers.Count == 1)
{
retrievedUser = (User)retrievedUsers.First();
}
else
{
Console.WriteLine("User not found {0}", searchString);
}
#endregion
#region User Operations
if (retrievedUser.UserPrincipalName != null)
{
Console.WriteLine("\n Found User: "******" UPN: " +
retrievedUser.UserPrincipalName);
#region Assign User a Manager
//Assigning User a new manager.
if (newUser.ObjectId != null)
{
Console.WriteLine("\n Assign User {0}, {1} as Manager.", retrievedUser.DisplayName,
newUser.DisplayName);
retrievedUser.Manager = newUser as DirectoryObject;
try
{
newUser.UpdateAsync().Wait();
Console.Write("User {0} is successfully assigned {1} as Manager.", retrievedUser.DisplayName,
newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError assigning manager to user. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get User's Manager
//Get the retrieved user's manager.
Console.WriteLine("\n Retrieving User {0}'s Manager.", retrievedUser.DisplayName);
DirectoryObject usersManager = retrievedUser.Manager;
if (usersManager != null)
{
User manager = usersManager as User;
if (manager != null)
{
Console.WriteLine("User {0} Manager details: \nManager: {1} UPN: {2}",
retrievedUser.DisplayName, manager.DisplayName, manager.UserPrincipalName);
}
}
else
{
Console.WriteLine("Manager not found.");
}
#endregion
#region Get User's Direct Reports
//*********************************************************************
// get the user's Direct Reports
//*********************************************************************
if (newUser.ObjectId != null)
{
Console.WriteLine("\n Getting User{0}'s Direct Reports.", newUser.DisplayName);
IUserFetcher newUserFetcher = (IUserFetcher)newUser;
try
{
IPagedCollection<IDirectoryObject> directReports =
newUserFetcher.DirectReports.ExecuteAsync().Result;
do
{
List<IDirectoryObject> directoryObjects = directReports.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is User)
{
User directReport = directoryObject as User;
Console.WriteLine("User {0} Direct Report is {1}", newUser.UserPrincipalName,
directReport.UserPrincipalName);
}
}
directReports = directReports.GetNextPageAsync().Result;
} while (directReports != null);
}
catch (Exception e)
{
Console.WriteLine("\nError getting direct reports of user. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get list of Group IDS, user is member of
//*********************************************************************
// get a list of Group IDs that the user is a member of
//*********************************************************************
//const bool securityEnabledOnly = false;
//IEnumerable<string> memberGroups = retrievedUser.GetMemberGroupsAsync(securityEnabledOnly).Result;
//Console.WriteLine("\n {0} is a member of the following Groups (IDs)", retrievedUser.DisplayName);
//foreach (String memberGroup in memberGroups)
//{
// Console.WriteLine("Member of Group ID: " + memberGroup);
//}
#endregion
#region Get User's Group And Role Membership, Getting the complete set of objects
//*********************************************************************
// get the User's Group and Role membership, getting the complete set of objects
//*********************************************************************
Console.WriteLine("\n {0} is a member of the following Group and Roles (IDs)", retrievedUser.DisplayName);
IUserFetcher retrievedUserFetcher = retrievedUser;
try
{
IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
Group group = directoryObject as Group;
Console.WriteLine(" Group: {0} Description: {1}", group.DisplayName, group.Description);
}
if (directoryObject is DirectoryRole)
{
DirectoryRole role = directoryObject as DirectoryRole;
Console.WriteLine(" Role: {0} Description: {1}", role.DisplayName, role.Description);
}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null);
}
catch (Exception e)
{
Console.WriteLine("\nError getting user's groups and roles memberships. {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
}
#endregion
#region Search for User (People Picker)
//*********************************************************************
// People picker
// Search for a user using text string "Us" match against userPrincipalName, displayName, giveName, surname
//*********************************************************************
searchString = "Us";
Console.WriteLine("\nSearching for any user with string {0} in UPN,DisplayName,First or Last Name",
searchString);
List<IUser> usersList = null;
IPagedCollection<IUser> searchResults = null;
try
{
IUserCollection userCollection = activeDirectoryClient.Users;
searchResults = userCollection.Where(user =>
user.UserPrincipalName.StartsWith(searchString) ||
user.DisplayName.StartsWith(searchString) ||
user.GivenName.StartsWith(searchString) ||
user.Surname.StartsWith(searchString)).ExecuteAsync().Result;
usersList = searchResults.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting User {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (usersList != null && usersList.Count > 0)
{
do
{
usersList = searchResults.CurrentPage.ToList();
foreach (IUser user in usersList)
{
Console.WriteLine("User DisplayName: {0} UPN: {1}",
user.DisplayName, user.UserPrincipalName);
}
searchResults = searchResults.GetNextPageAsync().Result;
} while (searchResults != null);
}
else
{
Console.WriteLine("User not found");
}
#endregion
#region Search for Group using StartWith filter
//*********************************************************************
// Search for a group using a startsWith filter (displayName property)
//*********************************************************************
Group retrievedGroup = new Group();
searchString = "My";
List<IGroup> foundGroups = null;
try
{
foundGroups = activeDirectoryClient.Groups
.Where(group => group.DisplayName.StartsWith(searchString))
.ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting Group {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
if (foundGroups != null && foundGroups.Count > 0)
{
retrievedGroup = foundGroups.First() as Group;
}
else
{
Console.WriteLine("Group Not Found");
}
#endregion
#region Assign Member to Group
if (retrievedGroup.ObjectId != null)
{
try
{
retrievedGroup.Members.Add(newUser as DirectoryObject);
retrievedGroup.UpdateAsync().Wait();
}
catch (Exception e)
{
Console.WriteLine("\nError assigning member to group. {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get Group members
if (retrievedGroup.ObjectId != null)
{
Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description);
//*********************************************************************
// get the groups' membership -
// Note this method retrieves ALL links in one request - please use this method with care - this
// may return a very large number of objects
//*********************************************************************
IGroupFetcher retrievedGroupFetcher = retrievedGroup;
try
{
IPagedCollection<IDirectoryObject> members = retrievedGroupFetcher.Members.ExecuteAsync().Result;
Console.WriteLine(" Members:");
do
{
List<IDirectoryObject> directoryObjects = members.CurrentPage.ToList();
foreach (IDirectoryObject member in directoryObjects)
{
if (member is User)
{
User user = member as User;
Console.WriteLine("User DisplayName: {0} UPN: {1}",
user.DisplayName,
user.UserPrincipalName);
}
if (member is Group)
{
Group group = member as Group;
Console.WriteLine("Group DisplayName: {0}", group.DisplayName);
}
if (member is Contact)
{
Contact contact = member as Contact;
Console.WriteLine("Contact DisplayName: {0}", contact.DisplayName);
}
}
members = members.GetNextPageAsync().Result;
} while (members != null);
}
catch (Exception e)
{
Console.WriteLine("\nError getting groups' membership. {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Add User to Group
//*********************************************************************************************
// Add User to the "WA" Group
//*********************************************************************************************
if (retrievedGroup.ObjectId != null)
{
try
{
retrievedGroup.Members.Add(userToBeAdded as DirectoryObject);
retrievedGroup.UpdateAsync().Wait();
}
catch (Exception e)
{
Console.WriteLine("\nAdding user to group failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Create a new Group
//*********************************************************************************************
// Create a new Group
//*********************************************************************************************
Group californiaEmployees = new Group
{
DisplayName = "California Employees" + Helper.GetRandomString(8),
Description = "Employees in the state of California",
MailNickname = "CalEmployees",
MailEnabled = false,
SecurityEnabled = true
};
try
{
activeDirectoryClient.Groups.AddGroupAsync(californiaEmployees).Wait();
Console.WriteLine("\nNew Group {0} was created", californiaEmployees.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("\nError creating new Group {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Delete User
//*********************************************************************************************
// Delete the user that we just created
//*********************************************************************************************
if (userToBeAdded.ObjectId != null)
{
try
{
userToBeAdded.DeleteAsync().Wait();
Console.WriteLine("\nUser {0} was deleted", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting User failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
if (newUser.ObjectId != null)
{
try
{
newUser.DeleteAsync().Wait();
Console.WriteLine("\nUser {0} was deleted", newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting User failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Delete Group
//*********************************************************************************************
// Delete the Group that we just created
//*********************************************************************************************
if (californiaEmployees.ObjectId != null)
{
try
{
californiaEmployees.DeleteAsync().Wait();
Console.WriteLine("\nGroup {0} was deleted", californiaEmployees.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting Group failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Get All Roles
//*********************************************************************
// Get All Roles
//*********************************************************************
List<IDirectoryRole> foundRoles = null;
try
{
foundRoles = activeDirectoryClient.DirectoryRoles.ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting Roles {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (foundRoles != null && foundRoles.Count > 0)
{
foreach (IDirectoryRole role in foundRoles)
{
Console.WriteLine("\n Found Role: {0} {1} {2} ",
role.DisplayName, role.Description, role.ObjectId);
}
}
else
{
Console.WriteLine("Role Not Found {0}", searchString);
}
#endregion
#region Get Service Principals
//*********************************************************************
// get the Service Principals
//*********************************************************************
IPagedCollection<IServicePrincipal> servicePrincipals = null;
try
{
servicePrincipals = activeDirectoryClient.ServicePrincipals.ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("\nError getting Service Principal {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
if (servicePrincipals != null)
{
do
{
List<IServicePrincipal> servicePrincipalsList = servicePrincipals.CurrentPage.ToList();
foreach (IServicePrincipal servicePrincipal in servicePrincipalsList)
{
Console.WriteLine("Service Principal AppId: {0} Name: {1}", servicePrincipal.AppId,
servicePrincipal.DisplayName);
}
servicePrincipals = servicePrincipals.GetNextPageAsync().Result;
} while (servicePrincipals != null);
}
#endregion
#region Get Applications
//*********************************************************************
// get the Application objects
//*********************************************************************
IPagedCollection<IApplication> applications = null;
try
{
applications = activeDirectoryClient.Applications.Take(999).ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("\nError getting Applications {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (applications != null)
{
do
{
List<IApplication> appsList = applications.CurrentPage.ToList();
foreach (IApplication app in appsList)
{
Console.WriteLine("Application AppId: {0} Name: {1}", app.AppId, app.DisplayName);
}
applications = applications.GetNextPageAsync().Result;
} while (applications != null);
}
#endregion
#region User License Assignment
//*********************************************************************************************
// User License Assignment - assign EnterprisePack license to new user, and disable SharePoint service
// first get a list of Tenant's subscriptions and find the "Enterprisepack" one
// Enterprise Pack includes service Plans for ExchangeOnline, SharePointOnline and LyncOnline
// validate that Subscription is Enabled and there are enough units left to assign to users
//*********************************************************************************************
IPagedCollection<ISubscribedSku> skus = null;
try
{
skus = activeDirectoryClient.SubscribedSkus.ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("\nError getting Applications {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (skus != null)
{
do
{
List<ISubscribedSku> subscribedSkus = skus.CurrentPage.ToList();
foreach (ISubscribedSku sku in subscribedSkus)
{
if (sku.SkuPartNumber == "ENTERPRISEPACK")
{
if ((sku.PrepaidUnits.Enabled.Value > sku.ConsumedUnits) &&
(sku.CapabilityStatus == "Enabled"))
{
// create addLicense object and assign the Enterprise Sku GUID to the skuId
//
AssignedLicense addLicense = new AssignedLicense { SkuId = sku.SkuId.Value };
// find plan id of SharePoint Service Plan
foreach (ServicePlanInfo servicePlan in sku.ServicePlans)
{
if (servicePlan.ServicePlanName.Contains("SHAREPOINT"))
{
addLicense.DisabledPlans.Add(servicePlan.ServicePlanId.Value);
break;
}
}
IList<AssignedLicense> licensesToAdd = new[] { addLicense };
IList<Guid> licensesToRemove = new Guid[] { };
// attempt to assign the license object to the new user
try
{
if (newUser.ObjectId != null)
{
newUser.AssignLicenseAsync(licensesToAdd, licensesToRemove).Wait();
Console.WriteLine("\n User {0} was assigned license {1}",
newUser.DisplayName,
addLicense.SkuId);
}
}
catch (Exception e)
{
Console.WriteLine("\nLicense assingment failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
}
}
skus = skus.GetNextPageAsync().Result;
} while (skus != null);
}
#endregion
#region Switch to OAuth Authorization Code Grant (Acting as a user)
activeDirectoryClient = AuthenticationHelper.GetActiveDirectoryClientAsUser();
#endregion
#region Create Application
//*********************************************************************************************
// Create a new Application object with App Role Assignment (Direct permission)
//*********************************************************************************************
Application appObject = new Application { DisplayName = "Test-Demo App" + Helper.GetRandomString(8) };
appObject.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid());
appObject.ReplyUrls.Add("https://localhost/demo");
AppRole appRole = new AppRole();
appRole.Id = Guid.NewGuid();
appRole.IsEnabled = true;
appRole.AllowedMemberTypes.Add("User");
appRole.DisplayName = "Something";
appRole.Description = "Anything";
appRole.Value = "policy.write";
appObject.AppRoles.Add(appRole);
// created Keycredential object for the new App object
KeyCredential keyCredential = new KeyCredential
{
StartDate = DateTime.UtcNow,
EndDate = DateTime.UtcNow.AddYears(1),
Type = "Symmetric",
Value = Convert.FromBase64String("g/TMLuxgzurjQ0Sal9wFEzpaX/sI0vBP3IBUE/H/NS4="),
Usage = "Verify"
};
appObject.KeyCredentials.Add(keyCredential);
try
{
activeDirectoryClient.Applications.AddApplicationAsync(appObject).Wait();
Console.WriteLine("New Application created: " + appObject.ObjectId);
}
catch (Exception e)
{
Console.WriteLine("Application Creation execption: {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Create Service Principal
//*********************************************************************************************
// create a new Service principal
//*********************************************************************************************
ServicePrincipal newServicePrincpal = new ServicePrincipal();
if (appObject != null)
{
newServicePrincpal.DisplayName = appObject.DisplayName;
newServicePrincpal.AccountEnabled = true;
newServicePrincpal.AppId = appObject.AppId;
try
{
activeDirectoryClient.ServicePrincipals.AddServicePrincipalAsync(newServicePrincpal).Wait();
Console.WriteLine("New Service Principal created: " + newServicePrincpal.ObjectId);
}
catch (Exception e)
{
Console.WriteLine("Service Principal Creation execption: {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Create an Extension Property
ExtensionProperty linkedInUserId = new ExtensionProperty
{
Name = "linkedInUserId",
DataType = "String",
TargetObjects = { "User" }
};
try
{
appObject.ExtensionProperties.Add(linkedInUserId);
appObject.UpdateAsync().Wait();
Console.WriteLine("\nUser object extended successfully.");
}
catch (Exception e)
{
Console.WriteLine("\nError extending the user object {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Manipulate an Extension Property
try
{
if (retrievedUser != null && retrievedUser.ObjectId != null)
{
retrievedUser.SetExtendedProperty(linkedInUserId.Name, "ExtensionPropertyValue");
retrievedUser.UpdateAsync().Wait();
Console.WriteLine("\nUser {0}'s extended property set successully.", retrievedUser.DisplayName);
}
}
catch (Exception e)
{
Console.WriteLine("\nError Updating the user object {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Get an Extension Property
try
{
if (retrievedUser != null && retrievedUser.ObjectId != null)
{
IReadOnlyDictionary<string, object> extendedProperties = retrievedUser.GetExtendedProperties();
object extendedProperty = extendedProperties[linkedInUserId.Name];
Console.WriteLine("\n Retrieved User {0}'s extended property value is: {1}.", retrievedUser.DisplayName,
extendedProperty);
}
}
catch (Exception e)
{
Console.WriteLine("\nError Updating the user object {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Assign Direct Permission
try
{
User user =
(User)activeDirectoryClient.Users.ExecuteAsync().Result.CurrentPage.ToList().FirstOrDefault();
if (appObject.ObjectId != null && user != null && newServicePrincpal.ObjectId != null)
{
AppRoleAssignment appRoleAssignment = new AppRoleAssignment();
appRoleAssignment.Id = appRole.Id;
appRoleAssignment.ResourceId = Guid.Parse(newServicePrincpal.ObjectId);
appRoleAssignment.PrincipalType = "User";
appRoleAssignment.PrincipalId = Guid.Parse(user.ObjectId);
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
Console.WriteLine("User {0} is successfully assigned direct permission.", retrievedUser.DisplayName);
}
}
catch (Exception e)
{
Console.WriteLine("Direct Permission Assignment failed: {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Get Devices
//*********************************************************************************************
// Get a list of Mobile Devices from tenant
//*********************************************************************************************
Console.WriteLine("\nGetting Devices");
IPagedCollection<IDevice> devices = null;
try
{
devices = activeDirectoryClient.Devices.ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("/nError getting devices {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
if (devices != null)
{
do
{
List<IDevice> devicesList = devices.CurrentPage.ToList();
foreach (IDevice device in devicesList)
{
if (device.ObjectId != null)
{
Console.WriteLine("Device ID: {0}, Type: {1}", device.DeviceId, device.DeviceOSType);
IPagedCollection<IDirectoryObject> registeredOwners = device.RegisteredOwners;
if (registeredOwners != null)
{
do
{
List<IDirectoryObject> registeredOwnersList = registeredOwners.CurrentPage.ToList();
foreach (IDirectoryObject owner in registeredOwnersList)
{
Console.WriteLine("Device Owner ID: " + owner.ObjectId);
}
registeredOwners = registeredOwners.GetNextPageAsync().Result;
} while (registeredOwners != null);
}
}
}
devices = devices.GetNextPageAsync().Result;
} while (devices != null);
}
#endregion
#region Create New Permission
//*********************************************************************************************
// Create new permission object
//*********************************************************************************************
OAuth2PermissionGrant permissionObject = new OAuth2PermissionGrant();
permissionObject.ConsentType = "AllPrincipals";
permissionObject.Scope = "user_impersonation";
permissionObject.StartTime = DateTime.Now;
permissionObject.ExpiryTime = (DateTime.Now).AddMonths(12);
// resourceId is objectId of the resource, in this case objectId of AzureAd (Graph API)
permissionObject.ResourceId = "52620afb-80de-4096-a826-95f4ad481686";
//ClientId = objectId of servicePrincipal
permissionObject.ClientId = newServicePrincpal.ObjectId;
try
{
activeDirectoryClient.Oauth2PermissionGrants.AddOAuth2PermissionGrantAsync(permissionObject).Wait();
Console.WriteLine("New Permission object created: " + permissionObject.ObjectId);
}
catch (Exception e)
{
Console.WriteLine("Permission Creation exception: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
#region Get All Permissions
//*********************************************************************************************
// get all Permission Objects
//*********************************************************************************************
Console.WriteLine("\n Getting Permissions");
IPagedCollection<IOAuth2PermissionGrant> permissions = null;
try
{
permissions = activeDirectoryClient.Oauth2PermissionGrants.ExecuteAsync().Result;
}
catch (Exception e)
{
Console.WriteLine("Error: {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
if (permissions != null)
{
do
{
List<IOAuth2PermissionGrant> perms = permissions.CurrentPage.ToList();
foreach (IOAuth2PermissionGrant perm in perms)
{
Console.WriteLine("Permission: {0} Name: {1}", perm.ClientId, perm.Scope);
}
permissions = permissions.GetNextPageAsync().Result;
} while (permissions != null);
}
#endregion
#region Delete Application
//*********************************************************************************************
// Delete Application Objects
//*********************************************************************************************
if (appObject.ObjectId != null)
{
try
{
appObject.DeleteAsync().Wait();
Console.WriteLine("Deleted Application object: " + appObject.ObjectId);
}
catch (Exception e)
{
Console.WriteLine("Application Deletion execption: {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
#endregion
#region Batch Operations
//*********************************************************************************************
// Show Batching with 3 operators. Note: up to 5 operations can be in a batch
//*********************************************************************************************
IReadOnlyQueryableSet<User> userQuery = activeDirectoryClient.DirectoryObjects.OfType<User>();
IReadOnlyQueryableSet<Group> groupsQuery = activeDirectoryClient.DirectoryObjects.OfType<Group>();
IReadOnlyQueryableSet<DirectoryRole> rolesQuery =
activeDirectoryClient.DirectoryObjects.OfType<DirectoryRole>();
try
{
IBatchElementResult[] batchResult =
activeDirectoryClient.Context.ExecuteBatchAsync(userQuery, groupsQuery, rolesQuery).Result;
int responseCount = 1;
foreach (IBatchElementResult result in batchResult)
{
if (result.FailureResult != null)
{
Console.WriteLine("Failed: {0} ",
result.FailureResult.InnerException);
}
if (result.SuccessResult != null)
{
Console.WriteLine("Batch Item Result {0} succeeded",
responseCount++);
}
}
}
catch (Exception e)
{
Console.WriteLine("Batch execution failed. : {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
#endregion
//*********************************************************************************************
// End of Demo Console App
//*********************************************************************************************
Console.WriteLine("\nCompleted at {0} \n Press Any Key to Exit.", currentDateTime);
Console.ReadKey();
}
public override void Execute()
{
var client = _generator.DataHelper.GetADClient();
List<ITenantDetail> tenantsList = client.TenantDetails
.ExecuteAsync().Result.CurrentPage.ToList();
ITenantDetail tenant = tenantsList.First();
var defaultDomain = tenant.VerifiedDomains.First(x => [email protected] && [email protected]);
if (WorkingDefinition.NumberOfUsersToCreate > 0)
{
try
{
int batchcounter = 0;
HashSet<Tuple<string, string>> usedNames = new HashSet<Tuple<string, string>>();
for (int i = 0; i < WorkingDefinition.NumberOfUsersToCreate; i++)
{
try
{
var firstName = SampleData.GetSampleValueRandom(SampleData.FirstNames);
var lastName = SampleData.GetSampleValueRandom(SampleData.LastNames);
while (usedNames.Contains(new Tuple<string, string>(firstName, lastName)))
{
firstName = SampleData.GetSampleValueRandom(SampleData.FirstNames);
lastName = SampleData.GetSampleValueRandom(SampleData.LastNames);
}
usedNames.Add(new Tuple<string, string>(firstName, lastName));
var userPrincipal = new User();
userPrincipal.Surname = lastName;
userPrincipal.AccountEnabled = true;
userPrincipal.GivenName = firstName;
userPrincipal.MailNickname = userPrincipal.GivenName.ToLower() + "." + userPrincipal.Surname.ToLower();
userPrincipal.UserPrincipalName = userPrincipal.MailNickname + "@" + defaultDomain.Name;
userPrincipal.DisplayName = userPrincipal.GivenName + " " + userPrincipal.Surname;
userPrincipal.UsageLocation = "US";
userPrincipal.PasswordProfile = new PasswordProfile
{
Password = "******",
ForceChangePasswordNextLogin = false,
};
client.Users.AddUserAsync(userPrincipal, true).Wait();
batchcounter++;
if (batchcounter >= 50)
{
client.Context.SaveChangesAsync().Wait();
Owner.IncrementCurrentTaskProgress(string.Format("Created {0}/{1} users", i + 1, WorkingDefinition.NumberOfUsersToCreate), batchcounter);
batchcounter = 0;
}
}
catch (Exception ex)
{
Errors.Log(ex);
}
}
if (batchcounter > 0)
{
client.Context.SaveChangesAsync().Wait();
Owner.IncrementCurrentTaskProgress(string.Format("Created {0} users", WorkingDefinition.NumberOfUsersToCreate), batchcounter);
}
}
catch (Exception ex)
{
Errors.Log(ex);
}
}
if (WorkingDefinition.NumberOfSecurityGroupsToCreate > 0)
{
try
{
HashSet<string> usedGroupNames = new HashSet<string>();
int batchCounter = 0;
for (int i = 0; i < WorkingDefinition.NumberOfSecurityGroupsToCreate; i++)
{
try
{
var displayName = SampleData.GetSampleValueRandom(SampleData.Accounts);
while (usedGroupNames.Contains(displayName))
{
displayName = SampleData.GetSampleValueRandom(SampleData.Accounts);
}
usedGroupNames.Add(displayName);
var mailNickname = Regex.Replace(displayName, @"[^a-z0-9]", "");
Group group = new Group();
group.DisplayName = displayName;
group.MailEnabled = false;
group.SecurityEnabled = true;
group.MailNickname = mailNickname;
batchCounter++;
client.Groups.AddGroupAsync(group, true).Wait();
if (batchCounter >= 50)
{
client.Context.SaveChangesAsync().Wait();
Owner.IncrementCurrentTaskProgress(string.Format("Created {0}/{1} security groups", i + 1, WorkingDefinition.NumberOfSecurityGroupsToCreate), batchCounter);
batchCounter = 0;
}
}
catch (Exception ex)
{
Errors.Log(ex);
}
}
if (batchCounter > 0)
{
client.Context.SaveChangesAsync().Wait();
Owner.IncrementCurrentTaskProgress(string.Format("Created {0} security groups", WorkingDefinition.NumberOfSecurityGroupsToCreate), batchCounter);
}
if (WorkingDefinition.NumberOfSecurityGroupsToCreate > 0 && WorkingDefinition.MaxNumberOfUsersInCreatedSecurityGroups > 0)
{
Owner.IncrementCurrentTaskProgress("Retriving groups and users.", 0);
var allGroups = _generator.DataHelper.GetAvailableGroupObjectsInDirectory();
var allUsers = _generator.DataHelper.GetAvailableUserObjectsInDirectory();
Owner.IncrementCurrentTaskProgress("Adding users to groups.", 0);
foreach (var @group in allGroups)
{
if (usedGroupNames.Contains(@group.DisplayName))
{
var userGroupMaxCount = Math.Min(WorkingDefinition.MaxNumberOfUsersInCreatedSecurityGroups, allUsers.Count);
var userGroupCount = SampleData.GetRandomNumber(0, userGroupMaxCount);
if (userGroupCount > 0)
{
allUsers.Shuffle();
foreach (var user in allUsers.Take(userGroupCount))
{
group.Members.Add(user);
// progressDetail(string.Format("Added {0} user to {1} security group", user.DisplayName, @group.DisplayName));
}
group.UpdateAsync().Wait();
Owner.IncrementCurrentTaskProgress(string.Format("Added {0} users to {1} security group", userGroupCount, @group.DisplayName));
}
}
}
}
}
catch (Exception ex)
{
Errors.Log(ex);
}
}
}
public ActionResult Delete(User user)
{
string accessToken = null;
string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value;
if (tenantId != null)
{
accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId);
}
if (accessToken == null)
{
//
// If refresh is set to true, the user has clicked the link to be authorized again.
//
if (Request.QueryString["reauth"] == "True")
{
// Send an OpenID Connect sign-in request to get a new set of tokens.
// If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
// The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
//
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
try
{
// Setup Graph API connection and delete User
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = graphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
graphConnection.Delete(user);
return RedirectToAction("Index");
}
catch(Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View(user);
}
}
static void Main()
{
// get OAuth token using Client Credentials
string tenantName = "GraphDir1.onMicrosoft.com";
string authString = "https://login.windows.net/" + tenantName;
AuthenticationContext authenticationContext = new AuthenticationContext(authString,false);
// Config for OAuth client credentials
string clientId = "118473c2-7619-46e3-a8e4-6da8d5f56e12";
string clientSecret = "hOrJ0r0TZ4GQ3obp+vk3FZ7JBVP+TX353kNo6QwNq7Q=";
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
string resource = "https://graph.windows.net";
string token;
try
{
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
token = authenticationResult.AccessToken;
}
catch (AuthenticationException ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message);
if (ex.InnerException != null)
{
//You should implement retry and back-off logic per the guidance given here:http://msdn.microsoft.com/en-us/library/dn168916.aspx
//InnerException Message will contain the HTTP error status codes mentioned in the link above
Console.WriteLine("Error detail: {0}", ex.InnerException.Message);
}
Console.ResetColor();
Console.ReadKey();
return;
}
// record start DateTime of execution
string CurrentDateTime = DateTime.Now.ToUniversalTime().ToString();
//*********************************************************************
// setup Graph connection
//*********************************************************************
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = "2013-11-08";
graphSettings.GraphDomainName = "graph.windows.net";
GraphConnection graphConnection = new GraphConnection(token, ClientRequestId,graphSettings);
VerifiedDomain initialDomain = new VerifiedDomain();
VerifiedDomain defaultDomain = new VerifiedDomain();
//*********************************************************************
// Get Tenant Details
// Note: update the string tenantId with your TenantId.
// This can be retrieved from the login Federation Metadata end point:
// https://login.windows.net/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml
// Replace "GraphDir1.onMicrosoft.com" with any domain owned by your organization
// The returned value from the first xml node "EntityDescriptor", will have a STS URL
// containing your tenantId e.g. "https://sts.windows.net/4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34/" is returned for GraphDir1.onMicrosoft.com
//*********************************************************************
string tenantId = "4fd2b2f2-ea27-4fe5-a8f3-7b1a7c975f34";
GraphObject tenant = graphConnection.Get(typeof(TenantDetail), tenantId);
if (tenant == null)
{
Console.WriteLine("Tenant not found");
}
else
{
TenantDetail tenantDetail = (TenantDetail)tenant;
Console.WriteLine("Tenant Display Name: " + tenantDetail.DisplayName);
// Get the Tenant's Verified Domains
initialDomain = tenantDetail.VerifiedDomains.First(x => x.Initial.HasValue && x.Initial.Value);
Console.WriteLine("Initial Domain Name: " + initialDomain.Name);
defaultDomain = tenantDetail.VerifiedDomains.First(x => x.Default.HasValue && x.Default.Value);
Console.WriteLine("Default Domain Name: " + defaultDomain.Name);
foreach (string techContact in tenantDetail.TechnicalNotificationMails)
{
Console.WriteLine("Tenant Tech Contact: " + techContact);
}
}
//*********************************************************************
// Demonstrate Getting a list of Users with paging (get 4 users), sort by displayName
//*********************************************************************
Console.WriteLine("\n Retrieving Users");
FilterGenerator userFilter = new FilterGenerator();
userFilter.Top = 4;
userFilter.OrderByProperty = GraphProperty.DisplayName;
PagedResults<User> users = graphConnection.List<User>(null, userFilter);
foreach (User user in users.Results)
{
Console.WriteLine("UserObjectId: {0} UPN: {1}", user.ObjectId, user.UserPrincipalName);
}
// if there are more users to retrieve, get the rest of the users, and specify maximum page size 999
do
{
userFilter.Top = 999;
if (users.PageToken != null)
{
users = graphConnection.List<User>(users.PageToken, userFilter);
Console.WriteLine("\n Next page of results");
}
foreach (User user in users.Results)
{
Console.WriteLine("DisplayName: {0} UPN: {1}", user.DisplayName, user.UserPrincipalName);
}
} while (users.PageToken != null);
// search for a single user by UPN
string searchString = "adam@" + initialDomain.Name;
FilterGenerator filter = new FilterGenerator();
Expression filterExpression = ExpressionHelper.CreateEqualsExpression(typeof(User), GraphProperty.UserPrincipalName, searchString );
filter.QueryFilter = filterExpression;
User retrievedUser = new User();
PagedResults<User> pagedUserResults = graphConnection.List<User>(null, filter);
// should only find one user with the specified UPN
if (pagedUserResults.Results.Count == 1)
{
retrievedUser = pagedUserResults.Results[0] as User;
}
else
{
Console.WriteLine("User not found {0}", searchString);
}
if (retrievedUser.UserPrincipalName != null)
{
Console.WriteLine("\n Found User: "******" UPN: " + retrievedUser.UserPrincipalName);
// get the user's Manager
int count = 0;
PagedResults<GraphObject> managers = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.Manager, null);
foreach (GraphObject managerObject in managers.Results)
{
if (managerObject.ODataTypeName.Contains("User"))
{
User manager = (User)managers.Results[count];
Console.WriteLine(" Manager: {0} UPN: {1}", manager.DisplayName, manager.UserPrincipalName);
}
count++;
}
//*********************************************************************
// get the user's Direct Reports
//*********************************************************************
int top = 99;
PagedResults<GraphObject> directReportObjects = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.DirectReports, null, top);
foreach (GraphObject graphObject in directReportObjects.Results)
{
if (graphObject.ODataTypeName.Contains("User"))
{
User User = (User)graphObject;
Console.WriteLine(" DirectReport {0}: {1} UPN: {2}", User.ObjectType, User.DisplayName, User.UserPrincipalName);
}
if (graphObject.ODataTypeName.Contains("Contact"))
{
Contact Contact = (Contact)graphObject;
Console.WriteLine(" DirectReport {0}: {1} Mail: {2} ", Contact.ObjectType, Contact.DisplayName, Contact.Mail);
}
}
//*********************************************************************
// get a list of Group IDs that the user is a member of
//*********************************************************************
Console.WriteLine("\n {0} is a member of the following Groups (IDs)", retrievedUser.DisplayName);
bool securityGroupsOnly = false;
IList<string> usersGroupMembership = graphConnection.GetMemberGroups(retrievedUser, securityGroupsOnly);
foreach (String groupId in usersGroupMembership)
{
Console.WriteLine("Member of Group ID: "+ groupId);
}
//*********************************************************************
// get the User's Group and Role membership, getting the complete set of objects
//*********************************************************************
PagedResults<GraphObject> memberOfObjects = graphConnection.GetLinkedObjects(retrievedUser, LinkProperty.MemberOf, null, top);
foreach (GraphObject graphObject in memberOfObjects.Results)
{
if (graphObject.ODataTypeName.Contains("Group"))
{
Group Group = (Group)graphObject;
Console.WriteLine(" Group: {0} Description: {1}", Group.DisplayName, Group.Description);
}
if (graphObject.ODataTypeName.Contains("Role"))
{
Role Role = (Role)graphObject;
Console.WriteLine(" Role: {0} Description: {1}", Role.DisplayName, Role.Description);
}
}
}
//*********************************************************************
// People picker
// Search for a user using text string "ad" match against userPrincipalName, proxyAddresses, displayName, giveName, surname
//*********************************************************************
searchString = "ad";
Console.WriteLine("\nSearching for any user with string {0} in UPN,ProxyAddresses,DisplayName,First or Last Name", searchString);
FilterGenerator userMatchFilter = new FilterGenerator();
userMatchFilter.Top = 19;
Expression firstExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.UserPrincipalName, searchString);
Expression secondExpression = ExpressionHelper.CreateAnyExpression(typeof(User), GraphProperty.ProxyAddresses, "smtp:" + searchString);
userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(firstExpression, secondExpression, ExpressionType.Or);
Expression thirdExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.DisplayName, searchString);
userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, thirdExpression, ExpressionType.Or);
Expression fourthExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.GivenName, searchString);
userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, fourthExpression, ExpressionType.Or);
Expression fifthExpression = ExpressionHelper.CreateStartsWithExpression(typeof(User), GraphProperty.Surname, searchString);
userMatchFilter.QueryFilter = ExpressionHelper.JoinExpressions(userMatchFilter.QueryFilter, fifthExpression, ExpressionType.Or);
PagedResults<User> serachResults = graphConnection.List<User>(null, userMatchFilter);
if (serachResults.Results.Count > 0)
{
foreach (User User in serachResults.Results)
{
Console.WriteLine("User DisplayName: {0} UPN: {1}", User.DisplayName, User.UserPrincipalName);
}
}
else
{
Console.WriteLine("User not found");
}
//*********************************************************************
// Search for a group using a startsWith filter (displayName property)
//*********************************************************************
Group retrievedGroup = new Group();
searchString = "Wash";
filter.QueryFilter = ExpressionHelper.CreateStartsWithExpression(typeof(Group), GraphProperty.DisplayName, searchString);
filter.Top = 99;
PagedResults<Group> pagedGroupResults = graphConnection.List<Group>(null, filter);
if (pagedGroupResults.Results.Count > 0)
{
retrievedGroup = pagedGroupResults.Results[0] as Group;
}
else
{
Console.WriteLine("Group Not Found");
}
if (retrievedGroup.ObjectId != null)
{
Console.WriteLine("\n Found Group: " + retrievedGroup.DisplayName + " " + retrievedGroup.Description);
//*********************************************************************
// get the groups' membership using GetAllDirectLinks -
// Note this method retrieves ALL links in one request - please use this method with care - this
// may return a very large number of objects
//*********************************************************************
GraphObject graphObj = (GraphObject)retrievedGroup;
IList<GraphObject> members = graphConnection.GetAllDirectLinks(graphObj, LinkProperty.Members);
if (members.Count > 0)
{
Console.WriteLine(" Members:");
foreach (GraphObject graphObject in members)
{
if (graphObject.ODataTypeName.Contains("User"))
{
User User = (User)graphObject;
Console.WriteLine("User DisplayName: {0} UPN: {1}", User.DisplayName, User.UserPrincipalName);
}
if (graphObject.ODataTypeName.Contains("Group"))
{
Group Group = (Group)graphObject;
Console.WriteLine("Group DisplayName: {0}", Group.DisplayName);
}
if (graphObject.ODataTypeName.Contains("Contact"))
{
Contact Contact = (Contact)graphObject;
Console.WriteLine("Contact DisplayName: {0}", Contact.DisplayName);
}
}
}
}
//*********************************************************************
// Search for a Role by displayName
//*********************************************************************
searchString = "Company Administrator";
filter.QueryFilter = ExpressionHelper.CreateStartsWithExpression(typeof(Role), GraphProperty.DisplayName, searchString);
PagedResults<Role> pagedRoleResults = graphConnection.List<Role>(null, null);
if (pagedRoleResults.Results.Count > 0)
{
foreach (GraphObject graphObject in pagedRoleResults.Results)
{
Role role = graphObject as Role;
if (role.DisplayName == searchString.Trim())
{
Console.WriteLine("\n Found Role: {0} {1} {2} ", role.DisplayName, role.Description, role.ObjectId);
}
}
}
else
{
Console.WriteLine("Role Not Found {0}",searchString);
}
//*********************************************************************
// get the Service Principals
//*********************************************************************
filter.Top = 999;
filter.QueryFilter = null;
PagedResults<ServicePrincipal> servicePrincipals = new PagedResults<ServicePrincipal>();
do
{
servicePrincipals = graphConnection.List<ServicePrincipal>(servicePrincipals.PageToken, filter);
if (servicePrincipals != null)
{
foreach (ServicePrincipal servicePrincipal in servicePrincipals.Results)
{
Console.WriteLine("Service Principal AppId: {0} Name: {1}", servicePrincipal.AppId, servicePrincipal.DisplayName);
}
}
} while (servicePrincipals.PageToken != null);
//*********************************************************************
// get the Application objects
//*********************************************************************
filter.Top = 999;
PagedResults<Application> applications = new PagedResults<Application>();
do
{
applications = graphConnection.List<Application>(applications.PageToken, filter);
if (applications != null)
{
foreach (Application application in applications.Results)
{
Console.WriteLine("Application AppId: {0} Name: {1}", application.AppId, application.DisplayName);
}
}
}while (applications.PageToken != null);
string targetAppId = applications.Results[0].ObjectId;
//********************************************************************************************
// We'll now switch to Authenticating using OAuth Authorization Code Grant
// which includes user Authentication/Delegation
//*********************************************************************************************
var redirectUri = new Uri("https://localhost");
string clientIdForUserAuthn = "66133929-66a4-4edc-aaee-13b04b03207d";
AuthenticationResult userAuthnResult = null;
try
{
userAuthnResult = authenticationContext.AcquireToken(resource, clientIdForUserAuthn, redirectUri, PromptBehavior.Always);
token = userAuthnResult.AccessToken;
Console.WriteLine("\n Welcome " + userAuthnResult.UserInfo.GivenName + " " + userAuthnResult.UserInfo.FamilyName);
}
catch (AuthenticationException ex)
{
string message = ex.Message;
if (ex.InnerException != null)
message += "InnerException : " + ex.InnerException.Message;
Console.WriteLine(message);
Console.ReadKey();
return;
}
// re-establish Graph connection using the new token
graphConnection = new GraphConnection(token, ClientRequestId, graphSettings);
//*********************************************************************************************
// Create a new User with a temp password
//*********************************************************************************************
User userToBeAdded = new User();
userToBeAdded.DisplayName = "Sample App Demo User";
userToBeAdded.UserPrincipalName = "SampleAppDemoUser@" + defaultDomain.Name;
userToBeAdded.AccountEnabled = true;
userToBeAdded.MailNickname = "SampleAppDemoUser";
userToBeAdded.PasswordProfile = new PasswordProfile();
userToBeAdded.PasswordProfile.Password = "******";
userToBeAdded.PasswordProfile.ForceChangePasswordNextLogin = true;
userToBeAdded.UsageLocation = "US";
User newlyCreatedUser = new User();
try
{
newlyCreatedUser = graphConnection.Add<User>(userToBeAdded);
Console.WriteLine("\nNew User {0} was created", userToBeAdded.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nError creating new user {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// update the newly created user's Password, PasswordPolicies and City
//*********************************************************************************************
if (newlyCreatedUser.ObjectId != null)
{
string userObjectId = newlyCreatedUser.ObjectId;
// update User's city and reset their User's password
User updateUser = graphConnection.Get<User>(userObjectId);
updateUser.City = "Seattle";
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.Password = "******";
passwordProfile.ForceChangePasswordNextLogin = false;
updateUser.PasswordProfile = passwordProfile;
updateUser.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword";
try
{
graphConnection.Update(updateUser);
Console.WriteLine("\nUser {0} was updated", updateUser.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nError Updating the user {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// Add, then retrieve a thumbnailPhoto for the newly created user
//*********************************************************************************************
Bitmap thumbnailPhoto = new Bitmap(20, 20);
thumbnailPhoto.SetPixel(5, 5, Color.Beige);
thumbnailPhoto.SetPixel(5, 6, Color.Beige);
thumbnailPhoto.SetPixel(6, 5, Color.Beige);
thumbnailPhoto.SetPixel(6, 6, Color.Beige);
using (MemoryStream ms = new MemoryStream())
{
thumbnailPhoto.Save(ms, ImageFormat.Jpeg);
graphConnection.SetStreamProperty(newlyCreatedUser, GraphProperty.ThumbnailPhoto, ms, "image/jpeg");
// graphConnection.SetStreamProperty(newlyCreatedUser, "thumbnailPhoto", ms, "image/jpeg");
}
using (Stream ms = graphConnection.GetStreamProperty(newlyCreatedUser, GraphProperty.ThumbnailPhoto, "image/jpeg"))
{
Image jpegImage = Image.FromStream(ms);
}
//*********************************************************************************************
// User License Assignment - assign EnterprisePack license to new user, and disable SharePoint service
// first get a list of Tenant's subscriptions and find the "Enterprisepack" one
// Enterprise Pack includes service Plans for ExchangeOnline, SharePointOnline and LyncOnline
// validate that Subscription is Enabled and there are enough units left to assign to users
//*********************************************************************************************
PagedResults<SubscribedSku> skus = graphConnection.List<SubscribedSku>(null, null);
foreach (SubscribedSku sku in skus.Results)
{
if (sku.SkuPartNumber == "ENTERPRISEPACK")
if ((sku.PrepaidUnits.Enabled.Value > sku.ConsumedUnits) && (sku.CapabilityStatus == "Enabled"))
{
// create addLicense object and assign the Enterprise Sku GUID to the skuId
//
AssignedLicense addLicense = new AssignedLicense();
addLicense.SkuId = sku.SkuId.Value;
// find plan id of SharePoint Service Plan
foreach (ServicePlanInfo servicePlan in sku.ServicePlans)
{
if (servicePlan.ServicePlanName.Contains("SHAREPOINT"))
{
addLicense.DisabledPlans.Add(servicePlan.ServicePlanId.Value);
break;
}
}
IList<AssignedLicense> licensesToAdd = new AssignedLicense[] { addLicense };
IList<Guid> licensesToRemove = new Guid[] { };
// attempt to assign the license object to the new user
try
{
graphConnection.AssignLicense(newlyCreatedUser, licensesToAdd, licensesToRemove);
Console.WriteLine("\n User {0} was assigned license {1}", newlyCreatedUser.DisplayName, addLicense.SkuId);
}
catch (GraphException graphException)
{
Console.WriteLine("\nLicense assingment failed {0} {1}", graphException.Code, graphException.Message);
}
}
}
//*********************************************************************************************
// Add User to the "WA" Group
//*********************************************************************************************
if (retrievedGroup.ObjectId != null)
{
try
{
graphConnection.AddLink(retrievedGroup, newlyCreatedUser, LinkProperty.Members);
Console.WriteLine("\nUser {0} was added to Group {1}", newlyCreatedUser.DisplayName, retrievedGroup.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nAdding user to group failed {0} {1}", graphException.Code, graphException.Message);
}
}
//*********************************************************************************************
// Create a new Group
//*********************************************************************************************
Group CaliforniaEmployees = new Group();
CaliforniaEmployees.DisplayName = "California Employees";
CaliforniaEmployees.Description = "Employees in the state of California";
CaliforniaEmployees.MailNickname = "CalEmployees";
CaliforniaEmployees.MailEnabled = false;
CaliforniaEmployees.SecurityEnabled = true;
Group newGroup = null;
try
{
newGroup = graphConnection.Add<Group>(CaliforniaEmployees);
Console.WriteLine("\nNew Group {0} was created", newGroup.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nError creating new Group {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// Add the new User member to the new Group
//*********************************************************************************************
if (newGroup.ObjectId != null)
{
try
{
graphConnection.AddLink(newGroup, newlyCreatedUser, LinkProperty.Members);
Console.WriteLine("\nUser {0} was added to Group {1}", newlyCreatedUser.DisplayName, newGroup.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("\nAdding user to group failed {0} {1}", graphException.Code, graphException.Message);
}
}
//*********************************************************************************************
// Delete the user that we just created
//*********************************************************************************************
if (newlyCreatedUser.ObjectId != null)
{
try
{
graphConnection.Delete(newlyCreatedUser);
Console.WriteLine("\nUser {0} was deleted", newlyCreatedUser.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("Deleting User failed {0} {1}", graphException.Code, graphException.Message);
}
}
//*********************************************************************************************
// Delete the Group that we just created
//*********************************************************************************************
if (newGroup.ObjectId != null)
{
try
{
graphConnection.Delete(newGroup);
Console.WriteLine("\nGroup {0} was deleted", newGroup.DisplayName);
}
catch (GraphException graphException)
{
Console.WriteLine("Deleting Group failed: {0} {1}", graphException.Code, graphException.Message);
}
}
}
//*********************************************************************************************
// Get a list of Mobile Devices from tenant
//*********************************************************************************************
Console.WriteLine("\nGetting Devices");
FilterGenerator deviceFilter = new FilterGenerator();
deviceFilter.Top = 999;
PagedResults<Device> devices = graphConnection.List<Device>(null, deviceFilter);
foreach(Device device in devices.Results)
{
if (device.ObjectId !=null)
{
Console.WriteLine("Device ID: {0}, Type: {1}", device.DeviceId, device.DeviceOSType);
foreach (GraphObject owner in device.RegisteredOwners)
{
Console.WriteLine("Device Owner ID: " + owner.ObjectId);
}
}
}
//*********************************************************************************************
// Create a new Application object
//*********************************************************************************************
Application appObject = new Application();
appObject.DisplayName = "Test-Demo App";
appObject.IdentifierUris.Add("https://localhost/demo/" + Guid.NewGuid().ToString());
appObject.ReplyUrls.Add("https://localhost/demo");
// created Keycredential object for the new App object
KeyCredential KeyCredential = new KeyCredential();
KeyCredential.StartDate = DateTime.UtcNow;
KeyCredential.EndDate = DateTime.UtcNow.AddYears(1);
KeyCredential.Type = "Symmetric";
KeyCredential.Value = Convert.FromBase64String("g/TMLuxgzurjQ0Sal9wFEzpaX/sI0vBP3IBUE/H/NS4=");
KeyCredential.Usage = "Verify";
appObject.KeyCredentials.Add(KeyCredential);
GraphObject newApp = null;
try
{
newApp = graphConnection.Add(appObject);
Console.WriteLine("New Application created: " + newApp.ObjectId);
}
catch (GraphException graphException)
{
Console.WriteLine("Application Creation execption: {0} {1}", graphException.Code, graphException.Message);
}
// Get the application object that was just created
if (newApp != null)
{
GraphObject app = graphConnection.Get(typeof(Application), newApp.ObjectId);
Application retrievedApp = (Application)app;
//*********************************************************************************************
// create a new Service principal
//*********************************************************************************************
ServicePrincipal newServicePrincpal = new ServicePrincipal();
newServicePrincpal.DisplayName = "Test-Demo App";
newServicePrincpal.AccountEnabled = true;
newServicePrincpal.AppId = retrievedApp.AppId;
GraphObject newSP = null;
try
{
newSP = graphConnection.Add<ServicePrincipal>(newServicePrincpal);
// newSP = graphConnection.Add(newServicePrincpal);
Console.WriteLine("New Service Principal created: " + newSP.ObjectId);
}
catch (GraphException graphException)
{
Console.WriteLine("Service Principal Creation execption: {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// get all Permission Objects
//*********************************************************************************************
Console.WriteLine("\n Getting Permissions");
filter.Top = 999;
PagedResults<Permission> permissions = new PagedResults<Permission>();
do
{
try
{
permissions = graphConnection.List<Permission>(permissions.PageToken, filter);
}
catch (GraphException graphException)
{
Console.WriteLine("Error: {0} {1}", graphException.Code, graphException.Message);
break;
}
foreach (Permission permission in permissions.Results)
{
Console.WriteLine("Permission: {0} Name: {1}", permission.ClientId, permission.Scope);
}
} while (permissions.PageToken != null);
//*********************************************************************************************
// Create new permission object
//*********************************************************************************************
Permission permissionObject = new Permission();
permissionObject.ConsentType = "AllPrincipals";
permissionObject.Scope = "user_impersonation";
permissionObject.StartTime = DateTime.Now;
permissionObject.ExpiryTime = (DateTime.Now).AddMonths(12);
// resourceId is objectId of the resource, in this case objectId of AzureAd (Graph API)
permissionObject.ResourceId = "dbf73c3e-e80b-495b-a82f-2f772bb0a417";
//ClientId = objectId of servicePrincipal
permissionObject.ClientId = newSP.ObjectId;
GraphObject newPermission = null;
try
{
newPermission = graphConnection.Add(permissionObject);
Console.WriteLine("New Permission object created: " + newPermission.ObjectId);
}
catch (GraphException graphException)
{
Console.WriteLine("Permission Creation exception: {0} {1}", graphException.Code, graphException.Message);
}
//*********************************************************************************************
// Delete Application Objects
//*********************************************************************************************
if (retrievedApp.ObjectId != null)
{
try
{
graphConnection.Delete(retrievedApp);
Console.WriteLine("Deleting Application object: " + retrievedApp.ObjectId);
}
catch (GraphException graphException)
{
Console.WriteLine("Application Deletion execption: {0} {1}", graphException.Code, graphException.Message);
}
}
}
//*********************************************************************************************
// Show Batching with 3 operators. Note: up to 5 operations can be in a batch
//*********************************************************************************************
// get users
Console.WriteLine("\n Executing Batch Request");
BatchRequestItem firstItem = new BatchRequestItem(
"GET",
false,
Utils.GetListUri<User>(graphConnection, null, new FilterGenerator()),
null,
String.Empty);
// get members of a Group
Uri membersUri = Utils.GetRequestUri<Group>(graphConnection, retrievedGroup.ObjectId, "members");
BatchRequestItem secondItem = new BatchRequestItem(
"GET",
false,
new Uri(membersUri.ToString()),
null,
String.Empty);
// update an existing group's Description property
retrievedGroup.Description = "New Employees in Washington State";
BatchRequestItem thirdItem = new BatchRequestItem(
"Patch",
true,
Utils.GetRequestUri<Group>(graphConnection,retrievedGroup.ObjectId),
null,
retrievedGroup.ToJson(true));
// Execute the batch requst
IList<BatchRequestItem> batchRequest = new BatchRequestItem[] { firstItem, secondItem, thirdItem };
IList<BatchResponseItem> batchResponses = graphConnection.ExecuteBatch(batchRequest);
int responseCount = 0;
foreach (BatchResponseItem responseItem in batchResponses)
{
if (responseItem.Failed)
{
Console.WriteLine("Failed: {0} {1}",
responseItem.Exception.Code,
responseItem.Exception.ErrorMessage);
}
else
{
Console.WriteLine("Batch Item Result {0} succeeded {1}",
responseCount++,
!responseItem.Failed);
}
}
// this next section shows how to access the signed-in user's mailbox.
// First we get a new token for Office365 Exchange Online Resource
// using the multi-resource refresh token tha was included when the previoius
// token was acquired.
// We can now request a new token for Office365 Exchange Online.
//
string office365Emailresource = "https://outlook.office365.com/";
string office365Token = null;
if (userAuthnResult.IsMultipleResourceRefreshToken)
{
userAuthnResult = authenticationContext.AcquireTokenByRefreshToken(userAuthnResult.RefreshToken, clientIdForUserAuthn, office365Emailresource);
office365Token = userAuthnResult.AccessToken;
//
// Call the Office365 API and retrieve the top item from the user's mailbox.
//
string requestUrl = "https://outlook.office365.com/EWS/OData/Me/Inbox/Messages?$top=1";
WebRequest getMailboxRequest;
getMailboxRequest = WebRequest.Create(requestUrl);
getMailboxRequest.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + office365Token);
Console.WriteLine("\n Getting the User's Mailbox Contents \n");
//
// Read the contents of the user's mailbox, and display to the console.
//
Stream objStream = null;
try
{
objStream = getMailboxRequest.GetResponse().GetResponseStream();
StreamReader objReader = new StreamReader(objStream);
string sLine = "";
int i = 0;
while (sLine != null)
{
i++;
sLine = objReader.ReadLine();
if (sLine != null)
{
Console.WriteLine("{0}:{1}", i, sLine);
}
}
}
catch (Exception ex)
{
Console.WriteLine("\n Error Getting User's Mailbox: {0} \n", ex.Message);
}
}
//*********************************************************************************************
// End of Demo Console App
//*********************************************************************************************
Console.WriteLine("\nCompleted at {0} \n ClientRequestId: {1}", CurrentDateTime, ClientRequestId);
Console.ReadKey();
return;
}
public async Task<ActionResult> Edit(
User user, FormCollection values)
{
try
{
ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient();
IUser toUpdate = await client.Users.GetByObjectId(user.ObjectId).ExecuteAsync();
Helper.CopyUpdatedValues(toUpdate, user, values);
await toUpdate.UpdateAsync();
return RedirectToAction("Index");
}
catch (Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View();
}
}
/// <summary>
/// Assign license to a user.
/// </summary>
/// <param name="user">User whose licenses need to be manipulated.</param>
/// <param name="addLicenses">List of licenses to be assigned.</param>
/// <param name="removeLicenses">Licenses to be disabled.</param>
/// <returns>Updated user object.</returns>
public virtual User AssignLicense(User user, IList<AssignedLicense> addLicenses, IList<Guid> removeLicenses)
{
Utils.ValidateGraphObject(user, "user");
if (addLicenses == null)
{
throw new ArgumentNullException("addLicenses");
}
if (removeLicenses == null)
{
throw new ArgumentNullException("removeLicenses");
}
Uri requestUri = Utils.GetRequestUri<User>(
this, user.ObjectId, Constants.ActionAssignLicense);
Dictionary<string, object> parameters = new Dictionary<string, object>();
parameters["addLicenses"] = addLicenses;
parameters["removeLicenses"] = removeLicenses;
string requestJson = JsonConvert.SerializeObject(parameters);
string responseJson = this.ClientConnection.UploadString(
requestUri, HttpVerb.POST, requestJson, null, null);
PagedResults<User> pagedResults = SerializationHelper.DeserializeJsonResponse<User>(responseJson, requestUri);
if (pagedResults != null && pagedResults.Results.Count > 0)
{
return pagedResults.Results[0];
}
// TODO: Should we throw an exception?
return null;
}
public async Task<ActionResult> Delete(User user)
{
try
{
ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient();
IUser toDelete = await client.Users.GetByObjectId(user.ObjectId).ExecuteAsync();
await toDelete.DeleteAsync();
return RedirectToAction("Index");
}
catch (Exception exception)
{
ModelState.AddModelError("", exception.Message);
return View(user);
}
}
public ActionResult ShowThumbnail(string id)
{
string accessToken = AuthUtils.GetAuthToken(Request, HttpContext);
if (accessToken == null)
{
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
// Setup Graph API connection and get Group membership
Guid ClientRequestId = Guid.NewGuid();
GraphSettings graphSettings = new GraphSettings();
graphSettings.ApiVersion = GraphConfiguration.GraphApiVersion;
GraphConnection graphConnection = new GraphConnection(accessToken, ClientRequestId, graphSettings);
// User user = graphConnection.Get<User>(id);
User user = new User();
user.ObjectId = id;
try
{
Stream ms = graphConnection.GetStreamProperty(user, GraphProperty.ThumbnailPhoto, "image/jpeg");
user.ThumbnailPhoto = ms;
}
catch
{
user.ThumbnailPhoto = null;
}
if (user.ThumbnailPhoto != null)
{
return File(user.ThumbnailPhoto, "image/jpeg");
}
return View();
}
static void RetrieveUpdatedUser(string userUPN)
{
// search for a single user by UPN
User retrievedUser = new User();
List<IUser> retrievedUsers = null;
try
{
retrievedUsers = activeDirectoryClient.Users.Where(user => user.UserPrincipalName.Equals(userUPN)).ExecuteAsync().Result.CurrentPage.ToList();
}
catch (Exception e)
{
Console.WriteLine("\nError getting new user {0} {1}", e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
// should only find one user with the specified UPN
if (retrievedUsers != null && retrievedUsers.Count == 1)
{
retrievedUser = (User)retrievedUsers.First();
var newUser = new UserEntity(retrievedUser.ObjectId, retrievedUser.UserPrincipalName.Contains("#EXT#") ? retrievedUser.UserPrincipalName.Replace("#EXT#", "_") : retrievedUser.UserPrincipalName);
newUser.DisplayName = retrievedUser.DisplayName;
newUser.MailNickname = retrievedUser.MailNickname;
newUser.AccountEnabled = (bool)retrievedUser.AccountEnabled;
newUser.UserType = retrievedUser.UserType;
newUser.UsageLocation = retrievedUser.UsageLocation;
userTableOper.InsertEntity(newUser);
}
}
