Differences
This shows you the differences between two versions of the page.
— | windows:ad:ad.net [2019/10/31 09:05] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Managing everything in Active Directory via C# (Using System.DirectoryServices.AccountManagement) ====== | ||
+ | Before .Net, managing Active Directory objects was a bit lengthy and you needed a good knowledge on the principal store to have your head around on what you want to do. We ususally use the System.DirectoryServices namespace but with .Net 3.5 they introduced System.DirectoryServices.AccountManagement which is manages directory objects independent of the System.DirectoryServices namespace. | ||
+ | So what are the advantages of using this? Everything is really simple in terms of managing a user, computer or group principal and performing queries on the stores are much faster thanks to the Fast Concurrent Bind (FSB) feature which caches the connection which decreases the number of ports used in the process. | ||
+ | |||
+ | The code is divided into several regions but here are the 5 key regions with their methods explained | ||
+ | ==== Validate Methods ==== | ||
+ | |||
+ | * ValidateCredentials – This Method will validate the users credentials. | ||
+ | * IsUserExpired – Checks if the User Account is Expired. | ||
+ | * IsUserExisiting – Checks if user exsists on AD. | ||
+ | * IsAccountLocked | ||
+ | |||
+ | ==== Search Methods ==== | ||
+ | |||
+ | * GetUser – This will return a UserPrincipal Object if the User Exists | ||
+ | |||
+ | ==== User Account Methods ==== | ||
+ | |||
+ | * SetUserPassword – This Method will set the Users Password | ||
+ | * EnableUserAccount – This Method will Enable a User Account | ||
+ | * DisableUserAccount – This Methoid will Disable the User Account | ||
+ | * ExpireUserPassword – This Method will Force Expire a Users Password | ||
+ | * UnlockUserAccount – This Method will unlocks a User Account | ||
+ | * CreateNewUser – This Method will Create a new User Directory Object | ||
+ | * DeleteUser – This Method will Delete an AD User based on Username. | ||
+ | |||
+ | ==== Group Methods ==== | ||
+ | |||
+ | * CreateNewGroup – This Method will create a New Active Directory Group | ||
+ | * AddUserToGroup – This Method will add a User to a group | ||
+ | * RemoveUserFromGroup – This Method will remove a User from a Group | ||
+ | * IsUserGroupMember – This Method will Validate whether the User is a Memeber of a Group | ||
+ | * GetUserGroups – This Method will return an ArrayList of a User Group Memberships | ||
+ | |||
+ | ==== Helper Methods ==== | ||
+ | |||
+ | * GetPrincipalContext – Gets the base principal context | ||
+ | | ||
+ | <code csharp> | ||
+ | using System; | ||
+ | using System.Collections; | ||
+ | using System.Text; | ||
+ | using System.DirectoryServices.AccountManagement; | ||
+ | using System.Data; | ||
+ | using System.Configuration; | ||
+ | |||
+ | public class ADMethodsAccountManagement | ||
+ | { | ||
+ | |||
+ | #region Variables | ||
+ | |||
+ | private string sDomain = " | ||
+ | private string sDefaultOU = " | ||
+ | private string sDefaultRootOU = " | ||
+ | private string sServiceUser = @" | ||
+ | private string sServicePassword = " | ||
+ | |||
+ | #endregion | ||
+ | #region Validate Methods | ||
+ | |||
+ | /// < | ||
+ | /// Validates the username and password of a given user | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public bool ValidateCredentials(string sUserName, string sPassword) | ||
+ | { | ||
+ | PrincipalContext oPrincipalContext = GetPrincipalContext(); | ||
+ | return oPrincipalContext.ValidateCredentials(sUserName, | ||
+ | |||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Checks if the User Account is Expired | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public bool IsUserExpired(string sUserName) | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | if (oUserPrincipal.AccountExpirationDate != null) | ||
+ | { | ||
+ | return false; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | return true; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Checks if user exsists on AD | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public bool IsUserExisiting(string sUserName) | ||
+ | { | ||
+ | if (GetUser(sUserName) == null) | ||
+ | { | ||
+ | return false; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | return true; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Checks if user accoung is locked | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public bool IsAccountLocked(string sUserName) | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | return oUserPrincipal.IsAccountLockedOut(); | ||
+ | } | ||
+ | #endregion | ||
+ | |||
+ | #region Search Methods | ||
+ | |||
+ | /// < | ||
+ | /// Gets a certain user on Active Directory | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public UserPrincipal GetUser(string sUserName) | ||
+ | { | ||
+ | PrincipalContext oPrincipalContext = GetPrincipalContext(); | ||
+ | |||
+ | UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(oPrincipalContext, | ||
+ | return oUserPrincipal; | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Gets a certain group on Active Directory | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public GroupPrincipal GetGroup(string sGroupName) | ||
+ | { | ||
+ | PrincipalContext oPrincipalContext = GetPrincipalContext(); | ||
+ | |||
+ | GroupPrincipal oGroupPrincipal = GroupPrincipal.FindByIdentity(oPrincipalContext, | ||
+ | return oGroupPrincipal; | ||
+ | } | ||
+ | |||
+ | #endregion | ||
+ | |||
+ | #region User Account Methods | ||
+ | |||
+ | /// < | ||
+ | /// Sets the user password | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | public void SetUserPassword(string sUserName, string sNewPassword, | ||
+ | { | ||
+ | try | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | oUserPrincipal.SetPassword(sNewPassword); | ||
+ | sMessage = ""; | ||
+ | } | ||
+ | catch (Exception ex) | ||
+ | { | ||
+ | sMessage = ex.Message; | ||
+ | } | ||
+ | |||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Enables a disabled user account | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | public void EnableUserAccount(string sUserName) | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | oUserPrincipal.Enabled = true; | ||
+ | oUserPrincipal.Save(); | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Force disbaling of a user account | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | public void DisableUserAccount(string sUserName) | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | oUserPrincipal.Enabled = false; | ||
+ | oUserPrincipal.Save(); | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Force expire password of a user | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | public void ExpireUserPassword(string sUserName) | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | oUserPrincipal.ExpirePasswordNow(); | ||
+ | oUserPrincipal.Save(); | ||
+ | |||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Unlocks a locked user account | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | public void UnlockUserAccount(string sUserName) | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | oUserPrincipal.UnlockAccount(); | ||
+ | oUserPrincipal.Save(); | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Creates a new user on Active Directory | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public UserPrincipal CreateNewUser(string sOU, string sUserName, string sPassword, string sGivenName, string sSurname) | ||
+ | { | ||
+ | if (!IsUserExisiting(sUserName)) | ||
+ | { | ||
+ | PrincipalContext oPrincipalContext = GetPrincipalContext(sOU); | ||
+ | |||
+ | UserPrincipal oUserPrincipal = new UserPrincipal(oPrincipalContext, | ||
+ | |||
+ | //User Log on Name | ||
+ | oUserPrincipal.UserPrincipalName = sUserName; | ||
+ | oUserPrincipal.GivenName = sGivenName; | ||
+ | oUserPrincipal.Surname = sSurname; | ||
+ | oUserPrincipal.Save(); | ||
+ | |||
+ | return oUserPrincipal; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | return GetUser(sUserName); | ||
+ | } | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Deletes a user in Active Directory | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public bool DeleteUser(string sUserName) | ||
+ | { | ||
+ | try | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | |||
+ | oUserPrincipal.Delete(); | ||
+ | return true; | ||
+ | } | ||
+ | catch | ||
+ | { | ||
+ | return false; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | #endregion | ||
+ | |||
+ | #region Group Methods | ||
+ | |||
+ | /// < | ||
+ | /// Creates a new group in Active Directory | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public GroupPrincipal CreateNewGroup(string sOU, string sGroupName, string sDescription, | ||
+ | { | ||
+ | PrincipalContext oPrincipalContext = GetPrincipalContext(sOU); | ||
+ | |||
+ | GroupPrincipal oGroupPrincipal = new GroupPrincipal(oPrincipalContext, | ||
+ | oGroupPrincipal.Description = sDescription; | ||
+ | oGroupPrincipal.GroupScope = oGroupScope; | ||
+ | oGroupPrincipal.IsSecurityGroup = bSecurityGroup; | ||
+ | oGroupPrincipal.Save(); | ||
+ | |||
+ | return oGroupPrincipal; | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Adds the user for a given group | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public bool AddUserToGroup(string sUserName, string sGroupName) | ||
+ | { | ||
+ | try | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | GroupPrincipal oGroupPrincipal = GetGroup(sGroupName); | ||
+ | if (oUserPrincipal != null && oGroupPrincipal != null) | ||
+ | { | ||
+ | if (!IsUserGroupMember(sUserName, | ||
+ | { | ||
+ | oGroupPrincipal.Members.Add(oUserPrincipal); | ||
+ | oGroupPrincipal.Save(); | ||
+ | } | ||
+ | } | ||
+ | return true; | ||
+ | } | ||
+ | catch | ||
+ | { | ||
+ | return false; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Removes user from a given group | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public bool RemoveUserFromGroup(string sUserName, string sGroupName) | ||
+ | { | ||
+ | try | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | GroupPrincipal oGroupPrincipal = GetGroup(sGroupName); | ||
+ | if (oUserPrincipal != null && oGroupPrincipal != null) | ||
+ | { | ||
+ | if (IsUserGroupMember(sUserName, | ||
+ | { | ||
+ | oGroupPrincipal.Members.Remove(oUserPrincipal); | ||
+ | oGroupPrincipal.Save(); | ||
+ | } | ||
+ | } | ||
+ | return true; | ||
+ | } | ||
+ | catch | ||
+ | { | ||
+ | return false; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Checks if user is a member of a given group | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public bool IsUserGroupMember(string sUserName, string sGroupName) | ||
+ | { | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | GroupPrincipal oGroupPrincipal = GetGroup(sGroupName); | ||
+ | |||
+ | if (oUserPrincipal != null && oGroupPrincipal != null) | ||
+ | { | ||
+ | return oGroupPrincipal.Members.Contains(oUserPrincipal); | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | return false; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Gets a list of the users group memberships | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public ArrayList GetUserGroups(string sUserName) | ||
+ | { | ||
+ | ArrayList myItems = new ArrayList(); | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | |||
+ | PrincipalSearchResult< | ||
+ | |||
+ | foreach (Principal oResult in oPrincipalSearchResult) | ||
+ | { | ||
+ | myItems.Add(oResult.Name); | ||
+ | } | ||
+ | return myItems; | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Gets a list of the users authorization groups | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public ArrayList GetUserAuthorizationGroups(string sUserName) | ||
+ | { | ||
+ | ArrayList myItems = new ArrayList(); | ||
+ | UserPrincipal oUserPrincipal = GetUser(sUserName); | ||
+ | |||
+ | PrincipalSearchResult< | ||
+ | |||
+ | foreach (Principal oResult in oPrincipalSearchResult) | ||
+ | { | ||
+ | myItems.Add(oResult.Name); | ||
+ | } | ||
+ | return myItems; | ||
+ | } | ||
+ | |||
+ | #endregion | ||
+ | |||
+ | #region Helper Methods | ||
+ | |||
+ | /// < | ||
+ | /// Gets the base principal context | ||
+ | /// </ | ||
+ | /// < | ||
+ | public PrincipalContext GetPrincipalContext() | ||
+ | { | ||
+ | PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, | ||
+ | return oPrincipalContext; | ||
+ | } | ||
+ | |||
+ | /// < | ||
+ | /// Gets the principal context on specified OU | ||
+ | /// </ | ||
+ | /// <param name=" | ||
+ | /// < | ||
+ | public PrincipalContext GetPrincipalContext(string sOU) | ||
+ | { | ||
+ | PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, | ||
+ | return oPrincipalContext; | ||
+ | } | ||
+ | |||
+ | #endregion | ||
+ | |||
+ | } | ||
+ | </ | ||
+ | |||
+ | Now this is how to use it. | ||
+ | <code csharp> | ||
+ | ADMethodsAccountManagement ADMethods = new ADMethodsAccountManagement(); | ||
+ | |||
+ | UserPrincipal myUser = ADMethods.GetUser(" | ||
+ | myUser.GivenName = "Given Name"; | ||
+ | myUser.Surname = " | ||
+ | myUser.MiddleName = " | ||
+ | myUser.EmailAddress = "Email Address"; | ||
+ | myUser.EmployeeId = " | ||
+ | myUser.Save(); | ||
+ | </ |