September 25, 2009

Active Directory and C# III

To continue this series of posts, I'd now like to talk about groups and my group helper class. It is actually quite simple and kind of looks just like the User helper. You can download all the files from here. I will upload this file from this post next week.

Before we get started, I wanted to tell you all that if you do any AD programming you should look at a book written by Joe Kaplan and Ryan Dunn . It is really the best book out there. The authors also have a site here for you to look at and a forum which is helpful. My next bit of code actually relies on code from their book. They have the code available on thei site and it can be found here. You can use the entire build or just some of the files. The main one for me was PasswordExpires (Listing 10.8, 10.9, & 10.10 in full). I use a few others in the root of their project as well ... it might be just easier to include their project. Go out and buy the book though...it is great!
using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using System.Security.Principal;
using DotNetDevGuide.DirectoryServices;
using ActiveDs;
using DotNetDevGuide.DirectoryServices.Chapter10;

namespace AdLib
{
   public class AdDomain
   {
       private const int ADS_UF_ACCOUNTDISABLE = 2;
       private DomainPolicy _policy;

       //UsersSearchPath can be from a config location
       public void CreateUser(string userName, Dictionary props)
       {
           CreateUser(userName, UsersSearchPath, props);
       }

       public void CreateUser(string userName, string path, Dictionary props)
       {
           path = GetFullPath(path);

           using (DirectoryEntry parent = OpenEntry(path))
           {
               DirectoryEntry user = parent.Children.Add(
                   String.Format("CN={0}", userName),
                   "user"
                   );

               using (user)
               {
                   // Set default props
                   user.Properties["sAMAccountName"].Add(userName);
                   user.CommitChanges();


                   // Set user defined props
                   foreach (string propName in props.Keys)
                   {
                       if (propName.ToLower() == "password")
                           continue;

                       user.Properties[propName].Add(props[propName]);
                       user.CommitChanges();
                   }

                   if (props.ContainsKey("password"))
                       ((IADsUser)user.NativeObject).SetPassword((string)props["password"]);

                   user.CommitChanges();

                   EnableAccount(user);
               }
           }
       }

       private void EnableAccount(DirectoryEntry entry)
       {
           int userAccountControl = (int)entry.Properties["userAccountControl"][0];
           userAccountControl &= ~ADS_UF_ACCOUNTDISABLE;
           entry.Properties["userAccountControl"][0] = userAccountControl;
           entry.CommitChanges();
       }

        //GroupsSearchPath can be from a config location
       public void CreateGroup(string groupName, int type)
       {
           CreateGroup(groupName, type, GroupsSearchPath);
       }

       public void CreateGroup(string groupName, int type, string groupOU)
       {
           groupOU = GetFullPath(groupOU);

           using (DirectoryEntry parent = OpenEntry(groupOU))
           {
               DirectoryEntry group = parent.Children.Add(
                   String.Format("CN={0}", groupName),
                   "group"
                   );

               using (group)
               {
                   group.Properties["sAMAccountName"].Add(groupName);

                   if(type != (int)GroupType.Unknown)
                       group.Properties["groupType"].Add(type);

                   group.CommitChanges();
               }
           }
       }

 private string GetFullPath(string subPath)
       {
            //server from config 
           if (string.IsNullOrEmpty(Server))
               return string.Format("LDAP://{0}", subPath);
           else
               //server from config
               return string.Format("LDAP://{0}/{1}", Server, subPath);
       }
      
  public DirectoryEntry OpenEntry(string path)
       {
           if (path.StartsWith("LDAP://", StringComparison.InvariantCultureIgnoreCase) == false)
           {
               path = GetFullPath(path);
           }

           return new DirectoryEntry(
               path,
               Username, //from config
               Password, //from config
               AuthenticationTypes.Secure
               );
       }
I'll finish this class up next week.
Posted by Joe Langley at 8:58 AM
Labels: ,
StumbleUpon

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)