|
|
|
|
|
|
|
Total page views :
151340
|
|
Total downloads :
2654
|
|
|
|
|
Download
Files:
|
|
|
|
|
|
|
|
|
|
|
|
|
Similar ArticlesMost ReadTop RatedLatest
|
|
|
|
|
|
|
|
|
|
Some time ago I was working in a project where I had to design and develop a service to synchronize a human resources database with an Active Directory (AD). To accomplish my goal, I created a service that used .NET Directory Services, and after some months, the project succeeded. I had to invest a ton of extra hours to the project because I had a hard time finding sample .NET code and documentation related to specific tasks needed to work with AD User Accounts.
Microsoft Technet offers a script repository to work with AD User Accounts; however, I needed to work with .NET and I could not find samples for all the tasks I needed to program. I promised to myself that one day I would publish the code samples I found and created to help other developers who are working with Directory Services. So, I wish you a happy AD.NET programming and I hope my work saves you some time. The code samples I provide are written in VB.Net.
1. Create a connection to Active Directory.
''' <summary>
''' Method used to create an entry to the AD.
''' Replace the path, username, and password.
''' </summary>
''' <returns>DirectoryEntry</returns>
Public Shared Function GetDirectoryEntry() As DirectoryEntry
Private de As DirectoryEntry = New DirectoryEntry()
Private de.Path = "LDAP://192.168.1.1/CN=Users;DC=Yourdomain"
de.Username = "yourdomain\sampleuser"
de.Password = "samplepassword"
Return de
End Function
2. Create a secure connection to Active Directory.
To connect to the AD, you need a user account that belongs to the domain you want to connect to. Most user accounts have permissions to search the AD; however, to modify the AD, you need a user account that is a member of the group of Domain Administrators (DomainAdmin). An account that belongs to this group has high privileges and hardcoding the user and password of this account in your code can compromise the security of the AD. I don't recommend you to create directory entries where usernames and passwords are hardcoded. Try to connect to the AD using a secure connection.
''' <summary>
''' Method used to create an entry to the AD using a secure connection.
''' Replace the path.
''' </summary>
''' <returns>DirectoryEntry</returns>
Public Shared Function GetDirectoryEntry() As DirectoryEntry
Dim de As DirectoryEntry = New DirectoryEntry()
Private de.Path = "LDAP://192.168.1.1/CN=Users;DC=Yourdomain"
de.AuthenticationType = AuthenticationTypes.Secure
Return de
End Function
To connect to the AD using a secure connection, you need to delegate the permissions of a user account with DomainAdmin permissions to the thread that is running a program. For instance, I created an exe and I ran the program using the Run As command to start a program. I delegated the user's principal identity and culture to the current thread that runs the program. To delegate the principal identity and culture to the current thread, I used the following code:
''' <summary>
''' Establish identity (principal) and culture for a thread.
''' </summary>
Public Shared Sub SetCultureAndIdentity()
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
Dim principal As WindowsPrincipal = CType(Thread.CurrentPrincipal, WindowsPrincipal)
Dim identity As WindowsIdentity = CType(principal.Identity, WindowsIdentity)
System.Threading.Thread.CurrentThread.CurrentCulture = New CultureInfo("en-US")
End Sub
3. Validate if a user exists.
''' <summary>
''' Method to validate if a user exists in the AD.
''' </summary>
''' <param name="UserName"></param>
''' <returns></returns>
Public Function UserExists(ByVal UserName As String) As Boolean
Dim de As DirectoryEntry = ADHelper.GetDirectoryEntry()
Dim deSearch As DirectorySearcher = New DirectorySearcher()
deSearch.SearchRoot =de
deSearch.Filter = "(&(objectClass=user) (cn=" & UserName & "))"
Dim results As SearchResultCollection = deSearch.FindAll()
If results.Count = 0 Then
Return False
Else
Return True
End If
End Function
4. Set user's properties.
''' <summary>
''' Helper method that sets properties for AD users.
''' </summary>
''' <param name="de"></param>
''' <param name="PropertyName"></param>
''' <param name="PropertyValue"></param>
Public Shared Sub SetProperty(ByVal de As DirectoryEntry, ByVal PropertyName As String, ByVal PropertyValue As String)
If Not PropertyValue Is Nothing Then
If de.Properties.Contains(PropertyName) Then
de.Properties(PropertyName)(0)=PropertyValue
Else
de.Properties(PropertyName).Add(PropertyValue)
End If
End If
5. Set user's country.
To set the country property for a user was one of the tasks that took me some time to figure out. After some hours of research I realized that you need to know the ISO 3166 Codes for countries and set three properties to define a user's country: c, co, and countryCode.
' Set the co property using the name of the country.
SetProperty(newuser,"co","MEXICO")
' Set the c property using the two-letter country code (ISO 3166 A 2).
SetProperty(newuser,"c","MX")
' Set the countryCode property using the numeric value (ISO 3166 Number) of the country.
SetProperty(newuser,"countryCode","484")
}
6. Set user's password.
Setting the password for a user requires some work. I will walk you through the steps I followed to set a password for a user:
a) Create or download a helper class that generates random passwords that comply with the strong password rules. I was short of time and couldn't develop one, so I downloaded the RandomPassword class created by Obviex.
b) Create a method that consumes the RandomPassword helper class
''' <summary>
''' Method that consumes a helper class library
''' to generate random passwords.
''' </summary>
''' <returns></returns>
Public Function SetSecurePassword() As String
Dim rp As RandomPassword = New RandomPassword()
Return rp.Generate(8,8)
End Function
c) Set the password property using the usr.Invoke method.
''' <summary>
''' Method to set a user's password
''' <param name="path"></param>
Public Sub SetPassword(ByVal path As String)
Dim usr As DirectoryEntry = New DirectoryEntry()
usr.Path = path
usr.AuthenticationType = AuthenticationTypes.Secure
Dim password As Object() = New Object() {SetSecurePassword()}
Dim ret As Object = usr.Invoke("SetPassword", password)
usr.CommitChanges()
usr.Close()
End Sub
The usr.Invoke method can be called once within the same AppDomain, otherwise your program will crash. If you place a call to the usr.Invoke method inside a for construct, the first run will be succesful, but the second one will crash the compiler. I created a workaround that helped me to solve this problem. I made a separate console application (SetPassword.exe) and I called and started the process programatically from the SetPassword method.
- Download the SetPassword project.
- Copy the SetPassword.exe file in your application.
- Call and start SetPassword.exe from your application.
''' </summary>
''' Method that calls and starts SetPassword.exe
''' <param name="path"></param>
''' <param name="password"></param>
Public Sub SetPassword(ByVal path As String, ByVal password As String)
Dim args As StringBuilder = New StringBuilder()
args.Append(path)
args.Append(" ")
args.Append(password)
Dim startInfo As ProcessStartInfo = New ProcessStartInfo("SetPassword.exe",args.ToString())
startInfo.WindowStyle = ProcessWindowStyle.Hidden
Process.Start(startInfo)
End Sub
7. Enable a user account.
''' <summary>
''' Method to enable a user account in the AD.
''' </summary>
''' <param name="de"></param>
Private Shared Sub EnableAccount(ByVal de As DirectoryEntry)
'UF_DONT_EXPIRE_PASSWD 0x10000
Dim exp As Integer = CInt(de.Properties("userAccountControl").Value)
de.Properties("userAccountControl").Value = exp Or &H0001
de.CommitChanges()
'UF_ACCOUNTDISABLE 0x0002
Dim val As Integer = CInt(de.Properties("userAccountControl").Value)
de.Properties("userAccountControl").Value = val And Not &H0002
de.CommitChanges()
End Sub
8. Add a user to a group.
''' <summary>
''' Method to add a user to a group
''' </summary>
''' <param name="de"></param>
''' <param name="deUser"></param>
''' <param name="GroupName"></param>
Public Shared Sub AddUserToGroup(ByVal de As DirectoryEntry, ByVal deUser As DirectoryEntry, ByVal GroupName As String)
Dim deSearch As DirectorySearcher = New DirectorySearcher()
deSearch.SearchRoot = de
deSearch.Filter = "(&(objectClass=group) (cn=" & GroupName & "))"
Dim results As SearchResultCollection = deSearch.FindAll()
Dim isGroupMember As Boolean = False
If results.Count>0 Then
Dim group As DirectoryEntry = GetDirectoryEntry(results(0).Path)
Dim members As Object = group.Invoke("Members",Nothing)
For Each member As Object In CType(members, IEnumerable)
Dim x As DirectoryEntry = New DirectoryEntry(member)
Dim name As String = x.Name
If name <> deUser.Name Then
isGroupMember = False
Else
isGroupMember = True
Exit For
End If
Next member
If (Not isGroupMember) Then
group.Invoke("Add", New Object() {deUser.Path.ToString()})
End If
group.Close()
End If
Return
End Sub
9. Generate a mailbox for a user in Microsoft Exchange Server.
You might need to create a mailbox for a user in Microsoft Exchange Server. Network configuration and server architecture can add complexity to the process of programmatically creating mailboxes for users, but you know, there's always a workaround. You can invoke a script that creates mailboxes from a remote machine. I will walk you through the steps I followed to create a mailbox for a user in Microsoft Exchange Server.
- On the Domain Controller server, create the directory C:\TestRemoteMailbox.
- Download the scripts MailBox.vbs and WSHControl.vbs.
- Copy the script Mailbox.vbs to the directory C:\TestRemoteMailbox.
- Note: Mailbox.vbs is a script that creates MailBoxes in Microsoft Exchange.
- Copy the script WSHControl.vbs to your application directory.
Note: WSHControl.vbs is a script that invokes the MailBox.vbs script on a remote machine (Domain Controller).
- From your application, call and start WSHControl.vbs.
''' <summary>
''' Method that calls and starts a WSHControl.vbs
''' </summary>
''' <param name="userAlias"></param>
Public Sub GenerateMailBox(ByVal userAlias As String)
Dim mailargs As StringBuilder = New StringBuilder()
mailargs.Append("WSHControl.vbs")
mailargs.Append(" ")
mailargs.Append(userAlias)
Dim sInfo As ProcessStartInfo = New ProcessStartInfo("Wscript.exe",mailargs.ToString())sInfo.WindowStyle = ProcessWindowStyle.Hidden
Process.Start(sInfo)
End Sub
10. Create a user account.
''' <summary>
''' Method that creates a new user account
''' </summary>
''' <param name="employeeID"></param>
''' <param name="name"></param>
''' <param name="login"></param>
''' <param name="email"></param>
''' <param name="group"></param>
Public Sub CreateNewUser(ByVal employeeID As String, ByVal name As String, ByVal login As String, ByVal email As String, ByVal group As String)
Dim catalog As Catalog = New Catalog()
Dim de As DirectoryEntry = ADHelper.GetDirectoryEntry()
''' 1. Create user account
Dim users As DirectoryEntries = de.Children
Dim newuser As DirectoryEntry = users.Add("CN=" & login, "user")
''' 2. Set properties
SetProperty(newuser,"employeeID", employeeID)
SetProperty(newuser,"givenname", name)
SetProperty(newuser,"SAMAccountName", login)
SetProperty(newuser,"userPrincipalName", login)
SetProperty(newuser,"mail", email)
newuser.CommitChanges()
''' 3. Set password
SetPassword(newuser.Path)
newuser.CommitChanges()
''' 4. Enable account
EnableAccount(newuser)
''' 5. Add user account to groups
AddUserToGroup(de,newuser,group)
''' 6. Create a mailbox in Microsoft Exchange
GenerateMailBox(login)
newuser.Close()
de.Close()
End Sub
11. Disable a user account.
''' <summary>
''' Method that disables a user account in the AD and hides user's email from Exchange address lists.
''' </summary>
''' <param name="EmployeeID"></param>
Public Sub DisableAccount(ByVal EmployeeID As String)
Dim de As DirectoryEntry = GetDirectoryEntry()
Dim ds As DirectorySearcher = New DirectorySearcher(de)
ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" & EmployeeID & "))"
ds.SearchScope = SearchScope.Subtree
Dim results As SearchResult = ds.FindOne()
If Not results Is Nothing Then
Dim dey As DirectoryEntry = GetDirectoryEntry(results.Path)
Dim val As Integer = CInt(dey.Properties("userAccountControl").Value)
dey.Properties("userAccountControl").Value = val Or &H0002
dey.Properties("msExchHideFromAddressLists").Value = "TRUE"
dey.CommitChanges()
dey.Close()
End If
de.Close()
End Sub
12. Update user account.
''' <summary>
''' Method that updates user's properties
''' </summary>
''' <param name="employeeID"></param>
''' <param name="department"></param>
''' <param name="title"></param>
''' <param name="company"></param>
Public Sub ModifyUser(ByVal employeeID As String, ByVal department As String, ByVal title As String, ByVal company As String)
Dim de As DirectoryEntry = GetDirectoryEntry()
Dim ds As DirectorySearcher = New DirectorySearcher(de)
ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" & employeeID & "))"
ds.SearchScope = SearchScope.Subtree
Dim results As SearchResult = ds.FindOne()
If Not results Is Nothing Then
Dim dey As DirectoryEntry = GetDirectoryEntry(results.Path)
SetProperty(dey, "department", department)
SetProperty(dey, "title", title)
SetProperty(dey, "company", company)
dey.CommitChanges()
dey.Close()
End If
de.Close()
End Sub
13. Validate if a string has a correct email pattern.
''' <summary>
''' Method that validates if a string has an email pattern.
''' </summary>
''' <param name="mail"></param>
''' <returns></returns>
Public Function IsEmail(ByVal mail As String) As Boolean
Dim mailPattern As Regex = New Regex("\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*")
Return mailPattern.IsMatch(mail)
End Function
14. Extract a user alias from an email account.
''' <summary>
''' Method to extract the alias from an email account.
''' dada una cuenta de correo electrónico
''' </summary>
''' <param name="mailAddress"></param>
''' <returns></returns>
Public Function GetAlias(ByVal mailAddress As String) As String
If IsEmail(mailAddress) Then
Return mailAddress.Substring(0,mailAddress.IndexOf("@"))
Else
Return " "
End If
End Function
15. Format dates to AD date format (AAAAMMDDMMSSSS.0Z).
''' <summary>
''' Method that formats a date in the required format
''' needed (AAAAMMDDMMSSSS.0Z) to compare dates in AD.
''' </summary>
''' <param name="date"></param>
''' <returns>Date in valid format for AD</returns>
Public Function ToADDateString(ByVal date_Renamed As DateTime) As String
Dim year As String = date_Renamed.Year.ToString()
Dim month As Integer = date_Renamed.Month
Dim day As Integer = date_Renamed.Day
Dim sb As StringBuilder = New StringBuilder()
sb.Append(year)
If month <10 Then
sb.Append("0")
End If
sb.Append(month.ToString())
If day <10 Then
sb.Append("0")
End If
sb.Append(day.ToString())
sb.Append("000000.0Z")
Return sb.ToString()
End Function
16. Search users.
When you use Directory Services, you can accomplish many interesting tasks such as searching and filtering users. The DirectorySearcher object allows you to query the AD. The following sample code queries the AD to search all the user accounts that were modified from a given date. The results are stored in a DataTable, so you can easily databind them.
''' <summary>
''' Method that returns a DataTable with a list of users modified from a given date.
''' </summary>
''' <param name="fromdate"></param>
Public Function GetModifiedUsers(ByVal fromdate As DateTime) As DataTable
Dim dt As DataTable = New DataTable()
dt.Columns.Add("EmployeeID")
dt.Columns.Add("Name")
dt.Columns.Add("Email")
Dim de As DirectoryEntry = GetDirectoryEntry()
Dim ds As DirectorySearcher = New DirectorySearcher(de)
Dim filter As StringBuilder = New StringBuilder()
filter.Append("(&(objectCategory=Person)(objectClass=user)(whenChanged>=")filter.Append(date.ToADDateString())
filter.Append("))")
ds.Filter=filter.ToString()
ds.SearchScope = SearchScope.Subtree
Dim results As SearchResultCollection= ds.FindAll()
For Each result As SearchResult In results
Dim dr As DataRow = dt.NewRow()
Dim dey As DirectoryEntry = GetDirectoryEntry(result.Path)
dr("EmployeeID") = dey.Properties("employeeID").Value
dr("Name") = dey.Properties("givenname").Value
dr("Email") = dey.Properties("mail").Value
dt.Rows.Add(dr)
dey.Close()
Next result
de.Close()
Return dt
End Function
NOTE: THIS ARTICLE IS CONVERTED FROM C# TO VB.NET USING A CONVERSION TOOL. ORIGINAL ARTICLE CAN BE FOUND ON C# CORNER (WWW.C-SHARPCORNER.COM).
|
|
|
Login
to add your contents and source code to this article
|
|
|
|
|
|
|
|
Erika Ehrli
I am an Information Systems Engineer and I am currently enrolled to the UW Technical Writing and Editing Certificate Program. I love coding and writing, so this space is the combination of my two passions. I worked full-time in Microsoft Mexico as a Development Consultant and became specialized in Web Application Development.
|
|
|
|
|
|
|
|
|
C# Consulting is founded in 2002 by the founders of C# Corner. Unlike a traditional
consulting company, our consultants are well-known experts in .NET and many of them
are MVPs, authors, and trainers. We specialize in Microsoft .NET development and
utilize Agile Development and Extreme Programming practices to provide fast pace
quick turnaround results. Our software development model is a mix of Agile Development,
traditional SDLC, and Waterfall models.
|
|
Click here to learn more about C# Consulting. |
|
|
|
|
|
|
|
Introducing MaxV - one click. infinite control. Hyper-V Hosting from MaximumASP.
Finally – a virtual platform that delivers next-generation Windows Server 2008 Hyper-V virtualization technology from a managed hosting partner you can truly depend on. Visit www.maximumasp.com/max for a FREE 30 day trial. Hurry offer ends soon.
Climb aboard the MaxV platform and take advantage of High Availability, Intelligent Monitoring, Recurrent Backups, and Scalability – with no hassle or hidden fees.
As a managed hosting partner focused solely on Microsoft technologies since 2000, MaximumASP is uniquely qualified to provide the superior support that our business is built on. Unparalleled expertise with Microsoft technologies lead to working directly with Microsoft as first to offer IIS 7 and SQL 2008 betas in a hosted environment; partnering in the Go Live Program for Hyper-V; and product co-launches built on WS 2008 with Hyper-V technology.
|
Dynamic PDF
ceTE software specializes in components for dynamic PDF generation and manipulation. The DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and new content to existing PDF documents from within your applications.
|
Go.NET
Build custom interactive diagrams, network, workflow editors, flowcharts, or software design tools. Includes many predefined kinds of nodes, links, and basic shapes. Supports layers, scrolling, zooming, selection, drag-and-drop, clipboard, in-place editing, tooltips, grids, printing, overview window, palette. 100% implemented in C# as a managed .NET Control. Document/View/Tool architecture with many properties&events. Optional automatic layout.
|
Dundas Software
Dundas Chart for .NET is the most advanced .NET charting package available today. With an extremely complete feature set, elegant architecture and easy implementation, Dundas Chart can quickly add advanced Charting functionality to enhance and transform ASP.NET and Windows Forms applications. Whether you are implementing charting into internal projects, or building applications for clients, Dundas Chart offers advanced technology and advanced results to get the most out of data.
|
60 FREE UI Controls from DevExpress
Register for your FREE copy on over 60 free presentation controls from
DevExpress - Absolutely Free-of-Charge without any royalties or distribution
costs. Visit Devexpress.com/60 today. Free controls include advanced lists box, dropdown calendar, rich text edit, spin
edit, tab control and so much more!
DevExpress engineers feature rich presentation controls and reporting tools for WinForms, ASP.NET, WPF, and Silverlight. Our technologies help you build your best, see complex software with greater clarity and deliver compelling business solutions for Windows and the web in the shortest possible time.
|
Clickatell's SMS Gateway
Clickatell's Developer Solutions allow you to SMS enable any website or
application via a range of API's. Learn More about our API connections.
|
Microsoft Visual Studio 2010
Visualize your workspace with new multiple monitor support, powerful Web development, new SharePoint support with tons of templates and Web parts, and more accurate targeting of any version of the .NET Framework. Get set to unleash your creativity.
|
Nevron Chart for .NET 2010.1 Now Available
The leading .NET charting control now features PDF, Flash and Silverlight export, visualization of large datasets and more. Deliver true charting functionality to your BI, Scorecard, Presentation or Scientific apps. Download evaluation now.
|
Developer-Ready ASP.NET 2.0 Web Hosting with 3 MONTHS FREE
Now supporting .NET 3.0 Framework with Windows Workflow Foundation, Windows Communication Foundation (WCF), Windows Presentation Foundation (WPF), windows CardSpace (WCS)! Providing more flexibility for Developers with Web Services Support and a User/Permission Manger. Also supporting MS SQL 2005/2000 with Real-Time Backups, FREE Automated Attach .MDF Tool, FREE SQL Restore and Shrink SQL DB Tools, and SQL
|
|
|
|
|
|
|
|
|
|
|
|
|