How to create connector for active Diretory?

Asked

Viewed 372 times

2

I need to create a connector for Active Diretory,

I found this example on the internet... I heard about Migrations... You know how it works?

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");

Can anyone explain to me how it works? How should I make this connection?

1 answer

2


I don’t know where you got that Migrations is related to Active Directory. Anyway, I am constantly updating a Helper which I made for Active Directory, and which can be used by any application written in C#:

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Web;

public static class ActiveDirectoryHelper
{
    /// <summary>
    /// Converte uma array de bytes do campo thumbnailPhoto do AD para uma foto.
    /// </summary>
    /// <param name="data"></param>
    /// <returns></returns>
    static Image ByteToPhoto(byte[] data)
    {
        if (data != null)
        {
            using (MemoryStream s = new MemoryStream(data))
            {
                return Bitmap.FromStream(s);
            }
        }

        return null;
    }

    /// <summary>
    /// Pesquisa o campo thumbnailPhoto do AD.
    /// </summary>
    /// <param name="userName"></param>
    /// <returns></returns>
    static Image GetUserPicture(string userName)
    {
        using (DirectorySearcher dsSearcher = new DirectorySearcher())
        {
            dsSearcher.Filter = "(&(objectClass=user) (cn=" + userName + "))";
            SearchResult result = dsSearcher.FindOne();

            using (DirectoryEntry user = new DirectoryEntry(result.Path))
            {
                byte[] data = user.Properties["thumbnailPhoto"].Value as byte[];

                if (data != null)
                {
                    using (MemoryStream s = new MemoryStream(data))
                    {
                        return Bitmap.FromStream(s);
                    }
                }

                return null;
            }
        }
    }

    /// <summary>
    /// Traz um usuário do AD com algumas informações.
    /// </summary>
    /// <param name="search"></param>
    /// <returns></returns>
    public static ActiveDirectoryUserViewModel GetADUser(String search)
    {
        using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com"))
        {
            var result = UserPrincipal.FindByIdentity(context, search);

            return new ActiveDirectoryUserViewModel
            {
                Sid = result.Sid,
                DisplayName = result.DisplayName,
                Email = result.EmailAddress,
                Mapped = true,
                UserName = result.UserPrincipalName,
                FirstName = result.GivenName,
                MiddleName = result.MiddleName,
                Surname = result.Surname,
                VoiceTelephoneNumber = result.VoiceTelephoneNumber
            };
        }
    }

    /// <summary>
    /// Traz todos os usuários das unidades organizacionais "Usuarios" e "SP".
    /// </summary>
    /// <returns></returns>
    public static IEnumerable<ActiveDirectoryUserViewModel> GetADUsers()
    {
        using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com", "OU=Usuarios,OU=SP,DC=meudominio,DC=com"))
        {
            UserPrincipalExtended userPrincipal = new UserPrincipalExtended(context);
            userPrincipal.Enabled = true;

            using (var searcher = new PrincipalSearcher(userPrincipal))
            {
                foreach (Principal result in searcher.FindAll().Where(r => r.DisplayName != ""))
                {
                    // DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
                    UserPrincipalExtended upe = result as UserPrincipalExtended;

                    if ((upe.VoiceTelephoneNumber ?? "").Trim() != "" && (upe.Department ?? "").Trim() != "")
                    {
                        yield return new ActiveDirectoryUserViewModel
                        {
                            Sid = upe.Sid,
                            DisplayName = upe.DisplayName,
                            // UserName = de.Properties["name"].Value.ToString()
                            UserName = upe.UserPrincipalName,
                            Department = upe.Department,
                            VoiceTelephoneNumber = upe.VoiceTelephoneNumber
                        };
                    }
                }
            }
        }
    }

    /// <summary>
    /// Traz um usuário do AD por login.
    /// </summary>
    /// <param name="name"></param>
    /// <returns></returns>
    public static ActiveDirectoryUserViewModel GetADUserByLogin(String name)
    {
        var filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=" + name.Replace("DOMINIO\\", "") + "))";
        using (var context = new PrincipalContext(ContextType.Domain, "crivelli.adv"))
        { 
            var result = InternalSearch(filter);
            result.Groups = UserPrincipal.FindByIdentity(context, name)
                                         .GetGroups()
                                         .Select(g => new ActiveDirectoryGroupViewModel { Sid = g.Sid, Name = g.Name, Description = g.Description })
                                         .ToList();
            return result;
        };
    }

    /// <summary>
    /// Traz um usuário do AD por Sid (security identifier).
    /// </summary>
    /// <param name="sid"></param>
    /// <returns></returns>
    public static ActiveDirectoryUserViewModel GetADUserBySid(String sid)
    {
        var filter = "(&(objectClass=user)(objectCategory=person)(objectSid=" + sid + "))";
        return InternalSearch(filter);
    }

    /// <summary>
    /// Método auxiliar para montar pesquisas do AD.
    /// </summary>
    /// <param name="filter"></param>
    /// <returns></returns>
    static ActiveDirectoryUserViewModel InternalSearch(String filter)
    {
        using (DirectoryEntry entry = new DirectoryEntry("LDAP://meudominio.com"))
        {
            DirectorySearcher search = new DirectorySearcher(entry);
            // search.Filter = "(&(objectClass=user)(l=" + name + "))";
            search.Filter = filter;
            search.PropertiesToLoad.AddRange(new string[] {"samaccountname", "mail", "usergroup", "department", "displayname", "cn", "givenName", "initials", 
                "sn", "homePostalAddress", "title", "company", "st", "l", "co", "postalcode", "telephoneNumber", "otherTelephone", "facsimileTelephoneNumber", "mail", 
                "extensionAttribute1", "extensionAttribute2", "extensionAttribute3", "extensionAttribute4", "extensionAttribute5", "extensionAttribute6", 
                "extensionAttribute7", "extensionAttribute8", "extensionAttribute9", "extensionAttribute10", "extensionAttribute11", "extensionAttribute12", 
                "whenChanged", "whenCreated", "thumbnailPhoto", "objectSid", "objectGUID"}
            );

            foreach (SearchResult sResultSet in search.FindAll())
            {
                return new ActiveDirectoryUserViewModel
                {
                    Sid = new System.Security.Principal.SecurityIdentifier((byte[])sResultSet.Properties["objectSid"][0], 0),
                    // Guid = GetProperty(sResultSet, "objectGUID"),
                    DisplayName = GetProperty(sResultSet, "displayname"),
                    Email = GetProperty(sResultSet, "mail"),
                    Mapped = true,
                    UserName = GetProperty(sResultSet, "samaccountname"),
                    FirstName = GetProperty(sResultSet, "givenName"),
                    Surname = GetProperty(sResultSet, "sn"),
                    VoiceTelephoneNumber = GetProperty(sResultSet, "telephoneNumber"),
                    JobTitle = GetProperty(sResultSet, "title"),
                    Department = GetProperty(sResultSet, "department"),
                    Photo = sResultSet.Properties["thumbnailPhoto"][0] as byte[]
                };
            }
        }

        return new ActiveDirectoryUserViewModel();
    }

    /// <summary>
    /// Trz todos os grupos do AD.
    /// </summary>
    /// <returns></returns>
    public static IEnumerable<ActiveDirectoryGroupViewModel> GetAllGroups()
    {
        PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
        GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
        PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);

        foreach (var found in srch.FindAll())
        {
            yield return new ActiveDirectoryGroupViewModel
            {
                Name = found.Name,
                Sid = found.Sid,
                Description = found.Description
            };
        }
    }

    /// <summary>
    /// Traz um grupo do AD por Sid (security identifier).
    /// </summary>
    /// <param name="sid"></param>
    /// <returns></returns>
    public static ActiveDirectoryGroupViewModel GetGroup(String sid)
    {
        PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
        GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
        var search = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, sid);

        if (search != null)
        {
            return new ActiveDirectoryGroupViewModel {
                Name = search.Name, 
                Description = search.Description,
                Sid = search.Sid
            };

            /* foreach (Principal p in search.GetMembers())
            {
                Debug.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);
            } */
        }

        return null;
    }

    /// <summary>
    /// Método interno para tratamento de propriedade do AD.
    /// </summary>
    /// <param name="searchResult"></param>
    /// <param name="PropertyName"></param>
    /// <returns></returns>
    private static string GetProperty(SearchResult searchResult, string PropertyName)
    {
        if (searchResult.Properties.Contains(PropertyName))
        {
            return searchResult.Properties[PropertyName][0].ToString();
        }
        else
        {
            return string.Empty;
        }
    }
}

In my case, this solution caters to an ASP.NET MVC system (so it uses Viewmodels), but you can create other classes with other names if you prefer:

public class ActiveDirectoryUserViewModel
{
    [DisplayName("SID")]
    public SecurityIdentifier Sid { get; set; }
    [DisplayName("Guid")]
    public String Guid { get; set; }
    [DisplayName("Login")]
    public string Login { get; set; }
    [DisplayName("Endereço de E-Mail")]
    public string Email { get; set; }
    [DisplayName("Nome de Usuário")]
    public string UserName { get; set; }
    [DisplayName("Nome de Exibição")]
    public string DisplayName { get; set; }
    [DisplayName("Mapeado?")]
    public bool Mapped { get; set; }
    [DisplayName("Unidade Organizacional")]
    public string OrganizationalUnit { get; set; }
    [DisplayName("Primeiro Nome")]
    public string FirstName { get; set; }
    [DisplayName("Nome do Meio")]
    public string MiddleName { get; set; }
    [DisplayName("Sobrenome")]
    public string Surname { get; set; }
    [DisplayName("Telefone")]
    public string VoiceTelephoneNumber { get; set; }
    [DisplayName("Cargo")]
    public String JobTitle { get; set; }
    [DisplayName("Departamento")]
    public String Department { get; set; }
    [DisplayName("Foto")]
    public byte[] Photo { get; set; }

    [DisplayName("Grupos")]
    public List<ActiveDirectoryGroupViewModel> Groups { get; set; }
}

public class ActiveDirectoryGroupViewModel
{
    [DisplayName("Identificador de Segurança")]
    public SecurityIdentifier Sid { get; set; }
    [DisplayName("Nome")]
    public String Name { get; set; }
    [DisplayName("Descrição")]
    public String Description { get; set; }
}

The use is quite simple:

var ActiveDirectoryInfo = ActiveDirectoryHelper.GetADUserByLogin("DOMINIO\\usuario");
var listaDeUsuarios = ActiveDirectoryHelper.GetADUsers();

Browser other questions tagged

You are not signed in. Login or sign up in order to post.