65.9K
CodeProject is changing. Read more.
Home

AccessActiveDirectory

starIconstarIconstarIcon
emptyStarIcon
starIcon
emptyStarIcon

3.15/5 (10 votes)

Mar 9, 2005

4 min read

viewsIcon

49620

downloadIcon

1288

An article exhibiting the use of the "AccessActiveDirectory" utility on how to play with the members of the Active Directory for any specified domain.

Introduction

This article highlights the features of the AccessActiveDirectory utility that can perform a set of listed operations on Active Directory (AD).

The utility takes care of pretty much everything for you:

  • Add members to AD.
  • Remove members from AD.
  • Search members in AD.
  • Create members in AD.
  • Delete members from AD.
  • Gets the properties of a member from AD.
  • Updates properties of a member in AD.
  • Checks whether the given object exists in AD.

AccessActiveDirectory - method definition

Constructor

This component has three overloaded constructors. The first constructor is used to define the TargetType (enumerator - defined in source), target name and the source object that will get added/removed to the specified target. Any client that is using this constructor should call the SetAdsPath() method to set the target object path.

Signature

public AccessActiveDirectory(TargetType objtargetType, 
              string strTargetName, string strDomainPath)
  • objtargetType - The TargetType defines the type of the target. It is an enumerator and can take any of these three values (user, computer, group).
  • strTargetName - The name of the target object. It can be a group or user or computer name.
  • strDomainPath - The source object domain path.

The second constructor is used to define the TargetType (enumerator - defined in source), target name, the source object that will get added/removed to the specified target and the PDCEmulator if we have more than one primary domain servers. Any client that is using this constructor should call the SetAdsPath() method to set the target object path.

Signature

public AccessActiveDirectory(TargetType objtargetType, 
                                 string strTargetName, 
                                 string strDomainPath, 
                                string strPDCEmulator)
  • objtargetType - The TargetType defines the type of the target. It is a enumerator and can take any of these three values (user, computer, group).
  • strTargetName - The name of the target object. It can be a group or user or computer name.
  • strDomainPath - The source object domain path.
  • strPDCEmulator- The PDC emulator name.

The third and the last constructor is used to define the TargetPath and the source object that will get added/removed to the specified target.

Signature

public AccessActiveDirectory(string strTargetPath, string strDomainPath)
  • strTargetPath - The target object AD domain path.
  • strDomainPath - The source object domain path.

Add members to group

This function adds a member (strDomainPath) to the target group specified in the constructor. The member can be a user, computer or group which is added to the target which can again be a group.

Signature

public void AddMembersToGroup(string strMemberPath)
  • strMemberPath - The AD path of the member object that has to be added.
// Get the group object
direntGroup = new DirectoryEntry(mstrTargetPath);
// Add the member to the group
direntGroup.Invoke("Add", new Object[] { strMemberPath });

Remove members from group

This function removes an existing member strDomainPath from the target group specified in the constructor. The member can be a user, computer or group which is removed from the target which can again be a group.

Signature

public void RemoveMembersFromGroup(string strMemberPath)
  • strMemberPath - The AD path of the member object that has to be removed.
    // Get the group object
    direntGroup = new DirectoryEntry(mstrTargetPath);
    // Add the member to the group
    direntGroup.Invoke("Remove", new Object[] { strMemberPath });

Member count check

This function checks whether the member count of the target object exceeds 5000. This is to ensure that the groups are not exceeded with more members. Rather a new sub-group can be created under the main group and the members can be added to that sub-group. With that maintainability will not be a threat in the future. You can customize the count as you wish.

Signature

public bool IsMemberCountExceeds()
    // Get the member count
    intMemberCount = direntTarget.Properties["Member"].Count;
    // If the member count greater than 5000
    if(intMemberCount > 5000)
    {
       return true;
    }
    else
    {
      return false;
    }

Get member property

This function gets the property of the target object.

Signature

public string GetPropertyOfMember(string strProperty)
    // start searching from local domain
    dirsrcTarget.SearchRoot = new DirectoryEntry(mstrTargetPath);    
    // Get the filter string based on TargetType/TargetName
        dirsrcTarget.Filter = GetFilterString();    
    // start searching for the first object
    objSearchResult = dirsrcTarget.FindOne();
        // If thers is no records
    if(objSearchResult == null)
    {
        // throw no Record
        throw new VinodException("INF-UTY-001");
    }
    // Get the directory entries of the selected one
    direntTarget = objSearchResult.GetDirectoryEntry();
    // return the directoryentry object
    objMemberColln = direntTarget.Properties[strProperty];

Set AD path

This function sets the AD's path for the target using the target name/type provided in the constructor. As defined above, it's mandatory to call this method if you are using the first two constructors to set the target AD's path. It searches the target object in Active Directory to get the AD's path of the target object and sets it to a member variable.

Signature

public void SetAdsPath()

Get CN path

This function gets the first CN of the given AdsPath, generally the qualified domain name.

Signature

public string GetCNOfAdsPath(string strAdsPath)

Get MemberOf target

This function gets the memberOf property value from the target object.

Signature

public PropertyValueCollection GetMembersOfGroup()

Get members of the target

This function gets the members property value from the target object.

Signature

public PropertyValueCollection GetGroupMembers()

Create group

This function creates a new group at the given container path with the provided group name.

Signature

public void CreateGroup(string strGroupContainerPath, string strGroupDesc)

Object exist

This is a simple function that checks whether the given object exists or not.

Signature

public bool IsObjectExist(string strAdsPath)

Update properties of an object

This function updates a collection of property values of the specified object (strAdsPath). This checks whether the object exists in AD, if so, it updates all the properties provided as a HashTable into AD.

Signature

public void UpdatePropertiesForADObject(string strAdsPath, 
                                    Hashtable htblProperties)
    // start searching from local domain
    direntTarget = new DirectoryEntry(strAdsPath);    
    // Get all the enumerators
    objIDictEnum = htblProperties.GetEnumerator();
    //Get properties of all the hash table entries
    while(objIDictEnum.MoveNext())
    {
        if(objIDictEnum.Value.GetType() == typeof(string))
        {
        // Include the property
        direntTarget.Invoke("Put", objIDictEnum.Key.ToString(), 
                                   objIDictEnum.Value.ToString());
        }
        else if(objIDictEnum.Value.GetType() == typeof(Int32))
        {
            // Include the property
            direntTarget.Invoke("Put", objIDictEnum.Key.ToString(), 
                                Convert.ToInt16(objIDictEnum.Value));
        }
    }
    // set info 
    direntTarget.Invoke("SetInfo");
    // Commit the changes
    direntTarget.CommitChanges();

Summary

This utility should be very handy for people who extensively use Active Directory. Whenever I search the net, I get only a few things in bits and pieces...so...I thought of providing a utility that does at least some basic stuff on AD. I haven't included creating a user, which I will include when I get some time. Until then, enjoy this stuff!