AccessActiveDirectory
3.15/5 (10 votes)
Mar 9, 2005
4 min read
49620
1288
An article exhibiting the use of the "AccessActiveDirectory" utility on how to play with the members of the Active Directory for any specified domain.
Introduction
This article highlights the features of the AccessActiveDirectory utility that can perform a set of listed operations on Active Directory (AD).
The utility takes care of pretty much everything for you:
- Add members to AD.
- Remove members from AD.
- Search members in AD.
- Create members in AD.
- Delete members from AD.
- Gets the properties of a member from AD.
- Updates properties of a member in AD.
- Checks whether the given object exists in AD.
AccessActiveDirectory - method definition
Constructor
This component has three overloaded constructors. The first constructor is used to define the TargetType (enumerator - defined in source), target name and the source object that will get added/removed to the specified target. Any client that is using this constructor should call the SetAdsPath() method to set the target object path.
Signature
public AccessActiveDirectory(TargetType objtargetType,
string strTargetName, string strDomainPath)
objtargetType- TheTargetTypedefines the type of the target. It is an enumerator and can take any of these three values (user, computer, group).strTargetName- The name of the target object. It can be a group or user or computer name.strDomainPath- The source object domain path.
The second constructor is used to define the TargetType (enumerator - defined in source), target name, the source object that will get added/removed to the specified target and the PDCEmulator if we have more than one primary domain servers. Any client that is using this constructor should call the SetAdsPath() method to set the target object path.
Signature
public AccessActiveDirectory(TargetType objtargetType,
string strTargetName,
string strDomainPath,
string strPDCEmulator)
objtargetType- TheTargetTypedefines the type of the target. It is a enumerator and can take any of these three values (user, computer, group).strTargetName- The name of the target object. It can be a group or user or computer name.strDomainPath- The source object domain path.strPDCEmulator- The PDC emulator name.
The third and the last constructor is used to define the TargetPath and the source object that will get added/removed to the specified target.
Signature
public AccessActiveDirectory(string strTargetPath, string strDomainPath)
strTargetPath- The target object AD domain path.strDomainPath- The source object domain path.
Add members to group
This function adds a member (strDomainPath) to the target group specified in the constructor. The member can be a user, computer or group which is added to the target which can again be a group.
Signature
public void AddMembersToGroup(string strMemberPath)
strMemberPath- The AD path of the member object that has to be added.
// Get the group object
direntGroup = new DirectoryEntry(mstrTargetPath);
// Add the member to the group
direntGroup.Invoke("Add", new Object[] { strMemberPath });
Remove members from group
This function removes an existing member strDomainPath from the target group specified in the constructor. The member can be a user, computer or group which is removed from the target which can again be a group.
Signature
public void RemoveMembersFromGroup(string strMemberPath)
strMemberPath- The AD path of the member object that has to be removed.
// Get the group object
direntGroup = new DirectoryEntry(mstrTargetPath);
// Add the member to the group
direntGroup.Invoke("Remove", new Object[] { strMemberPath });
Member count check
This function checks whether the member count of the target object exceeds 5000. This is to ensure that the groups are not exceeded with more members. Rather a new sub-group can be created under the main group and the members can be added to that sub-group. With that maintainability will not be a threat in the future. You can customize the count as you wish.
Signature
public bool IsMemberCountExceeds() // Get the member count
intMemberCount = direntTarget.Properties["Member"].Count;
// If the member count greater than 5000
if(intMemberCount > 5000)
{
return true;
}
else
{
return false;
}
Get member property
This function gets the property of the target object.
Signature
public string GetPropertyOfMember(string strProperty) // start searching from local domain
dirsrcTarget.SearchRoot = new DirectoryEntry(mstrTargetPath);
// Get the filter string based on TargetType/TargetName
dirsrcTarget.Filter = GetFilterString();
// start searching for the first object
objSearchResult = dirsrcTarget.FindOne();
// If thers is no records
if(objSearchResult == null)
{
// throw no Record
throw new VinodException("INF-UTY-001");
}
// Get the directory entries of the selected one
direntTarget = objSearchResult.GetDirectoryEntry();
// return the directoryentry object
objMemberColln = direntTarget.Properties[strProperty];
Set AD path
This function sets the AD's path for the target using the target name/type provided in the constructor. As defined above, it's mandatory to call this method if you are using the first two constructors to set the target AD's path. It searches the target object in Active Directory to get the AD's path of the target object and sets it to a member variable.
Signature
public void SetAdsPath()
Get CN path
This function gets the first CN of the given AdsPath, generally the qualified domain name.
Signature
public string GetCNOfAdsPath(string strAdsPath)
Get MemberOf target
This function gets the memberOf property value from the target object.
Signature
public PropertyValueCollection GetMembersOfGroup()
Get members of the target
This function gets the members property value from the target object.
Signature
public PropertyValueCollection GetGroupMembers()
Create group
This function creates a new group at the given container path with the provided group name.
Signature
public void CreateGroup(string strGroupContainerPath, string strGroupDesc)
Object exist
This is a simple function that checks whether the given object exists or not.
Signature
public bool IsObjectExist(string strAdsPath)
Update properties of an object
This function updates a collection of property values of the specified object (strAdsPath). This checks whether the object exists in AD, if so, it updates all the properties provided as a HashTable into AD.
Signature
public void UpdatePropertiesForADObject(string strAdsPath,
Hashtable htblProperties) // start searching from local domain
direntTarget = new DirectoryEntry(strAdsPath);
// Get all the enumerators
objIDictEnum = htblProperties.GetEnumerator();
//Get properties of all the hash table entries
while(objIDictEnum.MoveNext())
{
if(objIDictEnum.Value.GetType() == typeof(string))
{
// Include the property
direntTarget.Invoke("Put", objIDictEnum.Key.ToString(),
objIDictEnum.Value.ToString());
}
else if(objIDictEnum.Value.GetType() == typeof(Int32))
{
// Include the property
direntTarget.Invoke("Put", objIDictEnum.Key.ToString(),
Convert.ToInt16(objIDictEnum.Value));
}
}
// set info
direntTarget.Invoke("SetInfo");
// Commit the changes
direntTarget.CommitChanges();
Summary
This utility should be very handy for people who extensively use Active Directory. Whenever I search the net, I get only a few things in bits and pieces...so...I thought of providing a utility that does at least some basic stuff on AD. I haven't included creating a user, which I will include when I get some time. Until then, enjoy this stuff!