Prizes & Awards
My Profile
Active Members
TodayLast 7 Days
more...
|
Resources » Code Snippets » Active Directory »
Reflact the user permissions in specified group in the local site instantly
|
/* Following program gets all the domain controller available in the specified site and add the specified user into the group specified to all the domain controller. Like this you can avoid the delay in the permission reflection after user has been added to the domain controller because it is possible that user has been added to DC1 and your application checks the permissions on DC2. Note that the running context of this application has to have the permission to access active directory and adding users in the specified group */
using System;
using System.IO;
using System.Text;
using Microsoft.Win32;
using System.Security;
using System.Threading;
using System.Reflection;
using System.Diagnostics;
using System.Configuration;
using System.Globalization;
using System.ComponentModel;
using System.DirectoryServices;
using System.Security.Principal;
using System.Collections.Generic;
using System.Security.Permissions;
using System.Text.RegularExpressions;
using System.Runtime.InteropServices;
using System.Runtime.Remoting.Contexts;
using System.Runtime.Remoting.Messaging;
namespace DCReflactionTest
{
class Program
{
static void Main(string[] args)
{
string privilegesGroup = "perm-group"; //Group in Active directory
string userName = "domain\\userid"; //UserID which needs to be added in the specified group
string DistName = null;
object[] user_path = null;
// get the domain/host name and user name
string[] un_split = userName.Split(new char[] { '\\' });
string dhn_part = un_split[0];
string un_part = un_split[1];
int i = 0;
DirectoryEntry root = new DirectoryEntry("LDAP://RootDSE");
DirectoryEntry group = null;
SearchResult userDN, groupDN;
DirectorySearcher dsGroup, ds;
string namingContext = (string)root.Properties["defaultNamingContext"].Value;
if (namingContext == null)
namingContext = (string)root.Properties["namingContext"].Value;
//Get the timestamp
DateTime oldDate = new DateTime(2000, 1, 1);
DateTime newDate = DateTime.Now;
TimeSpan ts = newDate - oldDate;
//Find the all site
//Following code has been replaced to support HYD and NYC users.i.e. to make AD search independent of where is user resided
string[] sites = getAllDCs(Environment.GetEnvironmentVariable("site")).Split(new char[]{'\n'});
for (i = 0; i < sites.Length; i++)
{
sites[i] = sites[i].Trim();
System.Console.WriteLine("For " + sites[i]);
sites[i] = sites[i].Substring(1, sites[i].Length - 2);
System.Console.WriteLine("Site: " + sites[i]);
root = new DirectoryEntry("LDAP://" + sites[i] + "/" + namingContext);
ds = new DirectorySearcher(root,
"samAccountName=" + un_part
, null
, SearchScope.Subtree);
userDN = ds.FindOne();
dsGroup = new DirectorySearcher(root,
"samAccountName=" + privilegesGroup
, null
, SearchScope.Subtree);
groupDN = dsGroup.FindOne();
group = groupDN.GetDirectoryEntry();
if (userDN != null)
DistName = userDN.Path;
else
throw new Exception("User: " + un_part + " is not found in AD");
user_path = new object[] { DistName };
//Thread.Sleep(10000);
try
{
//check if user already member of the specified group
if (!bool.Parse(Convert.ToString(
group.Invoke("IsMember", user_path),
CultureInfo.CurrentCulture)))
{
if (i == 1)
{
System.Console.WriteLine("User not exist...waiting...");
Thread.Sleep(20000);
if (bool.Parse(Convert.ToString(
group.Invoke("IsMember", user_path),
CultureInfo.CurrentCulture)))
System.Console.WriteLine("User Found");
}
try
{
group.Invoke("Add", user_path);
group.CommitChanges();
//group.Invoke("Add", user_path);
//group.CommitChanges();
System.Console.WriteLine("Site: " + sites[i] + " " + DistName + " is added " + privilegesGroup);
}
catch (Exception ex)
{
//System.Console.WriteLine("Inner Exception: " + ex.Message);
}
}
else
System.Console.WriteLine(user_path + " is already member of " + privilegesGroup);
}
catch (Exception ex)
{
System.Console.WriteLine("Exception: " + ex.Message);
}
}
if (group != null)
{
group.Invoke("Remove", user_path);
group.CommitChanges();
group.Close();
group.Dispose();
}
newDate = DateTime.Now;
TimeSpan ts2 = newDate - oldDate;
System.Console.WriteLine("ms: " + (ts2.TotalMilliseconds - ts.TotalMilliseconds));
System.Console.Read();
}
private static string getAllDCs(string site)
{
//Start the process
Process MyProcess = new Process();
MyProcess.StartInfo.FileName = "cmd.exe";
MyProcess.StartInfo.CreateNoWindow = true;
MyProcess.StartInfo.Arguments = "/c dsquery server -o rdn -site " + site;
MyProcess.StartInfo.UseShellExecute = false;
MyProcess.StartInfo.RedirectStandardInput = true;
MyProcess.StartInfo.RedirectStandardOutput = true;
MyProcess.StartInfo.WorkingDirectory = ".";
MyProcess.StartInfo.RedirectStandardError = true;
MyProcess.Start();
//wait for some time so that output will be ready
Thread.Sleep(50);
string output = MyProcess.StandardOutput.ReadToEnd().ToString();
MyProcess.StandardOutput.DiscardBufferedData();
return output.Trim();
}
}
}
|
Responses
|
No responses found. Be the first to respond and make money from revenue sharing program.
|
|