1. Resources
    2. Code Snippets
    3. Active Directory

Reflact the user permissions in specified group in the local site instantly

Posted Date: 02 Oct 2008 |Updated: 02-Oct-2008 |Category: Active Directory |Author: |Member Level: Bronze |Points: 7 |



/* Following program gets all the domain controller available in the specified site and add the specified user into the group specified to all the domain controller. Like this you can avoid the delay in the permission reflection after user has been added to the domain controller because it is possible that user has been added to DC1 and your application checks the permissions on DC2. Note that the running context of this application has to have the permission to access active directory and adding users in the specified group */

using System;
using System.IO;
using System.Text;
using Microsoft.Win32;
using System.Security;
using System.Threading;
using System.Reflection;
using System.Diagnostics;
using System.Configuration;
using System.Globalization;
using System.ComponentModel;
using System.DirectoryServices;
using System.Security.Principal;
using System.Collections.Generic;
using System.Security.Permissions;
using System.Text.RegularExpressions;
using System.Runtime.InteropServices;
using System.Runtime.Remoting.Contexts;
using System.Runtime.Remoting.Messaging;

namespace DCReflactionTest
{
    class Program
    {
        static void Main(string[] args)
        {
            string privilegesGroup = "perm-group"; //Group in Active directory
            string userName = "domain\\userid"; //UserID which needs to be added in the specified group
            string DistName = null;          
            object[] user_path = null;           
            // get the domain/host name and user name
            string[] un_split = userName.Split(new char[] { '\\' });
            string dhn_part = un_split[0];
            string un_part = un_split[1];
            int i = 0;

            DirectoryEntry root = new DirectoryEntry("LDAP://RootDSE");
            DirectoryEntry group = null;
            SearchResult userDN, groupDN;
            DirectorySearcher dsGroup, ds;

            string namingContext = (string)root.Properties["defaultNamingContext"].Value;
            if (namingContext == null)
                namingContext = (string)root.Properties["namingContext"].Value;                         
            
            //Get the timestamp
            DateTime oldDate = new DateTime(2000, 1, 1);
            DateTime newDate = DateTime.Now;
            TimeSpan ts = newDate - oldDate;         
            //Find the all site
            //Following code has been replaced to support HYD and NYC users.i.e. to make AD search independent of where is user resided
            string[] sites = getAllDCs(Environment.GetEnvironmentVariable("site")).Split(new char[]{'\n'});
            for (i = 0; i < sites.Length; i++)
            {                
                sites[i] = sites[i].Trim();
                System.Console.WriteLine("For " + sites[i]);
                sites[i] = sites[i].Substring(1, sites[i].Length - 2);
                System.Console.WriteLine("Site: " + sites[i]);
                root = new DirectoryEntry("LDAP://" + sites[i] + "/" + namingContext);

                ds = new DirectorySearcher(root,
                                       "samAccountName=" + un_part
                                       , null
                                       , SearchScope.Subtree);
                userDN = ds.FindOne();

                dsGroup = new DirectorySearcher(root,
                                      "samAccountName=" + privilegesGroup
                                      , null
                                      , SearchScope.Subtree);

                groupDN = dsGroup.FindOne();
                group = groupDN.GetDirectoryEntry();

                if (userDN != null)
                    DistName = userDN.Path;
                else
                    throw new Exception("User: " + un_part + " is not found in AD");

                user_path = new object[] { DistName };

                //Thread.Sleep(10000);
                try
                {
                    //check if user already member of the specified group
                    if (!bool.Parse(Convert.ToString(
                           group.Invoke("IsMember", user_path),
                           CultureInfo.CurrentCulture)))
                    {
                        if (i == 1)
                        {
                            System.Console.WriteLine("User not exist...waiting...");
                            Thread.Sleep(20000);
                            if (bool.Parse(Convert.ToString(
                           group.Invoke("IsMember", user_path),
                           CultureInfo.CurrentCulture)))
                                System.Console.WriteLine("User Found");
                        }
                        try
                        {
                            group.Invoke("Add", user_path);
                            group.CommitChanges();
                            //group.Invoke("Add", user_path);
                            //group.CommitChanges();
                            System.Console.WriteLine("Site: " + sites[i] + "  " + DistName + " is added " + privilegesGroup);
                        }
                        catch (Exception ex)
                        {
                            //System.Console.WriteLine("Inner Exception: " + ex.Message);
                        }
                    }
                    else
                        System.Console.WriteLine(user_path + " is already member of " + privilegesGroup);
                }
                catch (Exception ex)
                {
                    System.Console.WriteLine("Exception: " + ex.Message);
                }
                
            }
            if (group != null)
            {
                group.Invoke("Remove", user_path);
                group.CommitChanges();
                group.Close();
                group.Dispose();
            }            
            newDate = DateTime.Now;
            TimeSpan ts2 = newDate - oldDate;    
            System.Console.WriteLine("ms: " +  (ts2.TotalMilliseconds -  ts.TotalMilliseconds));
            System.Console.Read();
        }

        private static string getAllDCs(string site)
        {
            //Start the process            
            Process MyProcess = new Process();
            MyProcess.StartInfo.FileName = "cmd.exe";
            MyProcess.StartInfo.CreateNoWindow = true;
            MyProcess.StartInfo.Arguments = "/c dsquery server -o rdn -site " + site;
            MyProcess.StartInfo.UseShellExecute = false;
            MyProcess.StartInfo.RedirectStandardInput = true;
            MyProcess.StartInfo.RedirectStandardOutput = true;
            MyProcess.StartInfo.WorkingDirectory = ".";
            MyProcess.StartInfo.RedirectStandardError = true;
            MyProcess.Start();
            //wait for some time so that output will be ready        		
            Thread.Sleep(50);
            string output = MyProcess.StandardOutput.ReadToEnd().ToString();
            MyProcess.StandardOutput.DiscardBufferedData();
            return output.Trim();
        }
    }
}


Comments

No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
    • Name:
    Email:
    Submit Article
    Return to Article Index

    Top Contributors

    Today
      Last 7 Days

      more...

      About dotnetspider.com

      We believe in providing quality content to our readers. If you have any questions or concerns regarding any content published here, feel free to contact us using the Contact link below.

      Quick Links
      General
      Services

      Digital Marketing by SpiderWorks Technologies, Kochi - India. ©