I need to create a connector for Active Directory,
I found this example on the internet ... I heard about migrations ... Do you know how it works?
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
Can anyone explain to me how it works? How do I make this connection?
I do not know where you got that Migrations is related to Active Directory. Anyway, I'm constantly updating a Helper I made for Active Directory, and that can be used by any application written in C #:
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Web;
public static class ActiveDirectoryHelper
{
/// <summary>
/// Converte uma array de bytes do campo thumbnailPhoto do AD para uma foto.
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
static Image ByteToPhoto(byte[] data)
{
if (data != null)
{
using (MemoryStream s = new MemoryStream(data))
{
return Bitmap.FromStream(s);
}
}
return null;
}
/// <summary>
/// Pesquisa o campo thumbnailPhoto do AD.
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
static Image GetUserPicture(string userName)
{
using (DirectorySearcher dsSearcher = new DirectorySearcher())
{
dsSearcher.Filter = "(&(objectClass=user) (cn=" + userName + "))";
SearchResult result = dsSearcher.FindOne();
using (DirectoryEntry user = new DirectoryEntry(result.Path))
{
byte[] data = user.Properties["thumbnailPhoto"].Value as byte[];
if (data != null)
{
using (MemoryStream s = new MemoryStream(data))
{
return Bitmap.FromStream(s);
}
}
return null;
}
}
}
/// <summary>
/// Traz um usuário do AD com algumas informações.
/// </summary>
/// <param name="search"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUser(String search)
{
using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com"))
{
var result = UserPrincipal.FindByIdentity(context, search);
return new ActiveDirectoryUserViewModel
{
Sid = result.Sid,
DisplayName = result.DisplayName,
Email = result.EmailAddress,
Mapped = true,
UserName = result.UserPrincipalName,
FirstName = result.GivenName,
MiddleName = result.MiddleName,
Surname = result.Surname,
VoiceTelephoneNumber = result.VoiceTelephoneNumber
};
}
}
/// <summary>
/// Traz todos os usuários das unidades organizacionais "Usuarios" e "SP".
/// </summary>
/// <returns></returns>
public static IEnumerable<ActiveDirectoryUserViewModel> GetADUsers()
{
using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com", "OU=Usuarios,OU=SP,DC=meudominio,DC=com"))
{
UserPrincipalExtended userPrincipal = new UserPrincipalExtended(context);
userPrincipal.Enabled = true;
using (var searcher = new PrincipalSearcher(userPrincipal))
{
foreach (Principal result in searcher.FindAll().Where(r => r.DisplayName != ""))
{
// DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
UserPrincipalExtended upe = result as UserPrincipalExtended;
if ((upe.VoiceTelephoneNumber ?? "").Trim() != "" && (upe.Department ?? "").Trim() != "")
{
yield return new ActiveDirectoryUserViewModel
{
Sid = upe.Sid,
DisplayName = upe.DisplayName,
// UserName = de.Properties["name"].Value.ToString()
UserName = upe.UserPrincipalName,
Department = upe.Department,
VoiceTelephoneNumber = upe.VoiceTelephoneNumber
};
}
}
}
}
}
/// <summary>
/// Traz um usuário do AD por login.
/// </summary>
/// <param name="name"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUserByLogin(String name)
{
var filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=" + name.Replace("DOMINIO\", "") + "))";
using (var context = new PrincipalContext(ContextType.Domain, "crivelli.adv"))
{
var result = InternalSearch(filter);
result.Groups = UserPrincipal.FindByIdentity(context, name)
.GetGroups()
.Select(g => new ActiveDirectoryGroupViewModel { Sid = g.Sid, Name = g.Name, Description = g.Description })
.ToList();
return result;
};
}
/// <summary>
/// Traz um usuário do AD por Sid (security identifier).
/// </summary>
/// <param name="sid"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUserBySid(String sid)
{
var filter = "(&(objectClass=user)(objectCategory=person)(objectSid=" + sid + "))";
return InternalSearch(filter);
}
/// <summary>
/// Método auxiliar para montar pesquisas do AD.
/// </summary>
/// <param name="filter"></param>
/// <returns></returns>
static ActiveDirectoryUserViewModel InternalSearch(String filter)
{
using (DirectoryEntry entry = new DirectoryEntry("LDAP://meudominio.com"))
{
DirectorySearcher search = new DirectorySearcher(entry);
// search.Filter = "(&(objectClass=user)(l=" + name + "))";
search.Filter = filter;
search.PropertiesToLoad.AddRange(new string[] {"samaccountname", "mail", "usergroup", "department", "displayname", "cn", "givenName", "initials",
"sn", "homePostalAddress", "title", "company", "st", "l", "co", "postalcode", "telephoneNumber", "otherTelephone", "facsimileTelephoneNumber", "mail",
"extensionAttribute1", "extensionAttribute2", "extensionAttribute3", "extensionAttribute4", "extensionAttribute5", "extensionAttribute6",
"extensionAttribute7", "extensionAttribute8", "extensionAttribute9", "extensionAttribute10", "extensionAttribute11", "extensionAttribute12",
"whenChanged", "whenCreated", "thumbnailPhoto", "objectSid", "objectGUID"}
);
foreach (SearchResult sResultSet in search.FindAll())
{
return new ActiveDirectoryUserViewModel
{
Sid = new System.Security.Principal.SecurityIdentifier((byte[])sResultSet.Properties["objectSid"][0], 0),
// Guid = GetProperty(sResultSet, "objectGUID"),
DisplayName = GetProperty(sResultSet, "displayname"),
Email = GetProperty(sResultSet, "mail"),
Mapped = true,
UserName = GetProperty(sResultSet, "samaccountname"),
FirstName = GetProperty(sResultSet, "givenName"),
Surname = GetProperty(sResultSet, "sn"),
VoiceTelephoneNumber = GetProperty(sResultSet, "telephoneNumber"),
JobTitle = GetProperty(sResultSet, "title"),
Department = GetProperty(sResultSet, "department"),
Photo = sResultSet.Properties["thumbnailPhoto"][0] as byte[]
};
}
}
return new ActiveDirectoryUserViewModel();
}
/// <summary>
/// Trz todos os grupos do AD.
/// </summary>
/// <returns></returns>
public static IEnumerable<ActiveDirectoryGroupViewModel> GetAllGroups()
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
foreach (var found in srch.FindAll())
{
yield return new ActiveDirectoryGroupViewModel
{
Name = found.Name,
Sid = found.Sid,
Description = found.Description
};
}
}
/// <summary>
/// Traz um grupo do AD por Sid (security identifier).
/// </summary>
/// <param name="sid"></param>
/// <returns></returns>
public static ActiveDirectoryGroupViewModel GetGroup(String sid)
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
var search = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, sid);
if (search != null)
{
return new ActiveDirectoryGroupViewModel {
Name = search.Name,
Description = search.Description,
Sid = search.Sid
};
/* foreach (Principal p in search.GetMembers())
{
Debug.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);
} */
}
return null;
}
/// <summary>
/// Método interno para tratamento de propriedade do AD.
/// </summary>
/// <param name="searchResult"></param>
/// <param name="PropertyName"></param>
/// <returns></returns>
private static string GetProperty(SearchResult searchResult, string PropertyName)
{
if (searchResult.Properties.Contains(PropertyName))
{
return searchResult.Properties[PropertyName][0].ToString();
}
else
{
return string.Empty;
}
}
}
In my case, this solution meets an ASP.NET MVC system (so it uses ViewModels ), but you can create other classes with other names, if you prefer:
public class ActiveDirectoryUserViewModel
{
[DisplayName("SID")]
public SecurityIdentifier Sid { get; set; }
[DisplayName("Guid")]
public String Guid { get; set; }
[DisplayName("Login")]
public string Login { get; set; }
[DisplayName("Endereço de E-Mail")]
public string Email { get; set; }
[DisplayName("Nome de Usuário")]
public string UserName { get; set; }
[DisplayName("Nome de Exibição")]
public string DisplayName { get; set; }
[DisplayName("Mapeado?")]
public bool Mapped { get; set; }
[DisplayName("Unidade Organizacional")]
public string OrganizationalUnit { get; set; }
[DisplayName("Primeiro Nome")]
public string FirstName { get; set; }
[DisplayName("Nome do Meio")]
public string MiddleName { get; set; }
[DisplayName("Sobrenome")]
public string Surname { get; set; }
[DisplayName("Telefone")]
public string VoiceTelephoneNumber { get; set; }
[DisplayName("Cargo")]
public String JobTitle { get; set; }
[DisplayName("Departamento")]
public String Department { get; set; }
[DisplayName("Foto")]
public byte[] Photo { get; set; }
[DisplayName("Grupos")]
public List<ActiveDirectoryGroupViewModel> Groups { get; set; }
}
public class ActiveDirectoryGroupViewModel
{
[DisplayName("Identificador de Segurança")]
public SecurityIdentifier Sid { get; set; }
[DisplayName("Nome")]
public String Name { get; set; }
[DisplayName("Descrição")]
public String Description { get; set; }
}
The usage is quite simple:
var ActiveDirectoryInfo = ActiveDirectoryHelper.GetADUserByLogin("DOMINIO\usuario");
var listaDeUsuarios = ActiveDirectoryHelper.GetADUsers();