Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

AccessActiveDirectory

0.00/5 (No votes)
17 Mar 2005 1  
An article exhibiting the use of the "AccessActiveDirectory" utility on how to play with the members of the Active Directory for any specified domain.

Introduction

This article highlights the features of the AccessActiveDirectory utility that can perform a set of listed operations on Active Directory (AD).

The utility takes care of pretty much everything for you:

  • Add members to AD.
  • Remove members from AD.
  • Search members in AD.
  • Create members in AD.
  • Delete members from AD.
  • Gets the properties of a member from AD.
  • Updates properties of a member in AD.
  • Checks whether the given object exists in AD.

AccessActiveDirectory - method definition

Constructor

This component has three overloaded constructors. The first constructor is used to define the TargetType (enumerator - defined in source), target name and the source object that will get added/removed to the specified target. Any client that is using this constructor should call the SetAdsPath() method to set the target object path.

Signature

public AccessActiveDirectory(TargetType objtargetType, 
              string strTargetName, string strDomainPath)
  • objtargetType - The TargetType defines the type of the target. It is an enumerator and can take any of these three values (user, computer, group).
  • strTargetName - The name of the target object. It can be a group or user or computer name.
  • strDomainPath - The source object domain path.

The second constructor is used to define the TargetType (enumerator - defined in source), target name, the source object that will get added/removed to the specified target and the PDCEmulator if we have more than one primary domain servers. Any client that is using this constructor should call the SetAdsPath() method to set the target object path.

Signature

public AccessActiveDirectory(TargetType objtargetType, 
                                 string strTargetName, 
                                 string strDomainPath, 
                                string strPDCEmulator)
  • objtargetType - The TargetType defines the type of the target. It is a enumerator and can take any of these three values (user, computer, group).
  • strTargetName - The name of the target object. It can be a group or user or computer name.
  • strDomainPath - The source object domain path.
  • strPDCEmulator- The PDC emulator name.

The third and the last constructor is used to define the TargetPath and the source object that will get added/removed to the specified target.

Signature

public AccessActiveDirectory(string strTargetPath, string strDomainPath)
  • strTargetPath - The target object AD domain path.
  • strDomainPath - The source object domain path.

Add members to group

This function adds a member (strDomainPath) to the target group specified in the constructor. The member can be a user, computer or group which is added to the target which can again be a group.

Signature

public void AddMembersToGroup(string strMemberPath)
  • strMemberPath - The AD path of the member object that has to be added.
// Get the group object

direntGroup = new DirectoryEntry(mstrTargetPath);
// Add the member to the group

direntGroup.Invoke("Add", new Object[] { strMemberPath });

Remove members from group

This function removes an existing member strDomainPath from the target group specified in the constructor. The member can be a user, computer or group which is removed from the target which can again be a group.

Signature

public void RemoveMembersFromGroup(string strMemberPath)
  • strMemberPath - The AD path of the member object that has to be removed.
    // Get the group object

    direntGroup = new DirectoryEntry(mstrTargetPath);
    // Add the member to the group

    direntGroup.Invoke("Remove", new Object[] { strMemberPath });

Member count check

This function checks whether the member count of the target object exceeds 5000. This is to ensure that the groups are not exceeded with more members. Rather a new sub-group can be created under the main group and the members can be added to that sub-group. With that maintainability will not be a threat in the future. You can customize the count as you wish.

Signature

public bool IsMemberCountExceeds()
    // Get the member count

    intMemberCount = direntTarget.Properties["Member"].Count;
    // If the member count greater than 5000

    if(intMemberCount > 5000)
    {
       return true;
    }
    else
    {
      return false;
    }

Get member property

This function gets the property of the target object.

Signature

public string GetPropertyOfMember(string strProperty)
    // start searching from local domain

    dirsrcTarget.SearchRoot = new DirectoryEntry(mstrTargetPath);    
    // Get the filter string based on TargetType/TargetName

        dirsrcTarget.Filter = GetFilterString();    
    // start searching for the first object

    objSearchResult = dirsrcTarget.FindOne();
        // If thers is no records

    if(objSearchResult == null)
    {
        // throw no Record

        throw new VinodException("INF-UTY-001");
    }
    // Get the directory entries of the selected one

    direntTarget = objSearchResult.GetDirectoryEntry();
    // return the directoryentry object

    objMemberColln = direntTarget.Properties[strProperty];

Set AD path

This function sets the AD's path for the target using the target name/type provided in the constructor. As defined above, it's mandatory to call this method if you are using the first two constructors to set the target AD's path. It searches the target object in Active Directory to get the AD's path of the target object and sets it to a member variable.

Signature

public void SetAdsPath()

Get CN path

This function gets the first CN of the given AdsPath, generally the qualified domain name.

Signature

public string GetCNOfAdsPath(string strAdsPath)

Get MemberOf target

This function gets the memberOf property value from the target object.

Signature

public PropertyValueCollection GetMembersOfGroup()

Get members of the target

This function gets the members property value from the target object.

Signature

public PropertyValueCollection GetGroupMembers()

Create group

This function creates a new group at the given container path with the provided group name.

Signature

public void CreateGroup(string strGroupContainerPath, string strGroupDesc)

Object exist

This is a simple function that checks whether the given object exists or not.

Signature

public bool IsObjectExist(string strAdsPath)

Update properties of an object

This function updates a collection of property values of the specified object (strAdsPath). This checks whether the object exists in AD, if so, it updates all the properties provided as a HashTable into AD.

Signature

public void UpdatePropertiesForADObject(string strAdsPath, 
                                    Hashtable htblProperties)
    // start searching from local domain

    direntTarget = new DirectoryEntry(strAdsPath);    
    // Get all the enumerators

    objIDictEnum = htblProperties.GetEnumerator();
    //Get properties of all the hash table entries

    while(objIDictEnum.MoveNext())
    {
        if(objIDictEnum.Value.GetType() == typeof(string))
        {
        // Include the property

        direntTarget.Invoke("Put", objIDictEnum.Key.ToString(), 
                                   objIDictEnum.Value.ToString());
        }
        else if(objIDictEnum.Value.GetType() == typeof(Int32))
        {
            // Include the property

            direntTarget.Invoke("Put", objIDictEnum.Key.ToString(), 
                                Convert.ToInt16(objIDictEnum.Value));
        }
    }
    // set info 

    direntTarget.Invoke("SetInfo");
    // Commit the changes

    direntTarget.CommitChanges();

Summary

This utility should be very handy for people who extensively use Active Directory. Whenever I search the net, I get only a few things in bits and pieces...so...I thought of providing a utility that does at least some basic stuff on AD. I haven't included creating a user, which I will include when I get some time. Until then, enjoy this stuff!

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here