1. No you cannot ad user to group if user is not present. The code acts works directly in AD. Do not DEprovision contact, until you have fully managed user. You may need some flags in MV to keep track of things, or use Utils.TransationProperties
to store values
2. I do not have something that does 100% exactly what you need, so you need to tweak and test.
3. Here is a sample for finding AD membership.
#region
getGroupMembership
publicstaticArrayListAttributeValuesMultiString(stringattributeName, stringobjectDn, ArrayListvaluesCollection, boolrecursive)
{
DirectoryEntryent = newDirectoryEntry(objectDn);
PropertyValueCollectionValueCollection = ent.Properties[attributeName];
IEnumeratoren = ValueCollection.GetEnumerator();
while(en.MoveNext())
{
if(en.Current != null)
{
if(!valuesCollection.Contains(en.Current.ToString()))
{
valuesCollection.Add(en.Current.ToString());
if(recursive)
{
AttributeValuesMultiString(attributeName,
"LDAP://"+
en.Current.ToString(), valuesCollection,
true);
}
}
}
}
ent.Close();
ent.Dispose();
returnvaluesCollection;
}
publicstatic ArrayListGroups(stringuserDn, boolrecursive)
{
ArrayListgroupMemberships = newArrayList();
returnAttributeValuesMultiString("memberOf", userDn, groupMemberships, recursive);
}
#endregion
getGroupMembership
4. Here is the code to add user to group
publicstaticvoidAddUserToADgroup(stringuserDn, stringgroupDn)
{
DirectoryEntrydirEntry = newDirectoryEntry("LDAP://"+ groupDn);
dirEntry.Properties[
"member"].Add(userDn);
dirEntry.CommitChanges();
dirEntry.Close();
}
5. This sample uses DN, so here is how you get DN
publicstaticstringgetDN(objectClassobjectCls, returnTypereturnValue, stringobjectName, stringLdapDomain)
{
stringdistinguishedName = string.Empty;
stringconnectionPrefix = "LDAP://"+ LdapDomain;
DirectoryEntryentry = newDirectoryEntry(connectionPrefix);
DirectorySearchermySearcher = newDirectorySearcher(entry);
mySearcher.Filter =
"(&(objectClass="+objectCls+")(|(sAMAccountName="+ objectName + ")))";
SearchResultresult = mySearcher.FindOne();
if(result == null)
{
thrownewNullReferenceException
(
"unable to locate the distinguishedName for the object "+ objectName + " in the "+ LdapDomain + " domain");
}
DirectoryEntrydirectoryObject = result.GetDirectoryEntry();
if(returnValue.Equals(returnType.distinguishedName))
{
distinguishedName = directoryObject.Properties[
"distinguishedName"].Value.ToString();
}
entry.Close();
entry.Dispose();
mySearcher.Dispose();
returndistinguishedName;
}
publicenumobjectClass
{
user, group
}
publicenumreturnType
{
distinguishedName
}
Nosh Mernacaj, Identity Management Specialist
-
Edited by
Nosh Mernacaj
8 hours 54 minutes ago