I have code from tutorial, code running on WCF service under DOMAIN\AppPoolAccount
But code except that Access Denied, how determinate user?
using (SPSite site = new SPSite("http://portal.local"))
{
SPServiceContext serviceContext = SPServiceContext.GetContext(site);
UserProfileManager userProfileMgr = new UserProfileManager(serviceContext);
ProfilePropertyManager profilePropMgr = new UserProfileConfigManager(serviceContext).ProfilePropertyManager;
// Retrieve all properties for the "UserProfile" profile subtype,
// and retrieve the property values for a specific user.
ProfileSubtypePropertyManager subtypePropMgr = profilePropMgr.GetProfileSubtypeProperties("UserProfile");
UserProfile userProfile = userProfileMgr.GetUserProfile(accountName);
IEnumerator<ProfileSubtypeProperty> userProfileSubtypeProperties = subtypePropMgr.GetEnumerator();
while (userProfileSubtypeProperties.MoveNext())
{
string propName = userProfileSubtypeProperties.Current.Name;
ProfileValueCollectionBase values = userProfile.GetProfileValueCollection(propName);
if (values.Count > 0)
{
// Handle multivalue properties.
foreach (var value in values)
{
Console.WriteLine(propName + ": " + value.ToString());
}
}
else
{
Console.WriteLine(propName + ": ");
}
}
Console.WriteLine("Press Enter to change the values.");
Console.Read();
// Change the value of a single-value user property.
userProfile[PropertyConstants.Department].Value = "SDDDD";
userProfile.Commit();
}
How determinate user?
Use SPWeb.CurrentUser property to determine the current user:
using (var site = new SPSite(siteUrl))
{
using (var web = site.OpenWeb())
{
var currentUser = web.CurrentUser;
//..
}
}
Related
Update:
For me, LDAP way only worked for finding email addresses inside AD groups, for eg: named ITSolutionDeliveryDevelopers group. NOT inside Exchange Distribution Lists, for eg: named abc#domainname.com.
// I was able to figure out entry as suggested by #Gabriel Luci and
// all of the following possible formats worked for me:
// ngroupnet.com is my company domain name.
var entry = new DirectoryEntry();
var entry = new DirectoryEntry("LDAP://ngroupnet.com");
var entry = new DirectoryEntry("LDAP://ngroupnet.com", "MyAccountUsername", "MyAccountPassword");
var entry = new DirectoryEntry("LDAP://ngroupnet.com", "MyName#mycompany.com", "MyEmailAccountPassword");
For my complete answer, take a look below: https://stackoverflow.com/a/71518937/8644294
Original Question:
What is the best way to get all the individual email addresses comprising an exchange distribution list?
For eg: I have this distribution list called abc#domainname.com that has email addresses:
a#domainname.com
b#domainname.com
c#domainname.com
Now I need to get these addresses using C# code.
I found solution using LDAP but I felt it'd be a hassle to figure out LDAP path to my Active Directory.
// How do I get this LDAP Path, username and password?
// Is the username and password service account credentials of the app?
// And do they need to be registered in AD?
var entry = new DirectoryEntry("LDAP Path");//, username, password);
LDAP Way:
public static List<string> GetDistributionListMembers(string dlName = "abc#domainname.com")
{
var result = new List<string>();
try
{
// How do I get this LDAP Path?
var entry = new DirectoryEntry("LDAP Path");//, username, password);
var search = new DirectorySearcher(entry);
search.Filter = $"CN={dlName}";
int i = search.Filter.Length;
string str = "", str1 = "";
foreach (SearchResult AdObj in search.FindAll())
{
foreach (String objName in AdObj.GetDirectoryEntry().Properties["member"])
{
str += Convert.ToString(objName) + "<Br>";
int selIndex = objName.IndexOf("CN=") + 3;
int selEnd = objName.IndexOf(",OU") - 3;
str1 += objName.Substring(selIndex, selEnd).Replace("\\", "");
DirectorySearcher dsSearch = new DirectorySearcher(entry);
dsSearch.Filter = "CN=" + objName.Substring(selIndex, selEnd).Replace("\\", "");
foreach (SearchResult rs in dsSearch.FindAll())
{
//str1 += "<p align='right'><font face='calibri' color='#2266aa' size=2>" + Convert.ToString(rs.GetDirectoryEntry().Properties["mail"].Value) + "|" + Convert.ToString(rs.GetDirectoryEntry().Properties["displayName"].Value) + "|" + Convert.ToString(rs.GetDirectoryEntry().Properties["sAMAccountName"].Value) + "|" + Convert.ToString(rs.GetDirectoryEntry().Properties["department"].Value) + "|" + Convert.ToString(rs.GetDirectoryEntry().Properties["memberOf"].Value) + "</font></p>";
str1 = Convert.ToString(rs.GetDirectoryEntry().Properties["mail"].Value);
result.Add(str1);
}
}
}
return result;
}
catch (Exception ex)
{
//Do some logging or what have you.
throw;
}
}
So I just went with the EWS route.
EWS Way:
public static static List<string> GetDistributionListMembers(string dlName = "abc#domainname.com")
{
try
{
var service = new ExchangeService();
var cred = new WebCredentials("sharedmailbox#domain.com", "some_password");
service.Credentials = cred;
service.Url = new Uri("https://outlook.office365.com/ews/exchange.asmx");
service.TraceEnabled = true;
service.TraceFlags = TraceFlags.All;
var expandedEmailAddresses = new List<string>();
ExpandGroupResults myGroupMembers = service.ExpandGroup(dlName);
foreach (EmailAddress address in myGroupMembers.Members)
{
expandedEmailAddresses.Add(address.Address);
}
return expandedEmailAddresses;
}
catch (Exception ex)
{
// The DL doesn't have any members. Handle it how you want.
// Handle/ Log other errors.
}
}
Is EWS approach a good way?
If Yes, then I'm good. If not, I'll have to figure out that LDAP path.
Or if there's even a better way, please let me know.
If the computer you run this from is joined to the same domain as the group you're looking for, then you don't need to figure out the LDAP path. You can just do:
var search = new DirectorySearcher();
If your computer is not joined to the same domain, then you just use the domain name:
var entry = new DirectoryEntry("LDAP://domainname.com");
This requires that there is no firewall blocking port 389 between your computer and the domain controller(s). If you need to pass credentials, then do that:
var entry = new DirectoryEntry("LDAP://domainname.com", username, password);
The credentials can be any user on the domain.
That said, there are a lot of inefficiencies in your code that will make it run much slower than needed. I wrote an article about this that can help you update your code: Active Directory: Better Performance
Is EWS approach a good way?
If it works, it works. I'm not an expert on EWS (although I have used it), but I'm fairly certain that's using Basic Authentication, which is going to be disabled in October.
If all the Mailboxes are on Office365 then i would suggest you use the Graph API instead eg https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http . There are several advantage in terms of security eg you could use Application permissions and all you need is access to the directory while if you did the same thing in EWS it would require full access to at least one mailbox.
LDAP will be best performing of the 3 if ultimate speed in the only thing that is important.
My complete solution for future reference. :)
EWS Way - For expanding Exchange Distribution Lists
public class SomeHelper
{
private static ExchangeService _exchangeService = null;
public static async Task<HashSet<string>> GetExchangeDistributionListMembersAsync(IEnumerable<string> dlNames)
{
var allEmailAddresses = new HashSet<string>();
foreach (var dlName in dlNames)
{
if (!SomeCache.TryGetCachedItem(dlName, out var dlMembers))
{
var groupEmailAddresses = new List<string>();
var exchangeService = await GetExchangeServiceAsync();
try
{
var myGroupMembers = exchangeService.ExpandGroup(dlName);
// Add the group members.
foreach (var address in myGroupMembers.Members)
{
groupEmailAddresses.Add(address.Address);
}
}
catch (Exception ex)
{
//If it can't expand the dlName, just return it.
groupEmailAddresses.Add(dlName);
//groupEmailAddresses.Add($"Attempting to expand '{dlName}' resulted in error message: '{ex.Message}'.");
}
// Cache the groupEmailAddresses for 7 days.
// Because Distribution Lists rarely change and expanding DL is an expensive operation.- AshishK Notes
SomeCache.AddItemToCache(dlName, groupEmailAddresses, 10080);
allEmailAddresses.UnionWith(groupEmailAddresses);
}
else
{
allEmailAddresses.UnionWith((List<string>)dlMembers);
}
}
return allEmailAddresses;
}
private static async Task<ExchangeService> GetExchangeServiceAsync()
{
if (_exchangeService == null)
{
_exchangeService = new ExchangeService();
var exchangeUrl = "https://outlook.office365.com/ews/exchange.asmx";
var cred = new WebCredentials("sharedmailbox#domain.com", "some_password");
_exchangeService.Credentials = cred;
//_exchangeService.AutodiscoverUrl("sharedmailbox#domain.com");
_exchangeService.Url = new Uri(exchangeUrl);
_exchangeService.TraceEnabled = true;
_exchangeService.TraceFlags = TraceFlags.All;
return _exchangeService;
}
else
{
return _exchangeService;
}
}
}
public class SomeCache
{
private static readonly ObjectCache _cache = MemoryCache.Default;
public static void AddItemToCache(string key, object itemToAdd, int cacheDurationMinutes)
{
var _policy = new CacheItemPolicy
{
Priority = CacheItemPriority.Default,
AbsoluteExpiration = DateTimeOffset.Now.AddMinutes(cacheDurationMinutes)
};
_cache.Set(key, itemToAdd, _policy);
}
public static bool TryGetCachedItem(string key, out object cachedObject)
{
try
{
cachedObject = _cache[key] as object;
}
catch (Exception ex)
{
cachedObject = null;
}
return !(cachedObject == null);
}
}
LDAP Way - For expanding Active Directory Groups
public static List<string> GetADGroupDistributionListMembers(string adGroupName)
{
var returnResult = new List<string>();
var entry = GetDirectoryEntry();
DirectorySearcher groupSearch = new DirectorySearcher(entry)
{
Filter = "(SAMAccountName=" + adGroupName + ")"
};
groupSearch.PropertiesToLoad.Add("member");
SearchResult groupResult = groupSearch.FindOne(); // getting members who belong to the adGroupName
if (groupResult != null)
{
for (int iSearchLoop = 0; iSearchLoop < groupResult.Properties["member"].Count; iSearchLoop++)
{
string userName = groupResult.Properties["member"][iSearchLoop].ToString();
int index = userName.IndexOf(',');
userName = userName.Substring(0, index).Replace("CN=", "").ToString(); // the name of the user will be fetched.
DirectorySearcher search = new DirectorySearcher(entry)
{
Filter = "(name=" + userName + ")"
};
search.PropertiesToLoad.Add("mail");
SearchResult result = search.FindOne(); //finding the mail id
if (result != null)
{
returnResult.Add(result.Properties["mail"][0].ToString());
}
}
}
return returnResult;
}
public static DirectoryEntry GetDirectoryEntry()
{
DirectoryEntry entryRoot = new DirectoryEntry("LDAP://RootDSE");
string Domain = (string)entryRoot.Properties["defaultNamingContext"][0];
DirectoryEntry de = new DirectoryEntry
{
Path = "LDAP://" + Domain,
AuthenticationType = AuthenticationTypes.Secure
};
return de;
}
I am trying to PAUSE the Ads with the AdId and AdGroupID. I have successfully paused an AdGroup but i want to pause Ads individually. Is this possible on Adwords API. I tried the code below but It seems it only works on AdGroup level. Also checked the AdService but seems that there is no option to edit the Status.
I am using Ads.AdWords.v201809
Thanks in advance
public void googleEnableDisableAds(AdWordsUser user, long adGroupId, long AdID, AdGroupAdStatus AdStatus)
{
using (AdGroupAdService adGroupAdService =
(AdGroupAdService)user.GetService(AdWordsService.v201809.AdGroupAdService))
{
List<AdGroupAdOperation> operations = new List<AdGroupAdOperation>();
// Create the expanded text ad.
ExpandedTextAd expandedTextAd = new ExpandedTextAd
{
//CR[i].
id = AdID
};
AdGroupAd expandedTextAdGroupAd = new AdGroupAd
{
adGroupId = adGroupId,
ad = expandedTextAd,
// Optional: Set the status.
status = AdStatus
};
// Create the operation.
AdGroupAdOperation operation = new AdGroupAdOperation
{
#operator = Operator.SET,
operand = expandedTextAdGroupAd
};
operations.Add(operation);
AdGroupAdReturnValue retVal = null;
try
{
if (operations.Count > 0)
{
// Create the ads.
retVal = adGroupAdService.mutate(operations.ToArray());
// Display the results.
if (retVal != null && retVal.value != null)
{
foreach (AdGroupAd adGroupAd in retVal.value)
{
ExpandedTextAd newAd = adGroupAd.ad as ExpandedTextAd;
Console.WriteLine(
"Expanded text ad with ID '{0}' and headline '{1} - {2}' " +
"was added.", newAd.id, newAd.headlinePart1, newAd.headlinePart2);
//adGroupId
}
}
else
{
Console.WriteLine("No expanded text ads were created.");
}
}
adGroupAdService.Close();
}
catch (Exception e)
{
throw new System.ApplicationException("Failed to create expanded text ad.", e);
}
}
}
Here is an example from API docs https://developers.google.com/adwords/api/docs/samples/csharp/basic-operations#pause-an-ad
The key idea is to set status property to PAUSED
AdGroupAdStatus status = AdGroupAdStatus.PAUSED
I successfully login to facebook but while trying to read the mailbox I got the following error: {"(OAuthException - #298) (#298) Requires extended permission: read_mailbox"}
If I add that scope in the URL;
var destinationUrl =
String.Format(
"https://www.facebook.com/dialog/oauth?client_id={0}&scope={1}&display=popup&redirect_uri=http://www.facebook.com/connect/login_success.html&response_type=token",
AppID, //client_id
"user_posts" //scope
);
and try to get mails:
private void FaceBookScrapper()
{
var client = new FacebookClient(_fbToken);
var input = new List<FbMesseage>();
if (client != null)
{
dynamic result = client.Get("me/inbox", null);
foreach (var item in result.inbox.data)
{
if (item.unread > 0 || item.unseen > 0)
{
foreach (var message in item.comments.data)
{
input.Add(new FbMesseage
{
Id = message.id,
FromName = message.from.name,
FromId = message.from.id,
Text = message.message,
CreatedDate = message.created_time
});
}
FbMesseageCollectionViewModelIns.LoadData(input);
}
}
}
}
}
}
That permission doesn't exist any more - it has been removed, together with the /user/inbox endpoint.
https://developers.facebook.com/docs/apps/changelog#v2_4_deprecations mentions this, and https://developers.facebook.com/docs/graph-api/reference/v2.5/user/inbox as well.
Under the latter URL, it says it right on the very top of the page:
This document refers to a feature that was removed after Graph API v2.4.
There is no way any more to access a user's inbox via API.
How can I get a list of users from active directory?
Please see the page above. It answered most of my questions, but I get a problem when I try to get last logon time for a computer. Sorry if there was some way to comment on that page instead of making a whole new question because I didn't find such an option.
using (var context = new PrincipalContext(ContextType.Domain, "cat.pcsb.org"))
{
using (var searcher = new PrincipalSearcher(new ComputerPrincipal(context)))
{
foreach (var result in searcher.FindAll())
{
DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
Console.WriteLine("Name: " + de.Properties["name"].Value);
Console.WriteLine("Last Logon Time: " + de.Properties["lastLogon"].Value);
Console.WriteLine();
}
}
}
Console.ReadLine();
I replaced UserPrincipal with ComputerPrincipal. Name and some other properties work fine, but logon doesn't. I've tried doing different things like casting it to DateTime (the cast failed) but nothing worked. The above just results in System.__ComObject. So what can I do to get it to get last logon time correctly?
Why aren't you just using the the LastLogon property returned by ComputerPrincipal? (ComputerPrincipal is a AuthenicatablePrincipal)
using (var context = new PrincipalContext(ContextType.Domain, "cat.pcsb.org"))
{
using (var searcher = new PrincipalSearcher(new ComputerPrincipal(context)))
{
foreach (var result in searcher.FindAll())
{
var auth = result as AuthenticablePrincipal;
if(auth != null)
{
Console.WriteLine("Name: " + auth.Name);
Console.WriteLine("Last Logon Time: " + auth.LastLogon);
Console.WriteLine();
}
}
}
}
Console.ReadLine();
Note that LastLogon is not a replicated property, so if you have more than one domain controller you need to query each controller and find out who gives the most recent result.
You need to iterate through all domain controllers and find the lastest logon time.
The below code finds last logon time for a user.
public DateTime findlastlogon(string userName)
{
DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain, "domainName");
DateTime latestLogon = DateTime.MinValue;
DomainControllerCollection dcc = DomainController.FindAll(context);
Parallel.ForEach(dcc.Cast<object>(), dc1 =>
{
DirectorySearcher ds;
DomainController dc = (DomainController)dc1;
using (ds = dc.GetDirectorySearcher())
{
try
{
ds.Filter = String.Format(
"(sAMAccountName={0})",
userName
);
ds.PropertiesToLoad.Add("lastLogon");
ds.SizeLimit = 1;
SearchResult sr = ds.FindOne();
if (sr != null)
{
DateTime lastLogon = DateTime.MinValue;
if (sr.Properties.Contains("lastLogon"))
{
lastLogon = DateTime.FromFileTime(
(long)sr.Properties["lastLogon"][0]
);
}
if (DateTime.Compare(lastLogon, latestLogon) > 0)
{
latestLogon = lastLogon;
//servername = dc1.Name;
}
}
}
catch (Exception)
{
}
}
});
return latestLogon;
}
To get last logon time for a computer replace sAMAccountName to Name.
ds.Filter = String.Format(
"(Name={0})",
userName
);
I want to copy the permissions from Site Collection A to a Site I am creating in Site Collection B in the same Web App. This is happening in a List Item Event Receiver on ItemAdded.
Here is what I have so far...
static void SetupNewSubSite(int currentYear, SPItemEventProperties properties, int siteIndexId)
{
//set properties to create my new web
string description = properties.AfterProperties["Project_x0020_Description"].ToString();
SPListItem CurrentItem = properties.ListItem;
String subSiteUrl = Convert.ToString(siteIndexId);
SPSite projectSiteCollection = new SPSite(properties.Web.Site.Url + "/" + currentYear);
SPWeb sWeb = new SPSite(properties.SiteId).OpenWeb(properties.RelativeWebUrl);
SPWeb oWeb = projectSiteCollection.RootWeb;
SPWebCollection cWebs = oWeb.Webs;
//create the new web
SPWeb xWeb = cWebs.Add(subSiteUrl, properties.AfterProperties["Title"].ToString(),
properties.AfterProperties["Project_x0020_Description"].ToString(), 1033, "{B5B6BDD1-485A-44BC-B093-F1048271C49D}", false, false);
UpdateItemProjectUrl(CurrentItem, properties.Web.Site.Url + "/" + currentYear + "/" + subSiteUrl, currentYear);
//break inheritance and remove permissions from the new site
xWeb.BreakRoleInheritance(false);
LogMessage("Role Count: " + xWeb.RoleAssignments.Count.ToString());
while (xWeb.RoleAssignments.Count > 0)
{
xWeb.RoleAssignments.Remove(0);
}
//Get the roleassignments from the source site
SPRoleAssignmentCollection sRoleAssignments = sWeb.RoleAssignments;
LogMessage("role assignment count from source web: "+ sRoleAssignments.Count.ToString());
foreach (SPRoleAssignment sRoleAssignment in sRoleAssignments)
{
SPPrincipal sPrincipal = sRoleAssignment.Member;
LogMessage("Principal Name: " + sPrincipal.Name.ToString());
try
{
//add roleassignment to newly created web
xWeb.RoleAssignments.Add(sPrincipal);
}
catch (Exception ex)
{
LogMessage(ex.ToString());
}
}
xWeb.Update();
LogMessage("After Permissions Change");
xWeb.Dispose();
projectSiteCollection.Dispose();
oWeb.Dispose();
LogMessage("after dispose");
}
This code successfully:
1. creates a new site in the other site collection.
2. breaks inheritance on the newly created site.
3. remove the original permissions from the newly created site.
This code does not successfully:
copy over groups from the other site collection to the new site.
Found a method someone created...
http://rajeshagadi.blogspot.com/2011/04/how-to-programmatically-copy-web-level.html
public static void CopyWebRoleAssignments(SPWeb sourceWeb, SPWeb destinationWeb)
{
//Copy Role Assignments from source to destination web.
foreach (SPRoleAssignment sourceRoleAsg in sourceWeb.RoleAssignments)
{
SPRoleAssignment destinationRoleAsg = null;
//Get the source member object
SPPrincipal member = sourceRoleAsg.Member;
//Check if the member is a user
try
{
SPUser sourceUser = (SPUser)member;
destinationWeb.EnsureUser(sourceUser.LoginName);//EDITED
SPUser destinationUser = destinationWeb.AllUsers[sourceUser.LoginName];
if (destinationUser != null)
{
destinationRoleAsg = new SPRoleAssignment(destinationUser);
}
}
catch
{ }
if (destinationRoleAsg == null)
{
//Check if the member is a group
try
{
SPGroup sourceGroup = (SPGroup)member;
SPGroup destinationGroup = destinationWeb.SiteGroups[sourceGroup.Name];
destinationRoleAsg = new SPRoleAssignment(destinationGroup);
}
catch
{ }
}
//At this state we should have the role assignment established either by user or group
if (destinationRoleAsg != null)
{
foreach (SPRoleDefinition sourceRoleDefinition in sourceRoleAsg.RoleDefinitionBindings)
{
try { destinationRoleAsg.RoleDefinitionBindings.Add(destinationWeb.RoleDefinitions[sourceRoleDefinition.Name]); }
catch { }
}
if (destinationRoleAsg.RoleDefinitionBindings.Count > 0)
{
//handle additon of an existing permission assignment error
try { destinationWeb.RoleAssignments.Add(destinationRoleAsg); }
catch (ArgumentException) { }
}
}
}
//Finally update the destination web
destinationWeb.Update();
}
Remade the functionality as an Extension method without the try-catch handling of workflow:
public static void CopyWebRoleAssignmentsFrom(this SPWeb web, SPWeb fromWeb)
{
web.BreakRoleInheritance(false);
foreach (SPRoleAssignment sourceRoleAsg in fromWeb.RoleAssignments)
{
SPRoleAssignment destinationRoleAsg = null;
SPPrincipal member = sourceRoleAsg.Member;
if (member is SPUser)
{
SPUser sourceUser = member as SPUser;
SPUser user = web.SiteUsers[sourceUser.LoginName];
destinationRoleAsg = new SPRoleAssignment(user);
}
else if (member is SPGroup)
{
SPGroup sourceGroup = (SPGroup)member;
SPGroup group = web.SiteGroups[sourceGroup.Name];
destinationRoleAsg = new SPRoleAssignment(group);
}
foreach (SPRoleDefinition sourceRoleDefinition in sourceRoleAsg.RoleDefinitionBindings)
{
destinationRoleAsg.RoleDefinitionBindings.Add(web.RoleDefinitions[sourceRoleDefinition.Name]);
}
if (destinationRoleAsg.RoleDefinitionBindings.Count > 0)
{
web.RoleAssignments.Add(destinationRoleAsg);
}
}
web.Update();
}