I am new to stackoverflow as a member, although I follow this a lot :)
My code which connects to active directory to get the members of a functional group, gives me only 1490 odd members out of 1680 odd members actually in the list. I have searched a lot on Stackoverflow and on Internet, but I have not found out answer to why the code would result in incomplete list. Could, anyone please give me any pointers on this. Thanks :)
Here is the code which connects to the Active Directory to retrieve the data:
public static DataTable GetAdUsers(string configSection)
{
DataRow dr;
Hashtable ADGroups = (Hashtable)ConfigurationManager.GetSection(configSection);
string adGroup;
string adGroupDesc;
string sApplication;
string sLast_Login;
string sAccount_owner;
string sPath;
DataTable dt = new DataTable();
sApplication = "Application";
dt.Columns.Add(sApplication);
dt.Columns.Add("Profile", Type.GetType("System.String"));
dt.Columns.Add("Account Name", Type.GetType("System.String"));
sLast_Login = "Last Login";
dt.Columns.Add(sLast_Login);
sAccount_owner = "Account Owner";
dt.Columns.Add(sAccount_owner);
sPath = "Path";
dt.Columns.Add(sPath);
string domainName = "myDomain";
PrincipalContext pcRoot = new PrincipalContext(ContextType.Domain, domainName);
IDictionaryEnumerator adGroupEnumerator = ADGroups.GetEnumerator();
while (adGroupEnumerator.MoveNext())
{
adGroup = adGroupEnumerator.Key.ToString();
adGroupDesc = adGroupEnumerator.Value.ToString();
GroupPrincipal grp = GroupPrincipal.FindByIdentity(pcRoot, IdentityType.SamAccountName, adGroup);
System.DirectoryServices.DirectoryEntry de = (System.DirectoryServices.DirectoryEntry)grp.GetUnderlyingObject();
foreach (string sDN in de.Properties["member"])
{
System.DirectoryServices.DirectoryEntry deMember = new System.DirectoryServices.DirectoryEntry("LDAP://" + sDN.ToString());
try
{
dr = dt.NewRow();
string output1;
string subStringE1 = "DC=";
int length1 = de.Path.ToString().Length;
int length0 = de.Path.ToString().IndexOf(subStringE1);
string str1 = de.Path.ToString().Substring(length0, length1 - length0);
string subStringE2 = ",DC";
int length2 = str1.ToString().IndexOf(subStringE2);
output1 = str1.ToString().Substring(3, length2 - 3);
dr["Application"] = "Application";
dr["Profile"] = adGroupDesc;
string AccountName = deMember.Properties["samAccountName"].Value.ToString();
dr["Account Name"] = deMember.Properties["samAccountName"].Value.ToString();
dr["Last Login"] = "";
dr["Account Owner"] = deMember.Properties["givenName"].Value.ToString() + #"-" + deMember.Properties["sn"].Value.ToString();
string Path = output1 + #"\" + adGroup + #"\" + deMember.Properties["samAccountName"].Value.ToString();
Console.WriteLine(Path);
dr["Path"] = output1 + #"\" + adGroup + #"\" + deMember.Properties["samAccountName"].Value.ToString();
dt.Rows.Add(dr);
}
catch (Exception ex)
{
Console.WriteLine("Error occured for user name" + sDN + "\n" + ex.Message);
}
}
}
return dt;
}
}
Because of the default limit of SizeLimit, you're probably only getting around the 1,490 objects or so. To fix that you need to "page" through the results.
Just use the code referenced at Enumerating Members in a Large Group .
When there is the possibility that the result set that will be returned will contain more than 1000 items, you must use a paged search. Searches of Active Directory performed without paging are limited to returning a maximum of the first 1000 records. With a paged search, the result set is presented as individual pages, each containing a predetermined number of result entries. With this type of search, new pages of result entries are returned until the end of the result set is reached.
By default, the server that responds to a query request completely calculates a result set before returning data. In a large result set, this requires server memory as the result set is acquired, and network bandwidth when the large result is returned. Setting a page size allows the server to send the data in pages as the pages are being built. The client then caches this data and provides a cursor to the application level code.
Paging is set by defining how many rows the server calculates before the data is returned over the network to the client.
Found the answer by researching through and trying my luck.
Using Directory Entry was the problem, and did not ned to use Page Searching, although I tried the same.
The working code is as below:
GroupPrincipal grp = GroupPrincipal.FindByIdentity(pcRoot, adGroup); //fglbcmdolpctx
if (grp != null)
{
foreach (Principal p in grp.GetMembers(true))
{
try
{
dr = dt.NewRow();
dr["Application"] = "Commodities OpenLink";
dr["Profile"] = adGroupDesc;
string AccountName = p.SamAccountName.ToString().ToLower();
dr["Account Name"] = AccountName;
dr["Last Login"] = "";
string sLastName, sFirstName;
int iLastNameIndex0, iLastNameIndex1, iFirstNameIndex0, iFirstNameIndex1;
int lengthofString = p.Name.ToString().Length;
iLastNameIndex1 = p.Name.ToString().IndexOf(",");
if (iLastNameIndex1 == -1)
{
sLastName = "";
}
else
{
sLastName = p.Name.ToString().Substring(0, iLastNameIndex1);
}
iFirstNameIndex0 = p.Name.ToString().IndexOf(",");
iFirstNameIndex1 = p.Name.ToString().IndexOf(":");
if (iFirstNameIndex0 == -1 || iFirstNameIndex1 == -1)
{
sFirstName = p.Name.ToString();
sLastName = "";
}
else
{
sFirstName = p.Name.ToString().Substring(iFirstNameIndex0 + 1, iFirstNameIndex1 - iFirstNameIndex0 - 1);
}
sAccount_owner = sLastName + #"-" + sFirstName;
dr["Account Owner"] = sAccount_owner;
string sPath_Domain_Part;
string sFirstIndexofExtraction = "DC=";
int ilength_String = p.DistinguishedName.ToString().Length;
int iLenght_ExtractionPoint1 = p.DistinguishedName.ToString().IndexOf(sFirstIndexofExtraction);
string str1 = p.DistinguishedName.ToString().Substring(iLenght_ExtractionPoint1, ilength_String - iLenght_ExtractionPoint1);
string subStringE2 = ",DC";
int iLenght_ExtractionPoint2 = str1.IndexOf(subStringE2);
sPath_Domain_Part = str1.Substring(3, iLenght_ExtractionPoint2 - 3);
string sPath1 = sPath_Domain_Part + #"\" + adGroup + #"\" + p.SamAccountName.ToString();
dr["Path"] = sPath_Domain_Part + #"\" + adGroup + #"\" + p.SamAccountName.ToString();
dt.Rows.Add(dr);
}
catch (Exception ex)
{
Global.logfile.WriteLine("Error occured for user name" + adGroup + p.SamAccountName + "\n" + ex.Message);
}
}
}
Related
I have small exec(old one) that treat adding members to a table in the DB. if the member not exist in the DB, it will insert new member in AllMember table. If the member already exists in the DB, it will update the values that are different. What exists already in the code is not updating all the members as I want. I want to code it efficiently now. For every update, I am taking all of the members from the DB(6000) and if I have excel with 4000 members it will make the comparison 24000000 and will increase with time.
Getting all the members:
public static IEnumerable<AllMember> GetAllMembersList()
{
string connection = ConfigurationManager.ConnectionStrings["connectionString"].ToString();
using (var dataAccess = new DataAccessDataContext(connection))
{
var v = (from row in dataAccess.AllMembers
//where row.PremiumType.HasValue && row.PremiumType.Value == 100
select row);
return v.ToList();
}
//#TODO fun
}
Handle the file of new\update members
internal override void ProcessFile()
{
StringBuilder CheckMembersList = new StringBuilder();
CheckMembersList.Clear();
ErrorFounds = false;
UpdateQuery = new StringBuilder();
if (!System.IO.File.Exists(InputFile))
{
Mail.InsertNewMail("שגיאה בתהליך קליטת פרטי משתמשים ", "הקובץ " + InputFile + " לא נמצא ");
return;
}
CsvReader fileReader = new CsvReader(InputFile, FileEncoding, false, false);
DataTable fileContentTable = fileReader.ReadFile();
FileInfo fileInfo = new FileInfo(InputFile);
UpdateDB(fileContentTable, CheckMembersList);
WriteResponseFile(fileContentTable);
}
Updating the DB:
private void UpdateDB(DataTable inputTable, StringBuilder CheckMembersList)
{
IEnumerable<AllMember> allMembersList = Utilities.GetAllMembersList();
DBUpdateStatus updateStatus = DBUpdateStatus.NO_CHANGE;
bool x;
bool newMember;
int rowIndex=0 ;
for (int i = 1; i < inputTable.Rows.Count; i++)
{
rowIndex = i;
DataRow fileRow = inputTable.Rows[i];
newMember = true;
foreach (AllMember membersRow in allMembersList)
{
if (!(String.IsNullOrEmpty(membersRow.TZ))) /*&& (fileRow[ConstDBRow.TZ].ToString().Trim().PadLeft(9, '0') == membersRow.TZ.ToString().Trim().PadLeft(9, '0')))*/
{
newMember = false;
updateStatus = UpdateMemberDetails(fileRow, membersRow);
break;
}
}
if (newMember == true)
updateStatus = InsertNewMember(fileRow);
var memberId = GetMemberId(fileRow[ConstDBRow.TZ].ToString().Trim().PadLeft(9, '0'));
if (updateStatus != DBUpdateStatus.NO_CHANGE)
QueryBuilder.InsertRequest(memberId, updateStatus);
fileRow["UPDATE_STATUS"] = Utilities.GetStatusString(updateStatus);
//append to CheckMembersList for sending members list through email
CheckMembersList.AppendLine("Row Index: " + Convert.ToString(rowIndex + 1) +", Identification number: " + (fileRow[ConstDBRow.TZ].ToString().Trim().PadLeft(9, '0')) + ", First Name: " + fileRow[ConstDBRow.FIRST_NAME].ToString().Replace("'","''") + ", Last Name: " + fileRow[ConstDBRow.LAST_NAME].ToString().Replace("'","''") + ", Update Status: " + fileRow["UPDATE_STATUS"].ToString().Replace("'", "''") + "<br/>");
}
}
How can I do this effectively? Is EntityFramework a good option or taking the list of All-Members differently?
I would leave it on DB to compare the records and insert/update using Merge SQL statement.
There is Merge in SQL Server, hope it is available on other DB servers too https://learn.microsoft.com/en-us/sql/t-sql/statements/merge-transact-sql?view=sql-server-2017
As a note: Are you doing insert/update request for each of your record? Try to perform one DB call
Hi I would like to avoid printing certain rows (valid accounts) in my foreach loop (in GetSAM)as opposed to printing everything.
When I try to do so by commenting away the line (in valSAM) that prints the valid accounts, the will be a blank in the area where a valid account once was. I understand that this is because the foreach loops through all the variables in the database.
How am I able to remove the gaps between the output?
GetSAM:
//Get SAMAccount
private static string GetSAM(string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
string ldapFilter = "(&(objectclass=user)(objectcategory=person))";
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
string readOutput;
List<string> list = new List<string>();
List<int> invalid = new List<int>();
using (DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry))
{
string samAccountName;
directorySearcher.Filter = ldapFilter;
directorySearcher.SearchScope = SearchScope.Subtree;
directorySearcher.PageSize = 1000;
using (SearchResultCollection searchResultCollection = directorySearcher.FindAll())
{
**foreach (SearchResult result in searchResultCollection)
{
samAccountName = result.Properties["sAMAccountName"][0].ToString();
if (valSAM(samAccountName, ldapAddress, serviceAccountUserName, serviceAccountPassword)!= true)
{
invalid.Add('1');
}
list.Add(samAccountName);
} //end of foreach**
// Count all accounts
int totalAccounts = list.Count;
// Count all invalid accounts
int invalidAccounts = invalid.Count;
Console.WriteLine("Found " + invalidAccounts + " invalid accounts out of " + totalAccounts + " user accounts.\nQuery in " + ldapAddress + " has finished.\n");
Console.WriteLine("Press [enter] to continue.\n");
readOutput = Console.ReadLine();
}//SearchResultCollection will be disposed here
}
return readOutput;
}
valSAM:
//Validate SAMAccount
private static bool valSAM(string samAccountName, string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
StringBuilder builder = new StringBuilder();
bool accountValidation = false;
//create instance fo the directory searcher
DirectorySearcher desearch = new DirectorySearcher(directoryEntry);
//set the search filter
desearch.Filter = "(&(sAMAccountName=" + samAccountName + ")(objectcategory=user))";
//find the first instance
SearchResult results = desearch.FindOne();
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ldapAddress))
{
//if users are present in database
if (results != null)
{
//Check if account is activated
bool isAccountActived = IsActive(results.GetDirectoryEntry());
//Check if account is expired or locked
bool isAccountLocked = IsAccountLockOrExpired(results.GetDirectoryEntry());
accountValidation = ((isAccountActived != true) || (isAccountLocked));
//account is invalid
if (accountValidation)
{
builder.Append("User account " + samAccountName + " is invalid. ");
if ((isAccountActived != true) && (isAccountLocked))
{
builder.Append("Account is inactive and locked or expired.").Append('\n'); ;
} else if (isAccountActived != true)
{
builder.Append("Account is inactive.").Append('\n'); ;
}
else if (isAccountLocked)
{
builder.Append("Account is locked or has expired.").Append('\n'); ;
}
else
{
builder.Append("Unknown reason for status. Contact admin for help.").Append('\n'); ;
}
accountValidation = false;
}
//account is valid
if ((isAccountActived) && (isAccountLocked != true))
{
**//builder.Append("User account " + samAccountName + " is valid.").Append('\n');
accountValidation = true;
}
}
else Console.WriteLine("Nothing found.");
Console.WriteLine(builder);
}//end of using
return accountValidation;
}
You probably want to only write if builder has something otherwise it will print an empty line. Namely, change
Console.WriteLine(builder);
to
if (builder.Length > 0)
{
Console.WriteLine(builder);
}
or just
Console.Write(builder);
if you're going to handle all of the new lines in the builder itself. If you're going to do that, use StringBuilder.AppendLine() instead of hardcoding the '\n' like that.
StringBuilder.AppendLine https://msdn.microsoft.com/en-us/library/system.text.stringbuilder.appendline(v=vs.110).aspx
With the code below I am able to save files to folder.
My problem is only two upload fields are mandatory and the remaining three are not. The code works if all the upload fields have a files selected otherswise its throws a NullReferenceException.
if (AnnualReport != null || ProjectReports != null || Publications != null || Other != null || RegistDoc != null) {
int filesize = AnnualReport.PostedFile.ContentLength;
int filesizeP = ProjectReports.PostedFile.ContentLength;
int filesizePub = Publications.PostedFile.ContentLength;
int filesizeOther = Other.PostedFile.ContentLength;
int filesizeReg = RegistDoc.PostedFile.ContentLength;
if (filesize > 2097152 && filesizeP > 2097152 && filesizePub > 1048576 && filesizeOther > 1048576 && filesizeReg > 1048576) {
ScriptManager.RegisterStartupScript(this, this.GetType(), "popup", "alert('Maximum File size For Annual/Project reports is 1.5MB and for the Publications/Other Attachemnets is 1MB');", true);
} else {
const string ReportDirectory = "REPORTS/";
//Other Document
string OtherPath = ReportDirectory + Other.FileName;
string fileNameWithoutExtensionOther = System.IO.Path.GetFileNameWithoutExtension(Other.FileName);
int iterationOther = 1;
while (System.IO.File.Exists(Server.MapPath(OtherPath))) {
OtherPath = string.Concat(ReportDirectory, fileNameWithoutExtensionOther, "-", iterationOther, ".pdf");
iterationOther++;
}
//Registration Document
string RigisDocPath = ReportDirectory + RegistDoc.FileName;
string fileNameWithoutExtensionRegis = System.IO.Path.GetFileNameWithoutExtension(RegistDoc.FileName);
int iterationRE = 1;
while (System.IO.File.Exists(Server.MapPath(RigisDocPath))) {
RigisDocPath = string.Concat(ReportDirectory, fileNameWithoutExtensionRegis, "-", iterationRE, ".pdf");
iterationRE++;
}
//Annual Reports
string ReportPath = ReportDirectory + AnnualReport.FileName;
string fileNameWithoutExtension = System.IO.Path.GetFileNameWithoutExtension(AnnualReport.FileName);
int iteration = 1;
while (System.IO.File.Exists(Server.MapPath(ReportPath))) {
ReportPath = string.Concat(ReportDirectory, fileNameWithoutExtension, "-", iteration, ".pdf");
iteration++;
}
//Project Report
string ProjecttPath = ReportDirectory + ProjectReports.FileName;
string fileNameWithoutExtensionP = System.IO.Path.GetFileNameWithoutExtension(ProjectReports.FileName);
int iterationP = 1;
while (System.IO.File.Exists(Server.MapPath(ProjecttPath))) {
ProjecttPath = string.Concat(ReportDirectory, fileNameWithoutExtensionP, "-", iterationP, ".pdf");
iterationP++;
}
//publication
string publicationPath = ReportDirectory + Publications.FileName;
string fileNameWithoutExtensionPub = System.IO.Path.GetFileNameWithoutExtension(Publications.FileName);
int iterationPub = 1;
while (System.IO.File.Exists(Server.MapPath(publicationPath))) {
publicationPath = string.Concat(ReportDirectory, fileNameWithoutExtensionPub, "-", iterationPub, ".pdf");
iterationPub++;
}
ProjectReports.SaveAs(Server.MapPath(ProjecttPath));
AnnualReport.SaveAs(Server.MapPath(ReportPath));
Publications.SaveAs(Server.MapPath(publicationPath));
RegistDoc.SaveAs(Server.MapPath(RigisDocPath));
Other.SaveAs(Server.MapPath(OtherPath));
The code you posted is very poorly formated. However, the solution to your immediate problem is to move the null checks down to each individual document.
Instead of doing a huge if line (which has questionable logic, as it only checks if ANY of the documents were uploaded)
You can just check if the required documents are present. (looking at your exising code, present means document name object is not null)
If not, throw an error.
If they are, then proceed with the rest of the code, but wrap the individual processing of optional documents in their own null check if-s.
ie.
if (AnnualReport != null) {
//the block that does stuff with the anual report object
}
I did beak down the code into diferent methods like #irreal suggested, like below;
public void PublicationReporting() {
//connection for the datareader
string csoWConn = ConfigurationManager.ConnectionStrings["RegisterCon"].ToString();
SqlConnection csoW_connection = new SqlConnection(csoWConn);
string database = csoW_connection.DataSource.ToString();
csoW_connection.Open();
if (Publications == null)
{
Publications.Dispose();
////
String MyString = #"UPDATE tb_Quadrennial_Report SET PublicationsPath='' WHERE Org_ID = '" + Accrediated_Orgs.SelectedValue + "'";
SqlCommand MyCmd = new SqlCommand(MyString, csoW_connection);
int LastInsertedRecordID;
LastInsertedRecordID = Convert.ToInt32(MyCmd.ExecuteScalar());
}
else
{
int filesizeP = Publications.PostedFile.ContentLength;
if (filesizeP > 2097152)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "popup", "alert('Maximum File size For Publication is 2.0 MB');", true);
}
else
{
const string ReportDirectory = "REPORTS/";
//publication
string publicationPath = ReportDirectory + Publications.FileName;
string fileNameWithoutExtensionPub = System.IO.Path.GetFileNameWithoutExtension(Publications.FileName);
int iteration = 1; while (System.IO.File.Exists(Server.MapPath(publicationPath)))
{
publicationPath = string.Concat(ReportDirectory, fileNameWithoutExtensionPub, "-", iteration, ".pdf");
iteration++;
}
Publications.SaveAs(Server.MapPath(publicationPath));
String MyString = #"UPDATE tb_Quadrennial_Report SET PublicationsPath='" + publicationPath + "' WHERE Org_ID = '" + Accrediated_Orgs.SelectedValue + "'";
SqlCommand MyCmd = new SqlCommand(MyString, csoW_connection);
int LastInsertedRecordID;
LastInsertedRecordID = Convert.ToInt32(MyCmd.ExecuteScalar());
}
}
}
I then called it o the click event
try{
PublicationReporting();
}
catch (Exception ex)
{
pgError.Text = "Publication Exception Message: " + ex.Message;
}
finally
{
csoW_connection.Close();
}
From here it was pretty easy to figure out the problem.
I just needed to dispose the content in the upload field if no file was selected like this
public void PublicationReporting() {
//connection for the datareader
string csoWConn = ConfigurationManager.ConnectionStrings["RegisterCon"].ToString();
SqlConnection csoW_connection = new SqlConnection(csoWConn);
string database = csoW_connection.DataSource.ToString();
csoW_connection.Open();
if (Publications == null)
{
Publications.Dispose();
////
String MyString = #"UPDATE tb_Quadrennial_Report SET PublicationsPath='' WHERE Org_ID = '" + Accrediated_Orgs.SelectedValue + "'";
SqlCommand MyCmd = new SqlCommand(MyString, csoW_connection);
int LastInsertedRecordID;
LastInsertedRecordID = Convert.ToInt32(MyCmd.ExecuteScalar());
}
else{
//program continues}
I am having an issue when attempting to create a new user in active directory. I followed the steps provided in this link for using PrincipalContext (with the exception that I am only doing one user at a time when they are hired and entered into the system and not multiple so no loop is required). I am also using a UserPrincipal Extender.
Here is the code that I have:
protected void CreateUserPE()
{
try
{
PrincipalContext userCtx = new PrincipalContext(ContextType.Domain, DomainFQDN, DomainFull);
string UserName = txtFirstName.Text.ToLower() + " " + txtLastName.Text.ToLower();
string password = "superSecretPassword";
UserPrincipalsEx newUser = new UserPrincipalsEx(userCtx, UserName, password, true);
newUser.SamAccountName = txtFirstName.Text.ToLower() + "." + txtLastName.Text.ToLower();
newUser.UserPrincipalName = txtFirstName.Text.ToLower() + "." + txtLastName.Text.ToLower() + "#rasm.com";
newUser.EmployeeId = txtEmpID.Text;
newUser.LastName = txtLastName.Text;
newUser.GivenName = txtFirstName.Text;
newUser.DisplayName = txtFirstName.Text + " " + txtLastName.Text;
newUser.Name = txtFirstName.Text + " " + txtLastName.Text;
newUser.SetPassword(password);
newUser.HomePostalAddress = txtAddress.Text + ", " + txtCity.Text + ", " + txtState.Text + ", " + txtZip.Text;
newUser.CountryName = txtCountry.Text;
newUser.HomePhone = txtHomePhone.Text;
newUser.MobilePhone = txtMobilePhone.Text;
newUser.DateOfBirth = txtDOB.Text;
newUser.EmergencyContact = txtEmergencyCnt.Text;
newUser.EmergencyPhone = txtContactPhone.Text;
newUser.Relationship = ddlRelationship1.SelectedItem.ToString();
newUser.EmergencyContact2 = txtEmergencyCnt2.Text;
newUser.EmergencyPhone2 = txtContactPhone2.Text;
newUser.Relationship2 = ddlRelationship2.SelectedItem.ToString();
newUser.EyeColor = ddlEyeColor.SelectedItem.ToString();
newUser.HairColor = ddlHairColor.SelectedItem.ToString();
newUser.Height = txtHeight.Text;
newUser.Weight = txtWeight.Text;
newUser.Gender = ddlGender.SelectedItem.ToString();
newUser.PersonalEmail = txtPersonalEmail.Text;
newUser.PassportExpires = txtPassportExp.Text;
newUser.HomeBase = ddlHomeStation.SelectedItem.ToString();
newUser.WorkLocation = txtWorkLocation.Text;
newUser.PID = txtPID.Text;
newUser.Team = txtTeam.Text;
newUser.Manager = "CN=" + txtSupervisor.Text + "," + DomainFull;
newUser.Title = ddlJobTitle.SelectedItem.ToString();
newUser.JobCode = txtJobCode.Text;
newUser.PLC = txtPLC.Text;
newUser.BPLC = txtBPLC.Text;
newUser.Specialty = txtSpecialty.Text;
newUser.Position = txtPosition.Text;
newUser.DateOfHire = txtDOH.Text;
newUser.DateOnContract = txtDOC.Text;
newUser.TaskOrder = ddlTaskOrder.SelectedItem.ToString();
newUser.Classification = ddlClass.SelectedIndex.ToString();
newUser.Section = txtSection.Text;
newUser.GatePass = txtGatePass.Text;
newUser.GatePassExpires = txtGatePassExp.Text;
newUser.WorkPhone = txtWorkPhone.Text;
newUser.CompanyEmail = txtCompEmail.Text;
newUser.aKOEmail = txtMilEmail.Text;
newUser.aKOSponsor = txtMilEmailSp.Text;
newUser.CACSponsor = txtCacSponsor.Text;
newUser.CACSponsorEmail = txtCacSponsorEmail.Text;
newUser.CacCardExpires = txtCacExpires.Text;
newUser.Enabled = true;
newUser.ExpirePasswordNow();
newUser.Save();
newUser.Dispose();
}
catch
{
}
}
The program goes all the way to newUser.Save() and then throws the following error in the catch statement:
System.DirectoryServices.AccountManagement.PrincipalOperationException was caught
HResult=-2146233087
Message=The attribute syntax specified to the directory service is invalid.
Source=System.DirectoryServices.AccountManagement
ErrorCode=-2147016693
StackTrace:
at System.DirectoryServices.AccountManagement.ADStoreCtx.Insert(Principal p)
at System.DirectoryServices.AccountManagement.Principal.Save()
at Personnel_Employee.CreateUserPE() in c:\inetpub\wwwroot\TestingFolder\Personnel\Add\Employee.aspx.cs:line 263
InnerException: System.DirectoryServices.DirectoryServicesCOMException
HResult=-2147016693
Message=The attribute syntax specified to the directory service is invalid.
Source=System.DirectoryServices
ErrorCode=-2147016693
ExtendedError=87
ExtendedErrorMessage=00000057: LdapErr: DSID-0C090D11, comment: Error in attribute conversion operation, data 0, v23f0
StackTrace:
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)
InnerException:
Where am I going wrong.
You can not update an attribute with null or empty. I personaly dislike solutions with dummy values. If you are using the context principle just simply check for null or empty and dont update if its the case like:
if (!string.IsNullOrEmpty(txtbox.Text)){ newUser.attributeName = txtbox.Text}
If you are using an directory entry instead of an usercontext you can do something like this:
string adPath = "LDAP://server.domain.com/CN=John,CN=Users,dc=domain,dc=com";
DirectoryEntry userEntry = new DirectoryEntry(adPath);
if (txtBox.text == "")
{
userEntry.Properties["proppertyName"].Clear();
}
else if (!string.IsNullOrEmpty(txtBox.text))
{
userEntry.Properties[attribute.Key].Value = txtBox.text;
}
// dont do a thing when txtBox.Text is empty
It looks like more code but its much easier to make a foreachloop for it if you have a list with all attribute like:
private void UpdateEntryAttributes(DirectoryEntry entry, Dictionary<string, string> attributes)
{
foreach (KeyValuePair<string, string> attribute in attributes)
{
entry.Properties[attribute.Key].Value = attribute.Value;
if (attribute.Value == "")
{
entry.Properties[attribute.Key].Clear();
}
else if (!string.IsNullOrEmpty(attribute.Value))
{
entry.Properties[attribute.Key].Value = attribute.Value;
}
}
This can happen when attempting to write either a null or empty string to an AD field that prohibits it. An easy way to check whether this is the problem is to temporarily replace all such values with a dummy string (length > 0) and then run the code again. If that works, you can attempt a fix by changing the offending value--with AD, sometimes if null doesn't work, then an empty string will work, or vice versa.
I have written the following program which connects to two LDAP stores, compares the attributes and based on the outcome, creates a new csv file. I have run into a problem though.
Here is the code:
//Define LDAP Connection
string username = "****";
string password = "*****";
string domain = "LDAP://****";
//Define LDAP Connection
string ABSAusername = "****";
string ABSApassword = "****";
string ABSAdomain = "LDAP://****";
//Create Directory Searcher
DirectoryEntry ldapConnection = new DirectoryEntry(domain,username,password);
ldapConnection.AuthenticationType = AuthenticationTypes.Anonymous;
DirectorySearcher ds = new DirectorySearcher(ldapConnection);
ds.Filter = "((EmploymentStatus=0))";
ds.SearchScope = System.DirectoryServices.SearchScope.Subtree;
//Create Directory Searcher
DirectoryEntry ABSAldapConnection = new DirectoryEntry(ABSAdomain, ABSAusername, ABSApassword);
ABSAldapConnection.AuthenticationType = AuthenticationTypes.Anonymous;
DirectorySearcher ABSAds = new DirectorySearcher(ABSAldapConnection);
ABSAds.Filter = "((&(EmploymentStatus=3)(EmploymentStatusDescription=Active))";
ABSAds.SearchScope = System.DirectoryServices.SearchScope.Subtree;
ds.PropertiesToLoad.Add("cn");
ds.PropertiesToLoad.Add ("uid");
ds.PropertiesToLoad.Add("sn");
ds.PropertiesToLoad.Add("PersonnelAreaDesc");
ds.PropertiesToLoad.Add("JobcodeID");
ds.PropertiesToLoad.Add("CostCentreID");
ds.PropertiesToLoad.Add("CostCentreDescription");
ds.PropertiesToLoad.Add ("givenName");
ds.PropertiesToLoad.Add ("EmploymentStatus");
ds.PropertiesToLoad.Add("EmploymentStatusDescription");
ABSAds.PropertiesToLoad.Add("uid");
ABSAds.PropertiesToLoad.Add("EmploymentStatus");
ABSAds.Sort = new SortOption("uid", SortDirection.Ascending);
ds.Sort = new SortOption("cn", SortDirection.Ascending);
SearchResultCollection absaUsers = ds.FindAll();
SearchResultCollection srcUsers = ds.FindAll();
sw.WriteLine("Action" + "," + "uid" + "," + "Business Area" + "," + "employeeNumber" + "," + "First Name" + "," + "Last Name" + "," + "JobCodeID" + "," + "costCentreID" + "," + "costCentreDescription" + "," + "FullName" + "," + "EmploymentStatus" + "," + "EmploymentStatusDescription" );
sw.WriteLine("");
foreach (SearchResult users in srcUsers)
{
string cn = users.Properties["cn"][0].ToString();
string sn = users.Properties["sn"][0].ToString();
string userID = users.Properties["uid"][0].ToString();
string description = users.Properties["PersonnelAreaDesc"][0].ToString();
// string jobCodeID = users.Properties["JobcodeID"][1].ToString();
string CostCentreID = users.Properties["costCentreID"][0].ToString();
string CostCentreDescription = users.Properties["CostCentreDescription"][0].ToString();
string givenName = users.Properties["givenName"][0].ToString();
string employmentStatus = users.Properties["EmploymentStatus"][0].ToString();
string EmploymentStatusDescription = users.Properties["EmploymentStatusDescription"][0].ToString();
foreach (SearchResult absaUser in absaUsers)
{
string absaUID = absaUser.Properties["uid"][0].ToString();
string absaEmploymentStatus = absaUser.Properties["EmploymentStatus"][0].ToString();
if (cn == absaUID)
{
if (absaEmploymentStatus == "3")
{
sw.WriteLine(cn);
}
}
}
}
sw.Flush();
sw.Close();
sw.Dispose();
}
}
I created two foreach loops, in the first loop i assigned variables to strings, and in the second foreach loop i do a comparison with an IF statement. What i want to do is: if the uid in one LDAP is equal to the uid in the other ldap, and if the status of the user in the 1st ldap = 0 but the status of the user in the 2nd ldap = 3: then i want to print out the users that match that criteria from the 1st ldap.
If you look through my code, am i doing somthing wrong? The output of the program currently is about 10 users that are duplicated atleast 100 times each.
Thanks in advance.
There are several things obviously wrong with this code....
1) First of all, you're creating the same search result twice:
SearchResultCollection absaUsers = ds.FindAll();
SearchResultCollection srcUsers = ds.FindAll();
So if that searcher finds 10 users, you have two collections of the same 10 users here.
2) You then used nested foreach loops, so you basically go through all results from the first collection, one by one, and for each of those entries, you enumerate the entire second collection - basically doing a cartesian product between the two collections. So that's why you end up with 10 x 10 = 100 users in the end.....
3) you seem to be missing some kind of a restriction/condition to pick out only those elements from your second/inner result set that match the outer/first result set in some way. As long as you don't have such a condition in place, you'll always get all the results from the second result set for each element of the first result set = a classic cartesian product. Somehow, you want to select only certain elements from the second set, based on something from the first result set......
You have missed break in the following place:
if (cn == absaUID && absaEmploymentStatus == "3")
{
sw.WriteLine(cn);
break;
}