.NET ASPx Sayfası Üzerinden Active Directory’de Kullanıcı Oluşturma Default.aspx.cs

using System;
using System.IO;
using System.Security.AccessControl;
using System.Diagnostics;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.EnterpriseServices;
using System.Management;
using System.Management.Automation;
using System.Management.Automation.Remoting;
using System.Management.Automation.Host;
using System.Collections.ObjectModel;
using Microsoft.PowerShell.Commands;
using System.Text;

public partial class _Default : System.Web.UI.Page
{
  
    protected void Page_PreRender(object sender, EventArgs e)
    {
        if (GridView1.SelectedRow == null)
        {
            DetailsView1.Visible = false;
        }
        else
        {
            DetailsView1.Visible = true;
        }
    }
    public static bool Exist(string objectPath)
    {
        bool found = false;
        if(DirectoryEntry.Exists("LDAP://" + objectPath))
        {
            found = true;
        }
        return found;
    }
    protected void show_calender(object sender, EventArgs e) 
    {
        TextBox1.Text = Calendar1.SelectedDate.ToString();
    }

    protected void ekle_Click(object sender, EventArgs e)
    {
        if (ListBox1.SelectedItem != null)
        {

            ListBox2.Items.Add(new ListItem { Text = ListBox1.SelectedItem.Text, Value = ListBox1.SelectedItem.Value});
   
        }
    }

    protected void cikar_Click(object sender, EventArgs e)
    {       
        if (ListBox2.SelectedItem != null)
        {
            ListBox2.Items.Remove(new ListItem { Text = ListBox2.SelectedItem.Text, Value = ListBox2.SelectedItem.Value});
        }
   
    }
    protected void button1_Click(object sender, EventArgs e)
    {
        string branch = (department.SelectedItem.Text).ToString();
        string userFirstName = firstname.Text;
        string userLastName = lastname.Text;
        string userRank = (selectrank.SelectedValue).ToString();
        string userJobTitle = jobtitle.Text;
        string userOffice = (office.SelectedItem.Value).ToString();
        string userPhone = phonenumber.Text;
        string userName = username1.Text;
        string userPassword = password.Text;
        string userDisplayName = "GET-ITLABS " + (department.SelectedItem.Value).ToString() +" "+ userJobTitle + " " + userLastName + " "+ userFirstName + " " + userRank;
        string ldapPath = "OU=" + branch + "," + "OU=CONTOSO,DC=get-itlabs,DC=com,DC=tr";
        string groupSec = "OU=SECURITY GROUPS,OU=GROUPS,DC=get-itlabs,DC=com,DC=tr";
        string groupDist = "OU=DISTRIBUTION GROUPS,OU=GROUPS,DC=get-itlabs,DC=com,DC=tr";
        string groupSpec = "OU=DISTRIBUTION GROUPS (DELEGATED),OU=DISTRIBUTION GROUPS,OU=GROUPS,DC=get-itlabs,DC=com,DC=tr";
        //  string test = TextBox1.Text;
        DateTime expire = DateTime.Parse(TextBox1.Text);
        
        
        try
        {            
            string connectionPrefix = "LDAP://" + ldapPath;
            DirectoryEntry dirEntry = new DirectoryEntry(connectionPrefix);
            DirectoryEntry newUser = dirEntry.Children.Add
                ("CN=" + userName, "user");
            newUser.Properties["samAccountName"].Value = userName;
            newUser.Properties["givenName"].Value = userFirstName;
            newUser.Properties["sn"].Value = userLastName;
            newUser.Properties["displayName"].Value = userDisplayName;
            newUser.Properties["initials"].Value = userRank;
            newUser.Properties["title"].Value = userJobTitle;
            newUser.Properties["department"].Value = (department.SelectedItem.Value).ToString();
            newUser.Properties["telephoneNumber"].Value = userPhone;
            newUser.Properties["name"].Value = userName;
            newUser.Properties["company"].Value = "GET-ITLABS";
            newUser.Properties["userPrincipalName"].Value = userName + "@get-itlabs.com.tr";
            newUser.Properties["description"].Value = userJobTitle;
            newUser.Properties["physicalDeliveryOfficeName"].Value = userOffice;
            newUser.Properties["accountExpires"].Value = Convert.ToString((Int64)expire.ToFileTime());
            newUser.CommitChanges();            

            newUser.Invoke("SetPassword", new object[] { userPassword });
            newUser.Properties["userAccountControl"].Value = 512;
            newUser.CommitChanges();            
            dirEntry.Close();
            newUser.Close();                                  
            
            // User grup ekleme..
            foreach (ListItem item in ListBox2.Items) 
            {
                if (item.Value.Contains("security"))
                {
                    string ListGroupItem = "CN=" + item.Text + ",";
                    string GroupUser = "CN=" + userName + "," + ldapPath;
                    DirectoryEntry dirEntry1 = new DirectoryEntry("LDAP://" + ListGroupItem + groupSec);
                    dirEntry1.Properties["member"].Add(GroupUser);
                    dirEntry1.CommitChanges();
                    dirEntry1.Close();
                }
                if (item.Value.Contains("distribution"))
                {
                    string ListGroupItem = "CN=" + item.Text + ",";
                    string GroupUser = "CN=" + userName + "," + ldapPath;
                    DirectoryEntry dirEntry1 = new DirectoryEntry("LDAP://" + ListGroupItem + groupDist);
                    dirEntry1.Properties["member"].Add(GroupUser);
                    dirEntry1.CommitChanges();
                    dirEntry1.Close();
                }
                if (item.Value.Contains("special"))
                {
                    string ListGroupItem = "CN=" + item.Text + ",";
                    string GroupUser = "CN=" + userName + "," + ldapPath;
                    DirectoryEntry dirEntry1 = new DirectoryEntry("LDAP://" + ListGroupItem + groupSpec);
                    dirEntry1.Properties["member"].Add(GroupUser);
                    dirEntry1.CommitChanges();
                    dirEntry1.Close();
                }
            }                 
        } //User create etmek son..

        catch (System.DirectoryServices.DirectoryServicesCOMException E)
        {
           // string alarm= E.Message.ToString();
           // ClientScript.RegisterStartupScript(this.GetType(), "alert", alarm + "alert('Lutfen Password Complex kontrol ediniz')");

        }   // User Create bitis..                     
    }
    protected void button2_Click(object sender, EventArgs e)
    {
        string branch = (department.SelectedItem.Text).ToString();
        string ldapPath = "OU=" + branch + "," + "OU=CONTOSOUser,DC=get-itlabs,DC=com,DC=tr";        
        string userName = username1.Text;
        string homedir = @"\\SRVFILE1\Home$\" + userName;
        string fqdn = @"get-itlabs.com.tr\" + userName;
        string connectionPrefix = "CN="+ userName +","+ ldapPath;


        //User Home Klasorlerinin olusmasi...
        if (Exist(connectionPrefix) == true) 
        {
            if (!Directory.Exists(homedir))
            {
                Directory.CreateDirectory(homedir);
                DirectoryInfo dInfo = new DirectoryInfo(homedir);
                DirectorySecurity dSecurity = dInfo.GetAccessControl();
                dSecurity.AddAccessRule(new FileSystemAccessRule(fqdn, FileSystemRights.ReadAndExecute, AccessControlType.Allow));
                dInfo.SetAccessControl(dSecurity);
                string subdirper = homedir + "\\Personel";
                string subdirout = homedir + "\\Outlook";
                string subdirdoc = homedir + "\\Documents";
                if (!Directory.Exists(subdirdoc) && !Directory.Exists(subdirout) && !Directory.Exists(subdirper))
                {
                    Directory.CreateDirectory(subdirdoc);
                    DirectoryInfo dInfo1 = new DirectoryInfo(subdirdoc);
                    DirectorySecurity dSecurity1 = dInfo1.GetAccessControl();
                    dSecurity1.AddAccessRule(new FileSystemAccessRule(fqdn, FileSystemRights.Read, AccessControlType.Allow));
                    dSecurity1.AddAccessRule(new FileSystemAccessRule(fqdn, FileSystemRights.Write, AccessControlType.Allow));
                    dInfo1.SetAccessControl(dSecurity1);

                    Directory.CreateDirectory(subdirout);
                    DirectoryInfo dInfo2 = new DirectoryInfo(subdirout);
                    DirectorySecurity dSecurity2 = dInfo2.GetAccessControl();
                    dSecurity2.AddAccessRule(new FileSystemAccessRule(fqdn, FileSystemRights.Read, AccessControlType.Allow));
                    dSecurity2.AddAccessRule(new FileSystemAccessRule(fqdn, FileSystemRights.Write, AccessControlType.Allow));
                    dInfo2.SetAccessControl(dSecurity2);

                    Directory.CreateDirectory(subdirper);
                    DirectoryInfo dInfo3 = new DirectoryInfo(subdirout);
                    DirectorySecurity dSecurity3 = dInfo3.GetAccessControl();
                    dSecurity3.AddAccessRule(new FileSystemAccessRule(fqdn, FileSystemRights.Read, AccessControlType.Allow));
                    dSecurity3.AddAccessRule(new FileSystemAccessRule(fqdn, FileSystemRights.Write, AccessControlType.Allow));
                    dInfo3.SetAccessControl(dSecurity3);
                }
            } // User Home Klasorlerinin olusmasi bitis...
        }
        
    }
}

About the Author

2 thoughts on “.NET ASPx Sayfası Üzerinden Active Directory’de Kullanıcı Oluşturma Default.aspx.cs

    • Author gravatar

      Eline sağlık. Ancak webforms sayfası UI eylemlerini barındırmalı, business logic için farklı class’lardan faydalanmalı. Bu nedenle ben olsam ActiveDirectoryUser, ActiveDirectoryGroup adında iki class ile bunlar üzerinde AddUser ve AddUserToGroup adında iki metot üzerinden işleri görürdüm. Hem bu kullanıcı oluşturma yanında parola sıfırlama, kilit açma ve disable etme gibi işlemler için de yenide kullanılabilir bir yapı oluştururdu.

      Benzer biçimde klasör oluşturma için de DirectoryHelper adında static bir class açıp AddHomeDirectoryForUser(ActiveDirectoryUser user, bool isRootDir) biçimli bir metot yazarsak kod tekrarını önlemiş oluruz. Böylece isRootDir true ise farklı, false ise farklı erişim izinleri vermeyi sağlamak mümkün olur. Ayrıca kod başka sayfalar tarafından da kullanılabilir.

      Güzel bir çalışma olmuş, tebrikler.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir