I have the below snippet in PowerShell that is returning me the information I need for local administrators on a remote PC. I am trying to convert this code into c#, but have been having very little luck with it.
$ADMINS = get-wmiobject -computername $computername -Credential $Credential -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}
I am able to get a basic wmi query working in c# as seen below :
Method
public IEnumerable<CimInstance> WmiQuerier(CimSession session , string wmiquery)
{
try
{
string Namespace = #"root\cimv2";
IEnumerable<CimInstance> CimInstances = new List<CimInstance>();
CimInstances = session.QueryInstances(Namespace, "WQL", wmiquery);
//IEnumerable<CimInstance> CimInstances2 = CimInstances.SelectMany()
return CimInstances;
}
catch (Exception ex )
{
Console.WriteLine(ex.Message);
throw;
}
TEST
[Test]
public void CimQuery()
{
string querystring = "SELECT * FROM win32_groupuser";
Wmi wmi = new Wmi();
NetworkCredential mynetcred = new NetworkCredential("Domain\\User", "Password%");
CimCredential mycimCred = wmi.ConvertCred(mynetcred);
CimSession mySession = wmi.WmiConnection(testcomp, mycimCred);
IEnumerable<CimInstance> querierResults = wmi.WmiQuerier(mySession, querystring).Take(5).ToList();
Assert.IsInstanceOf<IEnumerable<CimInstance>>(querierResults);
}
}
However, When I attempt to add in any kind of Where clause like I have in the powershell code, (See my attempt below )
"SELECT * FROM win32_groupuser Where GroupComponent = \"Win32_Group.Domain='MachineName',Name='administrators' \""
I get the error
Microsoft.Management.Infrastructure.CimException: 'The WS-Management
service cannot process the request. The WQL query is invalid. '
What am I doing incorrectly in my WQL string?
Here's a query that works. I know one thing...that the syntax of the WQL is extremely sensitive and unforgiving...especially regarding spaces and quote nesting. Funny enough, it's fine with uppercase/lowercase:
using System.Management;
//....
var domainName = "YourDomainName";
var groupName = "Administrators";
var wql = string.Format
(
#"select partcomponent from win32_groupuser where groupcomponent='Win32_Group.Domain=""{0}"",Name=""{1}""'",
domainName,
groupName
);
foreach ( var thing in new ManagementObjectSearcher( wql ).Get( ) )
{
foreach ( var property in thing.Properties )
{
//--> And then, if you want the account object...
var path = new ManagementPath( property.Value as string );
var account = new ManagementObject( path );
foreach ( var acctProp in account.Properties )
{
Console.WriteLine( $"{acctProp.Name}={acctProp.Value}" );
}
}
}
Edit: Just for yucks, I added code to get the referenced Win32_Account object...since the value of partcomponent is a qualified reference to that account object.
It isn't clear on your example why it is failing since you do not have the WHERE clause set. My best guess is that some characters are not being escaped like they should.
You can also use ORMi library to give your problem an indirect solution. You can do it this way:
WMIHelper helper = new WMIHelper("root\\CimV2");
var users = helper.Query("SELECT * FROM Win32_GroupUser").ToList().Where(u => u.Contains("Win32_Group.Domain='MachineName',Name='administrators'"));
Related
This post is a follow-up to the following:
Active Directory: DirectoryEntry member list <> GroupPrincipal.GetMembers()
I have a function that retrieves the distinguishedName attribute for all members of a group in Active Directory. This function is used in a much large script that retrieves all user and group objects (total run time is 7-10 minutes). My problem here is that the downstream SSIS Lookup on the distinguishedName is extremely slow. This is not surprising due to the fact that it is looking up a varchar(255) versus UniqueIdentifier (16 bytes). I could do a SQL Select on the source and then Merge Join, which would speed things up. But, I am noticing a potential race condition (see run time above) in the extract where group members exist without a matching distinguishedName. If this is the case, then I need to address that; however, a Merge Join won't fail the load whereas a Lookup can be set to fail the load.
So, I need to get the guid on-the-fly via the distinguishedName. However, when I try to use the below method, the performance of the GetGroupMemberList function drops substantially. Is there a better/faster way to get the group member guid via the distinguishedName?
Method (for both loops):
listGroupMemberGuid.Add(new DirectoryEntry("LDAP://" + member, null, null, AuthenticationTypes.Secure).Guid);
listGroupMemberGuid.Add(new DirectoryEntry("LDAP://" + user, null, null, AuthenticationTypes.Secure).Guid);
Function:
private List<string> GetGroupMemberList(string strPropertyValue, string strActiveDirectoryHost, int intActiveDirectoryPageSize)
{
// Variable declaration(s).
List<string> listGroupMemberDn = new List<string>();
string strPath = strActiveDirectoryHost + "/<GUID=" + strPropertyValue + ">";
const int intIncrement = 1500; // https://msdn.microsoft.com/en-us/library/windows/desktop/ms676302(v=vs.85).aspx
var members = new List<string>();
// The count result returns 350.
var group = new DirectoryEntry(strPath, null, null, AuthenticationTypes.Secure);
//var group = new DirectoryEntry($"LDAP://{"EnterYourDomainHere"}/<GUID={strPropertyValue}>", null, null, AuthenticationTypes.Secure);
while (true)
{
var memberDns = group.Properties["member"];
foreach (var member in memberDns)
{
members.Add(member.ToString());
}
if (memberDns.Count < intIncrement) break;
group.RefreshCache(new[] { $"member;range={members.Count}-*" });
}
//Find users that have this group as a primary group
var secId = new SecurityIdentifier(group.Properties["objectSid"][0] as byte[], 0);
/* Find The RID (sure exists a best method)
*/
var reg = new Regex(#"^S.*-(\d+)$");
var match = reg.Match(secId.Value);
var rid = match.Groups[1].Value;
/* Directory Search for users that has a particular primary group
*/
var dsLookForUsers =
new DirectorySearcher {
Filter = string.Format("(primaryGroupID={0})", rid),
SearchScope = SearchScope.Subtree,
PageSize = 1000,
SearchRoot = new DirectoryEntry(strActiveDirectoryHost)
};
dsLookForUsers.PropertiesToLoad.Add("distinguishedName");
var srcUsers = dsLookForUsers.FindAll();
foreach (SearchResult user in srcUsers)
{
members.Add(user.Properties["distinguishedName"][0].ToString());
}
return members;
}
Update 1:
Code for retrieving the DN in the foreach(searchResult):
foreach (SearchResult searchResult in searchResultCollection)
{
string strDn = searchResult.Properties["distinguishedName"][0].ToString();
var de = new DirectoryEntry("LDAP://" + strDn, null, null, AuthenticationTypes.Secure);
de.RefreshCache(new[] { "objectGuid" });
var guid = new Guid((byte[])de.Properties["objectGuid"].Value);
}
It will always be slower since you have to talk to Active Directory again for each member. But, you can minimize the amount of traffic that it does.
I did a couple quick tests, while monitoring network traffic. I compared two methods:
Calling .Guid on the DirectoryEntry, like you have in your code.
Using this method:
var de = new DirectoryEntry("LDAP://" + member, null, null, AuthenticationTypes.Secure);
de.RefreshCache(new [] {"objectGuid"});
var guid = new Guid((byte[]) de.Properties["objectGuid"].Value);
The second method had significantly less network traffic: less than 1/3rd on the first account, and even less for each account after (it seems to reuse the connections).
I know that if you use .Properties without calling .RefreshCache first, it will pull every attribute for the account. It seems like using .Guid does the same thing.
Calling .RefreshCache(new [] {"objectGuid"}); only gets the objectGuid attribute and nothing else and saves it in the cache. Then when you use .Properties["objectGuid"] it already has the attribute in the cache, so it doesn't need to make any more network connections.
Update:
For the ones you get in the search, just ask for the objectGuid attribute instead of the distinguishedName:
dsLookForUsers.PropertiesToLoad.Add("objectGuid");
var srcUsers = dsLookForUsers.FindAll();
foreach (SearchResult user in srcUsers)
{
members.Add(new Guid((byte[])user.Properties["objectGuid"][0]));
}
I'm trying to create a statement to check data from a foxpro database against a string in c#
however I can't seem to get it working, would using parameterised queries here help to achieve what I'm trying to do?
string PROPCODE = "IMPORT_" + ID;
string leadtenant = clcodet;
using (OleDbCommand tenantpopulation = new OleDbCommand(#"SELECT
CLCODE,
CLCODEDESC
FROM CLIENT WHERE PROPCODET = " + PROPCODE, importConnection))
{
string tenants = "";
if (#"CLCODE" = leadtenant)
{
if (tenants != String.Empty)
{
//do something
}
}
}
To Clarify, i want to check whether CLCODE, called from tenantpopulation, matches leadtenant, defined elsewhere in the code
As others already noted using parameters is the way to go (not only in VFP but any SQL database). They are not only for preventing SQL injection attacks, using parameters the drivers take care of converting into correct string, adding/removing braces, quotes etc.
string PROPCODE = "IMPORT_" + ID;
string leadtenant = clcodet;
using (OleDbCommand tenantpopulation = new OleDbCommand(#"SELECT
CLCODE
FROM CLIENT WHERE PROPCODET = ?", importConnection))
{
tenantpopulation.Parameters.AddWithValue("p", PROPCODE);
// rest of code seem to be meaningless
// and I didn't see any code where you run your query
// depending on your requirement, I assume PROPCODET is a primary key?
// if so then you to do the check you only need to return the CLCODE
// with ExecuteScalar:
importConnection.Open();
var clcode = (string)tenantpopulation.ExecuteScalar();
importConnection.Close();
string tenants = "";
// in C# equality check is done with == NOT = (assingment)
if (clcode == leadtenant)
{
// tenants is always String.Empty here
if (tenants != String.Empty)
{
//do something
}
}
}
PS: Have you ever thought, using Tom Brother's LinqToVFP from codeplex? With Linq, you don't need to know these SQL dialects much and instead you use Object query (and intellisense).
I need to check the syntax OID's for LDAP attributes but I can't find any good starting point. I'm using C# and currently System.DirectoryServices.Protocols (must stay generic / non-Active Directory specific).
For example, using Apache Directory Studio against we can see that in Active Directory the "distinguishedName" attribute has syntax OID "1.3.6.1.4.1.1466.115.121.1.12".
Can anyone please kick me in the right direction?
Okay, I figured it out. I used a combination of this and this SO posts to work it out. Here it is stitched together, if any other soulds out there need it. Note that this works on Active Directory and OpenLDAP (using System.DirectoryServices.Protocols).
var ldapConnection = new LdapConnection( "hostname.tld" );
ldapConnection.AuthType = AuthType.Yours;
ldapConnection.Credential = new NetworkCredential( "username", "password", "domain" );
ldapConnection.SessionOptions.ProtocolVersion = 3;
// Find the subschema first...
var searchRequest = new SearchRequest( null, "(objectClass=*)", SearchScope.Base, "subschemasubentry" );
var searchResponse = (SearchResponse) ldapConnection.SendRequest( searchRequest );
var subSchemaArray = searchResponse.Entries[0].Attributes["subschemasubentry"].GetValues( typeof( String ) );
var subSchema = (String) subSchemaArray[0];
// Now query the LDAP server and get the attribute types
searchRequest = new SearchRequest( subSchema, "(objectClass=*)", SearchScope.Base, "attributetypes" );
searchResponse = (SearchResponse) ldapConnection.SendRequest( searchRequest );
foreach ( string attributeType in searchResponse.Entries[0].Attributes["attributeTypes"].GetValues( typeof( String ) ) )
{
// This is a chunky string, but the name and syntax OID is listed here
Console.WriteLine(attributeType);
}
I'm trying to use the Dapper orm with the following simple query:
var sqlString = new StringBuilder();
sqlString.Append("select a.acct AccountNumber,");
sqlString.Append(" b.first_name FirstName,");
sqlString.Append(" b.last_name LastName,");
sqlString.Append(" a.rr RrNumber,");
sqlString.Append(" c.addr1 AddressLine1,");
sqlString.Append(" c.addr2 AddressLine2,");
sqlString.Append(" c.addr3 AddressLine3,");
sqlString.Append(" c.addr4 AddressLine4,");
sqlString.Append(" c.addr5 AddressLine5,");
sqlString.Append(" c.addr6 AddressLine6,");
sqlString.Append(" c.addr7 AddressLine7,");
sqlString.Append(" c.addr8 AddressLine8 ");
sqlString.Append("from (pub.mfclac as a left join pub.mfcl as b on a.client=b.client) ");
sqlString.Append("left join pub.mfclad as c on a.client=c.client ");
sqlString.Append("where a.acct = '#ZYX'");
var connection = new OdbcConnection(_connectionString);
var result = connection.Query(sqlString.ToString(),
new
{
ZYX = accountNumber
});
However when I execute this with an accountNumber known to exist, dapper returns nothing. So I tried to remove the quotes to verify that the parameter is in fact being replaced with the account number, however the error being returned from the server indicates a syntax error around "#ZYX". Which means dapper is not replacing the parameter with it's given value. Any ideas why this is happening? From the limited documentation out there, this should 'just work'.
Edit1
Couldn't get this to work. Using string.format to insert the parameter as a work around.
There are two issues here; firstly (although you note this in your question) where a.acct = '#ZYX', under SQL rules, does not make use of any parameter - it looks to match the literal string that happens to include an # sign. For SQL-Server (see note below), the correct usage would be where a.acct = #ZYX.
However! Since you are use OdbcConnection, named parameters do not apply. If you are actually connecting to something like SQL-Server, I would strongly recommend using the pure ADO.NET clients, which have better features and performance than ODBC. However, if ODBC is your only option: it does not use named parameters. Until a few days ago, this would have represented a major problem, but as per Passing query parameters in Dapper using OleDb, the code (but not yet the NuGet package) now supports ODBC. If you build from source (or wait for the next release), you should be able to use:
...
where a.acct = ?
in your command, and:
var result = connection.Query(sqlString.ToString(),
new {
anythingYouLike = accountNumber
});
Note that the name (anythingYouLike) is not used by ODBC, so can be... anything you like. In a more complex scenario, for example:
.Execute(sql, new { id = 123, name = "abc", when = DateTime.Now });
dapper uses some knowledge of how anonymous types are implemented to understand the original order of the values, so that they are added to the command in the correct sequence (id, name, when).
One final observation:
Which means dapper is not replacing the parameter with it's given value.
Dapper never replaces parameters with their given value. That is simply not the correct way to parameterize sql: the parameters are usually sent separately, ensuring:
there is no SQL injection risk
maximum query plan re-use
no issues of formatting
Note that some ADO.NET / ODBC providers could theoretically choose to implement things internally via replacement - but that is separate to dapper.
I landed here from dublicate question: Dapper must declare the scalar variable
Error: Must declare the scalar variable "#Name".
I created queries dynamically with this piece of code:
public static bool Insert<T>(T entity)
{
var tableName = entity.GetType().CustomAttributes.FirstOrDefault(x => x.AttributeType.Name == nameof(TableAttribute))?.ConstructorArguments?.FirstOrDefault().Value as string;
if (string.IsNullOrEmpty(tableName))
throw new Exception($"Cannot save {entity.GetType().Name}. Database models should have [Table(\"tablename\")] attribute.");
DBSchema.TryGetValue(tableName.ToLower(), out var fields);
using (var con = new SqlConnection(ConnectionString))
{
con.Open();
var sql = $"INSERT INTO [{tableName}] (";
foreach (var field in fields.Where(x => x != "id"))
{
sql += $"[{field}]"+",";
}
sql = sql.TrimEnd(',');
sql += ")";
sql += " VALUES (";
foreach (var field in fields.Where(x => x != "id"))
{
sql += "#"+field + ",";
}
sql = sql.TrimEnd(',');
sql += ")";
var affectedRows = con.Execute(sql, entity);
return affectedRows > 0;
}
}
And I got the same error when my models was like this:
[Table("Users")]
public class User
{
public string Name;
public string Age;
}
I changed them to this:
[Table("Users")]
public class User
{
public string Name { get; set; }
public string Age { get; set; }
}
And it solved the problem for me.
How i get the list of active directory user attributes(not of particular user i.e.all attributes) e.g.cn,mail etc. using c#?
If you're on .NET 3.5 and up, you need to check out the classes in System.DirectoryServices.ActiveDirectory for this. You need to look at classes like ActiveDirectorySchema and ActiveDirectorySchemaClass.
You can get hold of the current AD schema by using:
ActiveDirectorySchema currSchema = ActiveDirectorySchema.GetCurrentSchema();
When you have the current schema, you can inspect the various class definitions, e.g.:
ActiveDirectorySchemaClass userSchema = currSchema.FindClass("person");
Once you have that object, you can inspect and enumerate its properties, things like:
MandatoryProperties
OptionalProperties
and so on to get an insight into the AD schema.
DirectoryEntry dir = new DirectoryEntry();
dir.Path = "LDAP://YourActiveDirServername ";
DirectorySearcher sea = new DirectorySearcher(dir);
sea.Filter = "(sAMAccountName=Uname)";
SearchResult seares = sea.FindOne();
StringBuilder str = new StringBuilder();
System.DirectoryServices.ResultPropertyCollection prop = seares.Properties;
ICollection coll = prop.PropertyNames;
IEnumerator enu = coll.GetEnumerator();
while (enu.MoveNext())
{
str.Append(enu.Current + " = " + seares.Properties[enu.Current.ToString()][0] + "\n");
}
Also, take a look at: http://www.codeproject.com/KB/system/everythingInAD.aspx
You could use WMI:
ObjectGetOptions objectGetOptions = new ObjectGetOptions(null, System.TimeSpan.MaxValue, true);
ManagementClass managementClass = new ManagementClass("root\\directory\\LDAP", "ads_user", objectGetOptions);
foreach (PropertyData dataObject in managementClass.Properties)
{
Console.WriteLine(dataObject.Name);
}
While ADExplorer does not list all the available attributes, I have found it a great tool for seeing what goes where.
You can download it from http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx
UserPropertyList = new List<string>();
ActiveDirectorySchema currSchema = ActiveDirectorySchema.GetCurrentSchema();
ICollection Collection = currSchema.FindAllProperties();
IEnumerator Enumerator = Collection.GetEnumerator();
while (Enumerator.MoveNext())
{
UserPropertyList.Add(Enumerator.Current.ToString());
}
The above code will add all search attributes of Active Directory to the UserPropertyList...
Expanding on marc_s's answer here. Here is a complete code example that prints the common name and the actual attribute name.
ActiveDirectorySchema schema = ActiveDirectorySchema.GetCurrentSchema();
ActiveDirectorySchemaClass person = schema.FindClass("user");
foreach( ActiveDirectorySchemaProperty property in person.GetAllProperties() )
{
Console.WriteLine("{0} = {1}", property.CommonName, property.Name);
}
Example output.
Common-Name = cn
Instance-Type = instanceType
NT-Security-Descriptor = nTSecurityDescriptor
Object-Category = objectCategory
Object-Class = objectClass
Object-Sid = objectSid
SAM-Account-Name = sAMAccountName
Account-Expires = accountExpires
...