Hi I would like to remove account names by using a foreach in method readInput that sends the accounts to method DisableADUser that would disable the accounts and remove the name from the global List invalidAccounts (whole code line 7) if the operation is successful.
I have tried using the Remove method and placing it in both the if and else condition in the DisableADUser method but it does not work. How should I go about resolving this? Thanks in advance. :)
readInput method (lines 1- 13)
//Read user input
private static string readInput(string Input)
{
string input = string.Empty;
switch (Input)
{
case "disable":
invalidAccount.ForEach(delegate(String samAccountName)
{
Console.WriteLine('\n' + samAccountName);
//disable inactive accounts
DisableADUser(samAccountName);
});
//count number of invalid accounts
int invalidAccounts = invalidAccount.Count;
Console.WriteLine("\nExecution has completed. ");
invalidAccount.Clear();
Console.WriteLine("Press [enter] to continue.\n");
input = Console.ReadLine();
break;
case "query":
Console.WriteLine("\nQuery for expiry has finished.\n");
Console.WriteLine("Press [enter] to continue.\n");
input = Console.ReadLine();
break;
case "exit":
//leave console
Environment.Exit(2);
break;
default:
throw new Exception("Invalid command entered.");
}
return input;
}
disableADUser (lines 1- 15)
//disable invalid accounts
private static void DisableADUser(string samAccountName)
{
try
{
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
(principalContext, samAccountName);
userPrincipal.Enabled = false;
userPrincipal.Save();
if (userPrincipal.Enabled != true)
{
Console.WriteLine("Account has been disabled successfully");
//remove from list invalidAccounts
invalidAccount.Remove(samAccountName);
}
else
{
Console.Write("Unable to disable account");
//invalidAccount.Remove(samAccountName);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
If needed, I've included my entire code as well.
namespace ConsoleApplication2
{
class Program
{
const int UF_LOCKOUT = 0x0010;
const int UF_PASSWORD_EXPIRED = 0x800000;
private static List<string> invalidAccount = new List<string>();
static void Main(string[] args)
{
string line;
Console.WriteLine("Welcome to account validator V1.1.\n");
do
{
Console.WriteLine("Please enter service account username, password \nand desired ldap address to proceed.\n\n");
//pass username to GetInput method
String serviceAccountUserName = GetInput("Username");
//pass password to GetInput method
String serviceAccountPassword = GetInput("Password");
//pass ldap address to GetInput method
String ldapAddress = GetInput("Ldap address");
try
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ldapAddress))
{
bool isValid = false;
// validate the credentials
isValid = pc.ValidateCredentials(serviceAccountUserName, serviceAccountPassword);
if (isValid)
{
Console.WriteLine("\nQuerying for users from domain " + ldapAddress + " now.\n\n");
//pass login details to GetSAM method
GetSAM(ldapAddress, serviceAccountUserName, serviceAccountPassword);
Console.WriteLine("\nEnter exit to leave.\n");
Console.WriteLine("Enter disable to disable the invalid accounts.\n");
Console.WriteLine("Enter query to find the expiry date of valid accounts.\n");
string Input = Console.ReadLine();
//pass input to readInput method
readInput(Input);
Console.WriteLine("\nEnter exit to leave.");
Console.WriteLine("Press [enter] to query database.");
}//end of if statement for validate credentials
else
{
Console.WriteLine("\nInvalid login credentials.\n");
Console.WriteLine("Press [enter] and enter exit to leave.");
Console.WriteLine("\nPress [enter] [enter] to try again.\n");
Console.ReadLine();
}//end of else statement for validate credentials
}//end of using
}//end of try
catch (Exception e)
{
Console.WriteLine("\nlogin attempt has failed. See exception for more information. ");
throw new Exception("Log in attempt has failed." + " Exception caught:\n\n" + e.ToString());
}//end of catch
}//end of do
while ((line = Console.ReadLine()) != "exit");
//Thread.Sleep(60000);
} //end of main
//Read user input
private static string readInput(string Input)
{
string input = string.Empty;
switch (Input)
{
case "disable":
invalidAccount.ForEach(delegate(String samAccountName)
{
Console.WriteLine('\n' + samAccountName);
//disable inactive accounts
DisableADUser(samAccountName);
});
//count number of invalid accounts
int invalidAccounts = invalidAccount.Count;
Console.WriteLine("\nExecution has completed. " + invalidAccounts + " invalid accounts have been disabled.");
invalidAccount.Clear();
Console.WriteLine("Press [enter] to continue.\n");
input = Console.ReadLine();
break;
case "query":
Console.WriteLine("\nQuery for expiry has finished.\n");
Console.WriteLine("Press [enter] to continue.\n");
input = Console.ReadLine();
break;
case "exit":
//leave console
Environment.Exit(2);
break;
default:
throw new Exception("Invalid command entered. Please enter command again.");
}
return input;
}
// find password expiry date
//Get SAMAccount
private static string GetSAM(string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string readOutput;
int countAll = 0;
string ldapPath = "LDAP://" + ldapAddress;
string ldapFilter = "(&(objectclass=user)(objectcategory=person))";
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
using (DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry))
{
string samAccountName;
directorySearcher.Filter = ldapFilter;
directorySearcher.SearchScope = SearchScope.Subtree;
directorySearcher.PageSize = 1000;
using (SearchResultCollection searchResultCollection = directorySearcher.FindAll())
{
foreach (SearchResult result in searchResultCollection)
{
samAccountName = result.Properties["sAMAccountName"][0].ToString();
//validate accounts by passing details into valSAM method
if (valSAM(samAccountName, ldapAddress, serviceAccountUserName, serviceAccountPassword) != true)
{
//add invalid account to list invalidAccount
invalidAccount.Add(samAccountName);
}
//count all accounts
countAll++;
} //end of foreach
// Count all invalid accounts
int invalidAccounts = invalidAccount.Count;
Console.WriteLine("\nFound " + invalidAccounts + " invalid accounts out of " + countAll + " user accounts.\n");
Console.WriteLine("Query in " + ldapAddress + " has finished.");
Console.WriteLine("Press [enter] to continue.\n");
readOutput = Console.ReadLine();
}//SearchResultCollection will be disposed here
}
return readOutput;
}
//Validate SAMAccount
private static bool valSAM(string samAccountName, string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
StringBuilder builder = new StringBuilder();
bool accountValidation = false;
//create instance fo the directory searcher
DirectorySearcher desearch = new DirectorySearcher(directoryEntry);
//set the search filter
desearch.Filter = "(&(sAMAccountName=" + samAccountName + ")(objectcategory=user))";
//find the first instance
SearchResult results = desearch.FindOne();
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ldapAddress))
{
//if users are present in database
if (results != null)
{
//Check if account is activated
bool isAccountActived = IsActive(results.GetDirectoryEntry());
//Check if account is expired or locked
bool isAccountLocked = IsAccountLockOrExpired(results.GetDirectoryEntry());
accountValidation = ((isAccountActived != true) || (isAccountLocked));
//account is invalid
if (accountValidation)
{
builder.Append("User account " + samAccountName + " is invalid. ");
if ((isAccountActived != true) && (isAccountLocked))
{
builder.AppendLine("Account is inactive and locked or expired.");
} else if (isAccountActived != true)
{
builder.AppendLine("Account is inactive.");
}
else if (isAccountLocked)
{
builder.AppendLine("Account is locked or has expired.") ;
}
else
{
builder.AppendLine("Unknown reason. Contact admin for help.");
}
accountValidation = false;
}
//account is valid
if ((isAccountActived) && (isAccountLocked != true))
{
builder.AppendLine("User account " + samAccountName + " is valid.");
accountValidation = true;
}
}
else Console.WriteLine("No users found.");
//print only invalid accounts
if (!accountValidation)
{
//prevent printing of empty lines
if (builder.Length > 0)
{
Console.WriteLine(builder);
}
}
}//end of using
return accountValidation;
}
//Prevent empty user input
private static string GetInput(string Prompt)
{
string Result = string.Empty;
do
{
Console.Write(Prompt + ": ");
Result = Console.ReadLine();
if (string.IsNullOrEmpty(Result)) Console.WriteLine("Empty input, please try again.\n");
}
while (!(!string.IsNullOrEmpty(Result)));
return Result;
}
//check if account is active
static private bool IsActive(DirectoryEntry de)
{
if (de.NativeGuid == null) return false;
int flags = (int)de.Properties["userAccountControl"].Value;
return !Convert.ToBoolean(flags & 0x0002);
}
//check if account is locked or expired
static private bool IsAccountLockOrExpired(DirectoryEntry de)
{
string attribName = "msDS-User-Account-Control-Computed";
de.RefreshCache(new string[] { attribName });
int userFlags = (int)de.Properties[attribName].Value;
return userFlags == UF_LOCKOUT || userFlags == UF_PASSWORD_EXPIRED;
}
//disable invalid accounts
private static void DisableADUser(string samAccountName)
{
try
{
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
(principalContext, samAccountName);
userPrincipal.Enabled = false;
userPrincipal.Save();
if (userPrincipal.Enabled != true)
{
Console.WriteLine("User " + samAccountName + "'s account has been disabled successfully");
//remove from list invalidAccounts
invalidAccount.Remove(samAccountName);
}
else
{
Console.Write("Unable to disable account");
//invalidAccount.Remove(samAccountName);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}
You can't Remove items from the list you are iterating. It messes with the enumerator to delete things out from under it. You need to copy the items you want to keep to another list instead, and then copy it back if necessary; or create a list of items you want to remove, and remove them all at once at the end.
This has a discussion of various methods: Intelligent way of removing items from a List<T> while enumerating in C#
Related
I've been working on getting this to work all day, and haven't had any success. I want to clean up my code and separate different chunks of code into different classes and functions. Here is a chunk of code that refuses to run.
using System;
using Raven.Client.Documents;
namespace RavendbTest
{
class Program
{
static void Main(string[] args)
{
var store = new DocumentStore
{
Urls = new[] { "http://localhost:8080" },
Database = "Tasks"
};
store.Initialize();
}
static void Checking()
{
Console.WriteLine("Login or Sign Up? (L/S)");
string userInput = Console.ReadLine();
if (userInput.ToLower() == "l")
{
Console.WriteLine("Logging you in");
}
else if (userInput.ToLower() == "s")
{
Console.WriteLine("Signing you up\n");
Console.Write("First Name: ");
string firstName = Console.ReadLine();
char firstNameInitial = firstName.ToLower()[0];
Console.WriteLine(firstNameInitial);
Console.Write("Last Name: ");
string lastName = Console.ReadLine();
char lastNameInitial = lastName.ToLower()[0];
Console.WriteLine(lastNameInitial);
Console.Write("Email: ");
string email = Console.ReadLine();
string combinedInitial = firstNameInitial.ToString() + lastNameInitial.ToString();
Console.WriteLine(combinedInitial);
// Checking if email has a '#' symbol in it. Determine validity
bool isVerified = false;
for (int i = 0; email.Length > i; i++)
{
if (email[i] != '#')
{
continue;
}
else if (email[i] == '#')
{
isVerified = true;
}
}
if (isVerified == true)
{
using (var session = Store.OpenSession())
{
var task = session.Load<Entity>(combinedInitial + email);
if (task == null)
{
Console.WriteLine("Creating your account");
var newUser = new Entity
{
Id = combinedInitial + email,
FirstName = firstName,
LastName = lastName,
Email = email
};
session.Store(newUser);
session.SaveChanges();
}
else
{
Console.WriteLine("This email is already in use... Would you like to login? (Y/N)");
string changeChoice = Console.ReadLine();
if (changeChoice.ToLower()[0] == 'y')
{
}
else
{
Console.WriteLine("Exiting Program");
}
}
using (var session = store.OpenSession())
{
var task = session.Load<Entity>(combinedInitial + email);
}
}
}
else
{
Console.WriteLine("Please enter a valid email address");
Console.WriteLine("Exiting Program");
}
}
else
{
Console.WriteLine("Error");
}
}
}
}
I thinking that I'm getting errors because my function checking can't see that I've already initialize a DocumentStore. Any help is greatly appreciated
When i create user it stores into the string, but when i try to login with the same(somehow it doesn't exist in the string...)
using System;
namespace Exercise4
{
class Program
{
static void Main(string[] args)
{
Start:
Console.WriteLine("Za login stisnete 1 ili za register 2");
var input = Console.ReadLine();
bool successfull = false;
while (!successfull)
{
var arrUsers = new Users[]
{
new Users("tomas","samsung",2605),
new Users("stefan","pasle",15),
new Users("dimitar","jovanov",32)
};
if (input == "1")
{
Console.WriteLine("Write your username:");
var username = Console.ReadLine();
Console.WriteLine("Enter your password:");
var password = Console.ReadLine();
foreach (Users user in arrUsers)
{
if (username == user.username && password == user.password)
{
Console.WriteLine("You have successfully logged in !!!");
Console.ReadLine();
successfull = true;
break;
}
else if (username != user.username || password != user.password)
{
Console.WriteLine("Your username or password is incorect, try again !!!");
Console.ReadLine();
break;
}
}
}
else if (input == "2")
{
Console.WriteLine("Enter your username:");
var username = Console.ReadLine();
Console.WriteLine("Enter your password:");
var password = Console.ReadLine();
Console.WriteLine("Enter your id:");
int id = int.Parse(Console.ReadLine());
Array.Resize(ref arrUsers, arrUsers.Length + 1);
arrUsers[arrUsers.Length - 1] = new Users(username,password, id);
successfull = true;
goto Start;
}
else
{
Console.WriteLine("Try again !!!");
break;
}
}
}
}
}
Cant figure it out how to do it.
class Program
{
static void Main(string[] args)
{
var arrUsers = new Users[]
{
new Users("tomas","samsung",2605),
new Users("stefan","pasle",15),
new Users("dimitar","jovanov",32)
};
Start:
Console.WriteLine("Za login stisnete 1 ili za register 2");
var input = Console.ReadLine();
bool successfull = false;
while (!successfull)
{
if (input == "1")
{
Console.WriteLine("Write your username:");
var username = Console.ReadLine();
Console.WriteLine("Enter your password:");
var password = Console.ReadLine();
foreach (Users user in arrUsers)
{
if (username == user.username && password == user.password)
{
Console.WriteLine("You have successfully logged in !!!");
Console.ReadLine();
successfull = true;
break;
}
}
if (!successfull)
{
Console.WriteLine("Your username or password is incorect, try again !!!");
}
}
else if (input == "2")
{
Console.WriteLine("Enter your username:");
var username = Console.ReadLine();
Console.WriteLine("Enter your password:");
var password = Console.ReadLine();
Console.WriteLine("Enter your id:");
int id = int.Parse(Console.ReadLine());
Array.Resize(ref arrUsers, arrUsers.Length + 1);
arrUsers[arrUsers.Length - 1] = new Users(username, password, id);
successfull = true;
goto Start;
}
else
{
Console.WriteLine("Try again !!!");
break;
}
}
}
}
public class Users
{
public string username;
public string password;
private int id;
public Users(string username, string password, int id)
{
this.username = username;
this.password = password;
this.id = id;
}
}
I made some changes on your code please check the difference
I placed the arrUsers before Start so that the reference wont change when you goto Start
Hi I would like to get and count all the invalid accounts from the method valSAM using my other method GetSAM.
I've managed to use the count property to get the total number of accounts in the database from the GetSAM method. (lines 7- 23, GetSAM) The problem is, I do not know how to replicate that and call/ count the total number of invalid accounts from the valSAM method. (lines 20- 39, valSAM)
I have a hunch that I have to somehow call the invalid accounts to the GetSAM method before I am able to call them as well but I do not know how to implement it. Can anyone please advise me on this?
GetSAM method:
//Get SAMAccount
private static string GetSAM(string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
string ldapFilter = "(&(objectclass=user)(objectcategory=person))";
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
string readOutput;
List<string> list = new List<string>();
StringBuilder builder = new StringBuilder();
using (DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry))
{
string samAccountName;
directorySearcher.Filter = ldapFilter;
directorySearcher.SearchScope = SearchScope.Subtree;
directorySearcher.PageSize = 1000;
using (SearchResultCollection searchResultCollection = directorySearcher.FindAll())
{
foreach (SearchResult result in searchResultCollection)
{
samAccountName = result.Properties["sAMAccountName"][0].ToString();
valSAM(samAccountName, ldapAddress, serviceAccountUserName, serviceAccountPassword);
list.Add(samAccountName);
} //end of foreach
// Count all accounts
int totalAccounts = list.Count;
Console.WriteLine("Found " + totalAccounts + " accounts. Query in " + ldapAddress + " has finished.\n");
Console.WriteLine("Press [enter] to continue.\n");
readOutput = Console.ReadLine();
}//SearchResultCollection will be disposed here
}
return readOutput;
}
valSAM method:
//Validate SAMAccount
private static string valSAM(string samAccountName, string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
StringBuilder builder = new StringBuilder();
//create instance fo the directory searcher
DirectorySearcher desearch = new DirectorySearcher(directoryEntry);
//set the search filter
desearch.Filter = "(&(sAMAccountName=" + samAccountName + ")(objectcategory=user))";
//find the first instance
SearchResult results = desearch.FindOne();
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ldapAddress))
{
//if users are present in database
if (results != null)
{
//Check if account is activated
bool isAccountActived = IsActive(results.GetDirectoryEntry());
//Check if account is expired or locked
bool isAccountLocked = IsAccountLockOrExpired(results.GetDirectoryEntry());
//account is invalid
if ((isAccountActived != true) || (isAccountLocked))
{
builder.Append("User account " + samAccountName + " is invalid. ");
if ((isAccountActived != true) && (isAccountLocked))
{
builder.Append("Account is inactive and locked or expired.").Append('\n'); ;
} else if (isAccountActived != true)
{
builder.Append("Account is inactive.").Append('\n'); ;
}
else if (isAccountLocked)
{
builder.Append("Account is locked or has expired.").Append('\n'); ;
}
else
{
builder.Append("Unknown reason for status. Contact admin for help.").Append('\n'); ;
}
}
//account is valid
if ((isAccountActived) && (isAccountLocked != true))
{
builder.Append("User account " + samAccountName + " is valid.").Append('\n');
}
}
else Console.WriteLine("Nothing found.");
Console.WriteLine(builder);
}
return builder.ToString();
}
Updated valSAM:
//Validate SAMAccount
private static bool valSAM(string samAccountName, string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
StringBuilder builder = new StringBuilder();
bool accountValidation = true;
//create instance fo the directory searcher
DirectorySearcher desearch = new DirectorySearcher(directoryEntry);
//set the search filter
desearch.Filter = "(&(sAMAccountName=" + samAccountName + ")(objectcategory=user))";
//find the first instance
SearchResult results = desearch.FindOne();
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ldapAddress))
{
//if users are present in database
if (results != null)
{
//Check if account is activated
bool isAccountActived = IsActive(results.GetDirectoryEntry());
//Check if account is expired or locked
bool isAccountLocked = IsAccountLockOrExpired(results.GetDirectoryEntry());
accountValidation = ((isAccountActived != true) || (isAccountLocked));
//account is invalid
if (accountValidation)
{
builder.Append("User account " + samAccountName + " is invalid. ");
if ((isAccountActived != true) && (isAccountLocked))
{
builder.Append("Account is inactive and locked or expired.").Append('\n'); ;
} else if (isAccountActived != true)
{
builder.Append("Account is inactive.").Append('\n'); ;
}
else if (isAccountLocked)
{
builder.Append("Account is locked or has expired.").Append('\n'); ;
}
else
{
builder.Append("Unknown reason for status. Contact admin for help.").Append('\n'); ;
}
return false;
}
//account is valid
if ((isAccountActived) && (isAccountLocked != true))
{
builder.Append("User account " + samAccountName + " is valid.").Append('\n');
return true;
}
}
else Console.WriteLine("Nothing found.");
Console.WriteLine(builder);
Console.ReadLine();
}//end of using
return accountValidation;
}
Thanks a million :)
Update: Now I have a new problem after updating my valSAM- I am unable to print out the accounts when I return the boolean accountValidation instead of builder.ToString().
You are returning the call before you do Console.WriteLine, do something like this:
private static bool valSAM(string samAccountName, string ldapAddress, string serviceAccountUserName, string serviceAccountPassword)
{
string ldapPath = "LDAP://" + ldapAddress;
DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, serviceAccountUserName, serviceAccountPassword);
StringBuilder builder = new StringBuilder();
bool accountValidation = true;
//create instance fo the directory searcher
DirectorySearcher desearch = new DirectorySearcher(directoryEntry);
//set the search filter
desearch.Filter = "(&(sAMAccountName=" + samAccountName + ")(objectcategory=user))";
//find the first instance
SearchResult results = desearch.FindOne();
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ldapAddress))
{
//if users are present in database
if (results != null)
{
//Check if account is activated
bool isAccountActived = IsActive(results.GetDirectoryEntry());
//Check if account is expired or locked
bool isAccountLocked = IsAccountLockOrExpired(results.GetDirectoryEntry());
accountValidation = ((isAccountActived != true) || (isAccountLocked));
//account is invalid
if (accountValidation)
{
builder.Append("User account " + samAccountName + " is invalid. ");
if ((isAccountActived != true) && (isAccountLocked))
{
builder.Append("Account is inactive and locked or expired.").Append('\n'); ;
} else if (isAccountActived != true)
{
builder.Append("Account is inactive.").Append('\n'); ;
}
else if (isAccountLocked)
{
builder.Append("Account is locked or has expired.").Append('\n'); ;
}
else
{
builder.Append("Unknown reason for status. Contact admin for help.").Append('\n'); ;
}
accountValidation = false;
}
//account is valid
if ((isAccountActived) && (isAccountLocked != true))
{
builder.Append("User account " + samAccountName + " is valid.").Append('\n');
accountValidation = true;
}
}
else Console.WriteLine("Nothing found.");
Console.WriteLine(builder);
Console.ReadLine();
}//end of using
return accountValidation;
}
So now, you can assign the value and have one return point and can also print the names. As for keeping track of counts in main function you can place valSAM call in
if(valSAM(samAccountName, ldapAddress, serviceAccountUserName, serviceAccountPassword))
{
invalidAccountCount++;
}
And needless to say, you have to initialize invalidAccountCount outside the loop.
I need to authenticate LDAP user in c# with input username and password.
DirectoryEntry entry =
new DirectoryEntry("LDAP://" + ServerName + "/OU=managed users,OU=KKâ, + LDAPDomain, AdminUsername, Adminpassword);
DirectorySearcher search = new DirectorySearcher(entry);
search.SearchScope = SearchScope.Subtree;
search.Filter = "(|(&(objectCategory=person)(objectClass=user)(name=" + inputUsername + ")))";
search.PropertiesToLoad.Add("cn");
var searchresult = search.FindAll();
And here I get the required record (could see the details)
However when I try to authenticate it using below code, it always said authentication failure
if (searchresult != null)
{
foreach (SearchResult sr in searchresult)
{
DirectoryEntry myuser = sr.GetDirectoryEntry();
myuser.Password = inputPassword;
try
{
object nativeObject = myuser.NativeObject;
if (nativeObject != null)
isValid = true;
}
catch(excecption ex)
{
isValid = false;
//Error message
}
}
}
It always result in catch block with error message
Logon failure: unknown user name or bad password. failure: unknown user name or bad password.
I'm sure that the given password is correct.
Please suggest.
As suggest by Saad,
I changed by code
public static bool IsAuthenticated()
{
var isValid = false;
string adServer = ConfigurationManager.AppSettings["Server"];
string adDomain = ConfigurationManager.AppSettings["Domain"];
string adminUsername = ConfigurationManager.AppSettings["AdminUsername"];
string adminpassword = ConfigurationManager.AppSettings["Password"];
string username = ConfigurationManager.AppSettings["Username"];
string selection = ConfigurationManager.AppSettings["Selection"];
string[] dc = adDomain.Split('.');
string dcAdDomain = string.Empty;
foreach (string item in dc)
{
if (dc[dc.Length - 1].Equals(item))
dcAdDomain = dcAdDomain + "DC=" + item;
else
dcAdDomain = dcAdDomain + "DC=" + item + ",";
}
string domainAndUsername = dcAdDomain + #"\" + adminUsername;
DirectoryEntry entry = new DirectoryEntry("LDAP://" + adServer, domainAndUsername, adminpassword);
try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
Console.WriteLine("And here is the result = " + result);
if (null == result)
{
isValid = false;
}
//Update the new path to the user in the directory.
var _path1 = result.Path;
var _filterAttribute = (string)result.Properties["cn"][0];
Console.WriteLine("And here is the _path1 = " + _path1);
Console.WriteLine("And here is the _filterAttribute = " + _filterAttribute);
isValid = true;
}
catch (Exception ex1)
{// your catch here
Console.WriteLine("Exception occurred " + ex1.Message + ex1.StackTrace);
}
return isValid;
}
Still it is giving error
Exception occurred Logon failure: unknown user name or bad passwor
d.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_NativeObject()
at Portal.LdapTest.Program.IsAuthenticated()
I think I am confused with which parameter to give where.
I have
LDAP server address something like 123.123.12.123
Domain Name like abc.com
Admin username and password and
Username and password which is needs be authenticated. (which is in OU=new users,OU=KK )
I am creating directory entry using servername, domain, admin username and password
How do I validate the username with given password?
This code works for me,try it and let me know (modify the filters and properties to suit your needs):
public bool IsAuthenticated(string domain, string username, string pwd){
string domainAndUsername = domain + #"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (string)result.Properties["cn"][0];
}
catch(Exception e){// your catch here
}
}
public bool AuthenticateUser(string EmailAddress, string password,out string msg)
{
msg = string.Empty;
if (password == null || password == string.Empty || EmailAddress == null || EmailAddress == string.Empty)
{
msg = "Email and/or password can't be empty!";
return false;
}
try
{
ADUserInfo userInfo = GetUserAttributes(EmailAddress);
if (userInfo == null)
{
msg = "Error: Couldn't fetch user information!";
return false;
}
DirectoryEntry directoryEntry = new DirectoryEntry(LocalGCUri, userInfo.Upn, password);
directoryEntry.AuthenticationType = AuthenticationTypes.None;
string localFilter = string.Format(ADSearchFilter, EmailAddress);
DirectorySearcher localSearcher = new DirectorySearcher(directoryEntry);
localSearcher.PropertiesToLoad.Add("mail");
localSearcher.Filter = localFilter;
SearchResult result = localSearcher.FindOne();
if (result != null)
{
msg = "You have logged in successfully!";
return true;
}
else
{
msg = "Login failed, please try again.";
return false;
}
}catch (Exception ex)
{
//System.ArgumentException argEx = new System.ArgumentException("Logon failure: unknown user name or bad password");
//throw argEx;
msg = "Wrong Email and/or Password!";
return false;
}
}
I have to list all users (both local system and domain). I tried using WQL but it takes a lot of time for the program to run. Is there any other way to get it from registry? Any help would be appreciated.
using System;
using System.Collections.Generic;
using System.DirectoryServices;
namespace ListADUsers.ConsoleApp
{
class Program
{
static void Main(string[] args)
{
Console.Clear();
IList<String> userList = new List<String>();
int badEntries = 0;
string domainName = String.Empty;
if (args.Length > 0)
domainName = args[0];
else
{
Console.Write("\nPlease enter your Active Directory domain name: ");
domainName = Console.ReadLine();
}
Console.Write(String.Format("\nAttempting to build user list for {0} ...\n\n", domainName));
try
{
if (!String.IsNullOrEmpty(domainName))
{
DirectoryEntry myDirectoryEntry = new DirectoryEntry(String.Format("LDAP://{0}", domainName));
DirectorySearcher mySearcher = new DirectorySearcher(myDirectoryEntry);
SortOption mySort = new SortOption("sn", SortDirection.Ascending);
mySearcher.Filter = ("(objectCategory=person)");
mySearcher.Sort = mySort;
foreach (SearchResult resEnt in mySearcher.FindAll())
{
try
{
if (!String.IsNullOrEmpty(resEnt.Properties["Mail"][0].ToString())
&& System.Text.RegularExpressions.Regex.IsMatch(resEnt.Properties["DisplayName"][0].ToString(), " |admin|test|service|system|[$]", System.Text.RegularExpressions.RegexOptions.IgnoreCase)
)
{
int space = resEnt.Properties["DisplayName"][0].ToString().IndexOf(" ");
string formattedName = String.Format("{0}{1}{2}",
resEnt.Properties["DisplayName"][0].ToString().Substring(space).PadRight(25),
resEnt.Properties["DisplayName"][0].ToString().Substring(0, space).PadRight(15),
resEnt.Properties["Mail"][0].ToString()
);
userList.Add(formattedName);
}
}
catch
{
badEntries++;
}
}
if (userList.Count > 0)
{
Console.WriteLine(String.Format("=========== Listing of users in the {0} domain\n", domainName));
Console.WriteLine(String.Format("{0}{1}{2}", "Surname".PadRight(25), "First Name".PadRight(15), "Email Address\n"));
for (int i = 0; i < userList.Count - 1; i++)
Console.WriteLine(userList[i].ToString());
Console.WriteLine(String.Format("\n=========== {0} users found in the {1} domain", userList.Count.ToString(), domainName));
}
else
Console.WriteLine(String.Format("\n=========== 0 users found in the {0} domain", userList.Count.ToString()));
Console.WriteLine(String.Format("=========== {0} objects could not be read", badEntries.ToString()));
Console.WriteLine("=========== End of Listing");
}
else
{
Console.WriteLine("Please enter a domain name next time!");
}
}
catch (Exception ex)
{
// in a production app you wouldn't show the user the exception details
Console.Write(String.Format("A critical error occurred.\nDetails: {0}", ex.Message.ToString()));
}
}
}
}
Download sample application : Sample Application to List AD Users
Source : Follow Up â List active directory users â This time in C#