Feedback

C# - lokale User und Gruppen administrieren

Veröffentlicht von am 23.11.2007
(1 Bewertungen)
Mit dieser Klasse können lokale User und Gruppen angelegt,modifiziert und gelöscht werden.
GFU-Schulungen  [Anzeige]

VB.NET 2017/2015/2013 Aufbau

Nach dieser Schulung können Sie mittels objektorientierter Modelle in VB.NET 2017/2015/2013 wiederverwendbare Elemente eigenständig erstellen.

VB.NET Aufbau

Sie verfügen nach der Schulung über fundierte Kenntnisse in der Arbeit mit objektorientierten Modellen in VB.NET und können wiederverwendbare Komponenten eigenständig erzeugen.

using System;
using System.Collections.Generic;
using System.Text;

namespace Helper
{
    public class LocalMachine
    {        
        private static string _operationSuccess = "success";
        private static string _operationFailed = "failed";
        private static string _operationUserNotExist = "Can not found the specified user";
        private static string _operationGroupNotExist = "Can not found the specified group";
        /// <summary>
        /// Get the DirectoryEntry
        /// </summary>
        /// <returns></returns>
        public static System.DirectoryServices.DirectoryEntry GetLocalMachineEntry()
        {
            System.DirectoryServices.DirectoryEntry result = null;
            try
            {
                //Initiate DirectoryEntry Class To Connect Through WINNT Protocol
                string entryString = "WinNT://" + Environment.MachineName + ",computer";
                result = new System.DirectoryServices.DirectoryEntry(entryString);
            }
            catch
            {
                result = null;
            }
            return result;
        }
        /// <summary>
        /// Check if the user exist
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <returns></returns>
        public static bool UserExist(string userIdentity)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();            
            bool result = false;

            if (localMachine != null)
            {
                try
                {
                    //Search if specified User exist
                    if (localMachine.Children.Find(userIdentity, "user") != null)
                        result = true;
                }
                catch
                {
                    result = false;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Check if the group exist
        /// </summary>
        /// <param name="groupIdentity"></param>
        /// <returns></returns>
        public static bool GroupExist(string groupIdentity)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            bool result = false;

            if (localMachine != null)
            {
                try
                {
                    //Search if specified Group already exist
                    if (localMachine.Children.Find(groupIdentity, "group") != null)
                        result = true;
                }
                catch
                {
                    result = false;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Adds a specified group if the specified user exist and adds the user to the group
        /// </summary>
        /// <param name="groupIdentity"></param>
        /// <param name="groupDescription"></param>
        /// <param name="userIdentity"></param>
        /// <returns></returns>
        public static string CreateGroupAndAddUserToGroup(string groupIdentity, string groupDescription, string userIdentity)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;
            if (localMachine != null)
            {
                if (UserExist(userIdentity))
                {
                    result = CreateGroup(groupIdentity, groupDescription);
                    if (result == _operationSuccess)
                    {
                        if (GroupExist(groupIdentity))
                        {
                            try
                            {
                                System.DirectoryServices.DirectoryEntry groupEntry = localMachine.Children.Find(groupIdentity, "group");
                                System.DirectoryServices.DirectoryEntry userEntry = localMachine.Children.Find(userIdentity, "user");

                                //Add User To specified Group                            
                                groupEntry.Invoke("Add", new object[] { userEntry.Path.ToString() });
                                groupEntry.CommitChanges();
                                result = _operationSuccess;
                                groupEntry.Close();
                                groupEntry.Dispose();
                                userEntry.Close();
                                userEntry.Dispose();
                            }
                            catch (Exception ex)
                            {
                                result = ex.Message;
                            }
                        }
                        else
                        {
                            result = _operationGroupNotExist;
                        }
                    }
                }
                else
                {
                    result = _operationUserNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Adds a specified group with a specified description
        /// </summary>
        /// <param name="groupIdentity"></param>
        /// <param name="groupDescription"></param>
        /// <returns></returns>
        public static string CreateGroup(string groupIdentity, string groupDescription)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;

            if (localMachine != null)
            {
                if (GroupExist(groupIdentity) == false)
                {
                    try
                    {
                        //Add Group
                        System.DirectoryServices.DirectoryEntry newGroup = localMachine.Children.Add(groupIdentity, "group");
                        localMachine.CommitChanges();
                        if (groupDescription.Trim() != "")
                        {
                            newGroup.Invoke("Put", new object[] { "Description", groupDescription });
                            newGroup.CommitChanges();
                            result = _operationSuccess;                            
                        }
                        newGroup.Close();
                        newGroup.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationGroupNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Add a specified User to a specified Group
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <param name="groupIdentity"></param>
        /// <returns></returns>
        public static string AddUserToGroup(string userIdentity,string groupIdentity)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;
            if (localMachine != null)
            {
                if (UserExist(userIdentity) && GroupExist(groupIdentity))
                {
                    try
                    {
                        System.DirectoryServices.DirectoryEntry groupEntry = localMachine.Children.Find(groupIdentity, "group");
                        System.DirectoryServices.DirectoryEntry userEntry = localMachine.Children.Find(userIdentity, "user");
                        //Add User To the specified group                            
                        groupEntry.Invoke("Add", new object[] { userEntry.Path.ToString() });
                        groupEntry.CommitChanges();
                        result = _operationSuccess;
                        groupEntry.Close();
                        groupEntry.Dispose();
                        userEntry.Close();
                        userEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationGroupNotExist + " " + _operationUserNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Remove a specified user from a specified group
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <param name="groupIdentity"></param>
        /// <returns></returns>
        public static string RemoveUserFromGroup(string userIdentity, string groupIdentity)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;

            if (localMachine != null)
            {
                if (UserExist(userIdentity) && GroupExist(groupIdentity))
                {
                    System.DirectoryServices.DirectoryEntry userEntry = localMachine.Children.Find(userIdentity, "user");
                    System.DirectoryServices.DirectoryEntry groupEntry = localMachine.Children.Find(groupIdentity, "group"); ;

                    // remove user from the group
                    try
                    {
                        groupEntry.Invoke("Remove", new object[] { userEntry.Path });
                        groupEntry.CommitChanges();
                        result = _operationSuccess;
                        groupEntry.Close();
                        groupEntry.Dispose();
                        userEntry.Close();
                        userEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationUserNotExist + " " + _operationGroupNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Remove a specified group
        /// </summary>
        /// <param name="groupIdentity"></param>
        /// <returns></returns>
        public static string DeleteGroup(string groupIdentity)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;

            if (localMachine != null)
            {
                if (GroupExist(groupIdentity))
                {
                    try
                    {
                        //Delete specified Group 
                        System.DirectoryServices.DirectoryEntry groupEntry = localMachine.Children.Find(groupIdentity, "group");
                        localMachine.Children.Remove(groupEntry);
                        localMachine.CommitChanges();
                        result = _operationSuccess;
                        groupEntry.Close();
                        groupEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationGroupNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Get the members from a group
        /// </summary>
        /// <param name="groupIdentity"></param>
        /// <param name="groupMembers"></param>
        /// <returns></returns>
        public static string GetGroupMembers(string groupIdentity,out string groupMembers)
        {
            groupMembers = string.Empty;
            string result = _operationFailed;
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            if(localMachine != null)
            {
                if(GroupExist(groupIdentity))
                {
                    try
                    {
                        System.DirectoryServices.DirectoryEntry groupEntry = localMachine.Children.Find(groupIdentity, "group");
                        object Members = groupEntry.Invoke("members", null);

                        foreach (object groupMember in (System.Collections.IEnumerable)Members)
                        {
                            System.DirectoryServices.DirectoryEntry member = new System.DirectoryServices.DirectoryEntry(groupMember);
                            groupMembers += member.Name + ";";
                            member.Close();
                            member.Dispose();
                        }
                        groupEntry.Close();
                        groupEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }

                }
                else
                {
                    result = _operationGroupNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Create a Windows-User with the specified attributes
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <param name="userPassword"></param>
        /// <param name="userDescription"></param>
        /// <param name="accountActive"></param>
        /// <param name="cannotChangePassword"></param>
        /// <param name="passwordNeverExpires"></param>
        /// <param name="defaultGroup"></param>
        /// <returns></returns>
        public static string CreateUser(string userIdentity, string userPassword, string userDescription, bool accountActive, bool cannotChangePassword, bool passwordNeverExpires, string defaultGroup)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;

            if (localMachine != null)
            {
                if (UserExist(userIdentity) == false)
                {
                    try
                    {
                        //Add user
                        System.DirectoryServices.DirectoryEntry newUser = localMachine.Children.Add(userIdentity, "user");
                        localMachine.CommitChanges();
                        newUser.Close();
                        newUser.Dispose();
                        //Set password
                        result = SetUserPassword(userIdentity, userPassword);
                        
                        if(result == _operationSuccess)
                        {
                            result = SetUserDescription(userIdentity, userDescription);

                            if(result == _operationSuccess)
                            {
                               result = SetUserFlags(userIdentity,cannotChangePassword,passwordNeverExpires,accountActive);
 
                                if(result == _operationSuccess)
                                {
                                    //If specified defaultGroup Is Provided, Add New User To This Group
                                    if (defaultGroup.Trim() != "")
                                    {
                                        result = AddUserToGroup(userIdentity, defaultGroup);
                                    }
                                }
                            }
                        }                           
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationSuccess;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
                
        /// <summary>
        /// Enables/Disables the specified User-Account
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <param name="accountActive"></param>
        /// <returns></returns>
        public static string EnableDisableUser(string userIdentity, bool accountActive)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;

            if (localMachine != null)
            {
                if (UserExist(userIdentity))
                {
                    try
                    {
                        System.DirectoryServices.DirectoryEntry userEntry = localMachine.Children.Find(userIdentity, "user");                        
                        //Flags
                        //First Normal Account
                        int ADS_UF_NORMAL_ACCOUNT = 512;
                        int combinedFlag = ADS_UF_NORMAL_ACCOUNT; //(int)userFlags;

                        //1. User cannot change password
                        int ADS_UF_PASSWD_CANT_CHANGE = 0x000000040;

                        //2. Password Never Expires
                        int ADS_UF_DONT_EXPIRE_PASSWD = 0x00010000;

                        combinedFlag = ADS_UF_NORMAL_ACCOUNT | ADS_UF_DONT_EXPIRE_PASSWD | ADS_UF_PASSWD_CANT_CHANGE;

                        //3. Account Disabled
                        if (!accountActive)
                        {
                            int ADS_UF_ACCOUNTDISABLE = 0x0002;
                            combinedFlag = combinedFlag | ADS_UF_ACCOUNTDISABLE;
                        }

                        userEntry.Invoke("Put", new Object[] { "userFlags", combinedFlag });

                        //Commit Changes
                        userEntry.CommitChanges();
                        result = _operationSuccess;
                        userEntry.Close();
                        userEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationUserNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        
        /// <summary>
        /// Sets the Password of the Specified User
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <param name="newPassword"></param>
        /// <returns></returns>
        public static string SetUserPassword(string userIdentity, string newPassword)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;

            if (localMachine != null)
            {
                if (UserExist(userIdentity))
                {
                    try
                    {
                        System.DirectoryServices.DirectoryEntry userEntry = localMachine.Children.Find(userIdentity, "user");                        
                        userEntry.Invoke("SetPassword", newPassword);
                        userEntry.CommitChanges();
                        result = _operationSuccess;
                        userEntry.Close();
                        userEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationUserNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        public static string SetUserDescription(string userIdentity, string userDescription)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;

            if (localMachine != null)
            {
                if (UserExist(userIdentity))
                {
                    try
                    {
                        System.DirectoryServices.DirectoryEntry userEntry = localMachine.Children.Find(userIdentity, "user");
                        userEntry.Invoke("Put", new object[] { "Description", userDescription });
                        userEntry.CommitChanges();
                        result = _operationSuccess;
                        userEntry.Close();
                        userEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationUserNotExist;
                }

            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Modify specified user-account settings
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <param name="changeUserPassword"></param>
        /// <param name="newUserPassword"></param>
        /// <param name="userDescription"></param>
        /// <param name="accountActive"></param>
        /// <param name="cannotChangePassword"></param>
        /// <param name="passwordNeverExpires"></param>
        /// <param name="isGroupChanged"></param>
        /// <param name="newGroup"></param>
        /// <param name="oldGroup"></param>
        /// <returns></returns>
        public static string ModifyUser(string userIdentity, bool changeUserPassword, string newUserPassword, string userDescription, bool accountActive, bool cannotChangePassword, bool passwordNeverExpires, bool isGroupChanged, string newGroup, string oldGroup)
        {
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();
            string result = _operationFailed;

            if (localMachine != null)
            {
                if (changeUserPassword)
                {
                    result = SetUserPassword(userIdentity, newUserPassword);

                    if (result == _operationSuccess)
                    {
                        if (isGroupChanged && (oldGroup != newGroup))
                        {
                            //first add the user to the new group
                            result = AddUserToGroup(userIdentity, newGroup);
                            if (result == _operationSuccess)
                            {
                                result = RemoveUserFromGroup(userIdentity, oldGroup);
                            }
                        }
                        if (result == _operationSuccess)
                        {
                            result = SetUserDescription(userIdentity, userDescription);

                            if (result == _operationSuccess)
                            {
                                result = SetUserFlags(userIdentity, cannotChangePassword, passwordNeverExpires, accountActive);
                            }
                        }
                    }
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Modify the User-Flags
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <param name="cannotChangePassword"></param>
        /// <param name="passwordNeverExpires"></param>
        /// <param name="accountActive"></param>
        /// <returns></returns>
        public static string SetUserFlags(string userIdentity, bool cannotChangePassword, bool passwordNeverExpires, bool accountActive)
        {
            string result = _operationFailed;
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();

            if (localMachine != null)
            {
                if (UserExist(userIdentity))
                {
                    System.DirectoryServices.DirectoryEntry userEntry = localMachine.Children.Find(userIdentity, "user");
                    
                    //Flags
                    //First Normal Account
                    int ADS_UF_NORMAL_ACCOUNT = 512;
                    int combinedFlag = ADS_UF_NORMAL_ACCOUNT;

                    //1. User cannot change password
                    int ADS_UF_PASSWD_CANT_CHANGE = 0x000000040;

                    //2. Password Never Expires
                    int ADS_UF_DONT_EXPIRE_PASSWD = 0x00010000;

                    if (cannotChangePassword && passwordNeverExpires)
                        combinedFlag = combinedFlag | ADS_UF_DONT_EXPIRE_PASSWD | ADS_UF_PASSWD_CANT_CHANGE;
                    else if (cannotChangePassword)
                        combinedFlag = combinedFlag | ADS_UF_PASSWD_CANT_CHANGE;
                    else if (passwordNeverExpires)
                        combinedFlag = combinedFlag | ADS_UF_DONT_EXPIRE_PASSWD;

                    //combinedFlag = ADS_UF_NORMAL_ACCOUNT | ADS_UF_DONT_EXPIRE_PASSWD | ADS_UF_PASSWD_CANT_CHANGE;

                    //3. Account Disabled
                    if (!accountActive)
                    {
                        int ADS_UF_ACCOUNTDISABLE = 0x0002;
                        combinedFlag = combinedFlag | ADS_UF_ACCOUNTDISABLE;
                    }
                    try
                    {
                        userEntry.Invoke("Put", new Object[] { "userFlags", combinedFlag });

                        //Commit Changes
                        userEntry.CommitChanges();
                        result = _operationSuccess;
                        userEntry.Close();
                        userEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }                    
                }
                else
                {
                    result = _operationUserNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }
        /// <summary>
        /// Deletes the specified user-identity
        /// </summary>
        /// <param name="userIdentity"></param>
        /// <returns></returns>
        public static string DeleteUser(string userIdentity)
        {
            string result = _operationFailed;
            System.DirectoryServices.DirectoryEntry localMachine = GetLocalMachineEntry();

            if (localMachine != null)
            {
                if (UserExist(userIdentity))
                {
                    try
                    {
                        System.DirectoryServices.DirectoryEntry userEntry = localMachine.Children.Find(userIdentity, "user");
                        localMachine.Children.Remove(userEntry);
                        result =_operationSuccess;
                        userEntry.Close();
                        userEntry.Dispose();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                    }
                }
                else
                {
                    result = _operationUserNotExist;
                }
            }
            localMachine.Close();
            localMachine.Dispose();
            return result;
        }

    }
}
    

Kommentare zum Snippet

 

Logge dich ein, um hier zu kommentieren!