The System.DirectoryServices namespace provided classes for access to Active Directory (AD) and allowed us to perform different operations on AD. But it required the knowledge of the AD structure and Principal Store.
In .Net framework 3.5, Microsoft introduced the System.DirectoryServices.AccountManagement namespace that provides uniform access and manipulation of user, computer, and group security principals across the multiple principal stores: Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), and Machine SAM (MSAM).
System.DirectoryServices.AccountManagement manages directory objects independent of the System.DirectoryServices namespace and does not require knowledge of Principal Store.
Managed directory services applications can take advantage of the AccountManagement API to simplify management of user, computer and group principals. Solutions that previously required intricate knowledge of the store or lengthy code, such as finding all groups to which a user belongs, are accomplished in a few lines of code with theAccountManagement API.
Sample code to get the details of Group and Users is shown below:
public class ADUtility
{
private string
domain = string.Empty;
public ADUtility(string domain)
{
this.domain =
domain;
}
private PrincipalContext GetPrincipalContext()
{
PrincipalContext oPrincipalContext =
new
PrincipalContext(ContextType.Domain, domain);
return oPrincipalContext;
}
public GroupPrincipal GetGroup(string groupName)
{
PrincipalContext oPrincipalContext = GetPrincipalContext();
GroupPrincipal groupPrincipal =
GroupPrincipal.FindByIdentity(oPrincipalContext, groupName);
return groupPrincipal;
}
public UserPrincipal GetUser(string userName)
{
PrincipalContext oPrincipalContext = GetPrincipalContext();
UserPrincipal oUserPrincipal =
UserPrincipal.FindByIdentity(oPrincipalContext, sUserName);
return oUserPrincipal;
}
}
No comments:
Post a Comment