AD-DirectoryServices: .NET2.0 - Speaking architecture, approach and best practices... Suggestions?
Posted
by Will Marcouiller
on Stack Overflow
See other posts from Stack Overflow
or by Will Marcouiller
Published on 2010-05-07T19:13:03Z
Indexed on
2010/05/07
19:28 UTC
Read the original article
Hit count: 330
I've been mandated to write an application to migrate the Active Directory access models to another environment. Here's the context:
- I'm stuck with VB.NET 2005 and .NET Framework 2.0;
- The application must use the Windows authenticated user to manage AD;
- The objects I have to handle are Groups, Users and OrganizationalUnits;
- I intend to use the Façade design pattern to provider ease of use and a fully reusable code;
- I plan to write a factory for each of the objects managed (group, ou, user);
- The use of Attributes should be useful here, I guess;
- As everything is about the DirectoryEntry class when accessing the AD, it seems a good candidate for generic types.
Obligatory features:
- User creates new OUs manually;
- User creates new group manually;
- User creates new user (these users are services accounts) manually;
- Application reads an XML file which contains the OUs, groups and users to create;
- Application informs the user about the OUs, groups and users that shall be created;
- User specifies the domain environment where to migrate the XML input file designated objects;
- User makes changes if needed, and launches the task operations;
- Application performs required by the XML input file operations against the underlying AD as specified by the user;
- Application informs the user upon completion.
Linear features:
- User fetches OUs, groups, users;
- User changes OUs, groups, users;
- User deletes OUs, groups, users;
- The application logs AD entries and operations performed, plus errors and exceptions;
Nice-to-have features:
- Application rollbacks operations on error or exception.
I've been working for weeks now to get acquainted with the AD and the System.DirectoryServices assembly. But I don't seem to find a way to be fully satisfied with what I'm doing and always looking for better.
I have studied Bret de Smet's Linq to AD on CodePlex, but then again, I can't use it as I'm stuck with .NET 2.0, so no Linq! But I've learned about Attributes, and seen that he's working with generic types as he codes a DirectorySource class to perform the operations for OUs, groups and users.
I have been able to add groups to the AD;
I have been able to add users to the AD;
The created user is automatically disabled?
I seem to get confused with the use of a LDAP path to add objects. For instance, one needs two instances of a System.DirectoryServices.DirectoryEntry class to add a group, for instance. Why this?
Any suggestions?
Thanks for any help, code sample, ideas, architural solution, everything!
© Stack Overflow or respective owner