AD-DirectoryServices: .NET2.0 - Speaking architecture, approach and best practices... Suggestions?

Posted by Will Marcouiller on Stack Overflow See other posts from Stack Overflow or by Will Marcouiller
Published on 2010-05-07T19:13:03Z Indexed on 2010/05/07 19:28 UTC
Read the original article Hit count: 330

I've been mandated to write an application to migrate the Active Directory access models to another environment. Here's the context:

  1. I'm stuck with VB.NET 2005 and .NET Framework 2.0;
  2. The application must use the Windows authenticated user to manage AD;
  3. The objects I have to handle are Groups, Users and OrganizationalUnits;
  4. I intend to use the Façade design pattern to provider ease of use and a fully reusable code;
  5. I plan to write a factory for each of the objects managed (group, ou, user);
  6. The use of Attributes should be useful here, I guess;
  7. As everything is about the DirectoryEntry class when accessing the AD, it seems a good candidate for generic types.

Obligatory features:

  1. User creates new OUs manually;
  2. User creates new group manually;
  3. User creates new user (these users are services accounts) manually;
  4. Application reads an XML file which contains the OUs, groups and users to create;
  5. Application informs the user about the OUs, groups and users that shall be created;
  6. User specifies the domain environment where to migrate the XML input file designated objects;
  7. User makes changes if needed, and launches the task operations;
  8. Application performs required by the XML input file operations against the underlying AD as specified by the user;
  9. Application informs the user upon completion.

Linear features:

  1. User fetches OUs, groups, users;
  2. User changes OUs, groups, users;
  3. User deletes OUs, groups, users;
  4. The application logs AD entries and operations performed, plus errors and exceptions;

Nice-to-have features:

  1. Application rollbacks operations on error or exception.

I've been working for weeks now to get acquainted with the AD and the System.DirectoryServices assembly. But I don't seem to find a way to be fully satisfied with what I'm doing and always looking for better.

I have studied Bret de Smet's Linq to AD on CodePlex, but then again, I can't use it as I'm stuck with .NET 2.0, so no Linq! But I've learned about Attributes, and seen that he's working with generic types as he codes a DirectorySource class to perform the operations for OUs, groups and users.

I have been able to add groups to the AD;
I have been able to add users to the AD;

The created user is automatically disabled?
I seem to get confused with the use of a LDAP path to add objects. For instance, one needs two instances of a System.DirectoryServices.DirectoryEntry class to add a group, for instance. Why this?

Any suggestions?

Thanks for any help, code sample, ideas, architural solution, everything!

© Stack Overflow or respective owner

Related posts about system.directoryservices

Related posts about .net-2.0