Enterprise IT Identity & Access Management

A Buyer's & Integrator's Guide - WebLog Version 1.0

This Blog

About
Email

Syndication

Search

News

Hi, I've moved into an Information Security Research & Strategy role from an IAM Architecture role. So this blog site is retired. I may launch a security blog in the future. Thank you all for visiting!

Sample Code (C#) - Provision User Accounts and Groups with MIIS

Here is my sample code to provision AD use accounts and groups using MIIS MV Extension:

// Use Visual Studio to build
using System;
using Microsoft.MetadirectoryServices;

namespace Mms_Metaverse
{
    public class MVExtensionObject : IMVSynchronization
    {
       public MVExtensionObject()
        {
        }

        void IMVSynchronization.Initialize ()
        {
        }

        void IMVSynchronization.Terminate ()
        {
        }

  void IMVSynchronization.Provision (MVEntry mventry)
  {
   ConnectedMA ManagementAgent;
   int Connectors;
   ReferenceValue dn;
   string container;
   string rdn;
   CSEntry CSentry;

   // Get the ActiveDirectory Management Agent
   ManagementAgent = mventry.ConnectedMAs["AD_MA_Name"];
   Connectors = ManagementAgent.Connectors.Count;

   if(0 == Connectors)
   {
    if (mventry.ObjectType == "person" )
    {
     container = "OU=OU_Name,DC=Domain_Name,DC=com";
     if(mventry["cn"].IsPresent)
       {
        rdn = "CN=" + mventry["cn"].Value;
        dn = ManagementAgent.EscapeDNComponent(rdn).Concat(container);
       }
       else
       {
        throw new UnexpectedDataException();
       }
     CSentry = ManagementAgent.Connectors.StartNewConnector("user");
     CSentry.DN = dn;
     CSentry["unicodepwd"].Values.Add("Initial_Password");
     CSentry["cn"].Value = mventry["cn"].Value;
     CSentry["sAMAccountName"].Value = mventry["sAMAccountName"].Value;
     CSentry["displayName"].Value = mventry["displayName"].Value;
     CSentry["givenName"].Value = mventry["givenName"].Value;
     CSentry["mail"].Value = mventry["mail"].Value;
     CSentry["mailNickname"].Value = mventry["mailNickname"].Value;
     CSentry["sn"].Value = mventry["sn"].Value;
     CSentry["title"].Value = mventry["title"].Value;
     CSentry["telephoneNumber"].Value = mventry["telephoneNumber"].Value;
     CSentry["userAccountControl"].IntegerValue = 66080; // Enable the account
     CSentry.CommitNewConnector();
    }

    if (mventry.ObjectType == "group" )
    {
     container = "OU=OU_Name,DC=Domain_Name,DC=com";
     if(mventry["cn"].IsPresent)
     {
      rdn = "CN=" + mventry["cn"].Value;
      dn = ManagementAgent.EscapeDNComponent(rdn).Concat(container);
     }
     else
     {
      throw new UnexpectedDataException();
     }
     CSentry = ManagementAgent.Connectors.StartNewConnector("group");
     CSentry.DN = dn;
     CSentry["cn"].Value = mventry["cn"].Value;
     CSentry["sAMAccountName"].Value = mventry["sAMAccountName"].Value;
     CSentry["groupType"].IntegerValue = 8; // you can change type
     CSentry.CommitNewConnector();
    }
   }
  }

        bool IMVSynchronization.ShouldDeleteFromMV (CSEntry csentry, MVEntry mventry)
        {
            throw new EntryPointNotImplementedException();
        }
    }
}