In recent post we have discussed how to track Active Directory changes effeciently with PowerShell .
Now the same thing we can achieve with C#. And if you would wonder why C# since we have had it already in PowerShell ? Well maybe you would be writing a form of REST API for your enterprise ? Or writing application for personnel who is not fluent with scripting ( the ppl that do use GUI 🙂 )
Neverless this is going to be nice and easy. I will not be using screenshoots of Visual Studio in this post but just providing you with the information needed.
The architecture and design is totally up to you 🙂 I will introduce you to basics needed to put the bits and pieces together. To hold information which we receive it would be best to create a class with properties we will be interested in and hold that in a list.
public class adresult { string objName {get;set;} string objDN {get;set;} ... string objXYZ {get;set;} # Whatever else properties you would be interested in }
That was easy 🙂 Now let’s get to write our application. I focus here on console application but you can you whatever else type suitable for you.
Let’s prepare LDAP connections :
string ldapSrv = "LDAP://<LDAP-path>"; string ldapFilter = "(objectClass=user)"; // File to store our cookie string ldapCookie = @"c:\adsync-cookie.dat"; // set up search DirectoryEntry dir = new DirectoryEntry(ldapSrv); DirectorySearcher searcher = new DirectorySearcher(dir); searcher.Filter = ldapFilter; searcher.PropertiesToLoad.Add("name"); searcher.PropertiesToLoad.Add("distinguishedName"); searcher.SearchScope = SearchScope.Subtree; searcher.ExtendedDN = ExtendedDN.Standard;
Next is the interesting – which is synchronization object
// create directory synchronization object DirectorySynchronization sync = new DirectorySynchronization(); // check whether a cookie file exists and if so, set the dirsync to use it if (File.Exists(ldapCookie)) { byte[] byteCookie = File.ReadAllBytes(ldapCookie); sync.ResetDirectorySynchronizationCookie(byteCookie); }
Lastly is combining of what we have prepared and executing search
// Assign previously created object to searcher searcher.DirectorySynchronization = sync; // Create group of our objects List<adresult> ADresults = new List<adresult>(); foreach (SearchResult result in searcher.FindAll()) { adresult objAdresult = new adresult(); objAdresult.Objname = (string)result.Properties["name"][0]; string[] sExtendedDn = ((string)result.Properties["distinguishedName"][0]).Split(new Char[] { ';' }); objAdresult.objDN = sExtendedDn[2]; ADresults.Add(objAdresult); } // write new cookie value to file File.WriteAllBytes(ldapCookie, sync.GetDirectorySynchronizationCookie()); // Return results return ADresults;
This concludes this short post. I hope you would be able to use it for your complex Active Directory scenarios.