none
How to create unique Distinguished name for provisioning new users using .net DLL rule extension ? RRS feed

  • Question

  • How to create unique Distinguished name for provisioning new users in Active directory using .net DLL rule extension ? Some code to guide can be of great help!
    Monday, April 22, 2013 5:52 AM

Answers

  • Hi Shivam,

    I believe you are looking for unique accountName, please find below the code the check the availability of AccountName or any other attribute value in Metaverse, AD and assignment of AccountName attribute, let me know if you have any difficulty understanding the code:

     void IMASynchronization.MapAttributesForImport(string FlowRuleName, CSEntry csentry, MVEntry mventry)
            {

                string accountName;
                switch (FlowRuleName)
                {


                    case "accountName":


                           
                            if (!mventry["accountName"].IsPresent)
                            {


                                accountName = (csentry["First_Name"].Value.ToString().Substring(0, 3) + csentry["Last_Name"].Value.ToString().Substring(0, 3)).ToLower();
                                accountName = accountName.Trim();
                                if (csentry["First_Name"].IsPresent)
                                {
                                    string NameAccountname = accountName;
                                    for (int i = 1; i <= 100; i++)
                                    {
                                        if (GetAccountName(NameAccountname, mventry))
                                        {
                                            bool acPresent = checkName(NameAccountname);
                                            if (!acPresent)
                                            {
                                                mventry["accountName"].Value = NameAccountname;
                                                break;
                                            }
                                        }
                                        NameAccountname = accountName + i.ToString();
                                    }

                                }
                            }


      /*
            * 
            * Check Account Name in AD
            * */

            public bool checkName(string str)
            {
                PrincipalContext principalContext = null;
                try
                {
                    principalContext = new PrincipalContext(ContextType.Domain, "DainikBhaskarGroup.com", "DC=DainikBhaskarGroup,DC=com");
                }
                catch (Exception ex)
                {
                    Console.WriteLine("Failed to create PrincipalContext. Exception: " + ex);

                }

                PrincipalSearcher insPrincipalSearcher = new PrincipalSearcher();
                UserPrincipal parUserPrincipal = new UserPrincipal(principalContext);
                parUserPrincipal.SamAccountName = str;
                insPrincipalSearcher.QueryFilter = parUserPrincipal;
                var results = insPrincipalSearcher.FindAll();
                foreach (Principal p in results)
                {
                    return true;
                }
                return false;

            }


            /*
           * 
           * This function checks accountName in Metaverse entry.
           * */

            bool GetAccountName(string accountName, MVEntry mventry)
            {
                MVEntry[] findResultList = null;
                string checkedAccountname = accountName;

                findResultList = Utils.FindMVEntries("accountName", checkedAccountname, 1);
                if (findResultList.Length == 0)
                {
                    // The current accountName is not in use.
                    return true;
                }
                else
                {
                    return false;
                }
            }


    Regards~ Deepak Arora


    Wednesday, April 24, 2013 12:30 PM

All replies

  • I you are using a rule extension you can create the extension as shown in this example:

    http://msdn.microsoft.com/en-us/library/ms696017(v=vs.85).aspx

    What you then need to do is catch the "ObjectAlreadyExistException" which is thrown when you execute the code 'csentry.CommitNewConnector()'

    Then you can change the dn do another value and try again.

    This is offcourse the simplest solution, i you are using the FIM Portal, you can add a workflow that generates a unique attribute value

    Carol has an example on her website which could help:

    http://www.wapshere.com/missmiis/generate-unique-attribute-activity


    Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!

    Monday, April 22, 2013 9:19 AM
  • Hi Shivam,

    I believe you are looking for unique accountName, please find below the code the check the availability of AccountName or any other attribute value in Metaverse, AD and assignment of AccountName attribute, let me know if you have any difficulty understanding the code:

     void IMASynchronization.MapAttributesForImport(string FlowRuleName, CSEntry csentry, MVEntry mventry)
            {

                string accountName;
                switch (FlowRuleName)
                {


                    case "accountName":


                           
                            if (!mventry["accountName"].IsPresent)
                            {


                                accountName = (csentry["First_Name"].Value.ToString().Substring(0, 3) + csentry["Last_Name"].Value.ToString().Substring(0, 3)).ToLower();
                                accountName = accountName.Trim();
                                if (csentry["First_Name"].IsPresent)
                                {
                                    string NameAccountname = accountName;
                                    for (int i = 1; i <= 100; i++)
                                    {
                                        if (GetAccountName(NameAccountname, mventry))
                                        {
                                            bool acPresent = checkName(NameAccountname);
                                            if (!acPresent)
                                            {
                                                mventry["accountName"].Value = NameAccountname;
                                                break;
                                            }
                                        }
                                        NameAccountname = accountName + i.ToString();
                                    }

                                }
                            }


      /*
            * 
            * Check Account Name in AD
            * */

            public bool checkName(string str)
            {
                PrincipalContext principalContext = null;
                try
                {
                    principalContext = new PrincipalContext(ContextType.Domain, "DainikBhaskarGroup.com", "DC=DainikBhaskarGroup,DC=com");
                }
                catch (Exception ex)
                {
                    Console.WriteLine("Failed to create PrincipalContext. Exception: " + ex);

                }

                PrincipalSearcher insPrincipalSearcher = new PrincipalSearcher();
                UserPrincipal parUserPrincipal = new UserPrincipal(principalContext);
                parUserPrincipal.SamAccountName = str;
                insPrincipalSearcher.QueryFilter = parUserPrincipal;
                var results = insPrincipalSearcher.FindAll();
                foreach (Principal p in results)
                {
                    return true;
                }
                return false;

            }


            /*
           * 
           * This function checks accountName in Metaverse entry.
           * */

            bool GetAccountName(string accountName, MVEntry mventry)
            {
                MVEntry[] findResultList = null;
                string checkedAccountname = accountName;

                findResultList = Utils.FindMVEntries("accountName", checkedAccountname, 1);
                if (findResultList.Length == 0)
                {
                    // The current accountName is not in use.
                    return true;
                }
                else
                {
                    return false;
                }
            }


    Regards~ Deepak Arora


    Wednesday, April 24, 2013 12:30 PM
  • This is a good starter. You are missing a number of error handling cases that could make this even better:

    • You are accessing csentry["first_name"] and csentry["last_name"] before doing IsPresent() calls on them. The code will fail if either is not before you get to your IsPresent() check.
    • You're assuming that first and last name are long enough to do the three character substring - don't make this assumption.
    • There's no handler for reaching (i=100) in your loop. This edge condition should throw an exception.
    • PrincipalContext and PrincipalSearcher both implement IDisposable, so that code should be wrapped in using {} blocks.
    • There's no Console to write to, you should be tracing to a .Net TraceSource across all the code.


    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    • Proposed as answer by GirirajSingh Thursday, May 2, 2013 4:45 PM
    Wednesday, April 24, 2013 3:21 PM
    Moderator
  • Thanks A Ton Deepak ! You understood exactly what i needed and your code worked like Magic ;)

    Thanks again 

    Monday, April 29, 2013 9:54 AM
  • Hi Shivam,

    I think you should consider what Brian is suggesting bcoz if you will ignore these handlings it will cause errors for the users which are not fulfilling the criteria. May be you are not getting errors right now but it could be a big reason for your config. failure in future.

    And BTW great work with the code Deepak

    Thanks~

    Giriraj

    Thursday, May 2, 2013 4:47 PM
  • Hey,

    Great work Deepak

    Thursday, May 2, 2013 4:48 PM