phares3757/open-insight
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Get AD Groups Improvement - Added in several methods to get and retrieve AD Groups.

Browse Source
This commit is contained in:
Infineon\Ouellette 2024-09-26 11:19:27 -07:00 committed by Ouellette Jonathan (IT FI MES)
parent ae4bfcbfe1
commit 0dd19af900
2 changed files with 284 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

302
LSL2/STPROC/ACTIVE_DIRECTORY_SERVICES.txt
View File

@ -28,7 +28,7 @@ $Insert APP_INSERTS
$Insert REVDOTNETEQUATES
Declare function Logging_Services, Environment_Services, Active_Directory_Services
Declare subroutine Set_Property.Net, Logging_Services, Set_Status
Declare subroutine Set_Property.Net, Logging_Services, Set_Status, Database_Services
LogPath = Environment_Services('GetApplicationRootPath') : '\LogFiles\ActiveDirectory'
LogDate = Oconv(Date(), 'D4/')
@ -47,6 +47,13 @@ GoToService
Return Response or ""
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Service Parameter Options
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Options DOMAIN = 'INFINEON', 'INFINEON.COM', 'NA.INFINEON.COM'
Options DESCRIPTION_BOOL = True$, False$
Options AD_GROUP_TYPE = 'DL', 'SECURITY'
//-----------------------------------------------------------------------------
// SERVICES
//-----------------------------------------------------------------------------
@ -136,6 +143,7 @@ Service GetADGroups(Username, Domain)
End Service
Service GetComputerDomain()
Domain = ''
@ -158,12 +166,35 @@ Service GetComputerDomain()
end service
Service GetADGroupMembers(GroupName, Domain)
//----------------------------------------------------------------------------------------------------------------------
// GetADGroupsByString
//
// SearchString - [Required] Defines the string name or description of the group you want to search for. Accepts * as a wildcard
// Domain - Defines the domain to search in. If null will set to 'INFINEON'
// SearchByDescription - Boolean flag to indicate if you'd like to search for groups that match the description. Set to false by default.
// GroupType - Used to indicate if you want only Security Groups or only Distribution list group types. If you want both don't set this variable.
// If you want only security groups, set to SECURITY. If you want only distribution lists, set to DL
//
// Takes in a search string either whole or part of a full string and returns a @FM delimited list of matching results. Supports * as a wildcard.
// For each @FM there are three values that are @VM delimited. First value is the Group Name, second value is the group description, third value is
// the groups type, either SECURITY or DL
//
// 9/26/2024 - [JRO] Initial Programmer.
//----------------------------------------------------------------------------------------------------------------------
Service GetADGroupsByString(SearchString, Domain=DOMAIN, SearchByDescription=DESCRIPTION_BOOL, GroupType=AD_GROUP_TYPE)
Set_Status(0)
Users = ''
ErrMessage = ''
If GroupName NE '' AND Domain NE '' then
ADGroups = ''
If SearchString EQ '' then
ErrMessage = 'Error calling GetADGroupsByString: Search string was null.'
end
If Domain EQ '' then
Domain = 'INFINEON'
end
If SearchByDescription EQ '' then
SearchByDescription = False$
end
If ErrMessage EQ '' then
DotNetHandle = StartDotNet("","4.0")
DotNetDir = CheckDotNet('4.0'):'\'
AccountMgmtDllPath = DotNetDir:'System.DirectoryServices.AccountManagement.dll'
@ -173,7 +204,234 @@ Service GetADGroupMembers(GroupName, Domain)
ParamTypes = 'System.DirectoryServices.AccountManagement.ContextType':@FM:'System.String'
objPC = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.PrincipalContext", 0, Params, ParamTypes)
If Not(Get_Status(errCode)) then
objGroupPrincipal = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.GroupPrincipal", 0, objPC, 'RevDotNet');//forced an error here
objGroupPrincipal = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.GroupPrincipal", 0, objPC, 'RevDotNet')
If Not(Get_Status(errCode)) then
If SearchByDescription then
Set_Property.Net(objGroupPrincipal, 'Description', SearchString)
end else
Set_Property.Net(objGroupPrincipal, 'Name', SearchString)
end
Begin Case
Case GroupType EQ 'DL'
Set_Property.Net(objGroupPrincipal, 'IsSecurityGroup', 'False')
Case GroupType EQ 'SECURITY'
Set_Property.Net(objGroupPrincipal, 'IsSecurityGroup', 'True')
End Case
objPrinSearcher = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.PrincipalSearcher", 0, objGroupPrincipal, 'RevDotNet')
If Not(Get_Status(errCode)) then
objSearchResultCollection = Create_Class.Net(objPrinSearcher, 'System.DirectoryServices.AccountManagement.PrincipalSearchResult', 0, '', '', 'RevDotNet')
objSearchResultCollection = Send_Message.Net(objPrinSearcher, 'FindAll', '', '', 1)
if Not(Get_Status(errCode)) then
objEnum = Send_Message.Net(objSearchResultCollection, 'GetEnumerator', '', '', 1)
If Not(Get_Status(errCode)) then
Void = Send_Message.Net(objEnum, 'Reset', '', '', 0)
Loop
Done = Send_Message.Net(objEnum, 'MoveNext', '', '', 0)
Until Done EQ 'False' OR Done EQ ''
If Not(Get_Status(errCode)) then
ThisGroup = Get_Property.Net(objEnum, 'Current', 1)
If Not(Get_Status(errCode)) then
ADGroup = ''
ADGroup<1,1> = Get_Property.Net(ThisGroup, 'Name', 0)
ADGroup<1,2> = Get_Property.Net(ThisGroup, 'Description', 0)
IsSecGroup = Get_Property.Net(ThisGroup, 'IsSecurityGroup', 0)
If IsSecGroup EQ 'True' then
ADGroup<1,3> = 'SECURITY'
end else
ADGroup<1,3> = 'DL'
end
ADGroups<-1> = ADGroup
Free_Class.Net(ThisGroup)
end else
Error_Services('Add', 'DotNet Error, Error getting group properties')
end
end else
Error_Services('Add', 'DotNet Error, Error iterating through results')
end
Repeat
Free_Class.Net(objEnum)
If ADGroups EQ '' then
ErrMessage = 'No groups were found.'
end
end else
ErrMessage = 'DotNet Error, Error getting object enumerator'
end
Free_Class.Net(objSearchResultCollection)
end else
ErrMessage = 'DotNet Error, Error getting AD search results'
end
Free_Class.Net(objPrinSearcher)
end else
ErrMessage = 'DotNet Error, Error creating AD searcher.'
end
Free_Class.Net(objGroupPrincipal)
end else
ErrMessage = 'DotNet Error, Error creating group principle.'
end
Free_Class.Net(objPC)
end else
ErrMessage = 'DotNet Error, Error creating principle context.'
end
end else
ErrMessage = 'DotNet Error, Error starting DotNet.'
end
If ErrMessage EQ '' then
Message = 'Successfully retrieved list of AD groups matching the search string ' : SearchString : ' within the ' : Domain : ' domain.'
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupsByString'
LogData<3> = Message
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
end else
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupsByString'
LogData<3> = 'Error list of groups matching the search string ' : SearchString : ':' : ErrMessage
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
Error_Services('Add', ErrMessage)
end
end else
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupsByString'
LogData<3> = ErrMessage
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
Error_Services('Add', ErrMessage)
end
Response = ADGroups
end service
//----------------------------------------------------------------------------------------------------------------------
// GetADGroupMembersByGroupDescription
//
// DescriptionName - [Required] Defines the string name or description of the group you want to find.
// Domain - Defines the domain to search in. If null will set to 'INFINEON'
//
// Takes in a whole string description of a groupand returns a @FM delimited list of matching results. Does not support * as a wildcard.
// If a matching group is found it calls GetADGroupMembersByGroupName to get the group member list.
// It then returns a @FM delimited list of users.
// For each @FM there are three @VM delimited values. They are the Users AD name, their display name, and their email.
//
// 9/26/2024 - [JRO] Initial Programmer.
//----------------------------------------------------------------------------------------------------------------------
Service GetADGroupMembersByGroupDescription(DescriptionName, Domain=DOMAIN)
Set_Status(0)
ErrMessage = ''
GroupUsers = ''
If DescriptionName EQ '' then
ErrMessage = 'Error calling GetADGroupMembersByGroupDescription: Description was null.'
end
If Domain EQ '' then
Domain = 'INFINEON'
end
If ErrMessage EQ '' then
DotNetHandle = StartDotNet("","4.0")
DotNetDir = CheckDotNet('4.0'):'\'
AccountMgmtDllPath = DotNetDir:'System.DirectoryServices.AccountManagement.dll'
Set_Property.Net(DotNetHandle, "AssemblyName", AccountMgmtDllPath)
If Not(Get_Status(errCode)) then
Params = 'Domain':@FM:Domain
ParamTypes = 'System.DirectoryServices.AccountManagement.ContextType':@FM:'System.String'
objPC = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.PrincipalContext", 0, Params, ParamTypes)
If Not(Get_Status(errCode)) then
objGroupPrincipal = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.GroupPrincipal", 0, objPC, 'RevDotNet')
If Not(Get_Status(errCode)) then
Set_Property.Net(objGroupPrincipal, 'Description', DescriptionName)
objPrinSearcher = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.PrincipalSearcher", 0, objGroupPrincipal, 'RevDotNet')
If Not(Get_Status(errCode)) then
objSearchResult = Create_Class.Net(objPrinSearcher, 'System.DirectoryServices.AccountManagement.PrincipalSearcher', 0, '', '', 'RevDotNet')
objSearchResult = Send_Message.Net(objPrinSearcher, 'FindOne', '', '', 1)
if Not(Get_Status(errCode)) then
GroupName = Get_Property.Net(objSearchResult, 'Name', 0)
If GroupName NE '' then
GroupUsers = Active_Directory_Services('GetADGroupMembersByGroupName', GroupName, Domain)
If GroupUsers EQ '' then
ErrMessage = 'No group members were returned.'
end
end else
ErrMessage = 'No group matching that description was found.'
end
Free_Class.Net(objSearchResult)
end else
ErrMessage = 'DotNet Error, Error getting AD search results'
end
Free_Class.Net(objPrinSearcher)
end else
ErrMessage = 'DotNet Error, Error creating AD searcher.'
end
Free_Class.Net(objGroupPrincipal)
end else
ErrMessage = 'DotNet Error, Error creating group principle.'
end
Free_Class.Net(objPC)
end else
ErrMessage = 'DotNet Error, Error creating principle context.'
end
end
If ErrMessage EQ '' then
Message = 'Successfully retrieved members of AD group with description of ' : DescriptionName : ' within the ' : Domain : ' domain.'
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupMembersByGroupDescription'
LogData<3> = Message
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
end else
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupMembersByGroupDescription'
LogData<3> = 'Error getting members of group with description ' : DescriptionName : ':' : ErrMessage
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
Error_Services('Add', ErrMessage)
end
end else
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupMembersByGroupDescription'
LogData<3> = ErrMessage
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
Error_Services('Add', ErrMessage)
end
Response = GroupUsers
end service
//----------------------------------------------------------------------------------------------------------------------
// GetADGroupMembersByGroupName
//
// GroupName - [Required] Defines the Group name of the group you want to find.
// Domain - Defines the domain to search in. If null will set to 'INFINEON'
//
// Takes in a whole string group name of a group and returns a @FM delimited list of matching results. Does not support * as a wildcard.
// If a matching group is found it gets a group members list and calls GetADUserAttributes for each member to get the user attributes
// It then returns a @FM delimited list of users.
// For each @FM there are three @VM delimited values. They are the Users AD name, their display name, and their email.
//
// 9/26/2024 - [JRO] Initial Programmer.
//----------------------------------------------------------------------------------------------------------------------
Service GetADGroupMembersByGroupName(GroupName, Domain=DOMAIN)
Set_Status(0)
Users = ''
ErrMessage = ''
If GroupName EQ '' then
ErrMessage = 'Error calling GetADGroupMembersByGroupName: Group name was null.'
end
If Domain EQ '' then
Domain = 'INFINEON'
end
If ErrMessage EQ '' then
DotNetHandle = StartDotNet("","4.0")
DotNetDir = CheckDotNet('4.0'):'\'
AccountMgmtDllPath = DotNetDir:'System.DirectoryServices.AccountManagement.dll'
Set_Property.Net(DotNetHandle, "AssemblyName", AccountMgmtDllPath)
If Not(Get_Status(errCode)) then
Params = 'Domain':@FM:Domain
ParamTypes = 'System.DirectoryServices.AccountManagement.ContextType':@FM:'System.String'
objPC = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.PrincipalContext", 0, Params, ParamTypes)
If Not(Get_Status(errCode)) then
objGroupPrincipal = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.GroupPrincipal", 0, objPC, 'RevDotNet')
If Not(Get_Status(errCode)) then
ThisGroup = Send_Message.Net(objGroupPrincipal, 'FindByIdentity', objPC:@FM:GroupName, 'RevDotNet':@FM:'System.String', 1)
objPrinSearcher = Create_Class.Net(DotNetHandle, "System.DirectoryServices.AccountManagement.PrincipalSearcher", 0, objGroupPrincipal, 'RevDotNet')
@ -196,11 +454,13 @@ Service GetADGroupMembers(GroupName, Domain)
Free_Class.Net(ThisUser)
end
Repeat
If Users EQ '' then
ErrMessage = 'No group members were returned.'
end
Free_Class.Net(objEnum)
end else
ErrMessage = 'Error applying searcher object for group.'
end
end else
ErrMessage = 'Error creating searcher object.'
end
@ -217,29 +477,38 @@ Service GetADGroupMembers(GroupName, Domain)
end
Free_Class.Net(objPC)
If ErrMessage EQ '' then
Message = 'Successfully retrieved members of AD group ' : GroupName : ' within the ' : Domain : ' domain.'
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupMembers'
LogData<3> = 'Successfully retrieved members of AD group ' : GroupName : ' within the ' : Domain : ' domain.'
LogData<2> = 'GetADGroupMembersByGroupName'
LogData<3> = Message
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
end else
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupMembers'
LogData<3> = 'Error getting members of AD group ' : GroupName : ' within the ' : Domain : ' domain. ' : ErrMessage
LogData<2> = 'GetADGroupMembersByGroupName'
LogData<3> = 'Error getting members of group with name ' : GroupName : ':' : ErrMessage
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
Error_Services('Add', ErrMessage)
end
end else
LogData = ''
LogData<1> = LoggingDTM
LogData<2> = 'GetADGroupMembers'
LogData<3> = 'Error getting members of AD group ' : GroupName : ' within the ' : Domain : ' domain. Either the group name or domain name was empty.'
LogData<2> = 'GetADGroupMembersByGroupName'
LogData<3> = ErrMessage
Logging_Services('AppendLog', objADLog, LogData, @RM, @FM, False$)
Error_Services('Add', ErrMessage)
end
Response = Users
end service
//----------------------------------------------------------------------------------------------------------------------
// VerifyEPPMetrology
//
// RDSNo. - [Required]
//
// Sets an error in Error_Services if there is an issue with the metrology data.
//----------------------------------------------------------------------------------------------------------------------
Service GetADUserAttributes(Username, Domain)
Set_Status(0)
ThisUser = ''
@ -264,8 +533,6 @@ Service GetADUserAttributes(Username, Domain)
UserName = Get_Property.Net(objUserPrincipal, 'Name', 0)
Email = Get_Property.Net(objUserPrincipal, 'EmailAddress', 0)
DisplayName = Get_Property.Net(objUserPrincipal, 'DisplayName', 0)
Sid = Get_Property.Net(objUserPrincipal, 'Sid', 0)
SamAccountName = Get_Property.Net(objUserPrincipal, 'SamAccountName', 0)
ThisUser<1> = UserName
ThisUser<2> = DisplayName
ThisUser<3> = Email
@ -322,6 +589,3 @@ Service GetADUserAttributes(Username, Domain)
end
Response = ThisUser
end service

8
LSL2/STPROC/PM_SERVICES.txt
View File

@ -620,7 +620,7 @@ Service GetPMNotificationRecipients(PMSID)
ADNotificationGroups = XLATE('PM_SPEC', PMSID, PM_SPEC_AD_NOTIFICATION_GROUPS$, 'X')
IF ADNotificationGroups NE '' then
for each ADGroup in ADNotificationGroups using @VM
GroupMemberList = Active_Directory_Services('GetADGroupMembers', ADGroup, 'INFINEON')
GroupMemberList = Active_Directory_Services('GetADGroupMembersByGroupName', ADGroup, 'INFINEON')
for each GroupMember in GroupMemberList using @FM
ADUsername = LCASE(GroupMember<1,1>)
ADToLSLUserMap = Database_Services('ReadDataRow', 'APP_INFO', 'AD_TO_LSL_USER_MAP')
@ -934,9 +934,3 @@ Service CompleteScrubberPM(ScrubberID)
end
end service