Galactic.ActiveDirectory
ActiveDirectory is a class that allows for the query and manipulation
of Active Directory objects.
The default first site name in Active Directory.
The maximum number of characters supported for a group's name in Active Directory.
The size of page to use when searching Active Directory. This number is based upon
hardcoded Microsoft limits within Active Directory's architecture.
The maximum number of values that can be retrieved from a multi-value attribute in a single search request.
Windows 2000 DCs do not support this value and default to a maximum of 1000;
GroupType enumerates the type of group objects in Active Directory.
Specifies a group that can contain accounts from any domain, global
groups from any domain, and other universal groups. This type of group
cannot contain domain local groups.
Specifies a group that can contain accounts from any domain, other domain
local groups from the same domain, global groups from any domain, and
universal groups. This type of group should not be included in access-control
lists of resouces in other domains. This type of group is intended for use
with the LDAP provider.
Specifies a group that can contain accounts from the domain and other global
groups from the same domain. This type of group can be exported to a different
domain.
Specifies a group that is security enabled. This group can be used to apply an
access-control list on an Active Directory object or a file system.
Flags for use with the UserAccountControl and ms-DS-User-Account-Control-Computed properties of a user.
The logon script will be run.
The user account is disabled.
The home folder is required.
Only available via ms-DS-User-Account-Control-Computed attribute.
No password is required.
The user cannot change the password. This is a permission on the user's object.
For information about how to set this permission, visit the following Web site:
http://msdn2.microsoft.com/en-us/library/aa746398.aspx
The user can send an encrypted password.
This is an account for users whose primary account is in another domain. This
account provides user access to this domain, but not to any domain that trusts
this domain. This is sometimes referred to as a local user account.
This is a default account type that represents a typical user.
This is a permit to trust an account for a system domain that trusts other domains.
This is a computer account for a computer that is running Microsoft Windows NT 4.0
Workstation, Microsoft Windows NT 4.0 Server, Microsoft Windows 2000 Professional,
or Windows 2000 Server and is a member of this domain.
This is a computer account for a domain controller that is a member of this domain.
Represents the password, which should never expire on the account.
This is an MNS logon account.
When this flag is set, it forces the user to log on by using a smart card.
When this flag is set, the service account (the user or computer account) under which
a service runs is trusted for Kerberos delegation. Any such service can impersonate
a client requesting the service. To enable a service for Kerberos delegation, you must
set this flag on the userAccountControl property of the service account.
When this flag is set, the security context of the user is not delegated to a service
even if the service account is set as trusted for Kerberos delegation.
(Windows 2000/Windows Server 2003) Restrict this principal to use only Data Encryption
Standard (DES) encryption for keys.
(Windows 2000/Windows Server 2003) This account does not require Kerberos pre-authentication
for logging on.
Only available via ms-DS-User-Account-Control-Computed attribute.
(Windows 2000/Windows Server 2003) The user's password has expired.
(Windows 2000/Windows Server 2003) The account is enabled for delegation. This is a security-sensitive
setting. Accounts that have this option enabled should be tightly controlled. This setting lets a service
that runs under the account assume a client's identity and authenticate as that user to other remote servers
on the network.
Only available via ms-DS-User-Account-Control-Computed attribute.
(Windows Server 2008/Windows Server 2008 R2) The account is a read-only domain controller (RODC). This is a
security-sensitive setting. Removing this setting from an RODC compromises security on that server.
Only available via ms-DS-User-Account-Control-Computed attribute.
The base distinguished name (DN) of Active Directory.
The domain name of the Active Directory.
The NT style domain name of the Active Directory.
The SYSTEM sid.
The distinguished name of the Administrators group for this domain.
The distinguished name of the Domain Administrators group for this domain.
The distinguished name of the Domain Users group for this domain.
The distinguished name of the Enterprise Administrators group for this domain.
Binds to Active Directory using the configuration in the specified configuration item.
The physical path to the directory where configuration item files can be found.
The name of the configuration item containing the Active Directory configuration.
Binds to Active Directory.
The DNS style domain name of the Active Directory to connect to.
The username of the account in AD to use when making the connection.
The password of the account.
(Optional)The name of a site in Active Directory to use the domain controllers from. Defaults to DEFAULT_FIRST_SITE_NAME if not supplied.
Constructs an Active Directory object with a base of the specified OU. Binds to Active Directory.
The DNS style domain name of the Active Directory to connect to.
The distinguished name of the OU to use as a base for operations.
The username of the account in AD to use when making the connection.
The password of the account.
(Optional)The name of a site in Active Directory to use the domain controllers from. Defaults to DEFAULT_FIRST_SITE_NAME if not supplied.
Binds to Active Directory. Uses the current session credentials to authenticate.
(Optional) The DNS style domain name of the Active Directory to connect to. If left unspecified, the domain that the computer is currently connected to will be used.
(Optional) The distinguished name of the OU to use as a base for operations. If left unspecified, the root of the domain will be used.
(Optional)The name of a site in Active Directory to use the domain controllers from. Defaults to DEFAULT_FIRST_SITE_NAME if not supplied.
Adds an entry to the Active Directory with the specified distinguished name and attributes.
The distinguished name of the entry to add.
The attributes for the entry to add.
True if added, false otherwise.
Adds or replaces the attribute value(s) in the supplied entry.
The name of the attribute to set.
The value(s) to set the attribute to.
The SearchResultEntry to set the attribute value in.
True if it was set, false otherwise.
Appends the distinguished name of this Active Directory domain to the relative path to the root supplied.
The relative path to the root of this domain.
The absolute path including this domain's distinguished name. Null if a null string is supplied.
Deletes an entry with the specified GUID from Active Directory.
True if the entry was deleted, false otherwise.
Deletes an attribute's values from the specified entry in Active Directory.
The name of the attribute that should have its value deleted.
The SearchResultEntry containing the attribute to delete.
Optional: The specific values to delete. If null, all values will be deleted. Defaults to null.
True if the attribute's values are deleted, false otherwise.
Releases underlying resources associated with the Active Directory connection.
Gets the first byte attribute value from the supplied entry.
The name of the attribute to retrieve.
The SearchResultEntry to get the attribute value from.
A first byte array value held in the attribute, or an empty byte array if there was an error retrieving the value or the attribute was empty.
Gets all byte attribute values from the supplied entry.
The name of the attribute to retrieve.
The SearchResultEntry to get the attribute value from.
An array of byte array values held in the attribute, or an empty array of byte arrays if there was an error retrieving the values or the attribute was empty.
Gets the UTC DateTime from a Interval attribute of the supplied entry.
The name of the attribute to retrieve.
The SearchResultEntry to get the attribute value from.
The DateTime representing the interval supplied or null if attribute could not be found.
Gets the domain controllers associated with a specific Active Directory site from the Active Directory's DNS SRV records.
The DNS domain name of the Active Directory to retrieve the domain controllers for.
The name of the site to retrieve the domain controllers for.
A list containing the FQDNs of the domain controllers in the specified site, or an empty list if they could not be retrieved.
Gets the first string attribute value from the supplied entry.
The name of the attribute to retrieve.
The SearchResultEntry to get the attribute value from.
A first string value held in the attribute, or null if there was an error retrieving the value or the attribute was empty.
Gets all string attribute values from the supplied entry.
The name of the attribute to retrieve.
The SearchResultEntry to get the attribute value from.
A list of string values held in the attribute, or null if there was an error retrieving the values or the attribute was empty.
Checks whether the group name supplied conforms to the limitations imposed by Active Directory.
Active Directory Group Name Limitations:
63 character length limit
Can not consist solely of numbers, periods, or spaces.
There must be no leading periods or spaces.
The name to check.
True if it meets the limitations, false otherwise.
Gets a DateTime representation from the UTC coded time string used by some Active Directory attributes.
The string that contains the UTC coded time.
A new DateTime with the time, or null if the string could not be parsed or was not supplied.
Gets an entry given an attribute name and value to search for.
The name of the attribute to search against.
The value to search for in the attribute.
(Optional) The attributes that should be returned in the entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The SearchResultEntry object found, or null if not found.
Gets entries that match a given wildcarded (*) attribute value in the supplied attribute.
The name of the attribute to search against.
The value to search for in the attribute.
(Optional) The attributes that should be returned in the entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The list of SearchResultEntry(s) found, or null if not found.
Gets an entry given its common name.
The common name of the entry to get.
(Optional) The attributes that should be returned in the entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The SearchResultEntry object found, or null if not found.
Gets an entry given its distinguished name.
The distinguished name of the entry to get.
(Optional) The attributes that should be returned in the entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The SearchResultEntry object found, or null if not found.
Gets an entry given its Account ID.
The account ID of the entry to get.
(Optional) The attributes that should be returned in the entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The SearchResultEntry object found, or null if not found.
Gets an entry given its E-mail address.
The e-mail address of the entry to get.
(Optional) The attributes that should be returned in the entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The SearchResultEntry object found, or null if not found.
Gets an entry given its GUID.
The GUID of the entry to get.
(Optional) The attributes that should be returned in the entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The SearchResultEntry object found, or null if not found.
Gets an entry given its SAM account name.
The SAM account name of the entry to get.
(Optional) The attributes that should be returned in the entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The SearchResultEntry object found, or null if not found.
Gets entries that match a given wildcarded (*) SAM account name.
The SAM account name of the entries to get.
(Optional) The attributes that should be returned in each entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The list of SearchResultEntry(s) found, or null if not found.
Gets the first entry in a search given an LDAP search filter.
The LDAP search filter string that will find the entry.
(Optional) The attributes that should be returned in each entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
The SearchResultEntry object of the entry, or null if not found.
Gets all entries in a search given an LDAP search filter.
The LDAP search filter string that will find the entries.
(Optional) The attributes that should be returned in each entry found. If not provided, all non-constructed attributes are returned. Constructed attributes must be explicitly defined.
A list of SearchResultEntry objects, or null if not found.
Gets the GUID of the supplied entry.
The entry to get the GUID of.
The GUID of the entry, or an Empty GUID if it could not be found, or there was an error retrieving it.
Gets the GUID of the entry with the supplied attribute value.
The name of the attribute to search.
The attribute value of the entry to get the GUID of.
The GUID of the entry, or an Empty GUID if it could not be found, or there was an error retrieving it.
Gets the GUID of the entry with the supplied employee number.
The employee number of the entry to get the GUID of.
The GUID of the entry, or an Empty GUID if it could not be found, or there was an error retrieving it.
Gets the GUID of the entry with the supplied SAM account name.
The SAM account name of the entry to get the GUID of.
The GUID of the entry, or an Empty GUID if it could not be found, or there was an error retrieving it.
Gets the GUID of the entry with the supplied distinguished name.
The distinguished name of the entry to get the GUID of.
The GUID of the entry, or an Empty GUID if it could not be found, or there was an error retrieving it.
Gets the GUID of the entry with the supplied common name.
The common name of the entry to get the GUID of.
The GUID of the entry, or an Empty GUID if it could not be found, or there was an error retrieving it.
Gets a string with the name of a User Account Control flag given its value.
The value of the User Account Control flag.
The name of the flag.
Moves and / or renames an object in Active Directory.
The GUID of the object to move and / or rename.
(Optional: Required only if moving) The GUID of the new parent object for the object (if moving).
(Optional: Required only if renaming) The new common name (if renaming).
True if the object was moved or renamed, false otherwise.
Sets the object that is the base for all searches within Active Directory.
This only needs to be set if you need to search somewhere other than the base of the directory.
The distinguished name of the object where searches will begin. (Typically an OU or the base DN of the directory.)
True if the search base was set, false otherwise.
Gets a Interval value of the supplied DateTime.
Interval attributes are stored as Windows File Time strings with the number of 100-nanosecond intervals that have elapsed since 12:00 midnight, January 1, 1601 AD, UTC.
The DateTime object to convert into an Interval value.
The Interval (string) value of the supplied DateTime, or null if it could not be converted.
Gets a Interval value of the supplied UInt64.
Interval attributes are stored as Windows File Time strings with the number of 100-nanosecond intervals that have elapsed since 12:00 midnight, January 1, 1601 AD, UTC.
The UInt64 to convert into an Interval value.
The Interval (string) value of the supplied Uint64, or null if it could not be converted.
Tests whether an integer contains a UserAccountControl flag.
The integer to test.
The UserAccountControl flag to look for.
The list of Attributes that should be retrieved when searching for the entry in AD.
The Common Name (CN) of the object in Active Directory.
The time the object was created in UTC.
The Distinguished Name (DN) of the object in Active Directory.
The GUID of the object in Active Directory.
The distinguished name of the organizational unit or parent object containing the object.
The schema class types that identify the type of object this is in Active Directory.
Examples: group, user, etc.
Gets a directory object from AD with the supplied GUID.
An Active Directory object used to query and manipulate the directory object.
The GUID of the object.
Gets a directory object from a supplied search result entry.
An Active Directory object used to manipulate the directory object.
The SearchResultEntry object containing attributes necessary to populate the object.
Deletes values from an attribute.
The name of the attribute with values to delete.
Optional: The specific values to delete from the object, or if null, will delete all attributes. Defaults to null.
True if the values were deleted, or false if there was an error or the values could not otherwise be deleted.
Gets new data for the object from AD and places the values in the entry variable within the object.
The GUID of the object to get.
The SearchResultEntry corresponding the GUID supplied, or null if it could not be found in AD.
Gets the first byte array value from the supplied attribute of the object.
The name of the attribute to retreive.
The value of the attribute, or null if it could not be found.
Gets all byte array values from the supplied attribute of the object.
The name of the attribute to retreive.
The values of the attribute, or null if it could not be found.
Gets new data for the object from AD and places the values in the entry variable within the object.
The GUID of the object to get.
The names of additional attributes to include in the query.
The SearchResultEntry corresponding the GUID supplied, or null if it could not be found in AD.
Gets the UTC DateTime from a Interval attribute.
The name of the attribute to retreive.
The value of the attribute, or null if it could not be found.
Gets the first string value from the supplied attribute of the object.
The name of the attribute to retreive.
The value of the attribute, or null if it could not be found.
Gets all string values from the supplied attribute of the object.
The name of the attribute to retreive.
The values of the attribute, or null if it could not be found.
Moves and / or renames this object.
(Optional: Required only if moving) The GUID of the new parent object for the object (if moving).
(Optional: Required only if renaming) The new common name (if renaming).
True if the object was moved or renamed, false otherwise.
Refreshes the object to retrieve any changes made to attributes since creation.
True if the refresh was successful, false otherwise.
Refreshed the object's entry variable if required to get a new attribute from the object in AD.
The name of the attribute to retrieve if necessary.
Sets attribute of an object. If a null or empty values object is supplied no modifications will be made.
The name of the attribute to set.
The value(s) to set the attribute to.
True if the attribute was set successfully, false otherwise.
Sets a single value string attribute of an object. If a null or empty value is supplied,
the attribute will be cleared / deleted.
The name of the attribute to set.
The string value to set the attribute to.
True if the attribuet was set successfully, false otherwise.
Checks whether x and y are equal (using GUIDs).
The first ActiveDirectoryObject to check.
The second ActiveDirectoryObject to check against.
True if the objects are equal, false otherwise.
Generates a hash code for the ActiveDirectoryObject supplied.
The ActiveDirectoryObject to generate a hash code for.
An integer hash code for the object.
Compares this ActiveDirectoryObject to another ActiveDirectoryObject.
The other ActiveDirectoryObject to compare this one to.
-1 if the object supplied comes before this one in the sort order, 0 if they occur at the same position, 1 if the object supplied comes after this one in the sort order
Group is a class that allows for the query and manipulation of
Active Directory group objects.
The list of specific attributes that should be retrieved when searching for the entry in AD. The attributes of parent objects should be included as well.
Does a recursive lookup to find all users that are a member of this
group by way of subgroup membership.
Groups that are members of the group.
The members of the group.
Users who are members of the group.
Gets a group object from Active Directory with the supplied GUID.
An Active Directory object used to query and manipulate the directory object.
The GUID of the user.
Gets a group object from a supplied search result entry.
An Active Directory object used to manipulate the group.
The SearchResultEntry object containing attributes necessary to populate the object.
Adds security principals to the group.
The principals to add.
True if the principals were added, false otherwise.
Clears all members from this group.
True if all members were cleared, false otherwise.
Creates a new group within Active Directory given it's proposed name, the distinguished name of the OU to place it in, and other optional attributes.
An Active Directory object used to create the group.
The proposed SAM Account name for the group.
The distinguished name for the OU to place the group within.
A uint from the ActiveDirectory.GroupType enum representing the type of group to create.
Optional: Additional attributes to set when creating the group.
The newly created group object.
Deletes a group from Active Directory.
An Active Directory object used to delete the group.
The GUID of the group.
True if the group was deleted, false otherwise.
Removes a security principal from the group.
The principal to remove.
True if the principal was removed, false otherwise.
Removes security principals from the group.
The principals to remove.
True if the principals were removed, false otherwise.
Checks whether x and y are equal (using GUIDs).
The first Group to check.
The second Group to check against.
True if the objects are equal, false otherwise.
Generates a hash code for the Group supplied.
The Group to generate a hash code for.
An integer hash code for the object.
Compares this Group to another Group.
The other Group to compare this one to.
-1 if the object supplied comes before this one in the sort order, 0 if they occur at the same position, 1 if the object supplied comes after this one in the sort order
The list of specific attributes that should be retrieved when searching for the entry in AD. The attributes of parent objects should be included as well.
A description of the security principal.
The principal's e-mail address.
A list of the principal's e-mail addresses.
The principal's Microsoft Exchange Alias.
The distinguished names of groups that this principal is a member of.
Indicates if this principal is a Group.
Indicates if this principal is a User.
The principal's primary e-mail address.
The principal's SAM Account Name.
The principal's target e-mail address. Used by Exchange for routing e-mail to its
final destination which may lie outside of the organization. Allows for an object
to appear in the GAL even though its e-mail address may be outside of Exchange.
Also used when routing e-mail to the Microsoft Office365 cloud from an on-premises
Exchange server.
The User Principal Name of the principal.
Gets a security principal object from Active Directory with the supplied GUID.
An Active Directory object used to query and manipulate the security principal.
The GUID of the security principal
Gets a security principal object from a supplied search result entry.
An Active Directory object used to manipulate the security principal.
The SearchResultEntry object containing attributes necessary to populate the object.
Adds a proxy e-mail address to the account's proxyAddresses field.
The address in standard e-mail format (username@domain.com)
If the address should be added as the primary proxy address.
True if the address was added, false otherwise.
Adds this principal to the supplied group.
The GUID of the group to add the principal to.
True if the principal was added, false otherwise.
Removes this principal from the supplied group.
The GUID of the group to add the principal to.
True if the principal was added, false otherwise.
Checks if this principal is a member of the supplied group.
The GUID of the group to check.
Whether to do a recursive lookup of all parent groups that this principal might be a member of.
True if the principal is a member, false otherwise.
Moves and / or renames this object.
(Optional: Required only if moving) The GUID of the new parent object for the object (if moving).
(Optional: Required only if renaming) The new SAM Account Name (if renaming).
True if the object was moved or renamed, false otherwise.
Removes a proxy e-mail address from the account's proxyAddresses field.
The address in standard e-mail format (username@domain.com)
True if the address was removed or not found, false otherwise.
Sets the supplied e-mail address to be the primary e-mail address for receiving mail.
Note: This e-mail address must already be associated with the account.
If there is account currently has a primary e-mail address, it will be set as a secondary.
The e-mail address to make primary.
Returns true if the e-mail address was made the primary, false if the e-mail address supplied was not already associated with the account,
or the address could not be made primary for any reason.
Checks whether x and y are equal (using GUIDs).
The first SecurityPrincipal to check.
The second SecurityPrincipal to check against.
True if the objects are equal, false otherwise.
Generates a hash code for the SecurityPrincipal supplied.
The SecurityPrincipal to generate a hash code for.
An integer hash code for the object.
Compares this SecurityPrincipal to another SecurityPrincipal.
The other SecurityPrincipal to compare this one to.
-1 if the object supplied comes before this one in the sort order, 0 if they occur at the same position, 1 if the object supplied comes after this one in the sort order
User is a class that allows for the query and manipulation of
Active Directory user objects.
The list of specific attributes that should be retrieved when searching for the entry in AD. The attributes of parent objects should be included as well.
The number of times the user has entered a bad password.
Returns a negative number is there is an error retrieving the value.
The last time that the user entered a bad password when authenticating to AD.
The Department the user belongs to.
The employee number of the user.
Whether the user's account is disabled in Active Directory.
The user's display name.
The user's division in the organization.
The Employee Id of the user.
The user's first name.
The FTP Directory for the user off the FTP root.
The root directory for FTP access by the user.
The path to the user's home directory.
The user's home drive letter.
The user's home page URL.
The user's last name.
The path to the user's logon script.
The distinguished name of the user's Manager.
Whether the user has to change their password at their next logon.
Whether the user's password has expired.
The date and time that the user's password was last site.
The user's telephone number.
The user's security identifier (SID).
The user's street address.
The user's title.
Gets the user's UserAccountControl property.
A return of 0 means there was an error retrieving the property.
Gets the user's computed UserAccountControl property.
A return value of 0 means it wasn't computed.
Gets a user object from Active Directory with the supplied GUID.
An Active Directory object used to query and manipulate the user.
The GUID of the user.
Gets a user object from a supplied search result entry.
An Active Directory object used to manipulate the user.
The SearchResultEntry object containing attributes necessary to populate the object.
Creates a new user within Active Directory given it's proposed name, the distinguished name of the OU to place it in, and other optional attributes.
An Active Directory object used to create the user.
The proposed SAM Account name for the user.
The distinguished name for the OU to place the user within.
Optional: Additional attribute values to set when creating the user.
The newly created user object.
Disables the user's account for authentication if it is enabled.
True if the account is disabled successfully or was not enabled. False if the account could not be disabled.
Enables the user's account for authentication if it is disabled.
True if the account is enabled successfully or was not disabled. False if the account could not be enabled.
Gets all users in the Active Directory.
The Active Directory to retrieve users from.
A list of all users in the Active Directory.
Gets of all user accounts that were modified within the specified time frame.
The Active Directory to retrieve users from.
The lower boundary of the time frame.
The upper boundary of the time frame.
Returns a list of all users that were during the specified period of time.
Sets the password of the user.
The new password to use for the user.
True if the password was set, false otherwise.
Unlocks the user's account if it is locked.
True if the account is unlocked successfully or was not locked. False if the account could not be unlocked.
Sets a flag in the user's User Account Control attribute.
A flag from the predefined UserAccountControl flags.
True if set, false otherwise.
Removes a flag from the user's User Account Control attribute.
A flag from the predefined UserAccountControl flags.
True if removed, false otherwise.
Checks whether x and y are equal (using GUIDs).
The first User to check.
The second User to check against.
True if the objects are equal, false otherwise.
Generates a hash code for the User supplied.
The User to generate a hash code for.
An integer hash code for the object.
Compares this User to another User.
The other User to compare this one to.
-1 if the object supplied comes before this one in the sort order, 0 if they occur at the same position, 1 if the object supplied comes after this one in the sort order