Programatically Deleting Users with Directory Services

0
votes

I have written a console application that generates reports on accounts in Active Directory and Novell e-Directory trees that should be deleted. This program works great for generating a very informative list as it pertains to my company's requirements.

I have now been asked to see If I can enhance this program to additionally delete certain accounts.

I am only using Directory.Services for the connections to the different trees and don't want to change this connection type. Now I can and have successfully deleted objects that are located at the root of my search. My problem now is I cannot seem to delete any userobjects found in a subOU.

Here is the code I have for my function that deletes User Objects...

static void Perform_Deletions(List<UserAccountObject> User_List, DirectoryEntry myLdapConnection)
{
    DirectoryEntry userToDelete;
    myLdapConnection.RefreshCache();

    string cnRegex = @"^([^,]+)";
    Regex myCNRegex = new Regex(cnRegex, RegexOptions.IgnoreCase);

    foreach(UserAccountObject user in User_List)
    {
        foreach(Match myMatch in myCNRegex.Matches(user.Distinguished_Name))
        {
            string cn = myMatch.ToString();
            userToDelete = myLdapConnection.Children.Find(cn);
            myLdapConnection.Children.Remove(userToDelete);
            myLdapConnection.CommitChanges();
        }
    }
}

I did remove a the error checking and renamed some of the areas so as to not give out internal information. But anyhow. I am sure that my problem is probably with the 10th line of this code. How do I modify this line or change this function around so that if the initial DirectoryEntry is pointed to "LDAP://server1.contoso.com/OU=users,DC=contoso,DC=com" ; and the user object is in "OU=Team1,OU=users,DC=contoso,DC=com" it will too be deleted?

Currently with this code all users in the original entry will be deleted in either AD or e-Directory.

Much thanks in advance for all the help!

1
c#asp.netdirectoryservices

1 Answers

0
votes

So I was able to program a solution that works for my requirements but I feel that this probably is not the best solution as I must create and destroy a connection to the directory server for each DN that I need to delete. There has to be a way to just send a list of DNs to be deleted with a single connection.

static void Perform_Deletions(List<UserAccountObject> User_List, string directory)
    {
        string ldapServer = null;
        string parentOU = null;
        string userCN = null;
        string ldapDirectory = null;
        string userName = null;
        string passWord = null;

        // REGEX value to only return OU path portion of User DN
        string dnSuffixRegex = @"ou.*";
        Regex myDNRegex = new Regex(dnSuffixRegex, RegexOptions.IgnoreCase);

        // REGEX to only Return the CN portion of User DN
        string cnRegex = @"^([^,]+)";
        Regex myCNRegex = new Regex(cnRegex, RegexOptions.IgnoreCase);

        switch (directory)
        {
            case "AD1":
                {
                    ldapDirectory = "LDAP://ad1.contosoe.com/";
                    userName = "Admin";
                    passWord = @"P@$$W0rd1";

                    break;
                }
            case "AD2":
                {
                    ldapDirectory = "LDAP://ad2.contosof.com/";
                    userName = "Admin";
                    passWord = @"P@$$W0rd1";

                    break;
                }
            case "EDIR1":
                {
                    ldapDirectory = "LDAP://edirectory1.contosoc.com/";
                    userName = @"cn=Admin,o=Root";
                    passWord = @"P@$$W0rd1";

                    break;
                }
            case "AD3":
                {
                    ldapDirectory = "LDAP://ad3.contosod.com/";
                    userName = "Admin";
                    passWord = @"P@$$W0rd1";

                    break;
                }
            case "EDIR2":
                {
                    ldapDirectory = "LDAP://edirectory2.contosob.com/";
                    userName = @"cn=Admin,o=Root";
                    passWord = @"P@$$W0rd1";

                    break;
                }
            case "EDIR3":
                {
                    ldapDirectory = "LDAP://edirectory3.contosoa.com/";
                    userName = @"cn=Admin,o=Root";
                    passWord = @"P@$$W0rd1";

                    break;
                }
            default:
                {
                    break;
                }
        }

        foreach (UserAccountObject user in User_List)
        {
            foreach (Match cnMatch in myCNRegex.Matches(user.Distinguished_Name))
            {
                userCN = cnMatch.ToString();
            }

            foreach (Match dnMatch in myDNRegex.Matches(user.Distinguished_Name))
            {
                parentOU = dnMatch.ToString();
            }

            ldapServer = ldapDirectory + parentOU;

            try
            {
                DirectoryEntry myLdapconnection = new DirectoryEntry(ldapServer, userName, passWord, AuthenticationTypes.ServerBind);
                DirectoryEntry userToDelete = myLdapconnection.Children.Find(userCN);
                myLdapconnection.RefreshCache();
                myLdapconnection.Children.Remove(userToDelete);
                myLdapconnection.CommitChanges();
                myLdapconnection.Close();
                myLdapconnection.Dispose();
                user.Deletion_Status = "SUCCEEDED";
            }
            catch (Exception e)
            {
                user.Deletion_Status = "FAILED";
                Console.WriteLine("Exception Caught:\n\n{0}", e.ToString());
            }
        }
    }