Tuesday, June 10, 2014

How to read in Active Directory

Dynamics Ax relies on Active Directory for user authentication. And thanx to CLR Interop, you too can use Active Directory and all it's objects and properties from within Ax. You can use AD for what it is designed for: a central storage location for application data.


But how does one get to read information from the AD? In following code snippet, I'll show you how to collect a list of all users from a specific domain, with some basic information about those users.
For this, we'll use the System.DirectoryServices namespace, an easy way of getting access to Active Directory from managed code.

In order for your code to work, don't forget to edit the networkDomain variable!

static void ReadFromAD(Args _args)
{
System.DirectoryServices.DirectorySearcher DirectorySearcher;
System.DirectoryServices.SearchScope SearchScope;
System.DirectoryServices.DirectoryEntry DirectoryEntry;
 
System.DirectoryServices.SearchResultCollection SearchResultCollection;
System.DirectoryServices.SearchResult SearchResult;
 
System.DirectoryServices.PropertyCollection PropertyCollection;
System.DirectoryServices.PropertyValueCollection PropertyValueCollection;
 
str networkDomain="yourdomainhere.com";
str prefix = 'LDAP://';
 
int totalCount;
int counter;
 
str mysamaccountname;
str myusername;
;
 
try
{
DirectoryEntry = new System.DirectoryServices.DirectoryEntry(prefix + networkDomain);
SearchScope = CLRInterop::parseClrEnum('System.DirectoryServices.SearchScope', 'Subtree');
 
DirectorySearcher = new System.DirectoryServices.DirectorySearcher(DirectoryEntry);
DirectorySearcher.set_SearchScope(searchScope);
DirectorySearcher.set_Filter(strfmt('(&(objectClass=user))'));
 
SearchResultCollection = DirectorySearcher.FindAll();
 
totalCount = SearchResultCollection.get_Count();
for (counter=0; counter < totalcount; counter++)
{
SearchResult = SearchResultCollection.get_Item(counter);
DirectoryEntry = SearchResult.GetDirectoryEntry();
 
if (DirectoryEntry)
{
PropertyCollection = DirectoryEntry.get_Properties();
 
if (PropertyCollection)
{
PropertyValueCollection = PropertyCollection.get_Item('samaccountname');
mysamaccountname=PropertyValueCollection.get_Value();
 
PropertyValueCollection = PropertyCollection.get_Item('name');
myusername=PropertyValueCollection.get_Value();
 
info(strfmt('%1 - %2',mysamaccountname,myusername));
}
}
}
 
DirectorySearcher.Dispose();
SearchResultCollection.Dispose();
}
catch (Exception::CLRError)
{
error("Error reading AD");
return;
}
 
}
 
 
 
Ax has it's own routines readily available to do the job as well.  Let's look at the class xAxaptaUserManager and xAxaptaUserDetails.

Some examples:

How to get the SID from AD for a domain user:



static void GetSID(Args _args)
{   xAxaptaUserManager xUsrMgr = new xAxaptaUserManager();
   ;
   info(xUsrMgr.getUserSid('youruserid','youraddomain'));
}

Note: Remember you can user the field networkalias from table UserInfo to do a conversion from Ax user id to the domain user id.

You can use this class for various purposes. Also for checking a password.

How to validate the system password in AD from within Ax



static void CheckPassword(Args _args)
{  
    xAxaptaUserManager  xUsrMgr = new xAxaptaUserManager();
    ;
    if(xUsrMgr.validatePassword('youruserid','youraddomain','yourpassword'))
        info('Password correct');
    else
        error('Password incorrect');
}

We could get some more information from the AD regarding the user by using class xAxaptaUserDetails.

How to get the user name from AD for a user



static void GetADUserName(Args _args)
{  
    xAxaptaUserManager  xUsrMgr = new xAxaptaUserManager();
    xAxaptaUserDetails  xUsrDet;
    ;
    xUsrDet = xUsrMgr.getDomainUser('youraddomain','youruserid');
     
    if(xUsrDet)
        info(xUsrDet.getUserName(0));
}

How to get the email address from AD for a user



static void GetADEmailAddress(Args _args)
{  
    xAxaptaUserManager  xUsrMgr = new xAxaptaUserManager();
    xAxaptaUserDetails  xUsrDet;
    ;
    xUsrDet = xUsrMgr.getDomainUser('youraddomain','youruserid');
     
    if(xUsrDet)
        info(xUsrDet.getUserMail(0));
}
 

No comments: