Dynamic Active Directory Service

hoshy · 2009-10-10T18:22:28+00:00

An AD Service the offers the following features: • CreateUser • UpdateUser • ReadUser • GetUsers • Move User OU • Add User To Groups • Remove User from Groups • Search User by SubString • Search Groups By SubString This is release one of the service which as per the ‘Project Overview’ provides the ability to have more advanced Active Directory integration focused around Active Directory Users. In the Zip file for the project is the document Last version: "ActiveDirectoryDynamicSO 1.0.0.8.zip" generated the 3 June 2022.

M

+8

AD search 1000 record limit

We have added a couple of our custom AD fields to this SmartObject and am returning a list of all employees. The query is returning exactly 1000 records and we are expecting around 1300 back. I know there is a paging parameter when querying from AD that defaults to 1000 records. Is there an easy workaround in order to return all records?

M

+8

Re: AD search 1000 record limit

After digging into the code a little bit. Active Directory will put a limit of 1000 records on a search that does not have the PageSize declared. I added this line of code to: ADHelper.cs in the ActiveDirectoryDynamicSO project The Code I added:

public Exception getUsers(ref ServiceObject so)
        {
            Exception exc = null;
            try
            {
                //Need to decide if will allow user to pass domain in as a parameter?
                string conString = getLDAPPath("");
                //DirectoryEntry dirEntry = new DirectoryEntry(conString);
                DirectoryEntry dirEntry = getDirectoryEntry(conString);
                DirectorySearcher dSearcher = new DirectorySearcher(dirEntry);
                //Set the filter for the search
                dSearcher.Filter = getADUserLookUpString(ref so);
                int limit = 2000;
                if (so.Properties["MaxSearchResultSize"].Value != null)
                {
                    if (so.Properties["MaxSearchResultSize"].Value.ToString() != "*")
                    {
                        int.TryParse(so.Properties["MaxSearchResultSize"].Value.ToString(), out limit);
                    }
                }

                Method meth = so.Methods[0];
                dSearcher.PageSize = 1200;
                dSearcher.SizeLimit = limit;
                System.DirectoryServices.SearchResultCollection sResults = dSearcher.FindAll();
                so.Properties.InitResultTable();
                foreach (SearchResult sResult in sResults)
                {
                    addReturnPropFromDirObject(ref dirEntry, ref so,sResult);
                    SetTransactionSuccessful(ref so);
                    so.Properties.BindPropertiesToResultTable();
                }
                dirEntry.Close();
            }
            catch (Exception ex)
            {
                exc = ex;
            }
            return exc;
        }

Recompile, move K2.PSUK.ActiveDirectoryDynamicSO.dll to the ServiceBroker directory on the K2 server, refresh Service Object, Refresh Service Instance, and rerun the SmartObject. This did the trick!

R

+1

Is it possible to configure multiple domains, as in the Active Directory service instance?

We're trying to do this, but it's not working, it gives an error:

"The format of the specified domain name is invalid"

We tried to configure the domains delimited with commas, and with semi-collon.

M

+1

Is it possible (or even advisable) to consider using Global Catalog type connections for access to AD records? I am sure there are some pro's and cons.

A

Userlevel 1

+8

In the documentation under the section "Modifying the Service Schema" it says to "Load the Schema from your K2 Server (C:Program FilesK2 blackpearlServiceBrokerSchemaObject.xml)"

It appears in fact that the service instance looks for this file under C:Program FilesK2 blackpearlHost ServerBin

When I went to create the service instance I got an error message saying it could not locate the SchemaObject.xml file in this directory

N

After carefully followed the instructions from the document provided as part of the downloaded zipped.

From SmartObjects - Services - Test tool, as a test I tried to execute "GetUsers" and "ReadUser" but received an error message as:

"Index was out of rang. Must be non-negative and less than the size of the collection.

Parameter name: index

Service: DynamicADSO

Service Guid: [guid info]

Serverity: Error

has anyone experienced this error or could you please kindly provide some advices how I can resolve this error.

thanks

J

We are experiencing an issue where a people picker control using the GetUser method isn't resolving a user when their account name is entered. The same user will be sucessfully returned if using the smartobject tester or a smartform where a button click calls the smartobject method using an input control as the account name input.

I reviewed the smartobject logging output of the call being made by the people picker vs the smartform example above and noticed that the former uses a contains operator while the latter uses direct equality.

I tried to mimic this in the tester using filters on AD properties which I know would include my example user account in the results, but it again wasn't returmed.

Some research showed that it wasn't returning users added to AD after a certain time.

The built-in AD User 2 object does return this user.

Is this associated with the limit mentioned in an earlier post?

BTW - I tried to open the solution file to have a poke around and it complained about not being able to check out a file from source control; not sure what thast is about.

Any help would be appreciated.

Regards Justin

E

Hello everyone,

Share your ideas and thoughts to me please, I have following condition:

Source code changes:

1. GetUsers method - increased size limit

2. Modified SchemaObject.xml - Added input and output attributes (including standard, custom)

Steps:

1. ServiceType registered

2. ServiceInstance created

3. SmartObjects generated

4. When execute SmartObject method from SmartObjects - Services - Tester.exe

Error thrown with: The user name or password is incorrect.

We have normally running K2 environment, standard AD Service2 is working fine.

Methods from 1-4 all executed through the main service account configured for K2 environment.

Main service account can query normally from the ActiveDirectory using Powershell script.

Thanks in advance.

A

ADSO uses LDAP call to retrieve data from AD or does it use a database that has the information synced with AD.

Any answers?

Thanks

Anil Bingu

J

Was there ever a resolution to the port from Andrew Blinco above?

We are encountering a similar issue with the installation on our validation/test environment. We have installed the Dynamic ADSO the same way on our development environment with out any issues and files are installed in the smae locations/directory paths on both environments.

Thank you

Jason Milks

S

I try using the Create User function and added the Common Name field to the schema.

It throws the invalid dn error and does not let me to specify the Common Name cn field so record will appear with its sAMAccountName in AD.

Is it possible to set the cn to FirstName_Surname eg John Smith rather than default it to sAMAccountName (john.smith) please?

Thank you

Sandor Mari

D

this is a really useful service. I did however encounter performance issues when running the GetUsers method when returning 600+ users. It was taking over 60 seconds whereas the ADUser2 service was taking under 1 second to return the same number of users.

to resolve this problem i added a new function to the code to set the Searcher.PropertiesToLoad property to only the items being returned. this reduced the time from over 60 seconds to sub 1 second.

dSearcher.Filter = getADUserLookUpString(ref so);

dSearcher.PropertiesToLoad.AddRange(getReturnPropsFromServiceObject(ref so));

where getReturnPropsFromServiceObject is:

private string[] getReturnPropsFromServiceObject(ref ServiceObject so)

{

List<string> returnProps = new List<string>();

Method meth = so.Methods[0];

for (int c = 0; c < meth.ReturnProperties.Count; c += 1)

{

Property prop = so.Properties[meth.ReturnProperties];

if (prop.Name.IndexOf("UAC_") != -1)

{

if (returnProps.IndexOf("userAccountControl") == -1)

{

returnProps.Add("userAccountControl");

}

if (prop.Name.IndexOf("OrganisationalUnit") != -1)

{

returnProps.Add("DistinguishedName");

}

else

{

returnProps.Add(prop.Name);

}

return returnProps.ToArray();

}

I

We are experiencing an issue where a people picker control using the GetUser method isn't resolving a user when their account name is entered. The same user will be sucessfully returned if using the smartobject tester or a smartform where a button click calls the smartobject method using an input control as the account name input.

I reviewed the smartobject logging output of the call being made by the people picker vs the smartform example above and noticed that the former uses a contains operator while the latter uses direct equality.

I tried to mimic this in the tester using filters on AD properties which I know would include my example user account in the results, but it again wasn't returmed.

Some research showed that it wasn't returning users added to AD after a certain time.

The built-in AD User 2 object does return this user.

Is this associated with the limit mentioned in an earlier post?

BTW - I tried to open the solution file to have a poke around and it complained about not being able to check out a file from source control; not sure what thast is about.

Any help would be appreciated.

I am facing the same issue. Please if any one could help?

B

+8

braddo
Rookie
78 replies
5 years ago
22 May 2018

we have a problem where if we look for multiple people via a property

for people that have blank properties, they are getting populated from the person above them

for example - the property securityLicence is used by 3 people, yet when searching for users with the result we are getting others populated

sAMAccountName	Display Name	securityLicence
T1250	Tony Lewis	407216452
T3034	Paul James	407216452
T1498	Greg Wall	407216452
T2325	Garry Hug	407216452

T2352	Brad Burgess	2352
T2918	Norman Whalley	2352
T2514	Peter Tom	2352
T2208	Jeff Evans	2352

T00605	B Johnson	123465
T62320	Milne Aaron	123465
T62321	Milne Ian	123465
T62322	Bradley Reynolds	123465
T58598	Scott Garven	123465

M

It seems that the download link has been eaten by the community relaunch. Could you please check it?

K

Hello,

does this service work on K2 FIVE ?

I get this error when i want to register the service type from the smartobject tester ++:

Regards,

Kévin

B

+8

braddo
Rookie
78 replies
4 years ago
24 July 2019

we are using the Dynamic ADSO service object.

i have modified the config to look at extra AD attributes.

i am running the get users method and applying a filter to look for specfic field that is not blank

the query takes ~40 odd seconds to run.

how can i increase the time for this to run?

in a programming world with powershell, i would scope the search to a certain OU. is that possible, or can someone suggest the best method to peform AD query to look for a custom attribute and filter for ones with values

Q

In case of the "The user name or password is incorrect" try to change service instance to use Impersonation instead of Service Account. It helped in my case.

undefined