Dynamic Active Directory Service

  • 10 October 2009
  • 18 replies
  • 11994 views

An AD Service the offers the following features: • CreateUser • UpdateUser • ReadUser • GetUsers • Move User OU • Add User To Groups • Remove User from Groups • Search User by SubString • Search Groups By SubString This is release one of the service which as per the ‘Project Overview’ provides the ability to have more advanced Active Directory integration focused around Active Directory Users. In the Zip file for the project is the documen


18 replies

AD search 1000 record limit

We have added a couple of our custom  AD fields to this SmartObject and am returning a list of all employees. The query is returning exactly 1000 records and we are expecting around 1300 back. I know there is a paging parameter when querying from AD that defaults to 1000 records. Is there an easy workaround in order to return all records?

Re: AD search 1000 record limit

After digging into the code a little bit. Active Directory will put a limit of 1000 records on a search that does not have the PageSize declared. I added this line of code to: ADHelper.cs in the ActiveDirectoryDynamicSO project The Code I added:


public Exception getUsers(ref ServiceObject so)
        {
            Exception exc = null;
            try
            {
                //Need to decide if will allow user to pass domain in as a parameter?
                string conString = getLDAPPath("");
                //DirectoryEntry dirEntry = new DirectoryEntry(conString);
                DirectoryEntry dirEntry = getDirectoryEntry(conString);
                DirectorySearcher dSearcher = new DirectorySearcher(dirEntry);
                //Set the filter for the search
                dSearcher.Filter = getADUserLookUpString(ref so);
                int limit = 2000;
                if (so.Properties["MaxSearchResultSize"].Value != null)
                {
                    if (so.Properties["MaxSearchResultSize"].Value.ToString() != "*")
                    {
                        int.TryParse(so.Properties["MaxSearchResultSize"].Value.ToString(), out limit);
                    }
                }


                Method meth = so.Methods[0];
                dSearcher.PageSize = 1200;
                dSearcher.SizeLimit = limit;
                System.DirectoryServices.SearchResultCollection sResults = dSearcher.FindAll();
                so.Properties.InitResultTable();
                foreach (SearchResult sResult in sResults)
                {
                    addReturnPropFromDirObject(ref dirEntry, ref so,sResult);
                    SetTransactionSuccessful(ref so);
                    so.Properties.BindPropertiesToResultTable();
                }
                dirEntry.Close();
            }
            catch (Exception ex)
            {
                exc = ex;
            }
            return exc;
        }


 


Recompile, move K2.PSUK.ActiveDirectoryDynamicSO.dll to the ServiceBroker directory on the K2 server, refresh Service Object, Refresh Service Instance, and rerun the SmartObject.  This did the trick!

Is it possible to configure multiple domains, as in the Active Directory service instance?

 

We're trying to do this, but it's not working, it gives an error:

"The format of the specified domain name is invalid"

 

We tried to configure the domains delimited with commas, and with semi-collon.

Is it possible (or even advisable) to consider using Global Catalog type connections for access to AD records? I am sure there are some pro's and cons.

In the documentation under the section "Modifying the Service Schema" it says to "Load the Schema from your K2 Server (C:Program FilesK2 blackpearlServiceBrokerSchemaObject.xml)"

 

It appears in fact that the service instance looks for this file under C:Program FilesK2 blackpearlHost ServerBin

 

When I went to create the service instance I got an error message saying it could not locate the SchemaObject.xml file in this directory

After carefully followed the instructions from the document provided as part of the downloaded zipped.

From SmartObjects - Services - Test tool, as a test I tried to execute "GetUsers" and "ReadUser" but received an error message as:

"Index was out of rang. Must be non-negative and less than the size of the collection.

Parameter name: index

Service: DynamicADSO

Service Guid: [guid info]

Serverity: Error

 

has anyone experienced this error or could you please kindly provide some advices how I can resolve this error.

 

thanks

We are experiencing an issue where a people picker control using the GetUser method isn't resolving a user when their account name is entered.  The same user will be sucessfully returned if using the smartobject tester or a smartform where a button click calls the smartobject method using an input control as the account name input.

 

I reviewed the smartobject logging output of the call being made by the people picker vs the smartform example above and noticed that the former uses a contains operator while the latter uses direct equality.

 

I tried to mimic this in the tester using filters on AD properties which I know would include my example user account in the results, but it again wasn't returmed.

 

Some research showed that it wasn't returning users added to AD after a certain time.

 

The built-in AD User 2 object does return this user.

 

Is this associated with the limit mentioned in an earlier post?

 

BTW - I tried to open the solution file to have a poke around and it complained about not being able to check out a file from source control; not sure what thast is about.

 

Any help would be appreciated.

 

Regards Justin 

Hello everyone,

Share your ideas and thoughts to me please, I have following condition:

 

Source code changes:

1. GetUsers method - increased size limit

2. Modified SchemaObject.xml - Added input and output attributes (including standard, custom)

 

Steps:

1. ServiceType registered 

2. ServiceInstance created

3. SmartObjects generated

4. When execute SmartObject method from SmartObjects - Services - Tester.exe

Error thrown with: The user name or password is incorrect.

 

We have normally running K2 environment, standard AD Service2 is working fine.

Methods from 1-4 all executed through the main service account configured for K2 environment.

Main service account can query normally from the ActiveDirectory using Powershell script.

Thanks in advance.

 

 

ADSO uses LDAP call to retrieve data from AD or does it use a database that has the information synced with AD.

Any answers?

 

Thanks

Anil Bingu

Was there ever a resolution to the port from Andrew Blinco above?

 

We are encountering a similar issue with the installation on our validation/test environment.  We have installed the Dynamic ADSO the same way on our development environment with out any issues and files are installed in the smae locations/directory paths on both environments.

 

Thank you

 

Jason Milks

I try using the Create User function and added the Common Name field to the schema.

It throws the invalid dn error and does not let me to specify the Common Name cn field so record will appear with its sAMAccountName in AD.

Is it possible to set the cn to FirstName_Surname eg John Smith rather than default it to sAMAccountName (john.smith) please?

 

Thank you

Sandor Mari

this is a really useful service.  I did however encounter performance issues when running the GetUsers method when returning 600+ users.  It was taking over 60 seconds whereas the ADUser2 service was taking under 1 second to return the same number of users.

 

to resolve this problem i added a new function to the code to set the Searcher.PropertiesToLoad property to only the items being returned.  this reduced the time from over 60 seconds to sub 1 second.

 

dSearcher.Filter = getADUserLookUpString(ref so);

dSearcher.PropertiesToLoad.AddRange(getReturnPropsFromServiceObject(ref so));

 

where getReturnPropsFromServiceObject is:

 

private string[] getReturnPropsFromServiceObject(ref ServiceObject so)

{

List<string> returnProps = new List<string>();

Method meth = so.Methods[0];

for (int c = 0; c < meth.ReturnProperties.Count; c += 1)

{

Property prop = so.Properties[meth.ReturnProperties[c]];

if (prop.Name.IndexOf("UAC_") != -1)

{

if (returnProps.IndexOf("userAccountControl") == -1)

{

returnProps.Add("userAccountControl");

}

}

if (prop.Name.IndexOf("OrganisationalUnit") != -1)

{

returnProps.Add("DistinguishedName");

}

else

{

returnProps.Add(prop.Name);

}

}

return returnProps.ToArray();

}

 

We are experiencing an issue where a people picker control using the GetUser method isn't resolving a user when their account name is entered.  The same user will be sucessfully returned if using the smartobject tester or a smartform where a button click calls the smartobject method using an input control as the account name input.

 

I reviewed the smartobject logging output of the call being made by the people picker vs the smartform example above and noticed that the former uses a contains operator while the latter uses direct equality.

 

I tried to mimic this in the tester using filters on AD properties which I know would include my example user account in the results, but it again wasn't returmed.

 

Some research showed that it wasn't returning users added to AD after a certain time.

 

The built-in AD User 2 object does return this user.

 

Is this associated with the limit mentioned in an earlier post?

 

BTW - I tried to open the solution file to have a poke around and it complained about not being able to check out a file from source control; not sure what thast is about.

 

Any help would be appreciated.

 

 

 

I am facing the same issue. Please if any one could help? 

 

we have a problem where if we look for multiple people via a property

for people that have blank properties, they are getting populated from the person above them

for example - the property securityLicence is used by 3 people, yet when searching for users with the result we are getting others populated

 

sAMAccountName

Display Name

securityLicence

T1250

Tony Lewis

407216452

T3034

Paul James

407216452

T1498

Greg Wall

407216452

T2325

Garry Hug

407216452

 

 

 

T2352

Brad Burgess

2352

T2918

Norman Whalley

2352

T2514

Peter Tom

2352

T2208

Jeff Evans

2352

 

T00605

B Johnson

123465

T62320

Milne Aaron

123465

T62321

Milne Ian

123465

T62322

Bradley Reynolds

123465

T58598

Scott Garven

123465

It seems that the download link has been eaten by the community relaunch. Could you please check it?

Hello,

 

does this service work on K2 FIVE ? 

 

I get this error when i want to register the service type from the smartobject tester ++: 

 

 

Regards,

 

Kévin

we are using the Dynamic ADSO service object.

i have modified the config to look at extra AD attributes.

i am running the get users method and applying a filter to look for specfic field that is not blank

the query takes ~40 odd seconds to run.

how can i increase the time for this to run?

 

in a programming world with powershell, i would scope the search to a certain OU.  is that possible, or can someone suggest the best method to peform AD query to look for a custom attribute and filter for ones with values

In case of the "The user name or password is incorrect" try to change service instance to use Impersonation instead of Service Account. It helped in my case.

 

undefined

Reply