Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Home
- Security, Compliance, and Identity
- Core Infrastructure and Security Blog
- Rules Extensions - MA Extension
Rules Extensions - MA Extension
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Published
Nov 01 2019 03:02 PM
1,185
Views
Nov 01 2019
03:02 PM
Nov 01 2019
03:02 PM
First published on MSDN on Jun 23, 2017
The following is just an example of what an MA Extension would like like and should only be used as a reference on how to build your own MA Extension, I use this post as a reference for all my MA Extension Post which I have broken up into sections
Rules Extensions – ShouldProjectToMV
Rules Extensions – MapAttributesForImport
Rules Extensions – MapAttributesForJoin
2 Way Account Expires Rules Extension
using System;
using Microsoft.MetadirectoryServices;
using System.Globalization;
using System.Security.Principal;
// Date Changed 23 June 2017
namespace Mms_ManagementAgent_MAExtension
{
/// <summary>
/// Summary description for MAExtensionObject.
/// </summary>
public class MAExtensionObject : IMASynchronization
{
const string FSP = "foreignSecurityPrincipal";
const string ADMA1 = "Contoso ADMA";
const string ADMA2 = "Fabrikam ADMA";
const string ADMA3 = "Fabrikam SPMA";
public MAExtensionObject()
{
//
// TODO: Add constructor logic here
//
}
void IMASynchronization.Initialize()
{
//
// TODO: write initialization code
//
}
void IMASynchronization.Terminate()
{
//
// TODO: write termination code
//
}
//bool IMASynchronization.ShouldProjectToMV(CSEntry csentry, out string MVObjectType)
//{
// MVObjectType = "foreignSecurityPrincipal";
// bool ShouldProject = false;
// if (csentry["whatever"].StringValue.Length >= 30)
// {
// ShouldProject = true;
// }
// return ShouldProject;
//}
bool IMASynchronization.ShouldProjectToMV(CSEntry csentry, out string MVObjectType)
{
string fsp = "foreignSecurityPrincipal";
bool ShouldProject = false;
MVObjectType = null;
switch (csentry.MA.Name)
{
case ADMA1:
{
MVObjectType = "person";
ShouldProject = true;
}
break;
case ADMA2:
{
MVObjectType = "group";
ShouldProject = true;
}
break;
case ADMA3:
switch (csentry.ObjectType)
{
case FSP:
{
MVObjectType = fsp;
if (csentry["cn"].StringValue.Length >= 30)
{
ShouldProject = true;
}
}
break;
}
break;
default: throw new EntryPointNotImplementedException();
}
return ShouldProject;
}
DeprovisionAction IMASynchronization.Deprovision(CSEntry csentry)
{
//
// TODO: Remove this throw statement if you implement this method
//
throw new EntryPointNotImplementedException();
}
bool IMASynchronization.FilterForDisconnection(CSEntry csentry)
{
//
// TODO: write connector filter code
//
throw new EntryPointNotImplementedException();
}
void IMASynchronization.MapAttributesForJoin(string FlowRuleName, CSEntry csentry, ref ValueCollection values)
{
switch (FlowRuleName)
{
case "SPAccountName":
//
// TODO: write join mapping code
//
values.Add(csentry["samAccountName"].StringValue.Replace("SP_", ""));
break;
case "BuildAccountName":
if (csentry["accountName"].IsPresent)
{
values.Add(csentry["accountName"].StringValue);
}
else if (csentry["firstName"].IsPresent && csentry["lastName"].IsPresent)
{
values.Add(csentry["firstName"].StringValue + "." + csentry["lastName"].StringValue);
}
break;
}
}
bool IMASynchronization.ResolveJoinSearch(string joinCriteriaName, CSEntry csentry, MVEntry[] rgmventry, out int imventry, ref string MVObjectType)
{
//
// TODO: write join resolution code
//
throw new EntryPointNotImplementedException();
}
void IMASynchronization.MapAttributesForImport(string FlowRuleName, CSEntry csentry, MVEntry mventry)
{
string csAttrib;
string mvAttrib;
long dtInt;
string targetFormat;
string sourceFormat;
//
// TODO: write your import attribute flow code
//
switch (FlowRuleName)
{
case "getDate":
mvAttrib = "deprovisionDate";
if (mventry.ConnectedMAs[ADMA1].Connectors.Count == 0)
{
if (mventry[mvAttrib].IsPresent && !string.IsNullOrWhiteSpace(mvAttrib))
{
DateTime depoDate;
if (!DateTime.TryParse(mventry[mvAttrib].Value, out depoDate))
{
//mventry ["deprovisionDate"].Value = DateTime.Now.AddDays(90).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'");
mventry[mvAttrib].Value = DateTime.Now.AddDays(90).ToString("yyyy-MM-ddTHH:mm:ss.000");
}
else
{
mventry[mvAttrib].Value = DateTime.Now.AddDays(90).ToString("yyyy-MM-ddTHH:mm:ss.000");
}
}
else
{
mventry[mvAttrib].Value = DateTime.Now.AddDays(90).ToString("yyyy-MM-ddTHH:mm:ss.000");
}
}
break;
case "removeDate":
mvAttrib = "deprovisionDate";
if (mventry.ConnectedMAs[ADMA1].Connectors.Count == 1)
{
if (mventry[mvAttrib].IsPresent)
{
mventry[mvAttrib].Values.Clear();
}
}
break;
case "employeeEndDate":
csAttrib = "accountExpires";
mvAttrib = "employeeEndDate";
dtInt = csentry[csAttrib].IntegerValue;
//targetFormat = "yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'";
targetFormat = "yyyy-MM-ddTHH:mm:ss.000";
//targetFormat = "M/d/yyyy h:mm tt";
sourceFormat = string.Empty;
GetDateString(csentry, mventry, dtInt, mvAttrib, sourceFormat, targetFormat);
break;
case "pwdLastSet":
csAttrib = "pwdLastSet";
mvAttrib = "pwdLastSet";
dtInt = csentry[csAttrib].IntegerValue;
targetFormat = "M/d/yyyy h:mm tt";
sourceFormat = string.Empty; ;
if (csentry[csAttrib].IsPresent && csentry[csAttrib].IntegerValue != 0)
GetDateString(csentry, mventry, dtInt, mvAttrib, sourceFormat, targetFormat);
///mventry[mvAttrib].Value = ConvertFileTimeToFimTimeStamp(csentry[csAttrib].IntegerValue);
else
mventry[mvAttrib].Delete();
break;
case "pwdExpires":
csAttrib = "pwdLastSet";
mvAttrib = "pwdExpires";
dtInt = csentry[csAttrib].IntegerValue;
targetFormat = "M/d/yyyy h:mm tt";
sourceFormat = string.Empty;
if (csentry[csAttrib].IsPresent && csentry[csAttrib].IntegerValue != 0)
GetDateString(csentry, mventry, dtInt, mvAttrib, sourceFormat, targetFormat, 180);
///mventry[mvAttrib].Value = ConvertFileTimeToFimTimeStamp(csentry[csAttrib].IntegerValue);
else
mventry[mvAttrib].Delete();
break;
case "lastLogonTimestamp":
csAttrib = "lastLogonTimestamp";
mvAttrib = "lastLogonTimestamp";
dtInt = csentry[csAttrib].IntegerValue;
targetFormat = "M/d/yyyy h:mm tt";
sourceFormat = string.Empty;
if (csentry[csAttrib].IsPresent && csentry[csAttrib].IntegerValue != 0)
GetDateString(csentry, mventry, dtInt, mvAttrib, sourceFormat, targetFormat);
//mventry[mvAttrib].Value = ConvertFileTimeToFimTimeStamp(csentry[csAttrib].IntegerValue);
else
mventry[mvAttrib].Delete();
break;
case "createdDate":
csAttrib = "whenCreated";
mvAttrib = "createDate";
string dateStr = csentry[csAttrib].StringValue;
targetFormat = "M/dd/yyyy h:mm:ss tt";
sourceFormat = "yyyyMMddHHmmss.0Z";
GetDateString(csentry, mventry, dateStr, mvAttrib, sourceFormat, targetFormat);
break;
case "objectSidString":
string objectSidString = ConvertSidToString(csentry["objectSid"].BinaryValue);
mventry["objectSidSTring"].StringValue = objectSidString;
break;
}
}
void IMASynchronization.MapAttributesForExport(string FlowRuleName, MVEntry mventry, CSEntry csentry)
{
//
// TODO: write your export attribute flow code
//
//
// TODO: write your export attribute flow code
//
switch (FlowRuleName)
{
case "accountExpires":
CultureInfo provider = CultureInfo.InvariantCulture;
if (mventry["employeeEndDate"].ToString() != "")
{
//DateTime dtFileTime = DateTime.ParseExact(mventry["employeeEndDate"].Value, "yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'", provider);
DateTime dtFileTime = DateTime.Parse(mventry["employeeEndDate"].Value, provider);
csentry["accountExpires"].IntegerValue = dtFileTime.ToFileTime();
}
else
{
csentry["accountExpires"].Value = "9223372036854775807";
}
break;
}
}
#region helper functions
private static void GetDateString(CSEntry csentry, MVEntry mventry, long dtInt, string mvAttrib, string sourceFormat, string targetFormat, int days = 0)
{
if (dtInt == 0 || dtInt == 9223372036854775807)
{
// This is a special condition, do not contribute and delete any current value
mventry[mvAttrib].Delete();
}
else
{
DateTime dtFileTime = DateTime.FromFileTime(dtInt).AddDays(days);
if (targetFormat.Equals("LONG", StringComparison.OrdinalIgnoreCase))
{
mventry[mvAttrib].Value = dtFileTime.ToLongDateString();
}
else if (targetFormat.Equals("SHORT", StringComparison.OrdinalIgnoreCase))
{
mventry[mvAttrib].Value = dtFileTime.ToShortDateString();
}
else
mventry[mvAttrib].Value = dtFileTime.ToString(targetFormat);
// mventry[mvAttrib].Value = DateTime.FromFileTimeUtc(dtInt).ToString(targetFormat);
}
}
//(CSEntry csentry, MVEntry mventry, long dtInt, string mvAttrib, string targetFormat, int days = 0)
private static void GetDateString(CSEntry csentry, MVEntry mventry, string dateStr, string mvAttrib, string sourceFormat, string targetFormat, int days = 0)
{
DateTime dt = DateTime.ParseExact(dateStr, sourceFormat, CultureInfo.InvariantCulture);
GetDateString(csentry, mventry, dt.ToFileTime(), mvAttrib, sourceFormat, targetFormat, days);
}
private static string ConvertFileTimeToFimTimeStamp(long fileTime)
{
return DateTime.FromFileTimeUtc(fileTime).ToString("yyyy-MM-ddTHH:mm:ss.000");
}
private static string ConvertSidToString(byte[] objectSid)
{
string objectSidString = "";
SecurityIdentifier SI = new SecurityIdentifier(objectSid, 0);
objectSidString = SI.ToString();
return objectSidString;
}
#endregion
}
}
0
Likes
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.