Creating a directory objects assembly for LinqToLdap

Introduction

This post was originally just going to be the first half of the next one but I thought a few people might find it useful on its own.  It describes creating a class library assembly containing the definitions of:

  • GroupObject
  • OrganizationalUnitObject
  • UserObject

and their ClassMaps.  It’s not meant to be prescriptive; this is just how I decided to create such an assembly and my thoughts on why I did a couple of things.

First, I’ll talk about the attribute type definitions in general, then, I’ll talk about some specific attribute type definitions and, finally, I’ll show you how to create the assembly.

Attribute type definitions

In this section I discuss the options available to you when mapping some LDAP attributes types to CLR types.

Integers and Large Integers/Intervals

For Integers, you have a choice of

  • Int32
  • Nullable<Int32>

For Intervals, you have a choice of:

  • Int64
  • Nullable<Int64>
  • DateTime
  • Nullable<DateTime>

Given the extra hassle of dealing with nullables, why would you do so?

When you create a user on a domain controller, Active Directory will set certain values for you. For example,

accountExpires = 9223372036854775807 [Large Integer/Interval]
badPasswordTime = 0 [Large Integer/Interval]
badPwdCount = 0 [Integer]
logonCount = 0 [Integer]
pwdLastSet = 0 [Large Integer/Interval]

If you check another domain controller you’ll find some of them don’t have values because AD doesn’t replicate some attributes:

accountExpires = 9223372036854775807
badPasswordTime = <not set>
badPwdCount = <not set>
logonCount = <not set>
pwdLastSet = 0

For the Integers, if you map them as Int32, the <not set> will be rendered as zero. If it’s important to you to know when they’re <not set> and when they’re actually zero, you need to map them as Nullable<Int32>.

Likewise with the Large Integer/Intervals, if you map them as Int64, the <not set> will be rendered as zero, so if you need to know when they’re <not set>, you need to map them as Nullable<Int64>.

If they are Intervals (such as the ones listed above) you also have the choice of mapping them as DateTime or Nullable<DateTime> (using .DateTimeFormat(null) in the ClassMap).

  • If you map them as DateTime, if the value is
    • <not set>, you’ll see “01/01/0001 00:00:00”;
    • zero you’ll see “01/01/1601 00:00:00”
  • If you map them as Nullable<DateTime> and the value is
    • <not set>, you’ll see null;
    • zero you’ll see “01/01/1601 00:00:00”.

So, with mapping to DateTime you don’t need Nullable to know whether the directory value was set but to me, at least, if feels cleaner to test for HasValue than = “01/01/0001 00:00:00”.

Multi-valued Unicode String attributes

You have a choice when mapping multi-valued Unicode String directory attributes.  You can, and generally should, map them as some form of Collection<String>.  But, if you’re only ever going store and retrieve a single value, you can map them as a simple String.  If you do so and there is more than one value in the attribute and you try to read it, you’ll see only one of the values.  If you try to update it, the update will replace all values in the attribute with the single value provided.

Specific attribute type definitions

So, now you’ve seen the options, I’ll discuss what I actually chose for specific attributes in my current model and why.  I’ll go class by class.

SecPrinMailRecipEtc

description

I’ve mapped description to String even though it’s described in the schema as a multi-valued attribute.  description is restricted to single values for SAM-managed classes (e.g. user and group) for backwards compatibility, because the attribute was so-defined in the SAM APIs which pre-date Active Directory.  You can read more, here.

UserObject

accountExpires

I’ve mapped accountExpires to Int64 because it always has a value and because its default value (0x7FFFFFFFFFFFFFFF) cannot be directly mapped to a valid DateTime using DateTime.FromFileTime(Int64).

badPasswordTime

I’ve mapped badPasswordTime to Nullable<DateTime> because it can be <not set> and because when I use it, it’ll be to know the date/time of the last bad password on this DC.

badPwdCount

I’ve mapped badPwdCount to Nullable<Int32> because it can be <not set> and because I’ve no reason not to do so.

c, co and countryCode

These three attributes are ‘linked’ in ADU&C, in that setting Country/region: sets all three values.  In the directory itself, they are not linked and can be set and cleared independently.  Setting c, will result in ADU&C displaying the country; setting either or both of the other two will not.

jpegPhoto

I’ve mapped jpegPhoto to Byte[].  You can convert the bytes to a bitmap using something like:

var bitmap2 = new Bitmap(new MemoryStream(user.jpegPhoto));

lastLogonTimestamp

I’ve mapped lastLogonTimestamp to Nullable<DateTime> because it can be <not set> and because when I use it it’ll be to know the approximate date/time of the last logon.

logonCount

I’ve mapped logonCount to Nullable<Int32> because it can be <not set> and because I’ve no reason not to do so.

pwdLastSet

I’ve mapped pwdLastSet to Int64 because it always has a value – it’s never <not set>.  I could’ve mapped it to DateTime and used .DateTimeFormat(null) but if I use this at all it’ll most likely be to see if the user needs to change their password at next logon.  To do this, I’ll be checking for pwdLastSet = 0 (and userAccountControl doesn’t contain UF_DONT_EXPIRE_PASSWD) so it’s easier to have it as an Int64.  On those occasions when I need the date/time I can always convert it using DateTime.FromFileTime(Int64).

thumbnailPhoto

I’ve mapped thumbnailPhoto to Byte[].  You can convert it to a bitmap using something like:

var bitmap = new Bitmap(new MemoryStream(user.thumbnailPhoto));

unicodePwd

I’ve mapped unicodePwd to a Byte[].  To set this value, use something like this:

/// <summary> 
/// Returns a unicode-encoded byte array based on the incoming password string.
/// </summary>
/// The password to turn into a byte array
public byte[] GetPasswordData(string password)
{
    var formattedPassword = String.Format("\"{0}\"", password);
    return Encoding.Unicode.GetBytes(formattedPassword);
}

I found this, here.  Note that you must be connected over SSL to set this value in Active Directory.

userAccountControl

I’ve mapped userAccountControl to Int32 with the expectation that I’ll cast to and from an enum defined with FlagsAttribute, called UserAccountControlFlags.  See the project files below for more details.

GroupObject

groupType

I’ve mapped groupType to an enum called GroupTypes (see below for definition).  Why have I not used Int32 and  FlagsAttribute on the enum?  Although the values are defined in powers of two and it’s possible to use bitwise operations on them, I’m more confident that I can defined all of the required combinations and make use of LinqToLdap’s .EnumStoredAsInt() method to simplify things.

OrganizationalUnitObject

description

I’ve mapped description as a Collection<String>.  See the explanation of description for UserObject for details.

Create the assembly

First, create a new Class Library project.  I called mine ilminator.LinqToLdap.DirectoryObjects because I like meaningful names for my projects, namespaces and assemblies and I tend to keep them all in line.

Now, add a reference to LinqToLdap.

Next, add a folder to the project, called ClassMaps.  To do this, right-click on the project name and select Add > New Folder.

Enter the name ClassMaps.

There are two reasons to do this: first, if you end up with a lot of directory object classes and ClassMaps, it’ll make them easier to find and manage; and second, by putting all of the ClassMaps in their own namespace, if you only add a using statement for the main namespace, IntelliSense won’t be cluttered with the ClassMap names.

Next, add a class file to the ClassMaps folder, called OrganizationalUnitObjectMap.cs.  Add another called GroupObjectMap.cs.  Add a third called UserObjectMap.cs.

Next, add class files to the main part of the project called:

  1. GroupObject.cs
  2. GroupTypes.cs
  3. OrganizationalUnitObject.cs
  4. SecPrinMailRecipEtc.cs
  5. Top.cs
  6. UserAccountControlFlags.cs
  7. UserObject.cs

So, why the extra files, Top and SecPrinMailRecipEtc, and why the odd name?

As you probably know Active Directory implements an inheritance model.  Unlike C#, AD supports multiple-inheritance through something called auxiliary classes.  For example, user inherits from mailRecipient, posixAccount, securityPrincipal and shadowAccount.  This is tricky to replicate in C#, so for this article I fudged it.  🙂

Everything that comes from top is in Top (except description – see the class file comments for the details).  Stuff that was common to group and user went in SecPrinMailRecipEtc.  If I were implementing other classes, I would probably have to be a bit cleverer than that.  cn which belongs in top (but is optional) went in SecPrinMailRecipEtc because organizationalUnit doesn’t have a cn attribute.  You’ve probably figured out why the odd name, by now.

Your project should now look something like this:

The next step is to add the code.

Top.cs

using System;
using System.Collections.ObjectModel;
using LinqToLdap.Mapping;

namespace ilminator.LinqToLdap.DirectoryObjects
{
    public abstract class Top : DirectoryObjectBase
    {
        // description cannot be implemented here because it has different uses in
        // Active Directory.  For SAM-managed objects, it is used as if it were
        // defined as single-valued.  For other objects, it is used as defined,
        // which is as a multi-valued object.  For this reason, I think it makes
        // sense to implement it differently for SAM- and non-SAM-managed objects.
        // See the definitions of SecPrinMailRecipEtc and OrganizationalUnit for
        // examples.
        // Ref: http://msdn.microsoft.com/en-us/library/windows/desktop/ms675492.aspx.

        private string _displayName;
        /// <summary>
        /// Display-Name. The display name for an object. This is usually
        /// the combination of the users first name, middle initial, and last name.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms675514.aspx]
        /// </summary>
        public String displayName
        {
            get { return this._displayName; }
            set
            {
                if (value != this._displayName)
                {
                    this._displayName = value;
                    AttributeChanged(a => a.displayName);
                }
            }
        }

        /// <summary> 
        /// Obj-Dist-Name.
        /// </summary>
        public String distinguishedName { get; set; }
        /// <summary>
        /// RDN. The Relative Distinguished Name of an object.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms678697.aspx]
        /// </summary>
        public String name { get; set; }
        /// <summary>
        /// Object-Guid. The unique identifier for an object.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms679021.aspx]
        /// </summary>
        public Guid objectGuid { get; set; }
        /// <summary>
        /// USN-Changed. USN value assigned by the local directory for the
        /// latest change, including creation.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680871.aspx]
        /// </summary>
        public Int64 uSNChanged { get; set; }
        ///<summary>
        /// USN-Created. USN-Changed value assigned at object creation.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680874.aspx]
        /// </summary>
        public Int64 uSNCreated { get; set; }
        /// <summary>
        /// When-Changed. The date when this object was last changed. This
        /// value is not replicated and exists in the global catalog.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680921.aspx"]
        /// </summary>
        public DateTime whenChanged { get; set; }
        ///<summary> 
        /// When-Created. The date when this object was created. This value
        /// is replicated and is in the global catalog.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680924.aspx"]
        /// </summary>
        public DateTime whenCreated { get; set; }

        private string _wWWHomePage;
        /// <summary>
        /// WWW-HomePage. The primary webpage.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680927.aspx]
        /// </summary>
        public String wWWHomePage
        {
            get { return this._wWWHomePage; }
            set
            {
                if (value != this._wWWHomePage)
                {
                    this._wWWHomePage = value;
                    AttributeChanged(a => a.wWWHomePage);
                }
            }
        }
    }
}

SecPrinMailRecipEtc.cs

using System;

namespace ilminator.LinqToLdap.DirectoryObjects
{
    public abstract class SecPrinMailRecipEtc : Top
    {
        public String commonName { get; set; }  // Top (but optional)

        private string _description;
        /// <summary>
        /// Description. Contains the description to display for an object. In
        /// Active Directory, this value is restricted as single-valued for
        /// backward compatibility in some cases but is allowed to be multi-valued
        /// in others. See 'Remarks' on the follow link.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms675492.aspx]
        /// </summary>
        public String description
        {
            get { return this._description; }
            set
            {
                if (value != this._description)
                {
                    this._description = value;
                    this.AttributeChanged(a => a.description);
                }
            }
        }

        private string _info;                   // mailRecipient
        /// <summary>
        /// A comment attribute, shown as 'Notes' in ADU&C for users and groups.
        /// </summary>
        public String info
        {
            get { return this._info; }
            set
            {
                if (value != this._info)
                {
                    this._info = value;
                    AttributeChanged(a => a.info);
                }
            }
        }

        private string _mail;                   // group
        /// <summary>
        /// E-mail-Address.
        /// </summary>
        public String mail
        {
            get { return this._mail; }
            set
            {
                if (value != this._mail)
                {
                    this._mail = value;
                    AttributeChanged(a => a.mail);
                }
            }
        }

        /// <summary>
        /// Object-Sid.
        /// </summary>
        public System.Security.Principal.SecurityIdentifier objectSid { get; set; } // securityPrincipal

        private string _sAMAccountName;          // securityPrincipal
        public String sAMAccountName
        {
            get { return this._sAMAccountName; }
            set
            {
                if (value != this._sAMAccountName)
                {
                    this._sAMAccountName = value;
                    AttributeChanged(a => a.sAMAccountName);
                }
            }
        }

        /// <summary>
        /// SAM-Account-Type. This attribute contains information about
        /// every account type object.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms679637.aspx]
        /// </summary>
        public Int32 sAMAccountType { get; set;}  // securityPrincipal

        private string _telephoneNumber;        // mailRecipient
        public String telephoneNumber
        {
            get { return this._telephoneNumber; }
            set
            {
                if (value != this._telephoneNumber)
                {
                    this._telephoneNumber = value;
                    AttributeChanged(a => a.telephoneNumber);
                }
            }
        }
    }
}

GroupObject.cs

using System;
using System.Collections.ObjectModel;
using LinqToLdap.Mapping;

namespace ilminator.LinqToLdap.DirectoryObjects
{
    public class GroupObject : SecPrinMailRecipEtc
    {
        private GroupTypes _groupType;          // group
        /// <summary>
        /// Group-Type. Contains a set of flags that define the type and scope
        /// of a group object. For the possible values for this attribute,
        /// see Remarks in the following link.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms675935.aspx]
        /// </summary>
        public GroupTypes groupType
        {
            get { return this._groupType; }
            set
            {
                if (value != this._groupType)
                {
                    this._groupType = value;
                    AttributeChanged(a => a.groupType);
                }
            }
        }

        private string _managedBy;              // group
        /// <summary> 
        /// The distinguished name of the user that is assigned to manage this object.
        /// </summary>
        public String managedBy
        {
            get { return this._managedBy; }
            set
            {
                if (value != this._managedBy)
                {
                    this._managedBy = value;
                    AttributeChanged(a => a.managedBy);
                }
            }
        }

        private Collection _member;     // group
        /// <summary>
        /// Member. The list of users that belong to the group.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms677097.aspx]
        /// </summary>
        public Collection member
        {
            get { return this._member; }
            set
            {
                if (value != this._member)
                {
                    this._member = value;
                    AttributeChanged>(a => a.member);
                }
            }
        }
    }
}

OrganizationalUnitObject.cs

using System;
using LinqToLdap.Mapping;
using System.Collections.ObjectModel;

namespace ilminator.LinqToLdap.DirectoryObjects
{
    public class OrganizationalUnitObject : Top
    {
        /// <summary>
        /// Organizational-Unit-Name (ou). The name of the organizational unit.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms679096.aspx]
        /// </summary>
        public String organizationalUnitName { get; set; }

        private Collection _description;     // top (see note on Top)
        /// <summary>
        /// Description. Contains the description to display for an object. In
        /// Active Directory, this value is restricted as single-valued for
        /// backward compatibility in some cases but is allowed to be multi-valued
        /// in others. See 'Remarks' on the follow link.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms675492.aspx]
        /// </summary>
        public Collection description
        {
            get { return this._description; }
            set
            {
                if (value != this._description)
                {
                    this._description = value;
                    AttributeChanged>(a => a.description);
                }
            }
        }

        private string _managedBy;              // organizationalUnit
        /// <summary>
        /// The distinguished name of the user that is assigned to manage this object.
        /// </summary>
        public String managedBy
        {
            get { return this._managedBy; }
            set
            {
                if (value != this._managedBy)
                {
                    this._managedBy = value;
                    AttributeChanged(a => a.managedBy);
                }
            }
        }
    }
}

UserObject.cs

using System;
using System.Collections.ObjectModel;
using LinqToLdap.Mapping;

namespace ilminator.LinqToLdap.DirectoryObjects
{
    public class UserObject : SecPrinMailRecipEtc
    {
        public UserObject()
        {
            //this.accountExpires = 0x7FFFFFFFFFFFFFFF;
            this._userAccountControl = 546;
        }

        /// <summary>
        /// Returns a unicode-encoded byte array based on the incoming password string.
        /// Use this to convert your password value into the format required by
        /// <param name="password">The password to turn into a byte array</param>.
        /// </summary>
        ///The password to turn into a byte array
        public static Byte[] GetPasswordData(string password)
        {
            var formattedPassword = String.Format("\"{0}\"", password);
            return System.Text.Encoding.Unicode.GetBytes(formattedPassword);
        }

        #region ----- directory object properties and fields  -----

        private long _accountExpires;                      // organizationalPerson
        /// <summary>
        /// Account-Expires. The date when the account expires. This value
        /// represents the number of 100-nanosecond intervals since
        /// January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF
        /// (9223372036854775807) indicates that the account never expires.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms675098.aspx]
        /// </summary>
        public Int64 accountExpires
        {
            get { return this._accountExpires; }
            set
            {
                if (value != this._accountExpires)
                {
                    this._accountExpires = value;
                    AttributeChanged(a => a.accountExpires);
                }
            }
        }

        /// <summary>
        /// Bad-Password-Time. The last time and date that an attempt to log on
        /// to this account was made with a password that is not valid. This value
        /// is stored as a large integer that represents the number of
        /// 100-nanosecond intervals since January 1, 1601 (UTC).
        /// A value of zero means that the last time a incorrect password was
        /// used is unknown. This attribute is not replicated and is maintained
        /// separately on each domain controller in the domain. To get an accurate
        /// value for the user's last bad password time in the domain, each domain
        /// controller in the domain must be queried. The largest value that is
        /// obtained represents the true bad password time.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms675243.aspx]
        /// </summary>
        public Nullable badPasswordTime { get; set; }

        /// <summary>
        /// The number of times the user tried to log on to the account using an
        /// incorrect password. A value of 0 indicates that the value is unknown.
        /// This attribute is not replicated and is maintained separately on each
        /// domain controller in the domain. This attribute is reset on a specific
        /// domain controller when the user successfully logs onto that domain
        /// controller.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms675244.aspx]
        /// </summary>
        public Nullable badPwdCount { get; set; }

        private string _c;                      // organizationalPerson
        /// <summary>
        /// Country-Name (e.g. GB). Set when 'Country/region' is set in ADU&C.
        /// </summary>
        public String c
        {
            get { return this._c; }
            set
            {
                if (value != this._c)
                {
                    this._c = value;
                    AttributeChanged(a => a.c);
                }
            }
        }

        private string _co;                // organizationalPerson
        /// <summary>
        /// Text-Country (e.g. United Kingdom). Set when 'Country/region' is set in ADU&C.
        /// </summary>
        public String co
        {
            get { return this._co; }
            set
            {
                if (value != this._co)
                {
                    this._co = value;
                    AttributeChanged(a => a.co);
                }
            }
        }

        private string _comment;                // organizationalPerson
        /// <summary>
        /// User-Comment.
        /// </summary>
        public String comment
        {
            get { return this._comment; }
            set
            {
                if (value != this._comment)
                {
                    this._comment = value;
                    AttributeChanged(a => a.comment);
                }
            }
        }

        private string _company;                // organizationalPerson
        /// <summary>
        /// Company.
        /// </summary>
        public String company
        {
            get { return this._company; }
            set
            {
                if (value != this._company)
                {
                    this._company = value;
                    AttributeChanged(a => a.company);
                }
            }
        }

        private int _countryCode;                // organizationalPerson
        /// <summary>
        /// Country-Code (e.g. 826).  Set when 'Country/region' is set in ADU&C.
        /// </summary>
        public Int32 countryCode
        {
            get { return this._countryCode; }
            set
            {
                if (value != this._countryCode)
                {
                    this._countryCode = value;
                    AttributeChanged(a => a.countryCode);
                }
            }
        }

        private string _department;                // organizationalPerson
        /// <summary>
        /// Department.
        /// </summary>
        public String department
        {
            get { return this._department; }
            set
            {
                if (value != this._department)
                {
                    this._department = value;
                    AttributeChanged(a => a.department);
                }
            }
        }

        private string _division;                // organizationalPerson
        /// <summary>
        /// Division.
        /// </summary>
        public String division
        {
            get { return this._division; }
            set
            {
                if (value != this._division)
                {
                    this._division = value;
                    AttributeChanged(a => a.division);
                }
            }
        }

        private string _employeeID;              // organizationalPerson
        /// <summary>
        /// Employee-ID.
        /// </summary>
        public String employeeID
        {
            get { return this._employeeID; }
            set
            {
                //TODO: Trap length > 16
                if (value != this._employeeID)
                {
                    this._employeeID = value;
                    AttributeChanged(a => a.employeeID);
                }
            }
        }

        private string _employeeNumber;                // user
        /// <summary>
        /// Employee-Number.
        /// </summary>
        public String employeeNumber
        {
            get { return this._employeeNumber; }
            set
            {
                if (value != this._employeeNumber)
                {
                    this._employeeNumber = value;
                    AttributeChanged(a => a.employeeNumber);
                }
            }
        }

        private string _employeeType;                // user
        /// <summary>
        /// Employee-Type.
        /// </summary>
        public String employeeType
        {
            get { return this._employeeType; }
            set
            {
                if (value != this._employeeType)
                {
                    this._employeeType = value;
                    AttributeChanged(a => a.employeeType);
                }
            }
        }

        private string _givenName;                // organizationalPerson & user
        /// <summary>
        /// Given-Name.
        /// </summary>
        public String givenName
        {
            get { return this._givenName; }
            set
            {
                if (value != this._givenName)
                {
                    this._givenName = value;
                    AttributeChanged(a => a.givenName);
                }
            }
        }

        private string _homeDirectory;          // posixAccount & user
        /// <summary>
        /// Home-Directory.
        /// </summary>
        public String homeDirectory
        {
            get { return this._homeDirectory; }
            set
            {
                if (value != this._homeDirectory)
                {
                    this._homeDirectory = value;
                    AttributeChanged(a => a.homeDirectory);
                }
            }
        }

        private string _homeDrive;                // user
        /// <summary>
        /// Home-Drive.
        /// </summary>
        public String homeDrive
        {
            get { return this._homeDrive; }
            set
            {
                if (value != this._homeDrive)
                {
                    this._homeDrive = value;
                    AttributeChanged(a => a.homeDrive);
                }
            }
        }

        private string _initials;                // organizationalPerson & user
        /// <summary>
        /// Initials.
        /// </summary>
        public String initials
        {
            get { return this._initials; }
            set
            {
                if (value != this._initials)
                {
                    this._initials = value;
                    AttributeChanged(a => a.initials);
                }
            }
        }

        private byte[] _jpegPhoto;                // user
        /// <summary>
        /// jpegPhoto. Used to store one or more images of a person using
        /// the JPEG File Interchange Format [JFIF].
        /// </summary>
        public Byte[] jpegPhoto
        {
            get { return this._jpegPhoto; }
            set
            {
                if (value != this._jpegPhoto)
                {
                    this._jpegPhoto = value;
                    AttributeChanged(a => a.jpegPhoto);
                }
            }
        }

        private string _l;                // organizationalPerson
        /// <summary>
        /// Locality-Name.
        /// </summary>
        public String l
        {
            get { return this._l; }
            set
            {
                if (value != this._l)
                {
                    this._l = value;
                    AttributeChanged(a => a.l);
                }
            }
        }

        /// <summary>
        /// Last-Logon-Timestamp. This is the time that the user last logged into
        /// the domain. Whenever a user logs on, the value of this attribute is
        /// read from the DC. If the value is older [ current_time - msDS-LogonTimeSyncInterval ],
        /// the value is updated. The initial update after the raise of the domain
        /// functional level is calculated as 14 days minus random percentage of 5 days.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms676824.aspx]
        /// </summary>
        /// <seealso cref="http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx"/>
        public Nullable lastLogonTimestamp { get; set; }   // user

        // lockoutTime

        /// <summary>
        /// Logon-Count. The number of times the account has successfully logged
        /// on. A value of 0 indicates that the value is unknown. This attribute
        /// is not replicated and is maintained on each domain controller in the
        /// domain. Due to compatibility with 16-bit versions of LAN Manager,
        /// the attribute has an upper limit of 65535. After this limit has been
        /// reached, you cannot use it as an indicator of user activity on this
        /// domain controller.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms676845.aspx]
        /// </summary>
        public Nullable logonCount { get; set; }           // user

        private string _manager;        // organizationalPerson & user
        /// <summary>
        /// Manager. The distinguishedName of the manager object.
        /// </summary>
        public String manager
        {
            get { return this._manager; }
            set
            {
                if (value != this._manager)
                {
                    this._manager = value;
                    AttributeChanged(a => a.manager);
                }
            }
        }

        private string _mobile;        // organizationalPerson & user
        /// <summary>
        /// Phome-Mobile-Primary.
        /// </summary>
        public String mobile
        {
            get { return this._mobile; }
            set
            {
                if (value != this._mobile)
                {
                    this._mobile = value;
                    AttributeChanged(a => a.mobile);
                }
            }
        }

        private Collection _otherTelephone;
        /// <summary>
        /// Phone-Office-Other.
        /// </summary>
        public Collection otherTelephone
        {
            get { return this._otherTelephone; }
            set
            {
                if (value != this._otherTelephone)
                {
                    this._otherTelephone = value;
                    AttributeChanged>(a => a.otherTelephone);
                }
            }
        }

        /// <summary>
        /// Pwd-Last-Set. The date and time that the password for this account
        /// was last changed. This value is stored as a large integer that
        /// represents the number of 100 nanosecond intervals since
        /// January 1, 1601 (UTC). If this value is set to 0 and the
        /// <see cref="userAccountControl"/> attribute does not contain the 
        /// <see cref="UF_DONT_EXPIRE_PASSWD"/> flag, then the user must set the password at
        /// the next logon.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms679430.aspx]
        /// </summary>
        public Int64 pwdLastSet { get; set; }

        private string _personalTitle;        // organizationalPerson
        /// <summary>
        /// Personal-Title. The title independent of job function, e.g. Mr or Ms.
        /// </summary>
        public String personalTitle
        {
            get { return this._personalTitle; }
            set
            {
                if (value != this._personalTitle)
                {
                    this._personalTitle = value;
                    AttributeChanged(a => a.personalTitle);
                }
            }
        }

        private string _physicalDeliveryOfficeName;        // organizationalPerson
        /// <summary>
        /// Physical-Delivery-Office-Name. Shown as 'Office' in ADU&C.
        /// </summary>
        public String physicalDeliveryOfficeName
        {
            get { return this._physicalDeliveryOfficeName; }
            set
            {
                if (value != this._physicalDeliveryOfficeName)
                {
                    this._physicalDeliveryOfficeName = value;
                    AttributeChanged(a => a.physicalDeliveryOfficeName);
                }
            }
        }

        private string _postalCode;        // organizationalPerson
        /// <summary>
        /// Postal-Code.
        /// </summary>
        public String postalCode
        {
            get { return this._postalCode; }
            set
            {
                if (value != this._postalCode)
                {
                    this._postalCode = value;
                    AttributeChanged(a => a.postalCode);
                }
            }
        }

        private string _postOfficeBox;        // organizationalPerson
        /// <summary>
        /// Post-Office-Box.
        /// </summary>
        public String postOfficeBox
        {
            get { return this._postOfficeBox; }
            set
            {
                if (value != this._postOfficeBox)
                {
                    this._postOfficeBox = value;
                    AttributeChanged(a => a.postOfficeBox);
                }
            }
        }

        private string _profilePath;        // user
        /// <summary>
        /// Profile-Path.
        /// </summary>
        public String profilePath
        {
            get { return this._profilePath; }
            set
            {
                if (value != this._profilePath)
                {
                    this._profilePath = value;
                    AttributeChanged(a => a.profilePath);
                }
            }
        }

        //pwdLastSet

        private string _scriptPath;        // user
        /// <summary>
        /// Script-Path.
        /// </summary>
        public String scriptPath
        {
            get { return this._scriptPath; }
            set
            {
                if (value != this._scriptPath)
                {
                    this._scriptPath = value;
                    AttributeChanged(a => a.scriptPath);
                }
            }
        }

        private Collection _seeAlso;            // person
        /// <summary>
        /// See-Also. List of distinguished names that are related to an object.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms679769.aspx]
        /// </summary>
        public Collection seeAlso
        {
            get { return this._seeAlso; }
            set
            {
                if (value != this._seeAlso)
                {
                    this._seeAlso = value;
                    AttributeChanged>(a => a.seeAlso);
                }
            }
        }

        private string _sn;                 // person
        /// <summary>
        /// Surname.
        /// </summary>
        public String sn
        {
            get { return this._sn; }
            set
            {
                if (value != this._sn)
                {
                    this._sn = value;
                    AttributeChanged(a => a.sn);
                }
            }
        }

        private string _st;        // organizationalPerson
        /// <summary>
        /// State-Or-Province-Name
        /// </summary>
        public String st
        {
            get { return this._st; }
            set
            {
                if (value != this._st)
                {
                    this._st = value;
                    AttributeChanged(a => a.st);
                }
            }
        }

        private string _street;        // organizationalPerson
        /// <summary>
        /// Street-Address. [c.f. <see cref="streetAddress"/>, which is named Street.]
        /// </summary>
        public String street
        {
            get { return this._street; }
            set
            {
                if (value != this._street)
                {
                    this._street = value;
                    AttributeChanged(a => a.street);
                }
            }
        }

        private string _streetAddress;        // organizationalPerson
        /// <summary>
        /// Address. This is property displayed in ADU&C as 'Street'. 
        /// [c.f. <see cref="street"/>, which is named Street-Address.]
        /// </summary>
        public String streetAddress
        {
            get { return this._streetAddress; }
            set
            {
                if (value != this._streetAddress)
                {
                    this._streetAddress = value;
                    AttributeChanged(a => a.streetAddress);
                }
            }
        }

        private byte[] _thumbnailPhoto;         // organizationalPerson
        /// <summary>
        /// Picture.
        /// </summary>
        public Byte[] thumbnailPhoto
        {
            get { return this._thumbnailPhoto; }
            set
            {
                if (value != this._thumbnailPhoto)
                {
                    this._thumbnailPhoto = value;
                    AttributeChanged(a => a.thumbnailPhoto);
                }
            }
        }

        private string _title;                  // organizationalPerson
        /// <summary>
        /// Title.
        /// </summary>
        public String title
        {
            get { return this._title; }
            set
            {
                if (value != this._title)
                {
                    this._title = value;
                    AttributeChanged(a => a.title);
                }
            }
        }

        private string _uid;                    // user, shadowAccount and posixAccount
        /// <summary>
        /// A user ID. Usually used by UNIX for the login.
        /// </summary>
        public String uid
        {
            get { return this._uid; }
            set
            {
                if (value != this._uid)
                {
                    this._uid = value;
                    AttributeChanged(a => a.uid);
                }
            }
        }

        private byte[] _unicodePwd;             // user
        /// <summary>
        /// Unicode-Pwd. The ActiveDirectory password. It is write-only
        /// and can only be written over an SSL connection.
        /// </summary>
        public Byte[] unicodePwd
        {
            get { return this._unicodePwd; }
            set
            {
                if (value != this._unicodePwd)
                {
                    this._unicodePwd = value;
                    AttributeChanged(a => a.unicodePwd);
                }
            }
        }

        private int _userAccountControl;        // user
        /// <summary>
        /// User-Acccount-Control. Flags that control the behavior of the user account.
        /// See <see cref="UserAccountControlFlags"/>.
        /// [From: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832.aspx]
        /// </summary>
        public Int32 userAccountControl
        {
            get { return this._userAccountControl; }
            set
            {
                if (value != this._userAccountControl)
                {
                    this._userAccountControl = value;
                    AttributeChanged(a => a.userAccountControl);
                }
            }
        }

        private string _userPrincipalName;      // user
        /// <summary>
        /// User-Principal-Name.
        /// </summary>
        public String userPrincipalName
        {
            get { return this._userPrincipalName; }
            set
            {
                if (value != this._userPrincipalName)
                {
                    this._userPrincipalName = value;
                    AttributeChanged(a => a.userPrincipalName);
                }
            }
        }

        #endregion ----- directory object properties and fields -----
    }
}

GroupObjectMap.cs

using System;
using System.Linq;
using LinqToLdap.Mapping;

namespace ilminator.LinqToLdap.DirectoryObjects.ClassMaps
{
    public class GroupObjectMap : ClassMap
    {
        public GroupObjectMap()
        {
            NamingContext("DC=big,DC=wooden,DC=badger");   // Replace with your defaultNamingContext
            ObjectClass("group");
            ObjectCategory("group");

            Map(x => x.groupType).EnumStoredAsInt();
            Map(x => x.managedBy);
            Map(x => x.member);

            //From SecPrinMailRecipEtc
            Map(x => x.commonName).Named("cn").StoreGenerated();
            Map(x => x.description);
            Map(x => x.info);
            Map(x => x.mail);
            Map(x => x.objectSid).StoreGenerated();
            Map(x => x.sAMAccountName);
            Map(x => x.sAMAccountType).StoreGenerated();
            Map(x => x.telephoneNumber);

            // From Top
            DistinguishedName(x => x.distinguishedName);

            Map(x => x.displayName);
            Map(x => x.name).StoreGenerated();
            Map(x => x.objectGuid).StoreGenerated();
            Map(x => x.uSNChanged).StoreGenerated();
            Map(x => x.uSNCreated).StoreGenerated();
            Map(x => x.whenChanged).StoreGenerated();
            Map(x => x.whenCreated).StoreGenerated();
            Map(x => x.wWWHomePage);
        }
    }
}

OrganizationalUnitObjectMap.cs

using System;
using LinqToLdap.Mapping;

namespace ilminator.LinqToLdap.DirectoryObjects.ClassMaps
{
    public class OrganizationalUnitObjectMap : ClassMap
    {
        public OrganizationalUnitObjectMap()
        {
            NamingContext("DC=big,DC=wooden,DC=badger");   //   Replace with your defaultNamingContext
            ObjectClass("organizationalUnit");
            ObjectCategory("organizationalUnit");

            Map(x => x.organizationalUnitName).Named("ou").StoreGenerated();
            Map(x => x.description);
            Map(x => x.managedBy);

            // From Top
            DistinguishedName(x => x.distinguishedName);

            Map(x => x.displayName);
            Map(x => x.name).StoreGenerated();
            Map(x => x.objectGuid).StoreGenerated();
            Map(x => x.uSNChanged).StoreGenerated();
            Map(x => x.uSNCreated).StoreGenerated();
            Map(x => x.whenChanged).StoreGenerated();
            Map(x => x.whenCreated).StoreGenerated();
            Map(x => x.wWWHomePage);
        }
    }
}

UserObjectMap.cs

using System;
using System.Linq;
using LinqToLdap.Mapping;

namespace ilminator.LinqToLdap.DirectoryObjects.ClassMaps
{
    public class UserObjectMap : ClassMap
    {
        public UserObjectMap()
        {
            NamingContext("DC=big,DC=wooden,DC=badger");   // Replace with your defaultNamingContext
            ObjectClass("user");
            ObjectCategory("person");

            Map(x => x.accountExpires);
            Map(x => x.badPasswordTime).StoreGenerated().DateTimeFormat(null);
            Map(x => x.badPwdCount).StoreGenerated();
            Map(x => x.c);
            Map(x => x.co);
            Map(x => x.comment);
            Map(x => x.company);
            Map(x => x.countryCode);
            Map(x => x.department);
            Map(x => x.division);
            Map(x => x.employeeID);
            Map(x => x.employeeNumber);
            Map(x => x.employeeType);
            Map(x => x.givenName);
            Map(x => x.homeDirectory);
            Map(x => x.homeDrive);
            Map(x => x.initials);
            Map(x => x.jpegPhoto);
            Map(x => x.l);
            Map(x => x.lastLogonTimestamp).StoreGenerated().DateTimeFormat(null);
            Map(x => x.logonCount).StoreGenerated();
            Map(x => x.manager);
            Map(x => x.mobile);
            Map(x => x.otherTelephone);
            Map(x => x.personalTitle);
            Map(x => x.physicalDeliveryOfficeName);
            Map(x => x.postalCode);
            Map(x => x.postOfficeBox);
            Map(x => x.profilePath);
            Map(x => x.pwdLastSet).StoreGenerated().DateTimeFormat(null);
            Map(x => x.scriptPath);
            Map(x => x.seeAlso);
            Map(x => x.sn);
            Map(x => x.st);
            Map(x => x.street);
            Map(x => x.streetAddress);
            Map(x => x.thumbnailPhoto);
            Map(x => x.title);
            Map(x => x.uid);
            Map(x => x.unicodePwd);
            Map(x => x.userAccountControl);
            Map(x => x.userPrincipalName);

            //From SecPrinMailRecipEtc
            Map(x => x.commonName).Named("cn").StoreGenerated();
            Map(x => x.description);
            Map(x => x.info);
            Map(x => x.mail);
            Map(x => x.objectSid).StoreGenerated();
            Map(x => x.sAMAccountName);
            Map(x => x.sAMAccountType).StoreGenerated();
            Map(x => x.telephoneNumber);

            // From Top
            DistinguishedName(x => x.distinguishedName);

            Map(x => x.displayName);
            Map(x => x.name).StoreGenerated();
            Map(x => x.objectGuid).StoreGenerated();
            Map(x => x.uSNChanged).StoreGenerated();
            Map(x => x.uSNCreated).StoreGenerated();
            Map(x => x.whenChanged).StoreGenerated();
            Map(x => x.whenCreated).StoreGenerated();
            Map(x => x.wWWHomePage);
        }
    }
}

GroupTypes.cs

using System;

namespace ilminator.LinqToLdap.DirectoryObjects
{
    public enum GroupTypes
    {
        GlobalDistribution = 2,                     // 0x00000002
        DomainLocalDistribution = 4,                // 0x00000004
        UniversalDistribution = 8,                  // 0x00000008
        AzManBasic = 16,                            // 0x00000010
        AzManLdapQuery = 32,                        // 0x00000020
        GlobalSecurity = -2147483646,               // 0x80000002
        DomainLocalSecurity = -2147483644,          // 0x80000004
        BuiltinDomainLocalSecurity = -2147483643,   // 0x80000005
        UniversalSecurity = -2147483640             // 0x80000008
    }
}

UserAccountControlFlags.cs

using System;

namespace ilminator.LinqToLdap.DirectoryObjects
{
    [Flags]
    public enum UserAccountControlFlags
    {
        SCRIPT = 0x0001,                                // 1
        ACCOUNTDISABLE = 0x0002,                        // 2
        HOMEDIR_REQUIRED = 0x0008,                      // 8
        LOCKOUT = 0x0010,                               // 16
        PASSWD_NOTREQD = 0x0020,                        // 32
        PASSWD_CANT_CHANGE = 0x0040,                    // 64
        ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080,            // 128
        TEMP_DUPLICATE_ACCOUNT = 0x0100,                // 256
        NORMAL_ACCOUNT = 0x0200,                        // 512
        INTERDOMAIN_TRUST_ACCOUNT = 0x0800,             // 2048
        WORKSTATION_TRUST_ACCOUNT = 0x1000,             // 4096
        SERVER_TRUST_ACCOUNT = 0x2000,                  // 8192
        DONT_EXPIRE_PASSWORD = 0x10000,                 // 65536
        MNS_LOGON_ACCOUNT = 0x20000,                    // 131072
        SMARTCARD_REQUIRED = 0x40000,                   // 262144
        TRUSTED_FOR_DELEGATION = 0x80000,               // 524288
        NOT_DELEGATED = 0x100000,                       // 1048576
        USE_DES_KEY_ONLY = 0x200000,                    // 2097152
        DONT_REQ_PREAUTH = 0x400000,                    // 4194304
        PASSWORD_EXPIRED = 0x800000,                    // 8388608
        TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000      // 16777216
    }
}

Finally, build the solution, and you’re ready to go.

I’ve uploaded two versions of this, one with the LinqToLdap assembly files included and one without. Links are on the Downloads page.

Renaming and moving objects using LinqToLdap

This article follows on from the one on OrganizationalUnit CRUD and deals with the two operations not covered: renaming and moving objects.  As discussed in that article, these operations are universal in that they are carried out on distinguishedNames rather than instances of some class representing a directory object.  In this sense, Delete is also universal but I left it in the CRUD article because otherwise it would’ve been CRU which wouldn’t have made sense to many people.  🙂

Renaming objects

This example builds on the code from the OrganizationalUnit CRUD article referred to earlier.  It requires an OU you can rename – I’ve called mine TestOu1 and I’m going to rename it to TestOu2.  Replace the contents of Program.cs with the following and enter the distinguishedName of your OU as the value of the originalDn variable.  Again, I’ve highlighted the lines that have changed from the earlier examples.

using System;
using System.Linq;
using LinqToLdap;

namespace BlogOuTest1
{
    class Program
    {
        static void Main(string[] args)
        {
            var config = new LdapConfiguration()
                .AddMapping(new OrganizationalUnitObjectMap());
            config.ConfigureFactory("dc1");

            var context = new DirectoryContext();

            var originalDn = "OU=TestOu1,OU=Tests,OU=Camelot,OU=Castles,DC=big,DC=wooden,DC=badger";
            var newDn = context.RenameEntry(originalDn, "TestOu2");

            var renamedOu = context.GetByDN(newDn);
            Console.WriteLine("objectGuid = {0}",
                renamedOu.objectGuid);

            Console.WriteLine("\r\nPress a key to continue...");
            Console.ReadKey(true);
        }
    }
}

As with Delete, RenameEntry takes the distinguishedName of the target object, rather than the object itself.  The second pararmeter is the new name.  This can be just the name, as shown, or with the  RDN prefix.  In this case, that would be

OU=TestOu2

.  In this case, I’ve used a different method to retrieve the object:

GetByDN<T>(distinguishedName)

which is more direct when you already have the distinguishedName.

Moving objects

Again, this example builds on the code from the OrganizationalUnit CRUD article referred to earlier.  It requires an OU you can move – I’m using TestOu2 from the previous step.  It also requires a target OU: I’ve created one called SubTest in the same OU as TestOu2:

Replace the contents of Program.cs with the following and enter the distinguishedName of your OU as the value of the originalDn variable and the dn of your parent OU as the value of the newParentDn variable.  Again, I’ve highlighted the lines that have changed from the earlier examples.

using System;
using System.Linq;
using LinqToLdap;

namespace BlogOuTest1
{
    class Program
    {
        static void Main(string[] args)
        {
            var config = new LdapConfiguration()
                .AddMapping(new OrganizationalUnitObjectMap());
            config.ConfigureFactory("dc1");

            var context = new DirectoryContext();

            var originalDn = "OU=TestOu2,OU=Tests,OU=Camelot,OU=Castles,DC=big,DC=wooden,DC=badger";
            var newParentDn = "OU=SubTest,OU=Tests,OU=Camelot,OU=Castles,DC=big,DC=wooden,DC=badger";
            var newDn = context.MoveEntry(originalDn, newParentDn);

            var movedOu = context.GetByDN(newDn);
            Console.WriteLine("objectGuid = {0}",
                movedOu.objectGuid);

            Console.WriteLine("\r\nPress a key to continue...");
            Console.ReadKey(true);
        }
    }
}

As with RenameEntry, MoveEntry takes the distinguishedName of the target object, rather than the object itself.  The second pararmeter is the distinguishedName of the new parent OU.

Summary

These operations complete the set of operations that you can carry out on directory objects using LinqToLdap.  The same commands work with other objects such as users and groups.