I have a bit of a problem with “cross platform” development at the moment. I’m running Windows XP inside an ActiveDirectory forest using VMware Fusion from OSX. A nasty experience a while ago means writing code on a virtual machine’s hard disk is insanity itself. If something happens to the slice you lose everything. OK, you won’t if it’s in source control but using subversion or git from Windows is a pain. Also, why duplicate backup/vss options on a slice when I’m already using everything just fine from OSX? So instead, I develop via a shared folder. I write all the C# code via VisualStudio which points to the “network” share.

I’ve pretty much finalised the design of GADfly, with a Windows service using a durable consumer to pull messages from a dedicated topic provided by Apache ActiveMQ inside Apache Camel. Just needed to try it out for real, so I knocked up FlyTrap, a small Windows GUI app to send messages to a test topic and consume them, using the GADfly functionality to create and delete accounts and directories in ActiveDirectory.

It’s a very simple app that tells you how long it took to create and delete the accounts and directories, including the messaging time:

Here’s something interesting. Running this in the Active Directory forest resolves to a real user in the domain:

NTAccount adUser = new System.Security.Principal.NTAccount("domain\testuser");

If you pass this NTAccount to the remote filesystem to add as the owner of a directory, as long as the remote system can resolve that user, everything is fine. However, if the remote system cannot resolve the user, it uses the SID instead. Which isn’t good. However, after the next replication, the SID is replaced by the resolved user. That is good!

UPDATE – 7/11/09

Must have been due to replication leaving the test user hanging around. Starting with a completely new user, if the server where the directory is created can’t find the user, it raises a System.Security.Principal.IdentityNotMappedException

Initially I didn’t think I had time to delve into C# when writing the ActiveDirectory stuff to manage users programatically, so I stuck with C++/COM as I knew how to work that way, at least once I’d scraped the rust off those parts of my COM brain. Anyway, after the hassle of dealing with XML and JMS topics from C++ I decided to look into it a bit more and after literally half a day of research/coding and while dealing with other major issues at the same time (who says we don’t multitask?!), I ported GADfly to C#. I must say, I am astounded, completely and utterly. Basically, C++/COM has more or less been “updated” with C#/.NET but you can still get to the underlying COM functionality but not in the messy way VB used to let you. C# has native support for ADSI as well as incredibly simple remote IO support. So how do you create a user, their home directory and give them ownership/full rights in ActiveDirectory using C#? Have a gander at this. No VARIANT, allocing, releasing or anything grubby like that. Behold! But remember to run it inside the domain to allow the admin user access to the remote filesystem. (more…)

Creating users in ActiveDirectory is pretty straightforward. You connect to the domain controller:

ADsOpenObject(m_connectionString,
             (LPCWSTR)m_username, (LPCWSTR)m_password,
             ADS_SECURE_AUTHENTICATION,
             IID_IADsContainer,
             (void**)&m_pContainer);

create the user, getting an IDispatch interface back:

m_pContainer->Create(CComBSTR("user"), CComBSTR(wcCN), &pDispatch);

query the IDispatch interface to get the IADsUser interface:

pDispatch->QueryInterface(IID_IADsUser, (void**)&pUser);

and use it to set the various properties of the new user object:

BSTR prop = SysAllocString(L"samAccountName");
var.vt = VT_BSTR;
var.bstrVal = SysAllocString(pUserDetails->GetUsername());
m_hr = pUser->Put(prop, var);
SysFreeString(prop);
VariantClear(&var);
if (!SUCCEEDED(m_hr)) {
  pUser->Release();
  return false;
} (more...)

I’ve been looking into unit testing for C++ and tried out cppunit, which blows up spectaculary when it runs and the errors are so bad I just can’t be bothered with it. It took and age to figure out how to build it with VisualStudio 9 and it still doesn’t run properly. So I had a look at Boost.Test. The blurb on the site proclaims “one of the most highly regarded and expertly designed C++ library projects in the world” and it is easier to use than cppunit. So how to get started with a simple test? (more…)

Well here I am, back in my Alma Mater, Windows, working on user account creation for Active Directory. The project I’ve called GADfly (Groupwise Active Directory on the fly). GADfly requires developing on Windows. Well it does and it doesn’t. I’ve already written a couple of Java creators to compare direct LDAPS and TLS which can run from any OS but I’ll need to create home directories and assign correct permissions, which requires ADSI, which is C++ and COM, which is Windows only. (more…)