You are viewing limited content. For full access, please sign in.

Question

Question

Check if Groups and Windows Account already Exist through Workflow SDK Script

Workflow SDK
Updated July 23, 2021
asked on July 5, 2016

Hi, I have written a SDK script in workflow which will automatically grab all the users in the AD and create a Windows account for them in Laserfiche, the script will also create the groups and add the Windows Account to the groups. But I cannot workout how to go about checking if a Windows Account or a group already exist inside Laserfiche, if it exist, skip the creation process. If not, create the account or the group. Does anyone have any idea? Thanks.

0 0

Answer

SELECTED ANSWER
replied on July 6, 2016

One way is to retrieve all windows accounts and check whether the account is in the list:

using (WindowsAccountReader accountReader = Trustee.EnumAllWindowsAccounts(session))
{
    foreach (TrusteeInfo trInfo in accountReader)
    {
        if (trInfo.Sid == userSid)
        {
            //...
        }
    }
}

 

0 0
replied on July 7, 2016 Show version history

That works! Thanks for the advise!

 

But I do have another question, creating new Windows Account works for, but removing them doesn't seem to work. The idea is if the AD account has been deleted or disabled then the workflow will remove the Windows account in LF also. Not sure if this is possible, any ideas? My codes are below.

 

using (WindowsAccountReader winAcc = Trustee.EnumAllWindowsAccounts(RASession))
            {
                foreach (TrusteeInfo ti in winAcc)
                {
                    try
                    {
                        using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "domain.com"))
                        {
                            UserPrincipal userIdentity = UserPrincipal.FindByIdentity(ctx, IdentityType.Sid, ti.Sid.Value);
                            if (userIdentity == null || userIdentity.Enabled == false)
                            {
                                ti.Delete();
                            }
                        }
                    }
                    catch (Exception ex)
                    {
                        this.WorkflowApi.TrackError(ex.Message);
                    }
                }
            }
        }

 

0 0
replied on July 7, 2016

You need to call Save() to commit the deletion.

0 0
replied on July 11, 2016

I have tried the Save() function afterwards but that didn't remove the account either. I have decided to just set deny access to the repository for the accounts instead if they have been removed or disabled in AD. Thanks for your help!

0 0

Replies

replied on July 6, 2016

Side question: why duplicate them in Laserfiche and not just trust the Windows accounts for login?

0 0
replied on July 6, 2016

Hi Miruna,

 

Not sure what you mean, the system in question is LF Avante with unlimited WebLink, there are hundreds of users in the AD which needs read-only access to WebLink, hence the SDK script. The idea is to schedule the workflow which will add/remove users in LF according to the AD. This is the only method I am aware of that will save the administrator from having to create hundreds of accounts manually. If there is a better alternative please feel free to suggest! Thanks.

0 0
replied on July 12, 2016

I believe Miruna is suggesting that you use the Admin console to add the Windows AD group the users are in, and select the option to Trust all users in the group (allow them to log in to the repository. You can also apply the read-only setting to all these users when you add the group.

This method doesn't immediately show all the users in the list in the admin console, but they will be able to log in, and after each user logs in, they will be automatically added to the list.

 

0 0
replied on July 23, 2021 Show version history

Dear Wai, this may be helpful to you

 

*------*

Imports System
Imports System.Collections.Generic
Imports System.ComponentModel
Imports System.Data
Imports System.Data.SqlClient
Imports System.Text
Imports LFSO80Lib
Imports Laserfiche
Imports Microsoft.VisualBasic


Namespace WorkflowActivity.Scripting.CuentasDominioLF
    '''<summary>
    '''Provides one or more methods that can be run when the workflow scripting activity is performed.
    '''</summary>
    Public Class P1
        Inherits ToolkitScriptClass
        'Execute the script below when this activity is executed.
        'The 'MsgBox' function is available for design-time testing.
        Protected Overrides Sub Execute()
         ' Gets a repository’s list of trusted Windows accounts.
         Dim TrustedList As LFGrantedDomainAccountCollection = Database.TrustedDomainAccounts
         ' Retrieves the number of objects stored in the
         ' LFGrantedDomainAccountCollection.
         Dim NumAccounts     As Integer = TrustedList.Count
         Dim StrAccounts     As String  = ""
         Dim IntAccounts     As Integer = -1
         Dim UsrAccounts()   As String
         Dim ArrAccounts(4)
         Dim I1              As Integer
         For I1 = 0 To 4
          ArrAccounts(I1) = ""
         Next
         For I1 = 1 To NumAccounts
          If InStr(1,TrustedList.Item(I1),"\",CompareMethod.Text) < 1 Then Continue For
          UsrAccounts = TrustedList.Item(I1).split("\")
          StrAccounts = StrAccounts & UsrAccounts(1) & "_"
          If I1 mod 250 = 0 Then
           IntAccounts = IntAccounts + 1
           ArrAccounts(IntAccounts) = StrAccounts
           StrAccounts = ""
          End If
         Next
         If IntAccounts <= 4 Then
          IntAccounts = IntAccounts + 1
          ArrAccounts(IntAccounts) = StrAccounts
         End If
         SetToken("%ListaDominio1",ArrAccounts(0))
         SetToken("%ListaDominio2",ArrAccounts(1))
         SetToken("%ListaDominio3",ArrAccounts(2))
         SetToken("%ListaDominio4",ArrAccounts(3))
         SetToken("%ListaDominio5",ArrAccounts(4))
        End Sub
    End Class
End Namespace
 

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...