Imports Microsoft.MetadirectoryServices Public Class MVExtensionObject Implements IMVSynchronization Public Sub Initialize() Implements IMvSynchronization.Initialize ' TODO: Add initialization code here End Sub Public Sub Terminate() Implements IMvSynchronization.Terminate ' TODO: Add termination code here End Sub Public Sub Provision(ByVal mventry As MVEntry) Implements IMVSynchronization.Provision ' Variables Dim ADMAName As String = "AD" ' Provision or deprovision in the target object Dim Action As Integer = 0 Dim employeeStartDate As Date Dim employeeEndDate As Date ' Perform action only for a Person object (Metaverse) If mventry.ObjectType.ToLower.Equals("person") Then ' Retrieve employeeStartDate (mandatory value) If mventry("employeeStartDate").IsPresent _ AndAlso Not String.IsNullOrEmpty(mventry("employeeStartDate").Value) Then employeeStartDate = DateTime.ParseExact(mventry("employeeStartDate").Value, "yyyyMMddHHmmss.0Z", System.Globalization.CultureInfo.InvariantCulture) End If ' Retrieve employeeEndDate (could be empty) If mventry("employeeEndDate").IsPresent _ AndAlso Not String.IsNullOrEmpty(mventry("employeeEndDate").Value) Then employeeEndDate = DateTime.ParseExact(mventry("employeeEndDate").Value, "yyyyMMddHHmmss.0Z", System.Globalization.CultureInfo.InvariantCulture) ' If empty end date, initialize at 2999/12/31 Else employeeEndDate = DateTime.ParseExact("29991231235959.0Z", "yyyyMMddHHmmss.0Z", System.Globalization.CultureInfo.InvariantCulture) End If If mventry.ConnectedMAs(ADMAName).Connectors.Count.Equals(0) _ AndAlso Date.Compare(employeeStartDate.AddDays(-11), Date.UtcNow) < 0 _ AndAlso Date.Compare(employeeEndDate, Date.UtcNow) > 0 Then ' Provision a new object in AD target system ' if an object exist in the metaverse but doesn't exist in the connector space ' employeeStartDate > Today - 10 days ' employeeEndDate > Today Action = 1 ElseIf mventry.ConnectedMAs(ADMAName).Connectors.Count.Equals(1) _ AndAlso Date.Compare(employeeEndDate, Date.UtcNow) > 0 Then ' Move the AD account in the enable container ' if an object exist in the metaverse and in the AD connector space ' employeeEndDate > Today Action = 2 ElseIf mventry.ConnectedMAs(ADMAName).Connectors.Count.Equals(1) _ AndAlso Date.Compare(employeeEndDate.AddDays(90), Date.UtcNow) < 0 Then ' Delete the AD account Action = 3 ElseIf mventry.ConnectedMAs(ADMAName).Connectors.Count.Equals(1) _ AndAlso Date.Compare(employeeEndDate, Date.UtcNow) < 0 Then ' Move AD account to disabled container Action = 4 End If End If Select Case Action ' Provision a new AD account Case 1 ' Variables and constants Const ADContainer As String = "OU=Users,OU=Msreport2018,DC=msreport2018,DC=intra" Const ADS_UF_NORMAL_ACCOUNT As Integer = &H200 'Normal AD account Const password As String = "P@ssword" ' Create a new object in the target system Dim csentry As CSEntry = mventry.ConnectedMAs(ADMAName).Connectors.StartNewConnector("User") ' Generate DN attribute If mventry("cn").IsPresent Then csentry.DN = mventry.ConnectedMAs(ADMAName).EscapeDNComponent("CN=" & mventry("Cn").Value).Concat(ADContainer) Else Throw New System.Exception("Missing Cn in Metaverse.") End If ' Generate GivenName, Sn, SamAccountName, UserPrincipalName If mventry("FirstName").IsPresent AndAlso mventry("LastName").IsPresent Then csentry("SamAccountName").Value = mventry("FirstName").Value & "." & mventry("LastName").Value csentry("UserPrincipalName").Value = mventry("FirstName").Value & "." & mventry("LastName").Value & "@msreport2018.intra" Else Throw New System.Exception("Missing FirstName or LastName in Metaverse") End If ' Copy unique identifier in extensionattribute1 If mventry("uuid").IsPresent Then csentry("ExtensionAttribute1").Value = mventry("uuid").Value Else Throw New System.Exception("Missing UUID in Metaverse") End If ' Define a initial password and password must change at next logon csentry("unicodePwd").Value = password csentry("pwdLastSet").Value = "0" ' Enable AD account csentry("UserAccountControl").IntegerValue = ADS_UF_NORMAL_ACCOUNT ' Sauvegarde du nouvel objet csentry.CommitNewConnector() ' Move the AD account to the enabled Users OU Case 2 Const ADEnabledContainer As String = "OU=Users,OU=Msreport2018,DC=msreport2018,DC=intra" Dim myconnector As CSEntry = mventry.ConnectedMAs(ADMAName).Connectors.ByIndex(0) ' Generate DN attribute If mventry("cn").IsPresent Then myconnector.DN = mventry.ConnectedMAs(ADMAName).EscapeDNComponent("CN=" & mventry("Cn").Value).Concat(ADEnabledContainer) Else Throw New System.Exception("Missing Cn in Metaverse.") End If ' Delete the AD account Case 3 Dim ADMA As ConnectedMA = mventry.ConnectedMAs(ADMAName) ADMA.Connectors.DeprovisionAll() ' Move the AD account to the disabled Users OU Case 4 Const ADDisabledContainer As String = "OU=DisabledUsers,OU=Msreport2018,DC=msreport2018,DC=intra" Dim myconnector As CSEntry = mventry.ConnectedMAs(ADMAName).Connectors.ByIndex(0) ' Generate DN attribute If mventry("cn").IsPresent Then myconnector.DN = mventry.ConnectedMAs(ADMAName).EscapeDNComponent("CN=" & mventry("Cn").Value).Concat(ADDisabledContainer) Else Throw New System.Exception("Missing Cn in Metaverse.") End If End Select End Sub Public Function ShouldDeleteFromMV(ByVal csentry As CSEntry, ByVal mventry As MVEntry) As Boolean Implements IMVSynchronization.ShouldDeleteFromMV ' TODO: Add MV deletion code here Throw New EntryPointNotImplementedException() End Function End Class