Feature (RDP): Active Directory computer import (OU subtree, flat hierarchy)

Author: Tyrix

Source/NETworkManager.Localization/Resources/Strings.Designer.cs

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
   <!-- 
     Microsoft ResX Schema 
@@ -4010,4 +4010,40 @@ You can copy your profile files from “{0}” to “{1}” to migrate your exis
   <data name="ToolTip_Reload" xml:space="preserve">
     <value>Reload</value>
   </data>
+  <data name="ActiveDirectoryImportFailed" xml:space="preserve">
+    <value>Active Directory import failed.</value>
+  </data>
+  <data name="ActiveDirectoryImportOptions" xml:space="preserve">
+    <value>Options</value>
+  </data>
+  <data name="ActiveDirectoryImportRequiresProfileFile" xml:space="preserve">
+    <value>Load or unlock a profile file before importing computers.</value>
+  </data>
+  <data name="ActiveDirectoryImportSummary" xml:space="preserve">
+    <value>Imported {0} computer profile(s). Skipped {1} duplicate name(s) in the target group. Skipped {2} without a DNS host name.</value>
+  </data>
+  <data name="ActiveDirectoryImportUsesCurrentCredentials" xml:space="preserve">
+    <value>Uses your current Windows credentials to read from Active Directory. The account must be allowed to enumerate computer objects under the search base (subtree).</value>
+  </data>
+  <data name="ActiveDirectorySearchBase" xml:space="preserve">
+    <value>Search base (OU DN)</value>
+  </data>
+  <data name="ActiveDirectorySearchBaseWatermark" xml:space="preserve">
+    <value>OU=Computers,DC=example,DC=com</value>
+  </data>
+  <data name="ExcludeDisabledComputerAccounts" xml:space="preserve">
+    <value>Exclude disabled computer accounts</value>
+  </data>
+  <data name="ImportComputersFromActiveDirectory" xml:space="preserve">
+    <value>Import computers from Active Directory</value>
+  </data>
+  <data name="ImportComputersFromActiveDirectoryDots" xml:space="preserve">
+    <value>Import computers from Active Directory...</value>
+  </data>
+  <data name="TargetProfileGroup" xml:space="preserve">
+    <value>Target profile group</value>
+  </data>
+  <data name="TargetProfileGroupWatermark" xml:space="preserve">
+    <value>Existing or new group name</value>
+  </data>
 </root>

Source/NETworkManager.Localization/Resources/Strings.resx

@@ -0,0 +1,8 @@
+namespace NETworkManager.Utilities.ActiveDirectory;
+
+/// <summary>
+/// Represents a computer account returned from Active Directory LDAP search.
+/// </summary>
+/// <param name="ProfileName">Display name for the profile (typically sAMAccountName without trailing '$').</param>
+/// <param name="DnsHostName">DNS host name used for RDP when present.</param>
+public readonly record struct ActiveDirectoryComputerRecord(string ProfileName, string DnsHostName);

Source/NETworkManager.Utilities/ActiveDirectory/ActiveDirectoryComputerRecord.cs

@@ -0,0 +1,103 @@
+using System;
+using System.Collections.Generic;
+using System.DirectoryServices;
+using System.Runtime.InteropServices;
+
+namespace NETworkManager.Utilities.ActiveDirectory;
+
+/// <summary>
+/// Queries Active Directory for computer accounts under a search base, including subtrees.
+/// Uses the current Windows identity to bind to the directory.
+/// </summary>
+public static class ActiveDirectoryComputerSearcher
+{
+    private const int LdapPageSize = 500;
+
+    /// <summary>
+    /// Returns computer accounts under <paramref name="ldapSearchRoot"/> with subtree scope.
+    /// </summary>
+    /// <param name="ldapSearchRoot">Distinguished name or LDAP path (with or without LDAP:// prefix).</param>
+    /// <param name="excludeDisabledComputerAccounts">When true, computer accounts with ACCOUNTDISABLE are omitted.</param>
+    /// <returns>Sorted list by profile name.</returns>
+    /// <exception cref="ArgumentException">When <paramref name="ldapSearchRoot"/> is null or whitespace.</exception>
+    /// <exception cref="InvalidOperationException">When the directory search fails.</exception>
+    public static IReadOnlyList<ActiveDirectoryComputerRecord> GetComputersInSubtree(
+        string ldapSearchRoot,
+        bool excludeDisabledComputerAccounts)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(ldapSearchRoot);
+
+        var ldapPath = NormalizeLdapPath(ldapSearchRoot.Trim());
+
+        var ldapFilter = excludeDisabledComputerAccounts
+            ? "(&(&(objectCategory=computer)(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
+            : "(&(objectCategory=computer)(objectClass=computer))";
+
+        try
+        {
+            using var directoryEntry = new DirectoryEntry(ldapPath);
+            using var directorySearcher = new DirectorySearcher(directoryEntry)
+            {
+                SearchScope = SearchScope.Subtree,
+                Filter = ldapFilter,
+                PageSize = LdapPageSize,
+                Tombstone = false
+            };
+
+            directorySearcher.PropertiesToLoad.Add("dnsHostName");
+            directorySearcher.PropertiesToLoad.Add("name");
+            directorySearcher.PropertiesToLoad.Add("sAMAccountName");
+
+            var computers = new List<ActiveDirectoryComputerRecord>();
+
+            using var searchResults = directorySearcher.FindAll();
+            foreach (SearchResult searchResult in searchResults)
+            {
+                var dnsHostName = GetFirstPropertyString(searchResult, "dnsHostName");
+                var nameAttribute = GetFirstPropertyString(searchResult, "name");
+                var samAccountName = GetFirstPropertyString(searchResult, "sAMAccountName");
+
+                var profileName = !string.IsNullOrEmpty(samAccountName)
+                    ? samAccountName.TrimEnd('$')
+                    : nameAttribute;
+
+                if (string.IsNullOrWhiteSpace(profileName))
+                    profileName = nameAttribute;
+
+                if (string.IsNullOrWhiteSpace(profileName))
+                    continue;
+
+                computers.Add(new ActiveDirectoryComputerRecord(profileName.Trim(), dnsHostName ?? string.Empty));
+            }
+
+            computers.Sort((left, right) =>
+                string.Compare(left.ProfileName, right.ProfileName, StringComparison.OrdinalIgnoreCase));
+
+            return computers;
+        }
+        catch (COMException exception)
+        {
+            throw new InvalidOperationException(
+                "Active Directory search failed. Verify the search base, permissions, and domain connectivity.",
+                exception);
+        }
+    }
+
+    private static string NormalizeLdapPath(string input)
+    {
+        if (input.StartsWith("LDAP://", StringComparison.OrdinalIgnoreCase) ||
+            input.StartsWith("LDAPS://", StringComparison.OrdinalIgnoreCase) ||
+            input.StartsWith("GC://", StringComparison.OrdinalIgnoreCase))
+            return input;
+
+        return "LDAP://" + input;
+    }
+
+    private static string GetFirstPropertyString(SearchResult searchResult, string propertyName)
+    {
+        if (!searchResult.Properties.Contains(propertyName) || searchResult.Properties[propertyName].Count == 0)
+            return string.Empty;
+
+        return searchResult.Properties[propertyName][0]?.ToString() ?? string.Empty;
+    }
+}

Source/NETworkManager.Utilities/ActiveDirectory/ActiveDirectoryComputerSearcher.cs

@@ -1,4 +1,4 @@
-using System.Globalization;
+using System.Globalization;
 using System.Windows.Controls;
 using NETworkManager.Localization.Resources;
 
@@ -10,6 +10,9 @@ public override ValidationResult Validate(object value, CultureInfo cultureInfo)
     {
         var groupName = value as string;
 
+        if (string.IsNullOrEmpty(groupName))
+            return ValidationResult.ValidResult;
+
         if (groupName.StartsWith("~"))
             return new ValidationResult(false,
                 string.Format(Strings.GroupNameCannotStartWithX, "~"));

Source/NETworkManager.Validators/GroupNameValidator.cs

@@ -1,4 +1,4 @@
-using MahApps.Metro.SimpleChildWindow;
+using MahApps.Metro.SimpleChildWindow;
 using NETworkManager.Controls;
 using NETworkManager.Localization.Resources;
 using NETworkManager.Models;
@@ -567,6 +567,32 @@ public static async Task ShowDeleteProfileDialog(Window parentWindow, IProfileMa
         ProfileManager.RemoveProfiles(profiles);
     }
 
+    public static Task ShowImportComputersFromActiveDirectoryDialog(Window parentWindow,
+        IProfileManagerMinimal viewModel, string suggestedTargetGroup)
+    {
+        var childWindow = new ImportAdComputersChildWindow(parentWindow);
+
+        void CloseChild()
+        {
+            childWindow.IsOpen = false;
+            Settings.ConfigurationManager.Current.IsChildWindowOpen = false;
+
+            viewModel.OnProfileManagerDialogClose();
+        }
+
+        var childWindowViewModel =
+            new ImportAdComputersViewModel(parentWindow, suggestedTargetGroup ?? string.Empty, CloseChild);
+
+        childWindow.Title = Strings.ImportComputersFromActiveDirectory;
+        childWindow.DataContext = childWindowViewModel;
+
+        viewModel.OnProfileManagerDialogOpen();
+
+        Settings.ConfigurationManager.Current.IsChildWindowOpen = true;
+
+        return parentWindow.ShowChildWindowAsync(childWindow);
+    }
+
     #endregion
 
     #region Dialog to add, edit and delete group