Skip to main content

Trouble using the AdvancedFilterSet with the “whenCreated” active directory property

Over the last couple of days on my current project I have been working with the new account management API found in .NET 3.5 for communicating with active directory. This API is a massive improvement over the features provided by the older directory services and really does make creating, deleting, updating and finding users a lot simpler (for more information checkout http://msdn.microsoft.com/en-us/library/bb299745%28v=VS.100%29.aspx).

As part of the work I needed to provide the ability to find users based on the date they were created so following the approach on MSDN (see http://msdn.microsoft.com/en-us/library/bb384372.aspx) I extended the “AdvancedFilters” class and added my own method for setting a filter for a query using the active directory property “whenCreated”. I should say this property stores the date and time a user is created with AD. Now the code shown below is what I first came up with and it looks like it will do the job right?

  1: public class SearchFilter : AdvancedFilters

  2: {

  3:     /// <summary>

  4:     /// Initializes a new instance of the <see cref="SearchFilter"/> class.

  5:     /// </summary>

  6:     /// <param name="p"></param>

  7:     public SearchFilter(Principal p) : base(p)

  8:     {

  9:     }

 10: 

 11:     public void Created(DateTime? created, MatchType matchType)

 12:     {

 13:        if (!created.HasValue) return;

 14:          AdvancedFilterSet("whenCreated", created.Value, typeof(DateTime), matchType);

 15:     }

 16: }

 17:

Well sadly no. As it turns out the “whenCreated” property in AD is stored as a string in the generalised time format (see http://msdn.microsoft.com/en-us/library/ms680924%28VS.85%29.aspx). Because of this telling the advanced filter set that it’s a date just doesn’t work and you will find as I did no results are returned. So how do you get this to work then? Well all we need to do is update our “Created” method a bit so the advanced filter set thinks it is dealing with a string and then just pass in the date in the correct generalised date format which is “yyyyMMddHHmmss.0Z”. 

[Updated code which now correctly sets the type and formats it]
  1: public void Created(DateTime? created, MatchType matchType)

  2: {

  3:    const string WhenCreatedDateFormat = "yyyyMMddHHmmss.0Z";

  4: 

  5:    if (!created.HasValue) return;

  6:    AdvancedFilterSet(ClientUser.WhenCreatedPropertyName,

  7:    created.Value.ToUniversalTime().ToString(WhenCreatedDateFormat), typeof (string), matchType);

  8: }

Once you do this your query filter will spring into life and happily return you results. Well that’s it for now.

Comments

Post a Comment

Popular posts from this blog

X509 certificate encryption fun :-)

Recently I needed to encrypt data on a server and allow a limited number of service accounts the ability to decrypt that data so it was as safe as possible. The approach I took to achieve this was by using a X509 certificate and it's ability to allow you to encrypt information via it's public key and decrypt that information through the private key. The key parts of this approach are: - Create a certificate - Ensure the KeySpec of the certificate is set up correctly to allow for encryption e.g. "KeyExchange" or "None" if you are doing this via PowerShell - Set the security on the private keys so only specific user accounts can access it and decrypt information encrypted via the public key. Step 1 - Create a certificate to use The easiest way to get a quick example going is via PowerShell to create a dummy root certificate and the one we will use for encrypting and decrypting. $rootCert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Dns
Post a Comment
Read more

SharePoint - Search Service Application (SSA) - Attempted to perform an unauthorized operation

On my current project I needed to adjust and add some search mapping via SharePoint's Central Administration web site. This should have been very straight forward as you have the ability to add managed properties and mappings easily via the UI. However, when I went to save my changes I got the error "The settings could not be saved because of an internal error: Attempted to perform an unauthorized operation". Now this was very confusing as I am administrator on the server and added into all of the correct SharePoint groups. I also tried the same action via PowerShell and got the same error.   After a few hours of research and head scratching I managed to get to the bottom of the problem which is the way my user account had been added as an administrator to the server. In the company I work for to make it easier to manage the administrators on a server a group is created in active directory called " servername_admins ". This group is added to the local administra
Post a Comment
Read more

Why poor tests are worse than no tests

It's been awhile since I wrote my last blog post so I thought I would resume with a subject close to my heart...unit testing. Unit testing is tricky and lots of people don't focus enough on the key pillars that make up a good test: Trustworthy - Can the test be run multiple times and work in the same way each time? A test which works sometimes and fails randomly when a build happens during continuous integration(CI) is just going to be ignored and has no benefit to the team. Worse still, a bad test can give you a false impression that everything is fine when really it's not.   Readable - Can you look at the name of the test and work out what it's meant to do? For example, a test named "It_works_and_doesnt_fail" isn't as good as "It_will_add_a_valid_order_without_errors". Maintainable - Is your test simple to setup and refactor when code changes are made in the rest of the system? The
Post a Comment
Read more