Random Acts of Group-ness

Published 28 February 07 02:00 PM | Adam Singer 

Following up from my last post "'Grep'ing Groups" and this question on the forums, here's a bit of code that will help you add a user to multiple groups across all projects on your server. Say you want to add someone with the domain account "CORPNET\JoeBlogs" to the "Readers" group for all your projects on your Team Foundation Server "atlantis". Simply download, build, and run the attached code with the arguments "atlantis CORPNET\JoeBlogs Readers" as a Team Foundation Adminstrator.

A few of the more salient points in the code are as follows:

NTAccount userAccount = new NTAccount(username);
...
SecurityIdentifier userSid = (SecurityIdentifier)userAccount.Translate(typeof(SecurityIdentifier));

Here, I'm using some of the System.Security.Principal .NET helpers to conver our user to a SID. While I could also use the IGroupSecurityService's "ReadIdentityFromSource" call, that includes a round-trip to the server and includes a bit more information than we need in this helper code.

ProjectInfo[] projects = css.ListProjects();

Here, I chose to use "ListProjects()" rather than "ListAllProjects()". The former only includes well formed projects while the latter will list all projects that are in the process of being created, being deleted, etc. as well. In this case, I think we only want to try to update projects that have been completely constructed.

Identity projectGroup = gss.ReadIdentity(SearchFactor.AccountName, String.Format("[{0}]\\{1}", project.Name, groupToUpdate), QueryMembership.Expanded);
...
List<string> members = new List<string>(projectGroup.Members);
if (!members.Contains(userSid.ToString())) {...}

Before attempting to add the user to the group, I want to make sure it's not already a member. I chose to query the extended membership rather than just direct as it wouldn't make a difference in terms of user permissions whether the user is a direct member or a member under a nested group. However, if you want to make sure that the user is a direct member of the specified groups, you could change the "QueryMemberhip" value to Direct. Changing the query to Direct will also speed up the ReadIdentity call, particularly if your groups have many members.

Happy coding!

Attachment(s): AddUserToTFSProjGroups.zip

Comments

# Stephen Hatfield said on March 1, 2007 6:18 AM:

Special thanks to Adam for doing this! This works great and I have already put it to good use.

# Adam Singer said on March 1, 2007 9:46 AM:

Glad to help!

# Team System News said on March 5, 2007 6:38 AM:

Eric Lee on Team Foundation Server Version Control Housekeeping Tasks. Adam Singer on Random Acts...

New Comments to this post are disabled

About Adam Singer

Faster than a speeding batch file, stronger than a well coded C# library, Adam is often seen testing those dark, dank quagmires of features where few tread and even fewer return. And he does so with a signature chipper attitude not sold in stores.

Search

This Blog

Syndication

Disclaimer
This blog and all postings herein are provided "AS IS" with no warranties, and confer no rights.
Page view tracker