Security Scripts and Functions

TargetDirectory Object

Functions Supported by All Target Directories

Function	Input Parameters (Type)	Return Type	Description
`GetUserByDisplayIdentifier()`	ByVal displayIdentifier (String)	IUser	Gets a user from the configured target directory by a user-friendly identifier used on the administration UI as well as show users. If the user is not found, then the null value is returned.
`GetUserByInternalIdentifier()`	ByVal internalIdentifier (String)	IUser	Gets a user from the configured target directory by an internal identifier (GUID, SID, etc). If the user is not found, then the null value is returned.
`GetGroupByDisplayIdentifier()`	ByVal displayIdentifier (String)	IGroup	Gets a group from the configured target directory by a user-friendly identifier used on the administration UI as well to show users. If the user is not found, then the null value is returned.
`GetGroupByInternalIdentifier()`	ByVal internalIdentifier (String)	IGroup	Gets a group from the configured target directory by an internal identifier (GUID, SID, etc). If the user is not found, then the null value is returned.

Functions Supported by Active Directory

Function	Input Parameters (Type)	Return Type	Description
`GetUserBySID()`	ByVal sid (String)	ADUser	Gets a user by SID. If the user is not found, then the null value is returned.
`GetUserByName()`	ByVal name (String)	ADUser	Gets a user by name in 'netbiosname\username' or 'username@domain' format. If the user is not found, then the null value is returned.
`GetUserByEmailAddress()`	ByVal emailAddress (String)	ADUser	Gets a user by email address. If the user is not found, then the null value is returned.
`GetUserByAttribute()`	ByVal attribute (String), ByVal value(String)	ADUser	Gets a user by the specified attribute and value. If the user is not found, then the null value is returned.
`GetGroupBySID()`	ByVal sid (String)	ADGroup	Gets a group by SID. If the group is not found, then the null value is returned.
`GetGroupByName()`	ByVal name (String)	ADGroup	Gets a group by name in 'netbiosname\username' or 'username@domain' format. (Only full domain name like 'mydomain.local' is supported.) If the group is not found, then the null value is returned.
`GetGroupByDistinguishedName()`	ByVal distinguishedName (String)	ADGroup	Gets a group by distinguishedName. If the group is not found, then the null value is returned.
`GetGroupByAttribute()`	ByVal attribute (String), ByVal value(String)	ADGroup	Gets a group by the specified attribute and value. If the group is not found, then the null value is returned.

Functions Supported by Azure Active Directory

Function	Input Parameters (Type)	Return Type	Description
`GetUserByID()`	ByVal id (String)	AADUser	Gets a user by Azure Active Directory ID. If the user is not found, then the null value is returned.
`GetUserByUPN()`	ByVal upn (String)	AADUser	Gets a user by userPrincipalName in 'username@domain.onmicrosoft.com' format. (Only full domain name like 'mydomain.local' is supported.) If the user is not found, then the null value is returned.
`GetUserByName()`	ByVal name (String)	AADUser	Gets a user by display name. If the user is not found, then the null value is returned.
`GetUserByEmailAddress()`	ByVal emailAddress (String)	AADUser	Gets a user by email address. If the user is not found, then the null value is returned.
`GetUserByAttribute()`	ByVal attribute (String), ByVal value(String)	AADUser	Gets a user by the specified attribute and value. If the user is not found, then the null value is returned. The specified attribute must also be added to the properties to load text box on the Target Directory Configuration page
`GetGroupByID()`	ByVal id (String)	AADGroup	Gets a group by Azure Active Directory ID. If the group is not found, then the null value is returned.
`GetGroupByEmail()`	ByVal emailAddress (String)	AADGroup	Gets a group by email address. If the group is not found, then the null value is returned.
`GetGroupByAttribute()`	ByVal attribute (String), ByVal value(String)	AADGroup	Gets a group by the specified attribute and value. If the group is not found, then the null value is returned. The specified attribute must also be added to the properties to load text box on the Target Directory Configuration page

User and Group Objects

Properties Supported by All Target Directories

Property	Type	Description
`DisplayIdentifier`	String	A user-friendly identifier which is used to display the user or group on the administration UI. (Its format depends on the configured target directory.)
`InternalIdentifier`	String	An internal identifier what is typically used to store in ACLs inside the search index. (Its format depends on the configured target directory.)
`Disabled`	Boolean	Indicated that the user or group is disabled in the target directory.

Properties Supported by Active Directory

Property	Type	Description
`SID`	String	Active Directory specific security identifier.
`Name`	String	Name in 'domain\user' format.
`DistinguishedName`	String	LDAP specific identifier.

Properties Supported by Azure Active Directory

Property	Type	Description
`ID`	String	Azure Active Directory specific security identifier.
`Mail`	String	User/Group email address.
`DisplayName`	String	User/Group display name.
`OnPremisesSecurityIdentifier`	String	The SID of a user/group synchronized with On-Premise AD.
`AdditionalAttributes`	Dictionary<String, object>	A list of additional properties loaded for a user/group during the request. The additional properties must be specified in the Azure Active Directory Target configuration page in the 'Properties to load' text box.
`DeletedDateTime`	DateTime	AAD Group only: Specifies the date the group was deleted.
`UserPrincipalName`	String	AAD User only: Specifies the user principal name.

HOST Object

User and Group Mapping Functions

Following table contains all the security mapping related functions o the HOST object:

Function	Input Parameters (Type)	Return Type	Description
`GetSystemId()`		String	Gets the unique identifier of user or group returned by connector.
`GetSystemName()`		String	Gets the name of user or group returned by connector from the source system.
`GetTargetDirectoryId()`		String	Gets the target directory specific identifier returned by connector.
`GetValue()`	ByVal key (String)	String	Gets a custom property of the user or group returned by the connector.
`RemapBySystemName()`		String	Re-maps the current group to an existing group. This is a group load-only feature.
`GetSystemActive()`		Boolean	Gets the "active" status.
`SetSystemActive()`	ByVal (Boolean)		Sets the "active" status.
`GetCount()`		Integer	Returns the index of current user or group.

Access Control Scripts and Functions

Function	Input Parameters (Type)	Return (Type)	Description
`GetSecDesc()`		Byte()	Returns the security descriptor.
`SetSecDesc()`	ByVal sd (Byte())	Byte()	Sets the security descriptor.
`CheckIsPublic()`		Boolean	Gets the item Public status.
`SetIsPublic()`	ByVal iPublic (Boolean)		Sets the item Public status.
`AddGroup()`	ByVal id (String) ByVal lvl (Integer) ByVal grant (Boolean)		Adds a group by system ID or target directory ID for multi-level security.
`AddGroup()`	ByVal id (String) ByVal grant (Boolean)		Adds a group by system ID or target directory ID.
`AddUser()`	ByVal id (String) ByVal grant (Boolean)		Adds a user by system ID or target directory ID.
`AddUser()`	ByVal id (String) ByVal lvl (Integer) ByVal grant (Boolean)		Adds a group by system ID or target directory ID for multi-level security.
`RemoveGroup()`			Removes a group by system ID or target directory ID for multi-level security.
`RemoveUser()`			Removes a user by system ID or target directory ID for multi-level security.
`RemoveGroup()`	ByVal id (String) ByVal grant (Boolean)		Removes a group by system ID or target directory ID.
`RemoveUser()`	ByVal id (String) ByVal grant (Boolean)		Removes a user by system ID or target directory ID.
`ClearAll()`			Clears all users/groups access.
`GetGrantGroupIDs()`		String()	Granted groups IDs.
`GetGrantUserIDs()`			Granted users IDs.
`GetDenyGroupIDs()`			Denied groups IDs.
`GetDenyUserIDs()`			Denied users IDs.