diff --git a/Features/DeviceCompareService.cs b/Features/DeviceCompareService.cs index 362ee88..facee3b 100644 --- a/Features/DeviceCompareService.cs +++ b/Features/DeviceCompareService.cs @@ -69,35 +69,59 @@ namespace Disco.Plugins.ADCompare.Features result.FoundInAD = true; result.ADAccountDisabled = adAccount.IsDisabled; + // Get the managedBy DN from the computer object var managedByDN = adAccount.GetPropertyValue("managedBy"); result.ADManagedByDN = managedByDN; result.HasManagedBy = !string.IsNullOrEmpty(managedByDN); + // Extract display name from the CN portion of the DN for display if (result.HasManagedBy) + { + result.ADManagedByDisplayName = ExtractCNFromDN(managedByDN); + } + + // To compare correctly, look up the Disco assigned user in AD + // and compare their DN against the managedBy DN + string assignedUserDN = null; + if (result.HasAssignment) { try { - var managedByUser = ActiveDirectory.RetrieveADUserAccount(managedByDN); - if (managedByUser != null) + var assignedUserAD = ActiveDirectory.RetrieveADUserAccount(device.AssignedUserId); + if (assignedUserAD != null) { - result.ADManagedByUserId = managedByUser.Id; - result.ADManagedByDisplayName = managedByUser.DisplayName; - } - else - { - result.ADManagedByUserId = managedByDN; + assignedUserDN = assignedUserAD.DistinguishedName; + result.ADManagedByUserId = device.AssignedUserId; // For display } } catch { - result.ADManagedByUserId = managedByDN; + // Can't look up assigned user in AD } } - result.IsMatch = DetermineMatch(result); + // Now compare: both have values -> compare DNs + if (!result.HasAssignment && !result.HasManagedBy) + { + result.IsMatch = true; + } + else if (result.HasAssignment && result.HasManagedBy && assignedUserDN != null) + { + // Compare DN-to-DN (case insensitive) + result.IsMatch = string.Equals(assignedUserDN, managedByDN, StringComparison.OrdinalIgnoreCase); + if (result.IsMatch) + { + result.ADManagedByUserId = device.AssignedUserId; + } + } + else + { + result.IsMatch = false; + } + if (!result.IsMatch) { - result.MismatchReason = DetermineMismatchReason(result); + result.MismatchReason = DetermineMismatchReason(result, assignedUserDN); } } catch (Exception ex) @@ -109,21 +133,7 @@ namespace Disco.Plugins.ADCompare.Features return result; } - private bool DetermineMatch(DeviceComparisonResult result) - { - if (!result.HasAssignment && !result.HasManagedBy) - return true; - - if (result.HasAssignment != result.HasManagedBy) - return false; - - return string.Equals( - result.DiscoAssignedUserId, - result.ADManagedByUserId, - StringComparison.OrdinalIgnoreCase); - } - - private string DetermineMismatchReason(DeviceComparisonResult result) + private string DetermineMismatchReason(DeviceComparisonResult result, string assignedUserDN) { if (!result.FoundInAD) return "Computer not found in AD"; @@ -132,12 +142,39 @@ namespace Disco.Plugins.ADCompare.Features return "Assigned in Disco but AD managedBy is empty"; if (!result.HasAssignment && result.HasManagedBy) - return "Not assigned in Disco but AD managedBy is set"; + return string.Format("Not assigned in Disco but AD managedBy is set to {0}", + ExtractCNFromDN(result.ADManagedByDN)); if (result.HasAssignment && result.HasManagedBy) - return string.Format("Different users: Disco={0}, AD managedBy={1}", result.DiscoAssignedUserId, result.ADManagedByUserId); + { + var managedByName = ExtractCNFromDN(result.ADManagedByDN); + return string.Format("Different users: Disco={0} ({1}), AD managedBy={2}", + result.DiscoAssignedUserId, + result.DiscoAssignedUserDisplayName ?? "?", + managedByName); + } return "Unknown mismatch"; } + + /// + /// Extract the CN value from a Distinguished Name. + /// e.g. "CN=Sue Lesnjak,OU=Teachers,..." -> "Sue Lesnjak" + /// + private string ExtractCNFromDN(string dn) + { + if (string.IsNullOrEmpty(dn)) + return null; + + if (dn.StartsWith("CN=", StringComparison.OrdinalIgnoreCase)) + { + var commaIndex = dn.IndexOf(','); + if (commaIndex > 3) + return dn.Substring(3, commaIndex - 3); + return dn.Substring(3); + } + + return dn; + } } }