Exposes an installer UI option to have the installer skip the step of…

… checking and adding the service account to the FIM admin group (#104 #103)

src/Lithnet.Miiserver.AutoSync.Setup.CustomActions/CustomAction.cs

@@ -16,8 +16,8 @@ public class CustomActions
         [CustomAction]
         public static ActionResult SetIsLocalProperty(Session session)
         {
-            string sid = session["GROUP_FIM_SYNC_ADMINS"];
-            FindInDomainOrMachineBySid(sid, out bool isMachine);
+            string group = session["GROUP_FIM_SYNC_ADMINS_NAME"];
+            FindInDomainOrMachine(group, out bool isMachine);
             session["GROUP_FIM_SYNC_ADMINS_IS_LOCAL"] = isMachine ? "1" : null;
             session["GROUP_FIM_SYNC_ADMINS_IS_DOMAIN"] = !isMachine ? "1" : null;
 
@@ -48,8 +48,7 @@ public static ActionResult GetFimGroups(Session session)
                 //#warning remove this
                 //sid = (SecurityIdentifier)new NTAccount("Fim-dev1\\idm-gg-fimadmins").Translate(typeof(SecurityIdentifier));
 
-                session.Log("Got administrators group SID");
-                session["GROUP_FIM_SYNC_ADMINS"] = sid.ToString();
+                session.Log($"Got administrators group SID: {sid}");
                 session["GROUP_FIM_SYNC_ADMINS_NAME"] = sid.Translate(typeof(NTAccount)).Value;
             }
 
@@ -60,21 +59,20 @@ public static ActionResult GetFimGroups(Session session)
         public static ActionResult AddServiceAccountToFimSyncAdmins(Session session)
         {
             string account = session.CustomActionData["SERVICE_USERNAME"];
-            string group = session.CustomActionData["GROUP_FIM_SYNC_ADMINS"];
             string groupName = session.CustomActionData["GROUP_FIM_SYNC_ADMINS_NAME"];
 
             while (true)
             {
                 try
                 {
-                    session.Log($"Attempting to add user {account} to {groupName} ({group})");
-                    AddUserToGroup(session, account, group, groupName);
+                    session.Log($"Attempting to add user {account} to {groupName}");
+                    AddUserToGroup(session, account, groupName);
                     session.Log("Done");
                     return ActionResult.Success;
                 }
                 catch (Exception ex)
                 {
-                    session.Log($"Could not add user {account} to group {groupName} ({group})");
+                    session.Log($"Could not add user {account} to group {groupName}");
                     session.Log(ex.ToString());
 
                     const int val = (int)InstallMessage.User | (int)MessageButtons.OKCancel | (int)MessageIcon.Error;
@@ -90,15 +88,15 @@ public static ActionResult AddServiceAccountToFimSyncAdmins(Session session)
             }
         }
 
-        private static void AddUserToGroup(Session session, string account, string groupSid, string groupName)
+        private static void AddUserToGroup(Session session, string account, string groupName)
         {
             bool isMachine;
 
-            GroupPrincipal group = CustomActions.FindInDomainOrMachineBySid(groupSid, out isMachine) as GroupPrincipal;
+            GroupPrincipal group = CustomActions.FindInDomainOrMachine(groupName, out isMachine) as GroupPrincipal;
 
             if (group == null)
             {
-                throw new NoMatchingPrincipalException($"The group {groupName} ({groupSid}) could not be found");
+                throw new NoMatchingPrincipalException($"The group {groupName} could not be found");
             }
 
             UserPrincipal user = (UserPrincipal)CustomActions.FindInDomainOrMachine(account, out isMachine);
@@ -117,12 +115,12 @@ private static void AddUserToGroup(Session session, string account, string group
                 SecurityIdentifier sid = new SecurityIdentifier(s, 0);
                 if (user.Sid == sid)
                 {
-                    session.Log($"User {account} was already in group {groupName} ({groupSid})");
+                    session.Log($"User {account} was already in group {groupName}");
                     return;
                 }
             }
 
-            session.Log($"User {account} was not in group {groupName} ({groupSid})");
+            session.Log($"User {account} was not in group {groupName}");
 
             try
             {
@@ -142,7 +140,7 @@ private static void AddUserToGroup(Session session, string account, string group
             {
                 if (e.HResult == -2147019886) //unchecked((int)0x80071392))
                 {
-                    session.Log($"User {account} was already in group {groupName} ({groupSid}) - 0x80071392");
+                    session.Log($"User {account} was already in group {groupName} - 0x80071392");
                     return;
                 }
 
@@ -165,21 +163,5 @@ private static Principal FindInDomainOrMachine(string accountName, out bool isMa
 
             return p;
         }
-
-        private static Principal FindInDomainOrMachineBySid(string sid, out bool isMachine)
-        {
-            isMachine = false;
-            PrincipalContext context = new PrincipalContext(ContextType.Domain);
-            Principal p = Principal.FindByIdentity(context, IdentityType.Sid, sid);
-
-            if (p == null)
-            {
-                context = new PrincipalContext(ContextType.Machine);
-                p = Principal.FindByIdentity(context, sid);
-                isMachine = true;
-            }
-
-            return p;
-        }
     }
 }

src/Lithnet.Miiserver.AutoSync.Setup/ConfigPathDialog.wxs

@@ -12,20 +12,27 @@
           <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
         </Control>
 
-        <Control Id="label3" Type="Text"          X="15"  Y="60" Height="15" Width="348"  Text="Specify the path that the application will write its logs to" />
-        <Control Id="label1" Type="Text"          X="15"  Y="80" Height="15" Width="51"   Text="Log file path:" />
-        <Control Id="txtLogFilePath" Type="Edit"  X="90"  Y="80" Height="15" Width="200"  Property="APPLOGDIR"/>
+        <Control Id="label3" Type="Text"          X="15"  Y="50" Height="15" Width="348"  Text="Specify the path that the application will write its logs to" />
+        <Control Id="label1" Type="Text"          X="15"  Y="70" Height="15" Width="51"   Text="Log file path:" />
+        <Control Id="txtLogFilePath" Type="Edit"  X="90"  Y="70" Height="15" Width="200"  Property="APPLOGDIR"/>
 
         <Control Id="btBrowseLogFilePath" Type="PushButton"
-                                                  X="297" Y="80" Height="17" Width="56" Text="Browse..." >
+                                                  X="297" Y="70" Height="17" Width="56" Text="Browse..." >
           <Publish Property="_BrowseProperty" Value="APPLOGDIR" Order="1">1</Publish>
           <Publish Event="SpawnDialog" Value="BrowseDlg" Order="2">1</Publish>
         </Control>
 
-        <Control Id="label4" Type="Text"          X="15"  Y="120" Height="30" Width="348"  Text="Specify an existing group that will contain the users allowed to administer the AutoSync service (in DOMAIN\group format)" />
-        <Control Id="SvcAdminsLabel" Type="Text"  X="15"  Y="150" Height="15" Width="51"  Text="Group name:" />
-        <Control Id="SvcAdminstxt" Type="Edit"    X="90"  Y="150" Height="15" Width="200"  Property="SERVICE_ADMINS_GROUP"/>
+        <Control Id="label4" Type="Text"          X="15"  Y="100" Height="30" Width="348" Text="Specify an existing group that will contain the users allowed to administer the AutoSync service (in DOMAIN\group format)" />
+        <Control Id="SvcAdminsLabel" Type="Text"  X="15"  Y="130" Height="15" Width="51"  Text="Group name:" />
+        <Control Id="SvcAdminstxt" Type="Edit"    X="90"  Y="130" Height="15" Width="200" Property="SERVICE_ADMINS_GROUP"/>
 
+        <Control Id="AddAccountLabel" Type="Text" X="15"  Y="160" Height="30" Width="348" TabSkip="no" Text="The AutoSync service account specified above needs to be a member of the MIM Sync Admins group. This installer will not be able to continue if these permissions are not available" />
+        <Control Id="check1" Type="CheckBox"      X="90"  Y="180" Height="15" Width="220" Text="Add the service account to the group during installation" Property="ADD_TO_FIM_SYNC_ADMINS" CheckBoxValue="1"/>
+        <Control Id="label5" Type="Text"          X="15"  Y="200" Height="15" Width="75"  Text="MIM Admins group:" />
+        <Control Id="AdminGroupEdit" Type="Edit"  X="90"  Y="200" Height="15" Width="220" Property="GROUP_FIM_SYNC_ADMINS_NAME" >
+          <Condition Action="enable">ADD_TO_FIM_SYNC_ADMINS=1</Condition>
+          <Condition Action="disable"><![CDATA[ADD_TO_FIM_SYNC_ADMINS<>1]]></Condition>
+        </Control>
 
         <Control Id="BannerBitmap" Type="Bitmap" Height="44" Width="370" X="0" Y="0" Text="!(loc.InstallDirDlgBannerBitmap)" />
       </Dialog>

src/Lithnet.Miiserver.AutoSync.Setup/Product.wxs

@@ -27,10 +27,10 @@
     <Property Id="SERVICE_PASSWORD" Hidden="yes" Secure="yes"/>
     <Property Id="SERVICE_NAME" Secure="yes" Value="autosync"/>
 
-    <Property Id="GROUP_FIM_SYNC_ADMINS" Secure="yes"/>
     <Property Id="GROUP_FIM_SYNC_ADMINS_NAME" Secure="yes"/>
     <Property Id="GROUP_FIM_SYNC_ADMINS_IS_LOCAL" Secure="yes"/>
     <Property Id="GROUP_FIM_SYNC_ADMINS_IS_DOMAIN" Secure="yes"/>
+    <Property Id="ADD_TO_FIM_SYNC_ADMINS" Secure="yes" Value="1"/>
 
     <Property Id="GROUP_ADD_ACTION_FAILED" Secure="yes"/>
 
@@ -51,11 +51,11 @@
 
     <CustomAction Id="CA_SetPropertyValueAsSystem"
                   Property="AddServiceAccountToFimSyncAdminsAsSystem"
-                  Value="GROUP_FIM_SYNC_ADMINS=[GROUP_FIM_SYNC_ADMINS];SERVICE_USERNAME=[SERVICE_USERNAME];GROUP_FIM_SYNC_ADMINS_NAME=[GROUP_FIM_SYNC_ADMINS_NAME]"/>
+                  Value="SERVICE_USERNAME=[SERVICE_USERNAME];GROUP_FIM_SYNC_ADMINS_NAME=[GROUP_FIM_SYNC_ADMINS_NAME]"/>
 
     <CustomAction Id="CA_SetPropertyValueAsCaller"
                   Property="AddServiceAccountToFimSyncAdminsAsCaller"
-                  Value="GROUP_FIM_SYNC_ADMINS=[GROUP_FIM_SYNC_ADMINS];SERVICE_USERNAME=[SERVICE_USERNAME];GROUP_FIM_SYNC_ADMINS_NAME=[GROUP_FIM_SYNC_ADMINS_NAME]"/>
+                  Value="SERVICE_USERNAME=[SERVICE_USERNAME];GROUP_FIM_SYNC_ADMINS_NAME=[GROUP_FIM_SYNC_ADMINS_NAME]"/>
 
     <CustomAction Id="SetIsLocalProperty"
                   BinaryKey="CustomActionBinary"
@@ -181,7 +181,7 @@
       <Custom Action="SetServiceAdminsGroupIfBlank" After="CostFinalize">(NOT Installed) AND (NOT SERVICE_ADMINS_GROUP)</Custom>
     </InstallUISequence>
     <InstallExecuteSequence>
-      <Custom Action="SetIsLocalProperty" Before="InstallFiles">(NOT Installed) AND (NOT SKIPGROUPCHECK)</Custom>
+      <Custom Action="SetIsLocalProperty" Before="InstallFiles">(NOT Installed) AND (NOT SKIPGROUPCHECK) AND ADD_TO_FIM_SYNC_ADMINS</Custom>
 
       <Custom Action="CA_SetPropertyValueAsSystem" Before="AddServiceAccountToFimSyncAdminsAsSystem">(NOT Installed) AND GROUP_FIM_SYNC_ADMINS_IS_LOCAL</Custom>
       <Custom Action="AddServiceAccountToFimSyncAdminsAsSystem" After="InstallFiles">(NOT Installed) AND GROUP_FIM_SYNC_ADMINS_IS_LOCAL</Custom>

src/Lithnet.Miiserver.AutoSync.Setup/ServiceDetailsDialog.wxs

@@ -16,23 +16,24 @@
         <Control Id="PasswdEdit" Type="Edit" X="117" Y="98" Width="220" Height="15" Property="SERVICE_PASSWORD" Text="{80}" Password="yes"></Control>
         <Control Id="ConfirmPasswdLabel" Type="Text" X="14" Y="117" Width="90" Height="15" TabSkip="no" Text="Confirm Password:" RightAligned="yes" />
         <Control Id="ConfirmPasswdEdit" Type="Edit" X="117" Y="117" Width="220" Height="15" Property="PASSWD_CONFIRM" Text="{80}" Password="yes"></Control>
-        <Control Id="PasswordsMatchLabel" Type="Text" X="117" Y="140" Width="220" Height="18" Text="{\WixUI_Font_Large_Red}Passwords do not match">
+        <Control Id="PasswordsMatchLabel" Type="Text" X="117" Y="130" Width="220" Height="18" Text="{\WixUI_Font_Large_Red}Passwords do not match">
           <Condition Action="hide">(PASSWORD_COMPARE = "1")</Condition>
           <Condition Action="show">(PASSWORD_COMPARE = "2")</Condition>
           <Condition Action="hide">(PASSWORD_COMPARE = "3")</Condition>
         </Control>
-        <Control Id="PasswordsRequiredLabel" Type="Text" X="117" Y="140" Width="220" Height="18" Text="{\WixUI_Font_Large_Red}Password fields required">
+        <Control Id="PasswordsRequiredLabel" Type="Text" X="117" Y="130" Width="220" Height="18" Text="{\WixUI_Font_Large_Red}Password fields required">
           <Condition Action="hide">(PASSWORD_COMPARE = "1")</Condition>
           <Condition Action="hide">(PASSWORD_COMPARE = "2")</Condition>
           <Condition Action="show">(PASSWORD_COMPARE = "3")</Condition>
         </Control>
-        <Control Id="WarningLabel" Type="Text" X="20" Y="190" Width="325" Height="25" TabSkip="no" Text="Warning: The credentials will not be verified by the installer. Ensure the provided credentials are correct" />
+        <Control Id="WarningLabel" Type="Text" X="117" Y="150" Width="220" Height="25" TabSkip="no" Text="Warning: The credentials will not be verified by the installer. Ensure the provided credentials are correct" />
+
         <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="!(loc.WixUIBack)"></Control>
         <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="!(loc.WixUINext)">
           <Publish Property="PASSWORD_COMPARE" Value="1" Order="1"><![CDATA[ (SERVICE_PASSWORD = PASSWD_CONFIRM) ]]></Publish>
           <Publish Property="PASSWORD_COMPARE" Value="2" Order="2"><![CDATA[ (SERVICE_PASSWORD <> PASSWD_CONFIRM) ]]></Publish>
           <Publish Property="PASSWORD_COMPARE" Value="3" Order="3"><![CDATA[ (SERVICE_PASSWORD = "" AND PASSWD_CONFIRM = "") ]]></Publish>
-          
+
         </Control>
         <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="!(loc.WixUICancel)">
           <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>