Sophos SafeGuard Enterprise 5.50 User Manual [it]
SafeGuard® Enterprise 5.50
Management API
Document date: April 2010
Content
1 SafeGuard Enterprise Management API ................................................................................................... 2
2 Detailed API Description.......................................................................................................................... 13
3 Installation/environment.......................................................................................................................... 80
4 Technical Support...................................................................................................................................... 81
5 Copyright .................................................................................................................................................... 82
1
SafeGuard® Enterprise 5.50, Management API
1 SafeGuard Enterprise Management API
1.1 Short description
The SafeGuard Enterprise Scripting API contains methods supporting the following areas:
Users & Computers management
User-computer assignment (UMA)
Key generation and assignment
Certificate assignment
Token management
Inventory and status information
Challenge/Response
Reporting
Service Accounts
Misc
Prior to using the Scripting API Security Officer authentication is mandatory. Security Officer
authentication is offered by the Scripting API. However, additional authentication (OTS) is not
possible. The authenticated officer must therefore be allowed to perform all required actions on
their own. Authentication can be done once centrally and will be valid for the whole scripting
session.
Events will be logged the same way as if the user was logged on interactively using the
Management Center. Additional events have been defined to reflect the usage of the functionality
by the Scripting API. The Scripting API is exposed through COM registration and can be used by
common scripting languages like VBS.
2
SafeGuard® Enterprise 5.50, Management API
1.2 Base
The following methods are available:
Initialize()
FreeResources()
CreateDirectoryClassInstance()
CreateUMAClassInstance()
CreateKeysClassInstance()
CreateCertificatesClassInstance()
CreateTokenClassInstance()
CreateInventoryClassInstance()
CreateCRClassInstance()
CreateReportsClassInstance()
CreateMiscClassInstance()
CreateServiceAccountsClassInstance()
GetLastError()
AuthenticateOfficer(string officerName, string pinOrPassword, string
confFilePathName)
AuthenticateWHDOfficer(string OfficerName, string Password)
AuthenticateService()
HasOfficerRightForAction(int action, out int right)
3
SafeGuard® Enterprise 5.50, Management API
1.3 Users & Computers management
The following methods are available:
CreateDirectoryConnection(string dsn, string userName, string
password, string serverNameIP, string port, int SSL)
DeleteDirectoryConnection(string dsn)
SynchronizeDirectory(string dsn, string adsStartContainer, int
includeSubContainers, string logFilePathName, int membership,
int accountState, int takeCareOfMovedObjects)
GetOneObject(string searchName, string adsStartObject, int filter, out
string adsObject, out string type)
GetObjectInitialize(string searchName, string adsStartObject, int
filter, out int hitCount)
GetObjectByIndex(int index, out string adsObject, out string type)
GetObjectFinalize()
GetMemberOfGroupInitialize(string adsGroup, out int hitCount)
GetMemberOfGroupByIndex(int index, out string adsMember, out string
type)
GetMemberOfGroupFinalize()
CreateUser(string userLogonName, string userFullName, string
adsContainer, out string adsUser)
RenameUser(string adsUser, string newUserFullName, out string
newAdsUser)
DeleteUser(string adsUser)
MoveUser(string adsUser, string adsToContainer, out string newAdsUser)
AddUserToGroup(string adsUser, string adsToGroup)
RemoveUserFromGroup(string adsUser, string adsFromGroup)
GetUserProperty(string adsUser, string property, out string value)
SetUserProperty(string adsUser, string property, string value)
CreateMachine(string machineName, string adsContainer, out string
adsMachine)
RenameMachine(string adsMachine, string newMachineName, out string
newAdsMachine)
4
SafeGuard® Enterprise 5.50, Management API
DeleteMachine(string adsMachine)
MoveMachine(string adsMachine, string adsToContainer, out string
newAdsMachine)
AddMachineToGroup(string adsMachine, string adsToGroup)
RemoveMachineFromGroup(string adsMachine, string adsFromGroup)
GetMachineProperty(string adsMachine, string property, out string
value)
SetMachineProperty(string adsMachine, string property, string value)
CreateOU(string ouName, string adsParentContainer, out string
newAdsOU)
CreateContainer(string containerName, string adsParentContainer, out
string newAdsContainer)
CreateDomain(string domainName, string distinguishedName, string
domainNetbios)
CreateWorkgroup(string workgroupName, out string newAdsWorkgroup)
RenameContainer(string adsContainer, string newContainerName, out
string newAdsContainer)
DeleteContainer(string adsContainer)
MoveContainer(string adsContainer, string adsToContainer, out string
newAdsContainer)
CreateGroup(string groupName, string adsContainer, out string
adsGroup)
RenameGroup(string adsGroup, string newGroupName, out string
newAdsGroup)
DeleteGroup(string adsGroup)
MoveGroup(string adsGroup, string adsToContainer, out string
newAdsGroup)
AddGroupToGroup(string adsGroup, string adsToGroup)
RemoveGroupFromGroup(string adsGroup, string adsFromGroup)
GetSGDProperty(string adsPath, string property, out string value)
SetSGDProperty(string adsPath, string property, string value)
5
SetObjectToAD(string adsPath)
SetObjectToSG(string adsPath)
ConvertADGuidToSGNGuid(object adGuid, out string sgnGuid)
1.4 User-computer assignment
The following methods are available:
CreateUMA(string adsUser, string adsMachine)
DeleteUMA(string adsUser, string adsMachine)
SetUMAProperty(string adsUser, string adsMachine, string property,
string value)
GetUMAProperty(string adsUser, string adsMachine, string property, out
string value)
GetUMAOfUserInitialize(string adsUser, out int hitCount)
SafeGuard® Enterprise 5.50, Management API
GetUMAOfUserByIndex(int index, out string adsMachine)
GetUMAOfUserFinalize()
GetUMAOfMachineInitialize(string adsMachine, out int hitCount)
GetUMAOfMachineByIndex(int index, out string adsUser)
GetUMAOfMachineFinalize()
1.5 Key generation and assignment
The following methods are available:
CreateKey (string adsObject, string desiredName, string binaryValue,
out string symbolic name, out string keyId)
GetKeyBySymbolicNameInitialize(string symbolicName, out int hitCount)
GetKeyBySymbolicNameByIndex(int index, out string keyId)
GetKeyBySymbolicNameFinalize()
GetKeyByIdInitialize(string keyId, out int hitCount)
GetKeyByIdByIndex(int index, out string keyId, out string keyName)
GetKeyByIdFinalize()
GetKeyProperty (string keyId, string property, out string value)
SetKeyProperty (string keyId, string property string value)
6
SafeGuard® Enterprise 5.50, Management API
AssignKey (string adsObject, string keyId)
DetachKey (string adsObject, string keyId)
GetAssignedKeyInitialize(string adsObject, out int hitCount)
GetAssignedKeyByIndex(string int index, out string keyId)
GetAssignedKeyFinalize()
GetAssignedObjectInitialize(string keyId, int out int hitCount)
GetAssignedObjectByIndex(int index, out string adsObject)
GetAssignedObjectFinalize()
1.6 Certificate assignment
The following methods are available:
ImportAndAssignCertToUser(string adsUser, string pathP12, string
pathP7)
CreateAndAssignCertForUser(string adsUser, string password)
GetCertOfUserInitialize(string adsUser, out int hitCount)
GetCertOfUserByIndex(int index, out string certId)
GetCertOfUserFinalize()
GetUserOfCertInitialize(string subject, string issuer, string serial,
out int hitCount)
GetUserOfCertByIndex(int index, out string adsUser)
GetUserOfCertFinalize()
GetOneCertificate(string subject, string issuer, string serial, out
string certId)
DetachCertFromUser(string adsUser, string certId)
GetCertInfo(string certId, out string subject, out string issuer, out
string serial, out string startDate, out string endDate)
DeleteCertFromDB(string certId)
RenewCertificate(string certId, string password)
ImportCRL(string pathCRL)
ImportCACert(string pathCACert)
DeleteCRL(string crlFileName)
DeleteAllCRL()
7
DeleteCACert(string subject, string issuer, string serial)
DeleteAllCACerts()
1.7 Token management
The following methods are available:
GetSlotIdInitialize(out int hitCount)
GetSlotIdByIndex(int index, out uint SlotId)
GetSlotIdFinalize()
SetUsedSlot(uint SlotId)
GetSlotInfo(out string description, out string manufacturer, out uint
flags, out string hwVersion, out string fwVersion)
GetTokenInfo(out string label, out string manufacturer, out string
model, out string serial, out string hwVersion, out string fwVersion)
SafeGuard® Enterprise 5.50, Management API
TokenPresent(out int isPresent)
InitUserPIN(string soPIN, string newUserPIN)
ChangeUserPIN(string oldUserPIN, string newUserPIN)
ChangeSOPIN(string oldSOPIN, string newSOPIN)
BlockUserPIN()
ForcePINChange(string userPIN)
DeletePINHistory(string userPIN)
WipeToken(string SOPIN, string newUserPIN)
IssueTokenForUser(string adsUser, string userPIN, string SOPIN)
GetSGNCredenials(string userPIN, out string userName, out string
domain)
SetSGNCredenials(string userPIN, string userName, string password,
string domain)
GetAssignedUser(out string adsAssignedUser)
GetAssignedTokensInitialize(string adsUser, out int hitCount)
GetAssignedTokensByIndex(int index, out string serial)
GetAssignedTokensFinalize()
EnableDisableTokenInDB(string tokenSN, int enable)
RemoveTokenFromDB(string tokenSN)
8
SafeGuard® Enterprise 5.50, Management API
P12ToToken(string pathP12, string P12password, string userPIN)
DeleteCertFromToken(string UserPIN, string subject, string issuer,
string serial)
GetCertFromTokenInitialize(out int hitCount)
GetCertFromTokenByIndex(int index, out string subject, out string
issuer, out string serial, out string expiryDate)
GetCertFromTokenFinalize()
CreateP12ByToken(string userPIN, string subject, string issuer, string
serial, int keylength)
P7FromToken(string subject, string issuer, string serial, string
filePathP7)
1.8 Inventory and status information
The following methods are available:
GetComputerInventory(string adsMachine, sting property, out string
value)
GetSoftwareInventory(string adsMachine, string softwareId, string
property, out string value)
GetSoftwareInventoryIdInitialize(string adsMachine, out int hitCount)
GetSoftwareInventoryIdByIndex(int index, out string softwareId)
GetSoftwareInventoryIdFinalize()
GetDriveInventory(string adsMachine, string driveId, string property,
out string value)
GetDriveInventoryIdInitialize(string adsMachine, out int hitCount)
GetDriveInventoryIdByIndex(int index, out string driveId)
GetDriveInventoryIdFinalize()
GetUserInventory(string adsMachine, string adsUser, string property,
out string value)
GetUserInventoryAdsInitialize(string adsMachine, out int hitCount)
GetUserInventoryAdsByIndex(int index, out string adsUser)
9
GetUserInventoryAdsFinalize()
1.9 Challenge/Response
The following methods are available:
CheckRecoveryType(string adsMachine, out int isLogon)
GetChallengeFlags(string adsMachine, string challenge, out int
challengeFlags)
CheckChallenge(string challenge, out int challengeErrorPart)
ComputeResponse(string adsUser, string adsMachine, string challenge,
int action, out string response)
BitLockerRecovery(string adsMachine, string drive, out string
response)
OfflineCheckBAKFile(string bakFileName, out int isLogon, out string
drive)
SafeGuard® Enterprise 5.50, Management API
OfflineGetChallengeFlags(string bakFileName, string challenge, out int
challengeFlags)
OfflineComputeResponse(string bakFileName, string challenge, int
action, out string response)
OfflineBitLockerRecovery(string bakFileName, string drive, out string
response)
GetVirtualClientInitialize(string searchName, out int hitCount)
GetVirtualClientByIndex(int index, out string virtualClientName, out
string virtualClientId)
GetVirtualClientFinalize()
GetVirtualClientKeyFileInitialize(string searchName, out int hitCount)
GetVirtualClientKeyFileByIndex(int index, out string keyFileName, out
string keyFileComment)
GetVirtualClientKeyFileFinalize()
VirtualClientWithKeyRecovery(string virtualClientId, string
virtualClientName, string keyId, string challenge, out string
response)
VirtualClientWithKeyFileRecovery(string virtualClientId, string
virtualClientName, string keyFileId, string challenge, out string
response)
10
SafeGuard® Enterprise 5.50, Management API
1.10 Reporting
The following methods are available:
DeleteAllEvents(string backupFilePathName)
DeleteEventsLeaveLast(int numberOfEvents, int orderByLogTime, string
backupFilePathName)
DeleteEventsOlderThan(string date, int orderByLogTime, string
backupFilePathName)
1.11 Misc
The following methods are available:
ResetCertificateStore(string password)
ExportCompanyCertificate(string p7Filename, string p12Filename, string
p12Password, int overwriteExisting)
AddP12ToCertStore(string certStoreName, string certStorePassword,
string p12Filename, string password)
AddP7ToCertStore(string certStoreName, string p7Filename)
ExportOfficerCertificate(string p7Filename, string p12Filename, string
p12Password, int overwriteExisting )
1.12 Service Accounts
The following methods are available:
RenameServiceAccount (string listName, string oldName, string newName,
string oldDomain, string newDomain)
DeleteServiceAccount (string listName, string name, string domain)
ServiceAccountExists (string listName, string name, string domain, out
int exists)
CreateServiceAccountList (string listName)
RenameServiceAccountList (string listName, string newListName)
DeleteServiceAccountList (string listName)
11
AddServiceAccountToServiceAccountList (string listName, string
userName, string domain)
RemoveServiceAccountFromList (string listName, string userName, string
domain)
SafeGuard® Enterprise 5.50, Management API
ServiceAccountListExists (string listName, out int exists)
InitializeServiceAccountLists (out int hitCount)
GetServiceAccountListsByIndex (int index, out string name)
GetServiceAccountMembersByIndex (string listName, int index, out
string username, out string domain)
GetServiceAccountMembersCount (string listName, out int count)
12
SafeGuard® Enterprise 5.50, Management API
2 Detailed API Description
2.1 General
2.1.1 Authentication
A Security Officer has to authenticate against SafeGuard Enterprise Scripting.
2.1.2 General methods
Each class in the SafeGuard Enterprise Scripting API has an Initialize() and a FreeResource()
method which needs to be called before and after using the object. The main module (“Base”)
implements a GetLastError method which can be used for advanced error processing.
2.1.3 Enumerating result lists using wildcard search methods
The wildcard search methods are intended to be used for enumerating result lists with multiple
entries.
The initialize function “GetNameInitialized(searchparams, out int hitCount)” creates a result set
of search parameters and a hit count.
The by-index-function “GetNameByIndex(int index, outputparams)” delivers the result at
position index. To show all results, start a loop with an index of 0 (zero) and call the method
repeatedly with an index increased by 1. If the method returns NO_MORE_DATA, the end of the
list has been reached.
The finalize function “GetNameFinalize()” deletes the result set and a new search can be started.
A new initialize function without a finalize function of the old wildcard search returns an error.
2.1.4 Additional permission “Execute Script”
An additional permission for security officers (initially MSO and SO) “Execute Script” has been
introduced. A security officer who is logged on, but does not have this permission, will not be able
to perform any operations using the Scripting API (except Initialize and FreeResources). Like all
other permissions, “Execute Script” can be configured to use additional authentication. In
contrast to operations in the GUI, configuring additional authentication for “Execute Script” will
result in the fact that the script cannot be executed at all as additional authentication is not
supported by the Scripting API!
13
SafeGuard® Enterprise 5.50, Management API
2.1.5 “Execute Script” for SafeGuard Enterprise Servers
Scripts can be executed unattendedly on each SafeGuard Enterprise Server. In order to prevent
unauthorized script execution, a SafeGuard Enterprise Server will not have the right “Execute
Script” by default. The MSO needs to explicitly allow script execution for a registered SafeGuard
Enterprise Server.
To allow script execution for a registered SafeGuard Enterprise Server, the MSO has to proceed
as follows:
1. In the menu bar of the SafeGuard Management Center, select Tools > Configuration Package
Tool.
2. In tab Register Server, select check box Scripting allowed for the registered SafeGuard
Enterprise Server.
3. Click button Close.
The SafeGuard Enterprise Server now has the right “Execute Script“.
2.2 API for Base
2.2.1 Int32 <each Class>::Initialize()
Initialize() has to be called prior to any other method calls of the object concerned.
2.2.2 Int32 <each Class>::FreeResources()
FreeResources() releases resources needed by the API. Calling FreeResources() on the main
module (“Base”) will release the Security Officer session.
2.2.3 Int32 Base::CreateDirectoryClassInstance ()
Creates a new instance for Directory. This is necessary for using the API for Users & Computers
management and assignment.
2.2.4 Int32 Base::CreateUMAClassInstance()
Creates a new instance for UMA. This is necessary for using the API for user-computer
assignment (UMA).
14
SafeGuard® Enterprise 5.50, Management API
2.2.5 Int32 Base::CreateKeysClassInstance()
Creates a new instance for Keys. This is necessary for using the API for key generation and
assignment.
2.2.6 Int32 Base::CreateCertificatesClassInstance()
Creates a new instance for Certificates. This is necessary for using the API for certificate
assignment.
2.2.7 Int32 Base::CreateTokenClassInstance()
Creates a new instance for Token. This is necessary for using the API for token management.
2.2.8 Int32 Base::CreateInventoryClassInstance()
Creates a new instance for Inventory. This is necessary for using the API for topic inventory and
status information.
2.2.9 Int32 Base::CreateCRClassInstance()
Creates a new instance for CR. This is necessary for using the API for Challenge/Response.
2.2.10 Int32 Base::CreateReportsClassInstance()
Creates a new instance for Reports. This is necessary for using the API for reporting.
2.2.11 Int32 Base::CreateMiscClassInstance()
Creates a new instance for Misc. Contains miscellaneous functions required to set up and
maintain the system.
2.2.12 Int32 Base::CreateServiceAccountsClassInstance()
Creates a new instance for service accounts.
15
SafeGuard® Enterprise 5.50, Management API
2.2.13 Uint32 Base::GetLastError(out string errorText)
Retrieves a textual representation of the last (internal) error occurred.
errorText Error message belonging to the internal error code.
Note: In contrast to other API methods this method returns an unsigned integer which holds the
internal error code.
2.2.14 Int32 Base::AuthenticateOfficer(string officerName, string pinOrPassword, string confFilePathName)
Authenticates the currently logged on user against the SafeGuard Enterprise Scripting API.
Authentication is mandatory prior to using the API.
officerName Name of the officer to be authenticated.
pinOrPassword Either the password for the certificate store of the logged on
user in case of “no Token” or “Token optional”, or the PIN
of the plugged in token in case of “Token optional” or
“Token mandatory”. The private key required for
authentication must be available in the relevant location
(token or certificate store).
confFilePathName Path and file name of the .conf file to be used [optional].
16
SafeGuard® Enterprise 5.50, Management API
2.2.15 Int32 Base::AuthenticateOfficerMT(string officerName, string pinOrPassword, string configurationName)
Authenticates an officer in a multi tenancy environment. The desired configuration name has to
be provided. Refer to the documentation of Multi Tenancy for further information concerning
configurations. Authentication is mandatory prior to using the API.
officerName Name of the officer to be authenticated.
pinOrPassword Either the password for the certificate store of the logged on
user in case of “no Token” or “Token optional”, or the PIN
of the plugged in token in case of “Token optional” or
“Token mandatory”. The private key required for
authentication must be available in the relevant location
(token or certificate store).
configurationName Name of the configuration to be used.
Note: SafeGuard Enterprise saves the configurations available
on the system
at:<CSIDL_LOCAL_APPDATA>\Utimaco\SafeGuard
Enterprise\Configuration.
2.2.16 Int32 Base::AuthenticateWHDOfficer(string OfficerName,
string Password)
Authenticates Web Helpdesk officers by their P12 file stored in the database.
officerName Name of the officer to be authenticated.
Password Password provided
2.2.17 Int32 Base::AuthenticateService()
Authenticates a service account against the SafeGuard Enterprise Scripting API. Authentication is
mandatory prior to using the API. This method can be used when a script is executed on a
SafeGuard Enterprise Server, where a logged on user is not required.
Note: This method will work on activated SafeGuard Enterprise Servers only. Therefore scripts
using this authentication method will only run on SafeGuard Enterprise Servers, see Installation/
environment on page 80.
All actions performed by the script when using AuthenticateService will be done with the
SafeGuard Enterprise Server SO account which is a Master Security Officer (same user as used by
the SafeGuard Enterprise Web Service).
17
SafeGuard® Enterprise 5.50, Management API
2.3 API for Users & Computers management
2.3.1 Int32 Directory::CreateDirectoryConnection (string dsn, string userName, string password, string serverNameIP, string port, int SSL)
Creates a new connection to a directory. The connection will be tested immediately and the
process will fail if the connection does not work. The connection will be stored in the SafeGuard
Enterprise database and will also appear in the GUI.
dsn Distinguished name of the directory service to connect to.
userName User to be used for connecting to the directory service.
password Password of the user.
serverNameIP Server name or IP number.
port Port number to be used.
SSL 0 = No SSL connection.
1 = SSL connection.
2.3.2 Int32 Directory::DeleteDirectoryConnection(string dsn)
Deletes an existing directory connection from the SafeGuard Enterprise database.
dsn Distinguished name of the directory connection.
18
SafeGuard® Enterprise 5.50, Management API
2.3.3 Int32 Directory::SynchronizeDirectory(string dsn,
string adsStartContainer, int includeSubContainers,
string logFilePathName, int membership, int accountState,
int takeCareOfMovedObjects)
Synchronizes a container (optional including subcontainers) with the SafeGuard Enterprise
database.
dsn Distinguished name of the directory connection.
adsStartContainer Full ADS path to the container where the synchronisation
should start from.
includeSubContainers 0 = Synchronize only 1st level children of the container (but
no containers).
1 = Include all subcontainers of container.
logFilePathName Full path and file name of the log file.
membership 0 = Without memberships.
1 = Memberships will be synchronized too.
accountState 0 = Synchronize the "user enabled" state during 1st
synchronization only.
1 = Always synchronize the "user enabled" state.
int takeCareOfMovedObjects 0 = Ignore moved directory objects, even if they were moved
to a container which is also managed by SafeGuard
Enterprise.
1 = Take care of moved objects and synchronize them with
the new container, if the container is managed by
SafeGuard Enterprise.
Note:
If large data amounts are to be synchronized, it is
recommended to set parameter takeCareOfMovedObjects to
0.
Note: If the log file already exists, data will be appended.
Moved containers will be automatically synchronized in the way this is performed by the GUI.
This means, that new containers may appear in the SafeGuard Enterprise database as they include
containers which were moved in the directory service.
As soon as parameter takeCareOfMovedObjects is set to 0, moved containers, users and
machines will be ignored, so they may be deleted including assigned certificates etc.
19
SafeGuard® Enterprise 5.50, Management API
2.3.4 Int32 Directory::GetOneObject(string searchName,
string adsStartObject, int filter, out string adsObject, out string type)
Returns an object (machine, user, etc.) in the SafeGuard Enterprise directory. For more than one
object hit, GetOneObject returns an error code.
searchName Search name (wildcards * are not allowed).
adsStartObject Full ADS path to the object where the search should start
from recursively, an empty string for a search in the whole
tree (not for filter = 3).
filter The type of search, i.e. the type of the result object.
Possible values for filter are:
0 All objects (except local user)
1 Computer
2 User (except local user)
3 Local user
4 Logon name (except local user)
5 Groups
6 Container
7 OU
8 Workgroups
9 Domains
10 Object GUID
Note:
When searching for local users (filter = 3), you have to
specify a start node for adsStartObject.
[out] adsObject The ADS path of the object found.
20
SafeGuard® Enterprise 5.50, Management API
[out] type The type of the object found at the specified index, an empty
string, if no object was found.
Possible values of type are:
user Denotes a user object.
group Denotes a group object.
computer Denotes a machine object.
container Denotes a container (not an
organizationalunit Denotes an OU.
domaindns Denotes a domain node.
s g r o o t D e n o t e s t h e S a f e G u a r d
sgauthmachinegroup Denotes the SafeGuard
sgauthusergroup Denotes the SafeGuard
sgcontainerunknownobjects Denotes the SafeGuard
OU).
Enterprise specific root
element (exists only once).
Enterprise specific virtual
group “.Authenticated
machines”.
Enterprise specific virtual
group “.Authenticated
users”.
Enterprise specific virtual
group “.Autoregistered”.
21
SafeGuard® Enterprise 5.50, Management API
2.3.5 Int32 Directory::GetObjectInitialize(string searchName,
string adsStartObject, int filter, out int hitCount)
Creates a result set of the wildcard search for the object (machine, user, etc.) in the SafeGuard
Enterprise directory.
searchName Search name (wildcards * are allowed).
adsStartObject Full ADS path to the object where the search should start
from recursively,
an empty string for a search in the whole tree (not for filter =
3).
filter The type of search, i.e. the type of the result object.
Possible values for filter are:
0 All objects (except local user)
1 Computer
2 User (except local user)
3 Local user
4 Logon name (except local user)
5 Groups
6 Container
7 OU
8 Workgroups
9 Domains
10 Object GUID
[out] hitCount Count of all hits in the result set.
22
SafeGuard® Enterprise 5.50, Management API
2.3.6 Int32 Directory::GetObjectByIndex(int index, out string adsObject,
out string type)
Returns the object (machine, user, ...) found at a specified index in the SafeGuard Enterprise
directory.
index Index of the child object, zero-based.
[out] adsObject The ADS path of the object found at the specified index, an
empty string,
if no object was found.
[out] type The type of the object found at the specified index, an empty
string, if no object was found.
Possible values of type are:
user Denotes a user object.
group Denotes a group object.
computer Denotes a machine object.
container Denotes a container (not an
OU).
organizationalunit Denotes an OU.
domaindns Denotes a domain node.
sgroot Denotes the SafeGuard
Enterprise specific root
element (exists only once).
sgauthmachinegroup Denotes the SafeGuard
Enterprise specific virtual
group “.Authenticated
machines”.
sgauthusergroup Denotes the SafeGuard
Enterprise specific virtual
group “.Authenticated
users”.
sgcontainerunknownobjects Denotes the SafeGuard
Enterprise specific virtual
group “.Autoregistered”.
23
SafeGuard® Enterprise 5.50, Management API
2.3.7 Int32 Directory::GetObjectFinalize()
Finalizes the wildcard search and deletes the result set. A new search can be started.
Note: You have to call the finalize function to be able to start a new search. Calling a new initialize
function without calling the finalize function of the old wildcard search first, results in error code
ACTION_NOT_FINALIZED.
2.3.8 Int32 Directory::GetMemberOfGroupInitialize(string adsGroup,
out int hitCount)
Creates a result set of the wildcard search for the member object of a group in the SafeGuard
Enterprise directory.
adsGroup ADS path of the group to retrieve the member objects from.
[out] hitCount The count of all hits in the result set.
2.3.9 Int32 Directory::GetMemberOfGroupByIndex(int index,
out string adsMember, out string type)
Returns the member object at a specified index of a group in the SafeGuard Enterprise directory.
This method can be used to enumerate group members.
index Index of the child object, zero-based.
[out] adsMember The ADS path of the member object found at the specified
index. If no member was found, this is an empty string.
[out] type The type of object found at the specified index. If no object
was found, this is an empty string.
Possible values of type are:
user Denotes a user object.
group Denotes a group object.
computer Denotes a machine object.
2.3.10 Int32 Directory::GetMemberOfGroupFinalize()
Finalizes the wildcard search and deletes the result set. A new search can be started.
Note: You have to call the finalize function to be able to start a new search. Calling a new initialize
function without calling the finalize function of the old wildcard search first, results in error code
ACTION_NOT_FINALIZED.
24
Loading...