Beispiel #1
0
        public static ADObject CreateIdentityCopy(ADObject sourceObj)
        {
            object   item;
            ADObject aDObject = new ADObject();

            string[] identityPropertyNames = ADObject.IdentityPropertyNames;
            for (int i = 0; i < (int)identityPropertyNames.Length; i++)
            {
                string str = identityPropertyNames[i];
                if (!aDObject.Contains(str))
                {
                    item = sourceObj[str];
                    if (item != null)
                    {
                        aDObject.Add(str, item);
                    }
                }
            }
            foreach (string propertyName in sourceObj.InternalProperties.PropertyNames)
            {
                if (aDObject.InternalProperties.Contains(propertyName))
                {
                    continue;
                }
                item = sourceObj.InternalProperties[propertyName].Value;
                if (item == null)
                {
                    continue;
                }
                aDObject.InternalProperties.SetValue(propertyName, item);
            }
            return(aDObject);
        }
Beispiel #2
0
        private static bool SetAndValidateClaimSourceType(ADObject directoryObj, StringBuilder errorBuffer)
        {
            bool flag = false;

            if (!directoryObj.Contains("msDS-ClaimSource"))
            {
                if (directoryObj.Contains("msDS-ClaimAttributeSource"))
                {
                    directoryObj.SetValue("msDS-ClaimSourceType", "AD");
                }
            }
            else
            {
                if (!directoryObj.Contains("msDS-ClaimValueType"))
                {
                    directoryObj.Add("msDS-ClaimValueType", (long)6);
                }
                else
                {
                    long?value = (long?)(directoryObj["msDS-ClaimValueType"].Value as long?);
                    if (value.Value != (long)6)
                    {
                        flag = true;
                        errorBuffer.AppendLine(StringResources.CTSourceOIDValueTypeError);
                    }
                }
                directoryObj.SetValue("msDS-ClaimSourceType", "Certificate");
            }
            return(!flag);
        }
        private static void UpdateNTMixedDomainMode(CmdletSessionInfo cmdletSessionInfo, int ntMixedDomainMode)
        {
            ADObject aDObject = new ADObject();

            aDObject.DistinguishedName = cmdletSessionInfo.ADRootDSE.DefaultNamingContext;
            using (ADActiveObject aDActiveObject = new ADActiveObject(cmdletSessionInfo.ADSessionInfo, aDObject))
            {
                aDObject.TrackChanges = true;
                aDObject.Add("ntMixedDomain", ntMixedDomainMode);
                aDActiveObject.Update();
            }
        }
Beispiel #4
0
        private bool SyncADObjectProcessCSRoutine()
        {
            CmdletSessionInfo cmdletSessionInfo;
            ADRootDSE         rootDSE;
            ADObject          directoryObjectFromIdentity;
            bool   flag;
            string empty;

            this.ValidateParameters();
            ADObject obj         = this._cmdletParameters.Object;
            string   destination = this._cmdletParameters.Destination;

            if (this.sourceServer == null)
            {
                if (!obj.IsSearchResult)
                {
                    if (this.currentADDriveServer == null)
                    {
                        object[] objArray = new object[1];
                        objArray[0] = "Source";
                        throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.ParameterRequired, objArray));
                    }
                    else
                    {
                        this.sourceServer = this.currentADDriveServer;
                    }
                }
                else
                {
                    this.sourceServer = obj.SessionInfo.Server;
                }
            }
            try
            {
                cmdletSessionInfo = this.GetCmdletSessionInfo();
            }
            catch (ADServerDownException aDServerDownException1)
            {
                ADServerDownException aDServerDownException = aDServerDownException1;
                object[] objArray1 = new object[1];
                objArray1[0] = destination;
                throw new ADServerDownException(string.Format(CultureInfo.CurrentCulture, StringResources.DestinationServerDown, objArray1), aDServerDownException.InnerException, destination);
            }
            if (!cmdletSessionInfo.ADRootDSE.IsWritable() || !this._cmdletParameters.GetSwitchParameterBooleanValue("PasswordOnly"))
            {
                string        dSServiceName = null;
                ADSessionInfo aDSessionInfo = cmdletSessionInfo.ADSessionInfo.Copy();
                aDSessionInfo.Server = this.sourceServer;
                string distinguishedName = null;
                using (ADObjectSearcher aDObjectSearcher = new ADObjectSearcher(aDSessionInfo))
                {
                    try
                    {
                        rootDSE       = aDObjectSearcher.GetRootDSE();
                        dSServiceName = rootDSE.DSServiceName;
                    }
                    catch (ADIdentityNotFoundException aDIdentityNotFoundException)
                    {
                        object[] objArray2 = new object[1];
                        objArray2[0] = this.sourceServer;
                        throw new ADServerDownException(string.Format(CultureInfo.CurrentCulture, StringResources.SourceServerDown, objArray2), this.sourceServer);
                    }
                    if (!obj.IsSearchResult)
                    {
                        ADCmdletCache aDCmdletCache = new ADCmdletCache();
                        aDSessionInfo.ServerType = Utils.ADServerTypeFromRootDSE(rootDSE);
                        CmdletSessionInfo cmdletSessionInfo1 = new CmdletSessionInfo(aDSessionInfo, rootDSE, rootDSE.DefaultNamingContext, rootDSE.DefaultNamingContext, rootDSE.DefaultNamingContext, aDSessionInfo.ServerType, aDCmdletCache, this, null, this._cmdletParameters);
                        this._adObjectFactory.SetCmdletSessionInfo(cmdletSessionInfo1);
                        try
                        {
                            directoryObjectFromIdentity = this._adObjectFactory.GetDirectoryObjectFromIdentity(obj, cmdletSessionInfo1.DefaultPartitionPath);
                            distinguishedName           = directoryObjectFromIdentity.DistinguishedName;
                        }
                        catch (ADIdentityNotFoundException aDIdentityNotFoundException2)
                        {
                            this._adObjectFactory.SetCmdletSessionInfo(cmdletSessionInfo);
                            try
                            {
                                directoryObjectFromIdentity = this._adObjectFactory.GetDirectoryObjectFromIdentity(obj, cmdletSessionInfo.DefaultPartitionPath);
                                Guid?objectGuid = directoryObjectFromIdentity.ObjectGuid;
                                distinguishedName = string.Concat("<GUID=", objectGuid.ToString(), ">");
                            }
                            catch (ADIdentityNotFoundException aDIdentityNotFoundException1)
                            {
                                object[] str = new object[1];
                                str[0] = obj.ToString();
                                throw new ADIdentityNotFoundException(string.Format(CultureInfo.CurrentCulture, StringResources.ObjectToReplicateNotFoundOnSource, str));
                            }
                        }
                        aDCmdletCache.Clear();
                    }
                    else
                    {
                        distinguishedName = obj.DistinguishedName;
                    }
                }
                ADObject aDObject = new ADObject();
                aDObject.DistinguishedName = "";
                string str1 = string.Concat(dSServiceName, ":", distinguishedName);
                if (this._cmdletParameters.GetSwitchParameterBooleanValue("PasswordOnly"))
                {
                    str1 = string.Concat(str1, ":SECRETS_ONLY");
                }
                aDObject.Add("replicateSingleObject", str1);
                aDObject.TrackChanges = false;
                using (ADActiveObject aDActiveObject = new ADActiveObject(cmdletSessionInfo.ADSessionInfo, aDObject))
                {
                    if (base.ShouldProcessOverride(obj.IdentifyingString, "Sync"))
                    {
                        try
                        {
                            aDActiveObject.Update();
                        }
                        catch (ADIdentityNotFoundException aDIdentityNotFoundException3)
                        {
                            object[] objArray3 = new object[2];
                            objArray3[0] = this.sourceServer;
                            objArray3[1] = destination;
                            throw new ADIdentityNotFoundException(string.Format(CultureInfo.CurrentCulture, StringResources.SourceServerObjNotFoundOrObjToReplicateNotFound, objArray3));
                        }
                        catch (ArgumentException argumentException1)
                        {
                            ArgumentException argumentException = argumentException1;
                            Win32Exception    win32Exception    = new Win32Exception(0x200a);
                            if (string.Compare(win32Exception.Message, 0, argumentException.Message, 0, win32Exception.Message.Length, StringComparison.OrdinalIgnoreCase) != 0 || string.Compare("replicateSingleObject", argumentException.ParamName, StringComparison.OrdinalIgnoreCase) != 0)
                            {
                                throw argumentException;
                            }
                            else
                            {
                                object[] objArray4 = new object[1];
                                objArray4[0] = destination;
                                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.DestinationServerDoesNotSupportSynchronizingObject, objArray4));
                            }
                        }
                        if (this._cmdletParameters.GetSwitchParameterBooleanValue("PassThru"))
                        {
                            this._adObjectFactory.SetCmdletSessionInfo(cmdletSessionInfo);
                            ADObject extendedObjectFromDN = this._adObjectFactory.GetExtendedObjectFromDN(distinguishedName);
                            base.WriteObject(extendedObjectFromDN);
                        }
                        return(false);
                    }
                    else
                    {
                        flag = false;
                    }
                }
                return(flag);
            }
            else
            {
                CultureInfo currentCulture = CultureInfo.CurrentCulture;
                string      passwordOnlySwitchAllowedOnlyOnRODC = StringResources.PasswordOnlySwitchAllowedOnlyOnRODC;
                object[]    objArray5   = new object[1];
                object[]    objArray6   = objArray5;
                int         num         = 0;
                string      dNSHostName = cmdletSessionInfo.ADRootDSE.DNSHostName;
                int?        portLDAP    = cmdletSessionInfo.ADRootDSE.PortLDAP;
                if (!portLDAP.HasValue)
                {
                    empty = string.Empty;
                }
                else
                {
                    int?nullable = cmdletSessionInfo.ADRootDSE.PortLDAP;
                    empty = string.Concat(":", nullable.ToString());
                }
                objArray6[num] = string.Concat(dNSHostName, empty);
                throw new ArgumentException(string.Format(currentCulture, passwordOnlySwitchAllowedOnlyOnRODC, objArray5));
            }
        }
Beispiel #5
0
        internal static bool UnprotectFromAccidentalDeletion(ADObject directoryObj, CmdletSessionInfo cmdletSessionInfo)
        {
            ADObject cachedObject;
            bool     hasValue;
            string   value = directoryObj["distinguishedName"].Value as string;

            if (!directoryObj.Contains("nTSecurityDescriptor") || !directoryObj.Contains("sdRightsEffective"))
            {
                cachedObject = ProtectedFromDeletionUtil.GetCachedObject(value, ProtectedFromDeletionUtil.AttributesToFetchOnObject, cmdletSessionInfo);
            }
            else
            {
                cachedObject = directoryObj;
                ProtectedFromDeletionUtil.AddObjectToCache(directoryObj, cmdletSessionInfo);
            }
            if (cachedObject != null)
            {
                bool?nullable = ProtectedFromDeletionUtil.IsProtectedFromDeletion(cachedObject, cmdletSessionInfo);
                if (nullable.HasValue)
                {
                    bool?nullable1 = nullable;
                    if (nullable1.GetValueOrDefault())
                    {
                        hasValue = false;
                    }
                    else
                    {
                        hasValue = nullable1.HasValue;
                    }
                    if (!hasValue)
                    {
                        if (Utils.HasFlagsSet((int)cachedObject["sdRightsEffective"].Value, 4))
                        {
                            ActiveDirectorySecurity activeDirectorySecurity = (ActiveDirectorySecurity)cachedObject["nTSecurityDescriptor"].Value;
                            activeDirectorySecurity.RemoveAccessRule(ProtectedFromDeletionUtil.ACEConstants.DeleteAndDeleteTreeAccessRule);
                            if (!directoryObj.Contains("nTSecurityDescriptor"))
                            {
                                directoryObj.Add("nTSecurityDescriptor", activeDirectorySecurity);
                            }
                            else
                            {
                                directoryObj["nTSecurityDescriptor"].Value = activeDirectorySecurity;
                            }
                            return(true);
                        }
                        else
                        {
                            object[] objArray = new object[1];
                            objArray[0] = directoryObj["distinguishedName"].Value;
                            throw new ADException(string.Format(CultureInfo.CurrentCulture, StringResources.InsufficientPermissionsToProtectObject, objArray));
                        }
                    }
                    else
                    {
                        return(false);
                    }
                }
                else
                {
                    object[] value1 = new object[1];
                    value1[0] = directoryObj["distinguishedName"].Value;
                    throw new ADException(string.Format(CultureInfo.CurrentCulture, StringResources.InsufficientPermissionsToProtectObject, value1));
                }
            }
            else
            {
                object[] objArray1 = new object[1];
                objArray1[0] = directoryObj["distinguishedName"].Value;
                throw new ADException(string.Format(CultureInfo.CurrentCulture, StringResources.InsufficientPermissionsToProtectObject, objArray1));
            }
        }
Beispiel #6
0
        internal static bool ProtectFromAccidentalDeletion(ADObject directoryObj, CmdletSessionInfo cmdletSessionInfo)
        {
            ADObject cachedObject;
            string   value = directoryObj["distinguishedName"].Value as string;

            if (!directoryObj.Contains("nTSecurityDescriptor") || !directoryObj.Contains("sdRightsEffective"))
            {
                cachedObject = ProtectedFromDeletionUtil.GetCachedObject(value, ProtectedFromDeletionUtil.AttributesToFetchOnObject, cmdletSessionInfo);
            }
            else
            {
                cachedObject = directoryObj;
                ProtectedFromDeletionUtil.AddObjectToCache(directoryObj, cmdletSessionInfo);
            }
            if (cachedObject == null || !cachedObject.Contains("nTSecurityDescriptor") || cachedObject["nTSecurityDescriptor"].Value == null)
            {
                object[] objArray = new object[1];
                objArray[0] = directoryObj["distinguishedName"].Value;
                throw new ADException(string.Format(CultureInfo.CurrentCulture, StringResources.InsufficientPermissionsToProtectObject, objArray));
            }
            else
            {
                if (ProtectedFromDeletionUtil.EveryoneDeniedDeleteAndDeleteTree(cachedObject) || Utils.HasFlagsSet((int)cachedObject["sdRightsEffective"].Value, 4))
                {
                    if (!Utils.IsNamingContext(cachedObject) && !Utils.IsDeleted(cachedObject))
                    {
                        string   parentPath = ADPathModule.GetParentPath(value, null, ADPathFormat.X500);
                        ADObject aDObject   = ProtectedFromDeletionUtil.GetCachedObject(parentPath, ProtectedFromDeletionUtil.AttributesToFetchOnParent, cmdletSessionInfo);
                        if (aDObject != null && !ProtectedFromDeletionUtil.EveryoneDeniedDeleteChild(aDObject))
                        {
                            if (Utils.HasFlagsSet((int)aDObject["sdRightsEffective"].Value, 4))
                            {
                                ActiveDirectorySecurity activeDirectorySecurity = (ActiveDirectorySecurity)aDObject["nTSecurityDescriptor"].Value;
                                activeDirectorySecurity.AddAccessRule(ProtectedFromDeletionUtil.ACEConstants.DeleteChildAccessRule);
                                using (ADActiveObject aDActiveObject = new ADActiveObject(cmdletSessionInfo.ADSessionInfo, aDObject))
                                {
                                    aDObject.TrackChanges = true;
                                    aDObject["nTSecurityDescriptor"].Value = activeDirectorySecurity;
                                    aDActiveObject.Update();
                                }
                            }
                            else
                            {
                                object[] value1 = new object[2];
                                value1[0] = directoryObj["distinguishedName"].Value;
                                value1[1] = aDObject["distinguishedName"].Value;
                                throw new ADException(string.Format(CultureInfo.CurrentCulture, StringResources.InsufficientPermissionsToProtectObjectParent, value1));
                            }
                        }
                    }
                    ActiveDirectorySecurity activeDirectorySecurity1 = (ActiveDirectorySecurity)cachedObject["nTSecurityDescriptor"].Value;
                    if (ProtectedFromDeletionUtil.EveryoneDeniedDeleteAndDeleteTree(cachedObject))
                    {
                        return(false);
                    }
                    else
                    {
                        activeDirectorySecurity1.AddAccessRule(ProtectedFromDeletionUtil.ACEConstants.DeleteAndDeleteTreeAccessRule);
                        if (!directoryObj.Contains("nTSecurityDescriptor"))
                        {
                            directoryObj.Add("nTSecurityDescriptor", activeDirectorySecurity1);
                        }
                        else
                        {
                            directoryObj["nTSecurityDescriptor"].Value = activeDirectorySecurity1;
                        }
                        return(true);
                    }
                }
                else
                {
                    object[] objArray1 = new object[1];
                    objArray1[0] = directoryObj["distinguishedName"].Value;
                    throw new ADException(string.Format(CultureInfo.CurrentCulture, StringResources.InsufficientPermissionsToProtectObject, objArray1));
                }
            }
        }