public void DRSR_DRSReplicaAdd_Failed_V1_DuplicatedSource()
        {
            DrsrTestChecker.Check();

            drsTestClient.SyncDCs(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.Machine.WritableDC2);

            drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            uint ret = drsTestClient.DrsReplicaAdd(EnvironmentConfig.Machine.WritableDC1, DRS_MSG_REPADD_Versions.V1, (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC2], DRS_OPTIONS.DRS_WRIT_REP, NamingContext.ConfigNC);

            if (ret == 0)
            {
                //possible that dc didn't add the source back
                ret = drsTestClient.DrsReplicaAdd(EnvironmentConfig.Machine.WritableDC1, DRS_MSG_REPADD_Versions.V1, (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC2], DRS_OPTIONS.DRS_WRIT_REP, NamingContext.ConfigNC);
            }

            BaseTestSite.Assert.AreEqual <uint>((uint)Win32ErrorCode_32.ERROR_DS_DRA_DN_EXISTS, ret, "server should return ERROR_DS_DRA_DN_EXISTS to V1 request if source is already in repsFrom");
        }
        public void DRSR_DRSReplicaDel_Failed_InvalidNC()
        {
            DrsrTestChecker.Check();
            NeedRepSourceUpdate need = new NeedRepSourceUpdate(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.Machine.WritableDC2, NamingContext.ConfigNC);

            UpdatesStorage.GetInstance().PushUpdate(need);
            drsTestClient.SyncDCs(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.Machine.WritableDC2);

            drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            DRS_MSG_REPDEL req = GenerateReplicaDelReq(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.Machine.WritableDC2);

            BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "Set pNC to default empty DSNAME");
            req.V1.pNC = DrsuapiClient.CreateDsName(null, Guid.Empty, null);
            uint ret = drsTestClient.DRSClient.DrsReplicaDel(EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1], 1, req);

            BaseTestSite.Assert.AreEqual <uint>((uint)Win32ErrorCode_32.ERROR_DS_DRA_BAD_NC, ret, "server should return ERROR_DS_DRA_BAD_NC if pNC is invalid but not null");
        }
        public void DRSR_DRSReplicaDel_Failed_NullDsaSrc()
        {
            DrsrTestChecker.Check();
            NeedRepSourceUpdate need = new NeedRepSourceUpdate(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.Machine.WritableDC2, NamingContext.ConfigNC);

            UpdatesStorage.GetInstance().PushUpdate(need);
            drsTestClient.SyncDCs(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.Machine.WritableDC2);

            drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            DRS_MSG_REPDEL req = GenerateReplicaDelReq(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.Machine.WritableDC2);

            BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "Set pszDsaSrc to NULL");
            req.V1.pszDsaSrc = null;
            uint ret = drsTestClient.DRSClient.DrsReplicaDel(EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1], 1, req);

            BaseTestSite.Assert.AreEqual <uint>((uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER, ret, "server should return ERROR_DS_DRA_INVALID_PARAMETER if pszDsaSrc is null");
        }
        public void DRSR_DRSVerifyNames_Invalid_Input()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            /* comments from TD */

            /*
             * if  msgIn.dwFlags != DSR_VERIFY_DSNAMES and
             * msgIn.dwFlags != DRS_VERIFY_SAM_ACCOUNT_NAMES and
             * msgIn.dwFlags != DRS_VERIFY_SIDS and
             * msgIn.dwFlags != DRS_VERIFY_FPOS then
             * return ERROR_DS_DRA_INVALID_PARAMETER
             * endif
             *
             */


            /* Create request message */
            DRS_MSG_VERIFYREQ msgIn = drsTestClient.CreateDrsVerifyNamesV1Request();

            uint dwInVersion  = 1;
            uint?dwOutVersion = 0;
            DRS_MSG_VERIFYREPLY?reply;

            /* Setting param #1 */
            /*msgIn.V1.dwFlags = 0xff*/
            msgIn.V1.dwFlags = 0xff;

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsVerifyNames(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                dwInVersion,
                msgIn,
                out dwOutVersion,
                out reply);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
                ret,
                "DrsVerifyNames: return code mismatch."
                );
        }
Beispiel #5
0
        public void DRSR_DRSGetMemberships_Access_Denied()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainUser,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            /* comments from TD */

            /*
             * if not AccessCheckCAR(DefaultNC(), DS-Replication-Get-Changes) then
             * return ERROR_DS_DRA_ACCESS_DENIED
             * endif
             *
             */

            /* comments from likezh */

            /*
             * not AccessCheckCAR(DefaultNC(), DS-Replication-Get-Changes)
             */
            //throw new NotImplementedException();

            /* Create request message */
            DRS_MSG_REVMEMB_REQ msgIn = drsTestClient.CreateDrsGetMembershipsV1Request();

            uint dwInVersion  = 1;
            uint?dwOutVersion = 0;
            DRS_MSG_REVMEMB_REPLY?reply;

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsGetMemberships(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                dwInVersion,
                msgIn,
                out dwOutVersion,
                out reply);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_ACCESS_DENIED,
                ret,
                "DrsGetMemberships: return code mismatch."
                );
        }
        public void DRSR_DRSUpdateRefs_V1_Success_AddThenDel()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            try
            {
                BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "Try to delete replication destination from repsTo for later testing. It MAY fails if there is no such record to delete");
                drsTestClient.DrsUpdateRefs(EnvironmentConfig.Machine.WritableDC1, (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC2], DRS_OPTIONS.DRS_DEL_REF);
            }
            catch
            {
                BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "No similar record to delete in repsTo. It's OK to continue");
            }

            drsTestClient.DrsUpdateRefs(EnvironmentConfig.Machine.WritableDC1, (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC2], DRS_OPTIONS.DRS_ADD_REF);

            drsTestClient.DrsUpdateRefs(EnvironmentConfig.Machine.WritableDC1, (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC2], DRS_OPTIONS.DRS_DEL_REF);
        }
        public void DRSR_DRSReplicaDel_V1_Success_With0x8000flag()
        {
            DrsrTestChecker.Check();
            Site.Log.Add(LogEntryKind.Checkpoint, "Remove replication relationship between DC1 and DC2 for AppNC");
            DelReplicaSource delUpdate = new DelReplicaSource(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.Machine.WritableDC2, DRS_OPTIONS.NONE, EnvironmentConfig.User.ParentDomainAdmin, NamingContext.AppNC);

            drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC2, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            try
            {
                drsTestClient.DrsReplicaDel(EnvironmentConfig.Machine.WritableDC2, (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1], DRS_OPTIONS.NONE, NamingContext.AppNC);
            }
            catch
            {
            }
            drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            Site.Log.Add(LogEntryKind.Checkpoint, "Fully remove replication on DC1 for AppNC with NO_SOURCE flag");
            drsTestClient.DrsReplicaDel(EnvironmentConfig.Machine.WritableDC1, (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC2], DRS_OPTIONS.DRS_NO_SOURCE, NamingContext.AppNC);
        }
        public void DRSR_DRSGetObjectExistence_No_Master_Replica_Exists()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            /* comments from TD */

            /*
             * if not MasterReplicaExists(nc) then
             * return ERROR_DS_DRA_INVALID_PARAMETER
             * endif
             *
             */

            /* comments from likezh */

            /*
             * not MasterReplicaExists(nc)
             */
            //throw new NotImplementedException();

            /* Create request message */
            DRS_MSG_EXISTREQ msgIn = drsTestClient.CreateDrsGetObjectExistenceV1Request();

            uint dwInVersion  = 1;
            uint?dwOutVersion = 0;
            DRS_MSG_EXISTREPLY?reply;

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsGetObjectExistence(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                dwInVersion,
                msgIn,
                out dwOutVersion,
                out reply);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
                ret,
                "DrsGetObjectExistence: return code mismatch."
                );
        }
        public void DRSR_DRSReplicaSync_Invalid_Input_1()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            /* comments from TD */

            /*
             * options := msgIn.ulOptions
             * if msgIn.pNC = null
             * or (not DRS_SYNC_ALL in options
             * and msgIn.uuidDsaSrc = null
             * and msgIn.pszDsaSrc = null) then
             * return ERROR_DS_DRA_INVALID_PARAMETER
             * endif
             *
             */


            /* Create request message */
            DRS_MSG_REPSYNC msgIn = drsTestClient.CreateDrsReplicaSyncV1Request();

            uint dwInVersion = 1;

            /* Setting param #1 */
            /*msgIn.V1.pNC = null*/
            //msgIn.V1.pNC = null;

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsReplicaSync(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                dwInVersion,
                msgIn);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
                ret,
                "DrsReplicaSync: return code mismatch."
                );
        }
        public void DRSR_DRSGetObjectExistence_Invalid_Start_Guid()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            /* comments from TD */

            /*
             * if msgIn.guidStart = NULLGUID then
             * return ERROR_DS_DRA_INVALID_PARAMETER
             * endif
             *
             */


            /* Create request message */
            DRS_MSG_EXISTREQ msgIn = drsTestClient.CreateDrsGetObjectExistenceV1Request();

            uint dwInVersion  = 1;
            uint?dwOutVersion = 0;
            DRS_MSG_EXISTREPLY?reply;

            /* Setting param #1 */
            /*msgIn.V1.guidStart =  Guid.Empty*/
            msgIn.V1.guidStart = Guid.Empty;

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsGetObjectExistence(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                dwInVersion,
                msgIn,
                out dwOutVersion,
                out reply);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
                ret,
                "DrsGetObjectExistence: return code mismatch."
                );
        }
        public void DRSR_DRSQuerySitesByCost_toSite_Invalid()
        {
            DrsrTestChecker.Check();

            uint ret = drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            BaseTestSite.Assert.AreEqual <uint>(0, ret, null);
            string[] destStr = { "abc", "ddd" }; //toSite: Invalid Site
            DRS_MSG_QUERYSITESREQ request = drsTestClient.CreateDRS_MSG_QUERYSITESREQ(
                ((DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1]).Site.CN,
                (uint)destStr.Length,
                destStr
                );

            uint?outVer;
            DRS_MSG_QUERYSITESREPLY?reply = null;

            BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "Begin to call IDL_DRSQuerySitesByCost");

            ret = drsTestClient.DRSClient.DrsQuerySitesByCost(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                (uint)DRS_MSG_QUERYSITESREQ_Versions.V1,
                request,
                out outVer,
                out reply);

            BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "End call IDL_DRSQuerySitesByCost with return value " + ret);

            BaseTestSite.Assert.AreEqual <uint>(0, ret, null);
            if (ret == 0)
            {
                if (reply.Value.V1.rgCostInfo != null)
                {
                    foreach (DRS_MSG_QUERYSITESREPLYELEMENT_V1 ele in reply.Value.V1.rgCostInfo)
                    {   // chech whether there are error in a success response
                        BaseTestSite.Assert.AreEqual <uint>((uint)Win32ErrorCode_32.ERROR_DS_OBJ_NOT_FOUND, ele.dwErrorCode, "IDL_DRSQuerySitesByCost should return ERROR_DS_OBJ_NOT_FOUND for a request with toSite invalid and dwErrorCode in DRS_MSG_QUERYSITESREPLYELEMENT_V1 should be set 0");
                    }
                }
            }
        }
Beispiel #12
0
        public void DRSR_DRSRemoveDsServer_Verify_LastDC()
        {
            DrsrTestChecker.Check();
            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];

            DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(0, ret,
                                                "IDL_DRSBind: Checking return value - got: {0}, expect: {1}, return value should always be 0 with a success bind to DC",
                                                ret, 0);

            string serverDn = server.ServerObjectName;
            string domainDn = server.Domain.Name;

            ret = drsTestClient.DrsRemoveDsServer(
                srv,
                IDL_DRSRemoveDsServer_dwInVersion_Values.V1,
                serverDn,
                domainDn,
                false);

            BaseTestSite.Assert.AreEqual <uint>(0, ret,
                                                "IDL_DRSRemoveDsServer: Checking return value - got: {0}, expect: {1}, return value should always be 0",
                                                ret, 0);
            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(0, ret,
                                                "IDL_DRSUnbind: Checking return value - got: {0}, expect: {1}, return value should always be 0",
                                                ret, 0);
        }
        public void DRSR_DRSReplicaVerifyObjects_Empty_NC()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            /* comments from TD */

            /*
             * if msgIn.pNC = null then
             * return ERROR_DS_DRA_INVALID_PARAMETER
             * endif
             *
             */


            /* Create request message */
            DRS_MSG_REPVERIFYOBJ msgIn = drsTestClient.CreateDrsReplicaVerifyObjectsV1Request();

            uint dwInVersion = 1;

            /* Setting param #1 */
            /*msgIn.V1.pNC = null*/
            //msgIn.V1.pNC = null;

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsReplicaVerifyObjects(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                dwInVersion,
                msgIn);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
                ret,
                "DrsReplicaVerifyObjects: return code mismatch."
                );
        }
Beispiel #14
0
        public void DRSR_RODC_Credential_Caching_Not_Revealed()
        {
            uint timeOut = 0;

            DrsrTestChecker.Check();

            EnvironmentConfig.Machine rodcEnum = EnvironmentConfig.Machine.RODC;
            EnvironmentConfig.Machine dc1Enum  = EnvironmentConfig.Machine.WritableDC1;
            DsServer dc1  = (DsServer)EnvironmentConfig.MachineStore[dc1Enum];
            DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[rodcEnum];

            // take a snapshot of the current replication state of the RODC
            USN_VECTOR?            usnFrom   = null;
            UPTODATE_VECTOR_V1_EXT?utdVector = null;

            SnapshotReplicationState(dc1, rodc, NamingContext.DomainNC, out usnFrom, out utdVector);

            // we need a user and put it into the Revealed List.
            // create the user first if it doesn't exist.
            string userDn = ldapAdapter.TestAddUserObj(dc1);

            Assert.IsNotNull(userDn);

            // at this time, the user is NOT in the revealed list
            // wait until the object is replicated by the actual RODC
            bool replicated = false;

            for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
            {
                if (IsObjectReplicated(dc1, rodc, NamingContext.DomainNC, userDn))
                {
                    replicated = true;
                    break;
                }

                System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
            }
            BaseTestSite.Assert.IsTrue(replicated, "The object should be replicated to the RODC");
            // DRSBind
            DRS_EXTENSIONS_IN_FLAGS clientCapabilities
                = DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                  | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6
                  | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION;

            uint ret = drsTestClient.DrsBind(dc1Enum, EnvironmentConfig.User.RODCMachineAccount, clientCapabilities);

            Assert.IsTrue(ret == 0);

            uint?outVersion;
            DRS_MSG_GETCHGREPLY?outMessage;

            ret = drsTestClient.DrsGetNCChangesV2(
                dc1Enum,
                dc1,
                rodc,
                userDn,
                usnFrom.Value,
                utdVector.Value,
                true,              // request secrets
                out outVersion,
                out outMessage);

            BaseTestSite.Assert.IsTrue(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_SECRETS_DENIED == ret,
                "Replication of secrets should be denied when the object is not in the revealed list"
                );

            // remove the temp user
            ldapAdapter.DeleteObject(dc1, userDn);

            // DRSUnbind
            ret = drsTestClient.DrsUnbind(dc1Enum);
        }
        public void DRSR_DRSVerifyNames_Verify_SAM_Account_Names()
        {
            DrsrTestChecker.Check();
            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
            DsUser   user   = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSBind: should return 0 with a success bind to DC");

            // Create a DSNAME with only SAMAccountName.
            string userDn         = ldapAdapter.GetUserDn(server, user);
            string sAMAccountName = (string)ldapAdapter.GetAttributeValue(server, userDn, "sAMAccountName");
            DSNAME dsUser         = DrsuapiClient.CreateDsName(sAMAccountName, Guid.Empty, null);

            // Prefix table
            SCHEMA_PREFIX_TABLE prefixTable = OIDUtility.CreatePrefixTable();

            // Create the attribute block. Here we go to RDN attribute.
            string rdnAttrId = DRSConstants.RDN_OID;
            uint   attrTyp   = OIDUtility.MakeAttid(prefixTable, rdnAttrId);

            ATTRVAL      attrVal      = DrsuapiClient.CreateATTRVAL(null);
            ATTRVALBLOCK attrValBlock = DrsuapiClient.CreateATTRVALBLOCK(new ATTRVAL[] { attrVal });
            ATTR         attr         = DrsuapiClient.CreateATTR(attrTyp, attrValBlock);
            ATTRBLOCK    attrBlock    = DrsuapiClient.CreateATTRBLOCK(new ATTR[] { attr });

            // Actual RPC call.
            ret = drsTestClient.DrsVerifyNames(
                srv,
                dwInVersion_Values.V1,
                DRS_MSG_VERIFYREQ_V1_dwFlags_Values.DRS_VERIFY_SAM_ACCOUNT_NAMES,
                new DSNAME[] { dsUser },
                new string[] { userDn },
                attrBlock,
                prefixTable
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSVerifyNames: return value should be 0"
                );

            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSUnbind: return value should be 0");
        }
 public void DRSR_DRSUpdateRefs_V2_NONExist_NC()
 {
     DrsrTestChecker.Check();
     DRSUpdateRefs_NONExist_NC(DrsUpdateRefs_Versions.V2);
 }
 public void DRSR_DRSUpdateRefs_V2_WithoutOptions()
 {
     DrsrTestChecker.Check();
     DRSUpdateRefs_WithoutOptions(DrsUpdateRefs_Versions.V2);
 }
Beispiel #18
0
        public void DRSR_RODC_FAS_Add_Attribute()
        {
            int timeOut = 0;

            DrsrTestChecker.Check();

            EnvironmentConfig.Machine rodcEnum = EnvironmentConfig.Machine.RODC;
            EnvironmentConfig.Machine dc1Enum  = EnvironmentConfig.Machine.WritableDC1;
            DsServer   dc1  = (DsServer)EnvironmentConfig.MachineStore[dc1Enum];
            DsServer   rodc = (DsServer)EnvironmentConfig.MachineStore[rodcEnum];
            ResultCode r    = ResultCode.Other;

            // FAS: first try "Employee-Number"
            string nc = LdapUtility.GetDnFromNcType(dc1, NamingContext.SchemaNC);
            string searchFlagsAttr = "searchFlags";
            string attrDn          = "CN=Employee-Number," + nc;
            string attrName        = "employeeNumber";

            uint searchFlags = 0;

            // wait until FAS is modified on DC01
            for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
            {
                searchFlags = Convert.ToUInt32(
                    ldapAdapter.GetAttributeValueInString(dc1, attrDn, searchFlagsAttr)
                    );

                if ((searchFlags & kRODC_FAS) != 0)
                {
                    BaseTestSite.Log.Add(LogEntryKind.Comment, "FAS already effective.");
                    // the attribute is already in the FAS
                    break;
                }

                ldapAdapter.ModifyAttribute(dc1, attrDn, new DirectoryAttribute(searchFlagsAttr, kRODC_FAS.ToString()));

                System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
            }

            BaseTestSite.Assert.IsTrue((searchFlags & kRODC_FAS) != 0, "FAS is set successfully on {0}", dc1.NetbiosName);

            uint ret = drsTestClient.DrsBind(rodcEnum, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            Assert.IsTrue(ret == 0);
            ret = drsTestClient.DrsReplicaSync(rodcEnum, DrsReplicaSync_Versions.V1, dc1Enum, DRS_OPTIONS.DRS_FULL_SYNC_NOW, false, NamingContext.SchemaNC);
            BaseTestSite.Assert.IsTrue(ret == 0, "Start replica from {0} to {1}.", dc1.NetbiosName, rodc.NetbiosName);

            // wait until FAS is replicated to RODC
            BaseTestSite.Log.Add(LogEntryKind.Comment, "Waiting for FAS to be replicated, searchFlags: {0}", searchFlags);
            bool isReplicated = false;

            for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
            {
                if (IsObjectReplicated(dc1, rodc, NamingContext.SchemaNC, attrDn))
                {
                    // exit the loop when FAS is replicated to the RODC
                    isReplicated = true;
                    BaseTestSite.Log.Add(LogEntryKind.Comment, "FAS applied.");
                    break;
                }
                System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
            }
            BaseTestSite.Assert.IsTrue(isReplicated, "Replica from {0} succeeded.", dc1.NetbiosName);

            // create the user first if it doesn't exist.
            string userDn = ldapAdapter.TestAddUserObj(dc1);

            Assert.IsNotNull(userDn);

            // take a "snapshot" of the current RODC replication state.
            // We'll use this snapshot to impersonate earlier state of the RODC
            // AFTER the changes are replicated to the actual RODC.

            USN_VECTOR?            usnFrom   = null;
            UPTODATE_VECTOR_V1_EXT?utdVector = null;

            SnapshotReplicationState(dc1, rodc, NamingContext.DomainNC, out usnFrom, out utdVector);

            // modify Employee Number
            int newValue = _rnd.Next();

            DirectoryAttribute employeeNumberAttr = new DirectoryAttribute(attrName, newValue.ToString());

            r = ldapAdapter.ModifyAttribute(dc1, userDn, employeeNumberAttr);

            Assert.AreEqual <ResultCode>(ResultCode.Success, r);

            //ret = drsTestClient.DrsBind(rodcEnum, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            //Assert.IsTrue(ret == 0);
            ret = drsTestClient.DrsReplicaSync(rodcEnum, DrsReplicaSync_Versions.V1, dc1Enum, DRS_OPTIONS.DRS_ASYNC_OP, false, NamingContext.DomainNC);
            BaseTestSite.Assert.IsTrue(ret == 0, "Start replica from {0} to {1}.", dc1.NetbiosName, rodc.NetbiosName);

            // Wait until the change is replicated by the actual RODC

            bool replicated = false;

            for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
            {
                // First, check the originating USNs on RODC to make sure the replication has completed.
                if (IsObjectReplicated(dc1, rodc, NamingContext.DomainNC, userDn))
                {
                    replicated = true;
                    break;
                }

                // sleep
                System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
            }

            uint?outVersion;
            DRS_MSG_GETCHGREPLY?outMessage = null;

            // DRSBind
            DRS_EXTENSIONS_IN_FLAGS clientCapabilities
                = DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                  | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6
                  | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION;

            ret = drsTestClient.DrsBind(dc1Enum, EnvironmentConfig.User.RODCMachineAccount, clientCapabilities);
            Assert.IsTrue(ret == 0);

            if (replicated)
            {
                ret = drsTestClient.DrsGetNCChangesV2(
                    dc1Enum,
                    dc1,
                    rodc,
                    userDn,
                    usnFrom.Value,
                    utdVector.Value,
                    false,
                    out outVersion,
                    out outMessage);
            }

            // remove the temp user
            ldapAdapter.DeleteObject(dc1, userDn);

            // DRSUnbind
            ret = drsTestClient.DrsUnbind(dc1Enum);
            Assert.IsTrue(ret == 0);

            BaseTestSite.Assert.IsTrue(replicated, "Replica from {0} succeeded.", dc1.NetbiosName);

            // check in outMessage that the secret attributes are not replicated.
            DRS_MSG_GETCHGREPLY_V6 replyV6 = outMessage.Value.V6;

            REPLENTINFLIST[] objectList = replyV6.pObjects;

            if (objectList != null)
            {
                foreach (REPLENTINFLIST entInf in objectList)
                {
                    for (int i = 0; i < entInf.Entinf.AttrBlock.attrCount; ++i)
                    {
                        ATTR   attr        = entInf.Entinf.AttrBlock.pAttr[i];
                        string displayName = GetLdapDisplayName(dc1, attr.attrTyp, replyV6.PrefixTableSrc);

                        if (displayName == attrName)
                        {
                            // examine the new value
                            string value = System.Text.Encoding.Unicode.GetString(
                                attr.AttrVal.pAVal[0].pVal);

                            BaseTestSite.Assert.AreNotEqual <string>(
                                newValue.ToString(),
                                value,
                                "{0} is in FAS, should not be replicated", attrName);
                        }
                    }
                }
            }


            // FAS: Remove "Employee-Number" from the FAS
            DirectoryAttribute searchAttr = new DirectoryAttribute(searchFlagsAttr, "0");

            r = ldapAdapter.ModifyAttribute(dc1, attrDn, searchAttr);
        }
 public void DRSR_DRSReplicaSyncV2_No_Replica()
 {
     DrsrTestChecker.Check();
     DRSReplicaSync_No_Replica(DrsReplicaSync_Versions.V2);
 }
Beispiel #20
0
        public void DRSR_DRSRemoveDsDomain_Remove_Domain()
        {
            DrsrTestChecker.Check();
            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;

            // The destination server in an external forest. The external forest will be
            // removed after this call.
            EnvironmentConfig.Machine dst = EnvironmentConfig.Machine.CDC;

            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];

            DsServer child = (DsServer)EnvironmentConfig.MachineStore[dst];

            DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSBind: should return 0 with a success bind to DC");

            string domainDn = child.Domain.Name;

            // We call RemoveDsServer to remove an actual
            // DC in the external forest, so that a crossRef object
            // pointing to a removed NC will exists.
            string serverDn = child.ServerObjectName;

            ret = drsTestClient.DrsRemoveDsServer(
                srv,
                IDL_DRSRemoveDsServer_dwInVersion_Values.V1,
                serverDn,
                domainDn,
                true);

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSRemoveDsDomain: should return 0 after removal of server");

            // Note that by far, the NTDS DSA object of this server should be removed already.
            ret = drsTestClient.DrsRemoveDsDomain(
                srv,
                IDL_DRSRemoveDsDomain_dwInVersion_Values.V1,
                domainDn
                );

            BaseTestSite.Assert.AreEqual <uint>(
                ret,
                0,
                "IDL_DRSRemoveDsDomain: return value should be 0");

            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSUnbind: return value should be 0");
        }
        public void DRSR_DRSGetReplInfo_Invalid_Object()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            /* comments from TD */

            /*
             * if InfoType in {DS_REPL_INFO_METADATA_FOR_OBJ,
             *  DS_REPL_INFO_METADATA_2_FOR_OBJ,
             *  DS_REPL_INFO_METADATA_FOR_ATTR_VALUE,
             *  DS_REPL_INFO_METATDATA_2_FOR_ATTR_VALUE} then
             * if object = null then
             * return ERROR_INVALID_PARAMETER
             * endif
             * if  not ObjExists(object) then
             * if object.dn = null then
             * return ERROR_DS_DRA_BAD_DN
             * else
             * return ERROR_DS_OBJ_NOT_FOUND
             * endif
             * endif
             *
             */


            /* Create request message */
            DRS_MSG_GETREPLINFO_REQ msgIn = drsTestClient.CreateDrsGetReplInfoV1Request();

            uint dwInVersion  = 1;
            uint?dwOutVersion = 0;
            DRS_MSG_GETREPLINFO_REPLY?reply;

            /* Setting param #1 */
            /*dwInVersion = 1*/
            dwInVersion = 1;
            /* Setting param #2 */
            /*msgIn.V1.InfoType = (uint)DS_REPL_INFO.DS_REPL_INFO_METADATA_FOR_OBJ*/
            msgIn.V1.InfoType = (uint)DS_REPL_INFO.DS_REPL_INFO_METADATA_FOR_OBJ;
            /* Setting param #3 */
            /*msgIn.V1.pszObjectDN = "InvalidObj"*/
            // NC
            DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];

            RootDSE rootDse = LdapUtility.GetRootDSE(srv);

            msgIn.V1.pszObjectDN = "CN=InvalidObj," + rootDse.configurationNamingContext;

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsGetReplInfo(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                dwInVersion,
                msgIn,
                out dwOutVersion,
                out reply);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_OBJ_NOT_FOUND,
                ret,
                "DrsGetReplInfo: return code mismatch."
                );
        }
Beispiel #22
0
        public void DRSR_RODC_Credential_Caching_Revealed()
        {
            int timeOut = 0;

            DrsrTestChecker.Check();

            EnvironmentConfig.Machine rodcEnum = EnvironmentConfig.Machine.RODC;
            EnvironmentConfig.Machine dc1Enum  = EnvironmentConfig.Machine.WritableDC1;
            DsServer dc1  = (DsServer)EnvironmentConfig.MachineStore[dc1Enum];
            DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[rodcEnum];

            // take a snapshot of the current replication state of the RODC
            USN_VECTOR?            usnFrom   = null;
            UPTODATE_VECTOR_V1_EXT?utdVector = null;

            SnapshotReplicationState(dc1, rodc, NamingContext.DomainNC, out usnFrom, out utdVector);


            // we need a user and put it into the Revealed List.
            // create the user first if it doesn't exist.
            string nc     = LdapUtility.GetDnFromNcType(dc1, NamingContext.DomainNC);
            string userDn = ldapAdapter.TestAddUserObj(dc1);

            Assert.IsNotNull(userDn);

            // add this user to the "Allowed RODC Password Replication Group"
            string allowedDn = "CN=Allowed RODC Password Replication Group, CN=Users,"
                               + LdapUtility.GetDnFromNcType(dc1, NamingContext.DomainNC);

            ResultCode r = ldapAdapter.AddObjectToGroup(dc1, userDn, allowedDn);

            Assert.IsTrue(r == ResultCode.Success);
            // Set password of the user
            LdapUtility.ChangeUserPassword(dc1, userDn, "1*admin");

            // wait until the object is replicated by the actual RODC
            bool replicated = false;

            for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
            {
                if (IsObjectReplicated(dc1, rodc, NamingContext.DomainNC, userDn))
                {
                    replicated = true;
                    break;
                }

                System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
            }

            // wait until the "Allowed RODC Password Replication Group object is replicated by the actual RODC
            replicated = false;
            for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
            {
                if (IsObjectReplicated(dc1, rodc, NamingContext.DomainNC, allowedDn))
                {
                    replicated = true;
                    break;
                }

                System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
            }

            BaseTestSite.Assert.IsTrue(replicated, "{0} should be replicated to the RODC", allowedDn);

            // DRSBind
            DRS_EXTENSIONS_IN_FLAGS clientCapabilities
                = DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                  | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6
                  | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION;

            uint ret = drsTestClient.DrsBind(dc1Enum, EnvironmentConfig.User.RODCMachineAccount, clientCapabilities);

            Assert.IsTrue(ret == 0);

            uint?outVersion;
            DRS_MSG_GETCHGREPLY?outMessage = null;

            ret = drsTestClient.DrsGetNCChangesV2(
                dc1Enum,
                dc1,
                rodc,
                userDn,
                usnFrom.Value,
                utdVector.Value,
                true,  // request secrets
                out outVersion,
                out outMessage);

            // DRSUnbind
            ret = drsTestClient.DrsUnbind(dc1Enum);
            Assert.IsTrue(ret == 0);

            ldapAdapter.DeleteObject(dc1, userDn);

            // check in outMessage that the secret attributes are not replicated.
            DRS_MSG_GETCHGREPLY_V6 replyV6 = outMessage.Value.V6;

            REPLENTINFLIST[] objectList = replyV6.pObjects;

            bool   secretFound         = false;
            string firstSecretAttrbute = null;

            foreach (REPLENTINFLIST entInf in objectList)
            {
                for (int i = 0; i < entInf.Entinf.AttrBlock.attrCount; ++i)
                {
                    ATTR attr = entInf.Entinf.AttrBlock.pAttr[i];
                    if (IsSecretAttribute(dc1, attr.attrTyp, replyV6.PrefixTableSrc, out firstSecretAttrbute))
                    {
                        if (attr.AttrVal.pAVal != null)
                        {
                            secretFound = true;
                        }
                    }
                }
            }

            BaseTestSite.Assert.IsTrue(
                secretFound,
                "Secret attribute {0} should appear in the response when user is in the revealed list",
                firstSecretAttrbute);
        }
Beispiel #23
0
        public void DRSR_RODC_Unidirectional_Replication_Denied()
        {
            DrsrTestChecker.Check();

            EnvironmentConfig.Machine rodcEnum = EnvironmentConfig.Machine.RODC;
            EnvironmentConfig.Machine dc1Enum  = EnvironmentConfig.Machine.WritableDC1;
            DsServer dc1  = (DsServer)EnvironmentConfig.MachineStore[dc1Enum];
            DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[rodcEnum];

            // DRSBind
            DRS_EXTENSIONS_IN_FLAGS clientCapabilities
                = DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                  | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6
                  | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION;

            uint ret = drsTestClient.DrsBind(rodcEnum, EnvironmentConfig.User.MainDCAccount, clientCapabilities);

            Assert.IsTrue(ret == 0);

            // test user DN
            string nc     = LdapUtility.GetDnFromNcType(dc1, NamingContext.DomainNC);
            string userDn = "CN=" + EnvironmentConfig.DomainUserName + ",CN=Users," + nc;

            EnvironmentConfig.ExpectSuccess = false;

            uint?outVersion;
            DRS_MSG_GETCHGREPLY?outMessage;

            bool exceptionCaught = false;

            try
            {
                ret = drsTestClient.DrsGetNCChanges(
                    rodcEnum,
                    DrsGetNCChanges_Versions.V8,
                    dc1Enum,
                    DRS_OPTIONS.NONE,
                    NamingContext.DomainNC,
                    EXOP_REQ_Codes.EXOP_REPL_SECRETS,
                    FSMORoles.None,
                    userDn,
                    out outVersion,
                    out outMessage);
            }
            catch (Exception e)
            {
                if (EnvironmentConfig.UseNativeRpcLib)
                {
                    // windows behavior, an RODC cannot process GetNCChange request
                    // Illegal RODC RPC call
                    BaseTestSite.Assert.IsInstanceOfType(
                        e,
                        typeof(SEHException),
                        "The call should not be accepted by the RODC");
                }
                else
                {
                    BaseTestSite.Assert.AreEqual <int>(87, int.Parse(e.Message), "RPC error code " + e.Message);
                }
                exceptionCaught = true;
            }
            finally
            {
                EnvironmentConfig.ExpectSuccess = true;
            }

            BaseTestSite.Assert.IsTrue(exceptionCaught, "An exception should be raised to indicate invalid GetNCChange calls");
        }
        public void DRSR_DRSGetNCChanges_Failed_NoStrongEncryptionByClient()
        {
            DrsrTestChecker.Check();
            EnvironmentConfig.Machine dcServer  = EnvironmentConfig.Machine.WritableDC1;
            EnvironmentConfig.Machine dcPartner = EnvironmentConfig.Machine.WritableDC2;
            DsServer      dcServerMachine       = (DsServer)EnvironmentConfig.MachineStore[dcServer];
            DsServer      dcPartnerMachine      = (DsServer)EnvironmentConfig.MachineStore[dcPartner];
            NamingContext specifiedNC           = NamingContext.DomainNC;

            string          userdn = ldapAdpter.TestAddUserObj(dcServerMachine);
            AddObjectUpdate aou    = new AddObjectUpdate(dcServer, userdn);

            updateStorage.PushUpdate(aou);

            string groupdn = DRSTestData.DRSGetNCChange_ExistGroup + "," + LdapUtility.ConvertUshortArrayToString(((AddsDomain)dcServerMachine.Domain).DomainNC.StringName);

            DRS_OPTIONS ulFlags = DRS_OPTIONS.NONE;

            try
            {
                ldapAdpter.RemoveObjectFromGroup(dcServerMachine, userdn, groupdn);
            }
            catch
            {
                //it's OK if user is not in group
            }
            drsTestClient.SyncDCs(dcServer, dcServer);

            //add a user to group dn
            BaseTestSite.Log.Add(LogEntryKind.Comment, "Add user dn {0} to group dn {1} on DC {2}", userdn, groupdn, dcServer);
            ResultCode addret = ldapAdpter.AddObjectToGroup(dcServerMachine, userdn, groupdn);

            BaseTestSite.Assert.IsTrue(addret == ResultCode.Success, "add userdn {0} to group dn {1} failed", userdn, groupdn);
            AddObjectUpdate adduserUpdate = new AddObjectUpdate(dcServer, userdn);

            updateStorage.PushUpdate(adduserUpdate);


            DRS_EXTENSIONS_IN_FLAGS clientCapbilities = DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6; // not contains | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION;

            BaseTestSite.Log.Add(LogEntryKind.Comment, "Bind to DC server: {0}", dcServer);
            uint ret = drsTestClient.DrsBind(dcServer, EnvironmentConfig.User.WritableDC2Account, clientCapbilities);

            BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSBind should return 0 with a success bind to DC");

            BaseTestSite.Log.Add(LogEntryKind.Comment,
                                 "Calling IDL_DRSNCChanges (V8 request) to get changes for a specified NC from a DC server. The reply compression is not required.");
            uint?outVersion;
            DRS_MSG_GETCHGREPLY?outMessage;

            ret = drsTestClient.DrsGetNCChanges(
                dcServer,
                DrsGetNCChanges_Versions.V8,
                dcPartner,
                ulFlags,
                specifiedNC,
                EXOP_REQ_Codes.None,
                FSMORoles.None,
                null,
                out outVersion,
                out outMessage);
            BaseTestSite.Assert.AreNotEqual <uint>(0, ret, "IDL_DRSGetNCChanges should not return 0x0 for failure");
            BaseTestSite.Assert.AreEqual <uint>((uint)Win32ErrorCode_32.SEC_E_ALGORITHM_MISMATCH, ret, "Verify error code detail: IDL_DRSNCChanges should return SEC_E_ALGORITHM_MISMATCH due to DRS_EXT_STRONG_ENCRYPTION not included in bind.");
        }
 public void DRSR_DRSReplicaSyncV2_Access_Denied()
 {
     DrsrTestChecker.Check();
     DRSReplicaSync_Access_Denied(DrsReplicaSync_Versions.V2);
 }
 public void DRSR_DRSUpdateRefs_V2_uuidDsaObjDest_NULL()
 {
     DrsrTestChecker.Check();
     DRSUpdateRefs_uuidDsaObjDest_NULL(DrsUpdateRefs_Versions.V2);
 }
 public void DRSR_DRSReplicaSync_Invalid_Input_2()
 {
     DrsrTestChecker.Check();
     DRSReplicaSync_Invalid_Input_2(DrsReplicaSync_Versions.V1);
 }
 public void DRSR_DRSUpdateRefs_V1_pszDsaDest_NULL()
 {
     DrsrTestChecker.Check();
     DRSUpdateRefs_pszDsaDest_NULL(DrsUpdateRefs_Versions.V1);
 }
        public void DRSR_DRSInterDomainMove_LDAP_Move_Object_From_Parent_To_Child()
        {
            DrsrTestChecker.Check();
            EnvironmentConfig.Machine parentDcType = EnvironmentConfig.Machine.WritableDC1;
            DsServer parentDc = (DsServer)EnvironmentConfig.MachineStore[parentDcType];

            EnvironmentConfig.Machine childDcType = EnvironmentConfig.Machine.CDC;
            DsServer childDc = (DsServer)EnvironmentConfig.MachineStore[childDcType];
            DsUser   user    = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            string srcObjDn = ldapAdapter.TestAddUserObj(parentDc);

            BaseTestSite.Log.Add(LogEntryKind.Comment, "IDL_DRSInterDomainMove: Adding a new object {0} using LDAP", srcObjDn);
            string newObjRdn      = DrsrHelper.GetRDNFromDN(srcObjDn);
            string tgtParentObjDn = "CN=Users," + DrsrHelper.GetNamingContextDN(childDc.Domain, NamingContext.DomainNC);
            string newObjDn       = newObjRdn + "," + tgtParentObjDn;

            bool bNewObjAdded = ldapAdapter.IsObjectExist(childDc, newObjDn);

            if (bNewObjAdded)
            {
                ResultCode rCode = ldapAdapter.DeleteObject(childDc, newObjDn);
                BaseTestSite.Assume.AreEqual <ResultCode>(
                    ResultCode.Success,
                    rCode,
                    "IDL_DRSInterDomainMove: Checking LDAP remove {0} return value - got: {0}, expect: {1}",
                    newObjDn,
                    (uint)rCode,
                    (uint)ResultCode.Success
                    );
            }

            using (LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(parentDc.DnsHostName)))// connecting to the parent domain in which the object exists
            {
                connection.Credential = new System.Net.NetworkCredential(user.Username, user.Password, parentDc.Domain.DNSName);
                connection.SessionOptions.ProtocolVersion = 3;
                connection.SessionOptions.SspiFlag        = connection.SessionOptions.SspiFlag | 1; //Set Delegate flag.
                connection.AuthType = AuthType.Kerberos;
                connection.Bind();
                try
                {
                    BaseTestSite.Log.Add(LogEntryKind.Comment, "IDL_DRSInterDomainMove: Calling LDAP ModifyDN to move object {0} to {1}.", srcObjDn, newObjDn);
                    ModifyDNRequest modDnRequest = new ModifyDNRequest(srcObjDn, tgtParentObjDn, newObjRdn);
                    modDnRequest.Controls.Add(new CrossDomainMoveControl(childDc.DnsHostName)); // child domain to which the object need to move
                    ModifyDNResponse modDnResponse = (ModifyDNResponse)connection.SendRequest(modDnRequest);
                    BaseTestSite.Assert.AreEqual <ResultCode>(
                        ResultCode.Success,
                        modDnResponse.ResultCode,
                        "IDL_DRSInterDomainMove: Checking return code of LDAP ModifyDN - got: {0}, expect: {1}",
                        (uint)modDnResponse.ResultCode,
                        (uint)ResultCode.Success);

                    bool bOldObjDeleted = ldapAdapter.IsObjectExist(parentDc, srcObjDn);
                    bNewObjAdded = ldapAdapter.IsObjectExist(childDc, newObjDn);
                    BaseTestSite.Assert.IsFalse(bOldObjDeleted, "IDL_DRSInterDomainMove: LDAP ModifyDN: the old object should be deleted from source DC.");
                    BaseTestSite.Assert.IsTrue(bNewObjAdded, "IDL_DRSInterDomainMove: LDAP ModifyDN: the new object should be added into target DC.");
                }
                catch (DirectoryOperationException e)
                {
                    BaseTestSite.Log.Add(LogEntryKind.Debug, "IDL_DRSInterDomainMove: LDAP ModifyDN: ResultCode:{0}", e.Response.ResultCode.ToString());
                    BaseTestSite.Log.Add(LogEntryKind.Debug, "IDL_DRSInterDomainMove: LDAP ModifyDN: ErrorMessage:{0}", e.Response.ErrorMessage.ToString());
                    BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, e.Response.ResultCode,
                                                              "IDL_DRSInterDomainMove: LDAP ModifyDN: server should invoke the IDL_DRSInterDomainMove on target Dc and move the object.");
                }
            }
        }
 public void DRSR_DRSReplicaAdd_V1_Success_WithAsyncFlag()
 {
     DrsrTestChecker.Check();
     DRSReplicaAdd_Success_WithAsyncFlag(DRS_MSG_REPADD_Versions.V1);
 }