C# (CSharp) System.DirectoryServices ActiveDirectoryAccessRule Beispiele

Beispiel #1

Datei: ActiveDirectorySecurity.cs Projekt: greyblue9/DecompliedDotNetLibraries

 public void AddAccessRule(ActiveDirectoryAccessRule rule)
 {
     if (!this.DaclRetrieved())
     {
         throw new InvalidOperationException(Res.GetString("CannotModifyDacl"));
     }
     base.AddAccessRule(rule);
 }

Beispiel #2

Datei: ActiveDirectorySecurity.cs Projekt: greyblue9/DecompliedDotNetLibraries

 public bool RemoveAccessRule(ActiveDirectoryAccessRule rule)
 {
     if (!this.DaclRetrieved())
     {
         throw new InvalidOperationException(Res.GetString("CannotModifyDacl"));
     }
     return(base.RemoveAccessRule(rule));
 }

Beispiel #3

Datei: ActiveDirectorySecurity.cs Projekt: pritesh-mandowara-sp/DecompliedDotNetLibraries

 public void AddAccessRule(ActiveDirectoryAccessRule rule)
 {
     if (!this.DaclRetrieved())
     {
         throw new InvalidOperationException(Res.GetString("CannotModifyDacl"));
     }
     base.AddAccessRule(rule);
 }

Beispiel #4

Datei: ActiveDirectorySecurity.cs Projekt: jnm2/corefx

        public bool RemoveAccessRule(ActiveDirectoryAccessRule rule)
        {
            if (!DaclRetrieved())
            {
                throw new InvalidOperationException(SR.CannotModifyDacl);
            }

            return(base.RemoveAccessRule(rule));
        }

Beispiel #5

Datei: ActiveDirectorySecurity.cs Projekt: jnm2/corefx

        public void SetAccessRule(ActiveDirectoryAccessRule rule)
        {
            if (!DaclRetrieved())
            {
                throw new InvalidOperationException(SR.CannotModifyDacl);
            }

            base.SetAccessRule(rule);
        }

Beispiel #6

        public void ResetAccessRule(ActiveDirectoryAccessRule rule)
        {
            if (!DaclRetrieved())
            {
                throw new InvalidOperationException(Res.GetString(Res.CannotModifyDacl));
            }

            base.ResetAccessRule(rule);
        }

Beispiel #7

Datei: ActiveDirectorySecurity.cs Projekt: jnm2/corefx

        public void RemoveAccessRuleSpecific(ActiveDirectoryAccessRule rule)
        {
            if (!DaclRetrieved())
            {
                throw new InvalidOperationException(SR.CannotModifyDacl);
            }

            base.RemoveAccessRuleSpecific(rule);
        }

Beispiel #8

Datei: ActiveDirectorySecurity.cs Projekt: greyblue9/DecompliedDotNetLibraries

        public void RemoveAccess(IdentityReference identity, AccessControlType type)
        {
            if (!this.DaclRetrieved())
            {
                throw new InvalidOperationException(Res.GetString("CannotModifyDacl"));
            }
            ActiveDirectoryAccessRule rule = new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.GenericRead, type, ActiveDirectorySecurityInheritance.None);

            base.RemoveAccessRuleAll(rule);
        }

Beispiel #9

 public bool RemoveAccessRule(ActiveDirectoryAccessRule rule)
 {
     if (this.DaclRetrieved())
     {
         return(base.RemoveAccessRule(rule));
     }
     else
     {
         throw new InvalidOperationException("CannotModifyDacl");
     }
 }

Beispiel #10

 public void AddAccessRule(ActiveDirectoryAccessRule rule)
 {
     if (this.DaclRetrieved())
     {
         base.AddAccessRule(rule);
         return;
     }
     else
     {
         throw new InvalidOperationException("CannotModifyDacl");
     }
 }

Beispiel #11

Datei: ActiveDirectorySecurity.cs Projekt: nickchal/pash

		public void AddAccessRule(ActiveDirectoryAccessRule rule)
		{
			if (this.DaclRetrieved())
			{
				base.AddAccessRule(rule);
				return;
			}
			else
			{
				throw new InvalidOperationException("CannotModifyDacl");
			}
		}

Beispiel #12

Datei: ActiveDirectorySecurity.cs Projekt: jnm2/corefx

        public void RemoveAccess(IdentityReference identity, AccessControlType type)
        {
            if (!DaclRetrieved())
            {
                throw new InvalidOperationException(SR.CannotModifyDacl);
            }

            //
            // Create a new rule
            //
            ActiveDirectoryAccessRule rule = new ActiveDirectoryAccessRule(
                identity,
                ActiveDirectoryRights.GenericRead,                       // will be ignored
                type,
                ActiveDirectorySecurityInheritance.None);

            base.RemoveAccessRuleAll(rule);
        }

Beispiel #13

 public void ResetAccessRule(ActiveDirectoryAccessRule rule)
 {
     throw new NotImplementedException();
 }

Beispiel #14

 public void RemoveAccessRuleSpecific(ActiveDirectoryAccessRule rule)
 {
     throw new NotImplementedException();
 }

Beispiel #15

 public bool RemoveAccessRule(ActiveDirectoryAccessRule rule)
 {
     throw new NotImplementedException();
 }

Beispiel #16

Datei: Main.cs Projekt: vivektj/admpwd

        protected override void ProcessRecord()
        {
            //OU can be passed as name or as dn
            var OUs = DirectoryUtils.GetOU(Identity);

            if (OUs.Count > 1)
            {
                foreach (ObjectInfo ou in OUs)
                {
                    WriteObject(ou);
                }
                throw new AmbiguousResultException("More than one object found, search using distinguishedName instead");
            }

            if (OUs.Count == 0)
            {
                throw new NotFoundException("Object not found");
            }

            ActiveDirectorySecurity sec = DirectoryUtils.GetObjectSecurity(conn, OUs[0].DistinguishedName, System.DirectoryServices.Protocols.SecurityMasks.Dacl);
            //apply permissions only to computer objects
            Guid inheritedObjectGuid = DirectoryUtils.GetSchemaGuid(conn, forestRootDomain.SchemaNamingContext, "computer", SchemaObjectType.Class);
            Guid timestampGuid       = DirectoryUtils.GetSchemaGuid(conn, forestRootDomain.SchemaNamingContext, Constants.TimestampAttributeName, SchemaObjectType.Attribute);
            Guid pwdGuid             = DirectoryUtils.GetSchemaGuid(conn, forestRootDomain.SchemaNamingContext, Constants.PasswordAttributeName, SchemaObjectType.Attribute);

            //System.DirectoryServices.PropertyAccessRule rule;
            System.DirectoryServices.ActiveDirectoryAccessRule rule;
            foreach (string principalName in AllowedPrincipals)
            {
                System.Security.Principal.NTAccount principal = new System.Security.Principal.NTAccount(principalName);

                // read ms-Mcs-AdmPwdExpirationTime on computer objects
                rule = new System.DirectoryServices.PropertyAccessRule(principal,
                                                                       System.Security.AccessControl.AccessControlType.Allow,
                                                                       PropertyAccess.Read,
                                                                       timestampGuid, ActiveDirectorySecurityInheritance.Descendents,
                                                                       inheritedObjectGuid
                                                                       );
                sec.AddAccessRule(rule);

                // read ms-Mcs-AdmPwd on computer objects
                rule = new System.DirectoryServices.PropertyAccessRule(principal,
                                                                       System.Security.AccessControl.AccessControlType.Allow,
                                                                       PropertyAccess.Read,
                                                                       pwdGuid, ActiveDirectorySecurityInheritance.Descendents,
                                                                       inheritedObjectGuid
                                                                       );
                sec.AddAccessRule(rule);

                // control access on ms-Mcs-AdmPwd on computer objects
                rule = new System.DirectoryServices.ActiveDirectoryAccessRule(principal,
                                                                              ActiveDirectoryRights.ExtendedRight,
                                                                              System.Security.AccessControl.AccessControlType.Allow,
                                                                              pwdGuid, ActiveDirectorySecurityInheritance.Descendents,
                                                                              inheritedObjectGuid
                                                                              );

                sec.AddAccessRule(rule);
            }
            DirectoryUtils.SetObjectSecurity(conn, OUs[0].DistinguishedName, sec, System.DirectoryServices.Protocols.SecurityMasks.Dacl);
            WriteObject(OUs[0]);
        }

Beispiel #17

Datei: ActiveDirectorySecurity.cs Projekt: chcosta/corefx

        public bool RemoveAccessRule(ActiveDirectoryAccessRule rule)
        {
            if (!DaclRetrieved())
            {
                throw new InvalidOperationException(Res.GetString(Res.CannotModifyDacl));
            }

            return base.RemoveAccessRule(rule);
        }

Beispiel #18

Datei: ActiveDirectorySecurity.cs Projekt: chcosta/corefx

        public void SetAccessRule(ActiveDirectoryAccessRule rule)
        {
            if (!DaclRetrieved())
            {
                throw new InvalidOperationException(Res.GetString(Res.CannotModifyDacl));
            }

            base.SetAccessRule(rule);
        }

Beispiel #19

Datei: System.DirectoryServices.ActiveDirectorySecurity.cs Projekt: zhuyue1314/CodeContracts

 public void AddAccessRule(ActiveDirectoryAccessRule rule)
 {
     Contract.Requires(rule != null);
 }

Beispiel #20

Datei: ActiveDirectorySecurity.cs Projekt: chcosta/corefx

        public void RemoveAccess(IdentityReference identity, AccessControlType type)
        {
            if (!DaclRetrieved())
            {
                throw new InvalidOperationException(Res.GetString(Res.CannotModifyDacl));
            }

            //
            // Create a new rule
            //
            ActiveDirectoryAccessRule rule = new ActiveDirectoryAccessRule(
                                      identity,
                                      ActiveDirectoryRights.GenericRead, // will be ignored
                                      type,
                                      ActiveDirectorySecurityInheritance.None);

            base.RemoveAccessRuleAll(rule);
        }

Beispiel #21

Datei: ActiveDirectorySecurity.cs Projekt: nickchal/pash

		public bool RemoveAccessRule(ActiveDirectoryAccessRule rule)
		{
			if (this.DaclRetrieved())
			{
				return base.RemoveAccessRule(rule);
			}
			else
			{
				throw new InvalidOperationException("CannotModifyDacl");
			}
		}

Beispiel #22

Datei: System.DirectoryServices.ActiveDirectorySecurity.cs Projekt: zhuyue1314/CodeContracts

        public bool RemoveAccessRule(ActiveDirectoryAccessRule rule)
        {
            Contract.Requires(rule != null);

            return(default(bool));
        }

Beispiel #23

Datei: Exchange2010SP2.cs Projekt: lwhitelock/Websitepanel

        internal override void AdjustADSecurity(string objPath, string securityGroupPath, bool isAddressBook)
        {
            ExchangeLog.LogStart("AdjustADSecurity");
            ExchangeLog.DebugInfo("  Active Direcory object: {0}", objPath);
            ExchangeLog.DebugInfo("  Security Group: {0}", securityGroupPath);

            if (isAddressBook)
            {
                ExchangeLog.DebugInfo("  Updating Security");
                //"Download Address Book" security permission for offline address book
                Guid openAddressBookGuid = new Guid("{bd919c7c-2d79-4950-bc9c-e16fd99285e8}");

                DirectoryEntry groupEntry = GetADObject(securityGroupPath);
                byte[] byteSid = (byte[])GetADObjectProperty(groupEntry, "objectSid");

                DirectoryEntry objEntry = GetADObject(objPath);
                ActiveDirectorySecurity security = objEntry.ObjectSecurity;

                // Create a SecurityIdentifier object for security group.
                SecurityIdentifier groupSid = new SecurityIdentifier(byteSid, 0);

                // Create an access rule to allow users in Security Group to open address book. 
                ActiveDirectoryAccessRule allowOpenAddressBook =
                    new ActiveDirectoryAccessRule(
                        groupSid,
                        ActiveDirectoryRights.ExtendedRight,
                        AccessControlType.Allow,
                        openAddressBookGuid);

                // Create an access rule to allow users in Security Group to read object. 
                ActiveDirectoryAccessRule allowRead =
                    new ActiveDirectoryAccessRule(
                        groupSid,
                        ActiveDirectoryRights.GenericRead,
                        AccessControlType.Allow);

                // Remove existing rules if exist
                security.RemoveAccessRuleSpecific(allowOpenAddressBook);
                security.RemoveAccessRuleSpecific(allowRead);

                // Add a new access rule to allow users in Security Group to open address book. 
                security.AddAccessRule(allowOpenAddressBook);
                // Add a new access rule to allow users in Security Group to read object. 
                security.AddAccessRule(allowRead);

                // Commit the changes.
                objEntry.CommitChanges();
            }

            ExchangeLog.LogEnd("AdjustADSecurity");
        }

Beispiel #24

Datei: ActiveDirectorySecurity.cs Projekt: nlhepler/mono

		public void ResetAccessRule (ActiveDirectoryAccessRule rule)
		{
			throw new NotImplementedException ();
		}

Beispiel #25

Datei: ActiveDirectoryAction.cs Projekt: dohrte/CapstoneProject

        /// <summary>
        /// Set the security rights on a computer object to allow users in the JoinToComputer group to join to computer objects.
        /// </summary>
        /// <param name="compName">The computer object name to set permissions on</param>
        /// <param name="ouContainer">The container where the computer object resides.</param>
        private void SetSecurityRights(string compName, string ouContainer)
        {
            string qString = "(&(name=" + compName + ")(objectClass=computer))";
            ExecuteResult result = this.ExecuteSearch(qString, false, ouContainer);
            //TODO: add group to security
            var computer = result.singleResult.GetDirectoryEntry();
            ActiveDirectorySecurity sdc = computer.ObjectSecurity;
            NTAccount Account = new NTAccount("capstone", "JoinToComputer");
            SecurityIdentifier sid = (SecurityIdentifier)Account.Translate(typeof(SecurityIdentifier));

            Guid userSchemaGuid = new Guid("BF967ABA-0DE6-11D0-A285-00AA003049E2");
            Guid computerSchemaGuid = new Guid("bf967a86-0de6-11d0-a285-00aa003049e2");

            Guid UserForceChangePassword = new Guid("00299570-246d-11d0-a768-00aa006e0529"); // ‘Reset password’
            Guid dnsHostNameGuid = new Guid("72e39547-7b18-11d1-adef-00c04fd8d5cd");  // ‘Validated write to DNS host name’
            Guid rwAccountRestrictions = new Guid("4c164200-20c0-11d0-a768-00aa006e0529"); // ‘Read and write account restrictions’
            Guid wServicePrincipalName = new Guid("f3a64788-5306-11d1-a9c5-0000f80367c1");   // ‘Validated write to service principal name’

            ActiveDirectoryAccessRule acctRestrictionsRW = new ActiveDirectoryAccessRule(Account, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, rwAccountRestrictions, ActiveDirectorySecurityInheritance.None);
            sdc.AddAccessRule(acctRestrictionsRW);

            ActiveDirectoryAccessRule dnsHostNameEdit = new ActiveDirectoryAccessRule(Account, ActiveDirectoryRights.Self, AccessControlType.Allow, dnsHostNameGuid, ActiveDirectorySecurityInheritance.None);
            sdc.AddAccessRule(dnsHostNameEdit);
            ActiveDirectoryAccessRule valSPN = new ActiveDirectoryAccessRule(Account, ActiveDirectoryRights.Self, AccessControlType.Allow, wServicePrincipalName, ActiveDirectorySecurityInheritance.None);
            sdc.AddAccessRule(valSPN);

            ExtendedRightAccessRule erarResetPwd = new ExtendedRightAccessRule(Account, AccessControlType.Allow, UserForceChangePassword, ActiveDirectorySecurityInheritance.None, userSchemaGuid);
            sdc.AddAccessRule(erarResetPwd);

            /* may require the below line
             *
             * Guid userAccountControlGuid = GUID('bf967a68-0de6-11d0-a285-00aa003049e2');
             *  ActiveDirectoryAccessRule userAccountControlEdit = new ActiveDirectoryAccessRule(Account, ActiveDirectoryRights.ReadProperty | ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, userAccountControlGuid, ActiveDirectorySecurityInheritance.None);
             * sdc.AddAccessRule(userAccountControlEdit);
             *
             * */

            //commit and cleanup
            computer.CommitChanges();
            computer.Close();
            computer.Dispose();
        }

Beispiel #26

Datei: System.DirectoryServices.ActiveDirectorySecurity.cs Projekt: asvishnyakov/CodeContracts

 public void AddAccessRule(ActiveDirectoryAccessRule rule)
 {
   Contract.Requires(rule != null);
 }

Beispiel #27

Datei: ActiveDirectorySecurity.cs Projekt: vmware/likewise-open

 public void AddAccessRule(ActiveDirectoryAccessRule adar)
 {
     throw new NotImplementedException("ActiveDirectorySecurity.AddAccessRule");
 }

Beispiel #28

Datei: ActiveDirectorySecurity.cs Projekt: nickchal/pash

		public void RemoveAccess(IdentityReference identity, AccessControlType type)
		{
			if (this.DaclRetrieved())
			{
				ActiveDirectoryAccessRule activeDirectoryAccessRule = new ActiveDirectoryAccessRule(identity, ActiveDirectoryRights.GenericRead, type, ActiveDirectorySecurityInheritance.None);
				base.RemoveAccessRuleAll(activeDirectoryAccessRule);
				return;
			}
			else
			{
				throw new InvalidOperationException("CannotModifyDacl");
			}
		}

Beispiel #29

Datei: System.DirectoryServices.ActiveDirectorySecurity.cs Projekt: asvishnyakov/CodeContracts

 public void RemoveAccessRuleSpecific(ActiveDirectoryAccessRule rule)
 {
   Contract.Requires(rule != null);
 }

Beispiel #30

Datei: ADOrgUnit.cs Projekt: KnowMoreIT/CloudPanel_3.0

 /// <summary>
 /// Add read rights to the OU
 /// </summary>
 /// <param name="oupath"></param>
 /// <param name="groupName"></param>
 public void AddReadRights(string oupath, string groupName)
 {
     using (DirectoryEntry de = new DirectoryEntry("LDAP://" + this.domainController + "/" + oupath, this.username, this.password))
     {
         using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, this.domainController, this.username, this.password))
         {
             try
             {
                 GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, groupName.Replace(" ", string.Empty));
                 if (gp == null)
                     throw new Exception("Unable to find the group or user specified.");
                 else
                 {
                     ActiveDirectoryAccessRule ar = new ActiveDirectoryAccessRule(gp.Sid, ActiveDirectoryRights.GenericRead, AccessControlType.Allow);
                     de.ObjectSecurity.AddAccessRule(ar);
                     de.CommitChanges();
                 }
             }
             catch (Exception ex)
             {
                 throw;
             }
         }
     }
 }

Beispiel #31

Datei: ActiveDirectorySecurity.cs Projekt: FarazShaikh/likewise-open

 public void AddAccessRule(ActiveDirectoryAccessRule adar)
 {
     throw new NotImplementedException("ActiveDirectorySecurity.AddAccessRule");
 }

Beispiel #32

Datei: ActiveDirectorySecurity.cs Projekt: nlhepler/mono

		public bool RemoveAccessRule (ActiveDirectoryAccessRule rule)
		{
			throw new NotImplementedException ();
		}

Beispiel #33

Datei: System.DirectoryServices.ActiveDirectorySecurity.cs Projekt: zhuyue1314/CodeContracts

 public void RemoveAccessRuleSpecific(ActiveDirectoryAccessRule rule)
 {
     Contract.Requires(rule != null);
 }

Beispiel #34

Datei: ActiveDirectorySecurity.cs Projekt: nlhepler/mono

		public void RemoveAccessRuleSpecific (ActiveDirectoryAccessRule rule)
		{
			throw new NotImplementedException ();
		}

Beispiel #35

Datei: System.DirectoryServices.ActiveDirectorySecurity.cs Projekt: asvishnyakov/CodeContracts

    public bool RemoveAccessRule(ActiveDirectoryAccessRule rule)
    {
      Contract.Requires(rule != null);

      return default(bool);
    }