void aliasTestPrerequisite()
{
Site.Log.Add(LogEntryKind.TestStep, "SamrBind-->SamrConnect5-->SamrOpenDomain");
ConnectAndOpenDomain(_samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle);
try
{
AdLdapClient.Instance().ConnectAndBind(_samrProtocolAdapter.pdcNetBIOSName, System.Net.IPAddress.Parse(_samrProtocolAdapter.PDCIPAddress),
389,
_samrProtocolAdapter.DomainAdministratorName,
_samrProtocolAdapter.DomainUserPassword,
_samrProtocolAdapter.primaryDomainFqdn, AuthType.Kerberos);
string result = AdLdapClient.Instance().DeleteObject("cn=" + testAliasName + "," + _samrProtocolAdapter.primaryDomainUserContainerDN, null);
}
catch
{ }
}
/// <summary>
/// This method validates the requirements under
/// QueryNC Scenario.
/// </summary>
public void ValidateQueryNC()
{
//Variables holding the directory entries required.
DirectoryEntry dirEntry = new DirectoryEntry();
DirectoryEntry schemaEntry = new DirectoryEntry();
DirectoryEntry serverDirEntry = new DirectoryEntry();
DirectoryEntry partitionsDirEntry = new DirectoryEntry();
if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out dirEntry))
{
DataSchemaSite.Assert.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server");
}
//MS-ADTS-Schema_R853
DataSchemaSite.CaptureRequirementIfIsTrue(
dirEntry.Properties.Contains("nTMixedDomain"),
853,
"The attribute nTMixedDomain is present on each domain NC root object.");
if (!adAdapter.GetObjectByDN("CN=Configuration," + adAdapter.rootDomainDN, out dirEntry))
{
DataSchemaSite.Assert.IsTrue(
false,
"CN=Configuration,"
+ adAdapter.rootDomainDN
+ " Object is not found in server");
}
if (!adAdapter.GetObjectByDN("CN=Schema,CN=Configuration," + adAdapter.rootDomainDN,
out schemaEntry))
{
DataSchemaSite.Assert.IsTrue(
false,
"CN=Schema,CN=Configuration,"
+ adAdapter.rootDomainDN + " Object is not found in server");
}
if (!adAdapter.GetObjectByDN("CN=" + adAdapter.PDCNetbiosName + ",OU=Domain Controllers," + adAdapter.rootDomainDN,
out dirEntry))
{
DataSchemaSite.Assert.IsTrue(
false,
"CN="
+ adAdapter.PDCNetbiosName
+ ",OU=Domain Controllers,"
+ adAdapter.rootDomainDN
+ " Object is not found in server");
}
if (!adAdapter.GetObjectByDN(
"CN="
+ adAdapter.PDCNetbiosName
+ ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,"
+ adAdapter.rootDomainDN,
out serverDirEntry))
{
DataSchemaSite.Assert.IsTrue(
false,
"CN="
+ adAdapter.PDCNetbiosName
+ ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,"
+ adAdapter.rootDomainDN
+ " Object is not found in server");
}
//Validate the objectVersion of Schema NC
if (serverOS == OSVersion.WinSvr2008)
{
DataSchemaSite.Assert.AreEqual <string>("44", schemaEntry.Properties["objectVersion"].Value.ToString(),
"The objectVersion of {0} should be 44.", serverOS);
}
else if (serverOS == OSVersion.WinSvr2008R2)
{
DataSchemaSite.Assert.AreEqual <string>("47", schemaEntry.Properties["objectVersion"].Value.ToString(),
"The objectVersion of {0} should be 47.", serverOS);
}
else if (serverOS == OSVersion.WinSvr2012)
{
DataSchemaSite.Assert.AreEqual <string>("56", schemaEntry.Properties["objectVersion"].Value.ToString(),
"The objectVersion of {0} should be 56.", serverOS);
}
else if (serverOS == OSVersion.WinSvr2012R2)
{
DataSchemaSite.Assert.AreEqual <string>("69", schemaEntry.Properties["objectVersion"].Value.ToString(),
"The objectVersion of {0} should be 69.", serverOS);
}
else if (serverOS == OSVersion.Win2016)
{
DataSchemaSite.Assert.AreEqual <string>("87", schemaEntry.Properties["objectVersion"].Value.ToString(),
"The objectVersion of {0} should be 87.", serverOS);
}
else if (serverOS >= OSVersion.Winv1803)
{
DataSchemaSite.Assert.AreEqual <string>("88", schemaEntry.Properties["objectVersion"].Value.ToString(),
"The objectVersion of {0} should be 88.", serverOS);
}
//MS-ADTS-Schema_R848
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
dirEntry.Properties["dNSHostName"].Value.ToString(),
serverDirEntry.Properties["dNSHostName"].Value.ToString(),
848,
@"On AD/DS, the dNSHostName attribute of the domain controller object must equal
the dNSHostName attribute of the server object.");
//MS-ADTS-Schema_R847
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
dirEntry.Properties["distinguishedName"].Value.ToString(),
serverDirEntry.Properties["serverReference"].Value.ToString(),
847,
@"On AD/DS, the attribute serverReference on the server object must equal
the dsname of the domain controller object.");
//MS-ADTS-Schema_R845
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
adAdapter.PDCNetbiosName.ToLower(),
serverDirEntry.Properties["cn"].Value.ToString().ToLower(),
845,
"On AD/DS, the name of the server object is the computer name of the DC.");
//MS-ADTS-Schema_R849
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
dirEntry.Properties["dNSHostName"].Value.ToString(),
serverDirEntry.Properties["dNSHostName"].Value.ToString(),
849,
@"The dNSHostName attribute of the server object must equal the DNS Hostname
of the computer that is physically the DC.");
//MS-ADTS-Schema_R850
PropertyValueCollection val = dirEntry.Properties["servicePrincipalName"];
foreach (string value in val)
{
// Extract the hostname
string partvar = value.Substring(value.IndexOf('/') + 1);
string hostname = (partvar.IndexOf('/') == -1) ? partvar : partvar.Substring(0, partvar.IndexOf('/'));
// Ignore the port number
if (hostname.Contains(":"))
{
hostname = hostname.Substring(0, hostname.IndexOf(':'));
}
// If it is a DNS hostname
if (hostname.Contains(".") && !hostname.Contains("_msdcs"))
{
DataSchemaSite.CaptureRequirementIfIsTrue(
hostname.ToLower().Equals(dirEntry.Properties["dNSHostName"].Value.ToString().ToLower()),
850,
@"On AD/DS, every value of the servicePrincipalName attribute of the domain controller object,
which has a DNS Hostname as the instance name should have instance name equal to the dNSHostName
of the domain controller object.");
}
}
if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out dirEntry))
{
DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server");
}
DirectoryEntry entry = new DirectoryEntry("LDAP://" + adAdapter.PDCNetbiosName + "/rootDSE");
DirectoryEntry applicationEntry = new DirectoryEntry();
DirectoryEntry ncEntry = new DirectoryEntry();
PropertyValueCollection allNCs = entry.Properties["namingContexts"];
HashSet <string> collectionOfNCs = new HashSet <string>();
bool rootDomainNCAsChild = false, domainOfApplicationNC = false;
foreach (string eachNC in allNCs)
{
if (collectionOfNCs.Contains(eachNC))
{
collectionOfNCs.Add(eachNC);
}
collectionOfNCs.Add(eachNC);
}
if (!Utilities.IsObjectExist(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, adAdapter.PDCNetbiosName,
adAdapter.ADDSPortNum, adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword))
{
//To create the Application NC in the Active Directory.
AdLdapClient.Instance().ConnectAndBind(adAdapter.PDCNetbiosName,
adAdapter.PDCIPAddr, Convert.ToInt32(adAdapter.ADDSPortNum), adAdapter.DomainAdministratorName,
adAdapter.DomainUserPassword, adAdapter.PrimaryDomainDnsName,
AuthType.Basic | AuthType.Kerberos);
List <DirectoryAttribute> attrs = new List <DirectoryAttribute>();
attrs.Add(new DirectoryAttribute("instancetype:5"));
attrs.Add(new DirectoryAttribute("objectclass:domainDNS"));
AdLdapClient.Instance().AddObject(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, attrs, null);
AdLdapClient.Instance().Unbind();
}
if (!adAdapter.GetObjectByDN(
adAdapter.PartitionPath
+ ","
+ adAdapter.rootDomainDN,
out applicationEntry))
{
DataSchemaSite.Assume.IsTrue(
false,
adAdapter.PartitionPath
+ ","
+ adAdapter.rootDomainDN
+ " Object is not found in server");
}
foreach (DirectoryEntry eachChild in applicationEntry.Children)
{
if (eachChild.Name == adAdapter.rootDomainDN)
{
domainOfApplicationNC = true;
}
}
//MS-ADTS-Schema_R8
DataSchemaSite.CaptureRequirementIfIsTrue(
!domainOfApplicationNC,
8,
"In a forest, the Domain NC must not be a child of application NC.");
bool sidofdomainNCnotnull = false;
bool sidofcongNcnull = false;
bool sidofschemaNcnull = false;
bool sidofapplicationNcnull = false;
bool isDomainNc = false;
bool isConfigurationNc = false;
bool isSchemaNc = false;
bool isApplicationNc = false;
//Get all NC objects
foreach (string singleNC in collectionOfNCs)
{
if (adAdapter.GetObjectByDN(singleNC, out ncEntry))
{
//Get SID of this NC
object objectSid = ncEntry.Properties["objectSid"].Value;
if (objectSid != null)
{
System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier((byte[])objectSid, 0);
sidofdomainNCnotnull = true;
}
if (ncEntry.Properties["distinguishedName"].Value.ToString().Equals(adAdapter.rootDomainDN, StringComparison.OrdinalIgnoreCase))
{
isDomainNc = true;
}
else if (ncEntry.Name == "CN=Configuration")
{
isConfigurationNc = true;
if (objectSid == null)
{
sidofcongNcnull = true;
}
}
else if (ncEntry.Name == "CN=Schema")
{
isSchemaNc = true;
if (objectSid == null)
{
sidofschemaNcnull = true;
}
}
else
{
isApplicationNc = true;
if (objectSid == null)
{
sidofapplicationNcnull = true;
}
}
}
}
//Verify MS-AD_Schema requirement: MS-AD_Schema_R4557.
DataSchemaSite.CaptureRequirementIfIsTrue(
isDomainNc,
4557,
@"[NC, NC Replica]Active Directory supports four NC types: Domain NC.");
//Verify MS-AD_Schema requirement: MS-AD_Schema_R4558.
DataSchemaSite.CaptureRequirementIfIsTrue(
sidofdomainNCnotnull,
4558,
@"[NC, NC Replica]The sid field of a domain NC is not NULL.");
//Verify MS-AD_Schema requirement: MS-AD_Schema_R4559.
DataSchemaSite.CaptureRequirementIfIsTrue(
isConfigurationNc,
4559,
@"[NC, NC Replica]Active Directory supports four NC types: Config NC.");
//Verify MS-AD_Schema requirement: MS-AD_Schema_R4560.
DataSchemaSite.CaptureRequirementIfIsTrue(
sidofcongNcnull,
4560,
@"[NC, NC Replica]The sid field of a config NC is NULL.");
//Verify MS-AD_Schema requirement: MS-AD_Schema_R4561.
DataSchemaSite.CaptureRequirementIfIsTrue(
isSchemaNc,
4561,
@"[NC, NC Replica]Active Directory supports four NC types: Schema NC.");
//Verify MS-AD_Schema requirement: MS-AD_Schema_R4562.
DataSchemaSite.CaptureRequirementIfIsTrue(
sidofschemaNcnull,
4562,
@"[NC, NC Replica]The sid field of a schema NC is NULL.");
//Verify MS-AD_Schema requirement: MS-AD_Schema_R4564.
DataSchemaSite.CaptureRequirementIfIsTrue(
sidofapplicationNcnull,
4564,
@"[NC, NC Replica]The sid field of an application NC is NULL.");
//
//Verify MS-AD_Schema requirement: MS-AD_Schema_R4563.
//
DataSchemaSite.CaptureRequirementIfIsTrue(
isApplicationNc,
4563,
@"[NC, NC Replica]Active Directory supports four NC types: Application NC.");
if (!adAdapter.GetObjectByDN(
"CN=Partitions,CN=Configuration,"
+ adAdapter.rootDomainDN,
out partitionsDirEntry))
{
DataSchemaSite.Assume.IsTrue(
false,
"CN=Partitions,CN=Configuration,"
+ adAdapter.rootDomainDN
+ " Object is not found in server");
}
foreach (DirectoryEntry eachNC in partitionsDirEntry.Children)
{
if (eachNC.Properties["msDS-SDReferenceDomain"].Value != null)
{
if (dirEntry.Properties["distinguishedName"].Value.ToString() ==
eachNC.Properties["distinguishedName"].Value.ToString())
{
rootDomainNCAsChild = true;
}
}
}
//MS-ADTS-Schema_R9
DataSchemaSite.CaptureRequirementIfIsTrue(
!rootDomainNCAsChild,
9,
"In a forest, the root domain NC must not be a child of another domain NC in the forest.");
}
/// <summary>
/// Method validates the requirements under CrossRefContainer Scenario.
/// </summary>
public void ValidateCrossRefContainer()
{
//Variables required for Directory Entries.
DirectoryEntry dirPartitions = new DirectoryEntry();
DirectoryEntry domainEntry = new DirectoryEntry();
DirectoryEntry childEntry = new DirectoryEntry();
if (!Utilities.IsObjectExist(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, adAdapter.PDCNetbiosName,
adAdapter.ADDSPortNum, adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword))
{
//To create the Application NC in the Active Directory.
AdLdapClient.Instance().ConnectAndBind(adAdapter.PDCNetbiosName,
adAdapter.PDCIPAddr, Convert.ToInt32(adAdapter.ADDSPortNum), adAdapter.DomainAdministratorName,
adAdapter.DomainUserPassword, adAdapter.PrimaryDomainDnsName,
AuthType.Basic | AuthType.Kerberos);
List <DirectoryAttribute> attrs = new List <DirectoryAttribute>();
attrs.Add(new DirectoryAttribute("instancetype:5"));
attrs.Add(new DirectoryAttribute("objectclass:domainDNS"));
AdLdapClient.Instance().AddObject(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, attrs, null);
AdLdapClient.Instance().Unbind();
}
string configNC = "CN=Configuration," + adAdapter.rootDomainDN;
string SchemaNC = "CN=Schema," + configNC;
//Returns Fully Qualified DNS Name for the Current Domain.
string strReturn = adAdapter.PrimaryDomainDnsName;
if (!adAdapter.GetObjectByDN("CN=Partitions," + configNC, out dirPartitions))
{
DataSchemaSite.Assume.IsTrue(false, "CN=Partitions," + configNC + " Object is not found in server");
}
string parent = dirPartitions.Parent.Name, systemFlag;
bool isPresent = false;
int systemFlagVal;
//MS-ADTS-Schema_R402
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Configuration",
parent,
402,
"The Parent of the Cross-Ref-Container Container must be Config NC root.");
//MS-ADTS-Schema_R403
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"Partitions",
dirPartitions.Properties["name"].Value.ToString(),
403,
@"The name attribute of the Cross-Ref-Container Container must be Partitions.");
//MS-ADTS-Schema_R404
PropertyValueCollection objectClass = dirPartitions.Properties["objectClass"];
DataSchemaSite.CaptureRequirementIfIsTrue(
objectClass.Contains((object)"crossRefContainer"),
404,
"The objectClass attribute of the Cross-Ref-Container Container must be crossRefContainer.");
string fsmoRoleOwner = dirPartitions.Properties["fSMORoleOwner"].Value.ToString();
//MS-ADTS-Schema_R406
systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
406,
"The systemFlags attribute of the Cross-Ref-Container Container must be FLAG_DISALLOW_DELETE.");
//MS-ADTS-Schema_R405
if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out domainEntry))
{
DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server");
}
string domainFSMO = domainEntry.Properties["fSMORoleOwner"].Value.ToString();
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
fsmoRoleOwner,
domainFSMO,
405,
"The fSMORoleOwner attribute of the Cross-Ref-Container Container must references the Domain "
+ "Naming Master FSMO role owner.");
//MS-ADTS-Schema_R408
//Query the Partitions for CrossRef container get the childrens and validate the requirments as such.
bool isCrossRef = true;
bool isObjectClassCrossRef = true;
DirectoryEntries Childs = dirPartitions.Children;
foreach (DirectoryEntry child in Childs)
{
if (!child.Parent.Name.Equals("CN=Partitions"))
{
isCrossRef = false;
}
PropertyValueCollection objClass = child.Properties["objectClass"];
objClass.RemoveAt(0);
if (objClass.Count != 1 || !objClass.Contains((object)"crossRef"))
{
isObjectClassCrossRef = false;
}
if (dirPartitions.Parent.Name.ToString().Equals("CN=Configuration"))
{
isPresent = true;
}
}
//Validate the parent of the crossref objects,objectClass,nCName and
//dnsRoot for all childs and crossRef container in the configNC.
DataSchemaSite.CaptureRequirementIfIsTrue(
isCrossRef,
408,
"The parent of the Cross-Ref Objects must be crossRefContainer object.");
//MS-ADTS-Schema_R851
DataSchemaSite.CaptureRequirementIfIsTrue(
isPresent & isCrossRef,
851,
"For any NC in the forest crossRef,NC root objects must be exist.");
// MS-ADTS-Schema_R409
DataSchemaSite.CaptureRequirementIfIsTrue(
isObjectClassCrossRef,
409,
"The objectClass attribute of the Cross-Ref Objects must be crossRef.");
//This is the crossRef container or crossRefObject
//MS-ADTS-Schema_R410
childEntry = dirPartitions.Children.Find("CN=Enterprise Configuration");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
configNC.ToLower(),
childEntry.Properties["nCName"].Value.ToString().ToLower(),
410,
"The nCName attribute of the Configuration crossRef Object must equal to the config NC root.");
//MS-ADTS-Schema_R411
string dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower();
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
strReturn.ToLower(),
dnsRoot.ToLower(),
411,
"In AD/DS the dnsroot attribute of the Configuration crossRef Object must be the forest "
+ "root's fully qualified DNS name.");
//This is the crossRef child or crossRefObject
//MS-ADTS-Schema_R413
childEntry = dirPartitions.Children.Find("CN=Enterprise Schema");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
SchemaNC.ToLower(),
childEntry.Properties["nCName"].Value.ToString().ToLower(),
413,
"The nCName attribute of the Schema crossRef Object must equal to the Schema NC root.");
//MS-ADTS-Schema_R414
dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower();
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
strReturn.ToLower(),
dnsRoot.ToLower(),
414,
"In AD/DS the dnsroot attribute of the Schema crossRef Object must be the forest "
+ "root's fully qualified DNS name.");
//MS-ADTS-Schema_R852
if (!adAdapter.GetObjectByDN(SchemaNC, out dirPartitions))
{
DataSchemaSite.Assume.IsTrue(false, SchemaNC + " Object is not found in server");
}
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
childEntry.Properties["nCName"].Value.ToString(),
dirPartitions.Properties["distinguishedName"].Value.ToString(),
852,
"The nCName attribute of the crossRef object must equal the dsname of the NC root object.");
if (!adAdapter.GetObjectByDN("CN=Partitions," + configNC, out dirPartitions))
{
DataSchemaSite.Assume.IsTrue(false, "CN=Partitions," + configNC + " Object is not found in server");
}
foreach (DirectoryEntry partitionEntry in dirPartitions.Children)
{
if (partitionEntry.Properties["objectCategory"].Value.ToString().ToLower().Contains("cn=cross-ref"))
{
if (partitionEntry.Properties["nCName"].Value.ToString().Contains(adAdapter.PartitionPath))
{
partitionEntry.RefreshCache(new string[] { "msDS-SDReferenceDomain" });
if (partitionEntry.Properties.Contains("msDS-SDReferenceDomain") && partitionEntry.Properties["msDS-SDReferenceDomain"].Value != null)
{
//MS-ADTS-Schema_R422
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
adAdapter.rootDomainDN.ToLower(),
partitionEntry.Properties["msDS-SDReferenceDomain"].Value.ToString().ToLower(),
422,
"In AD/DS msDS-SDReferenceDomain attribute of the Application NC crossRef object,"
+ "references an NC root object for a domain. All security descriptors in this application NC "
+ "must use the NC represented as the reference domain for resolution.");
}
else
{
DataSchemaSite.Log.Add(LogEntryKind.Warning, "The value of msDS-SDReferenceDomain attribute of the Application NC crossRef object is null");
}
}
if (partitionEntry.Properties["nCName"].Value.ToString().Equals(adAdapter.rootDomainDN))
{
//MS-ADTS-Schema_R416
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
partitionEntry.Properties["name"].Value.ToString(),
partitionEntry.Properties["nETBIOSName"].Value.ToString(),
416,
"The name attribute of the Domain crossRef Object must be the Netbios name of the domain.");
//MS-ADTS-Schema_R417
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
adAdapter.rootDomainDN,
partitionEntry.Properties["nCName"].Value.ToString(),
417,
"The nCName attribute of the Domain crossRef Object must be reference to the Domain NC root.");
//MS-ADTS-Schema_R418
if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out domainEntry))
{
DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server");
}
DirectoryEntry domainChildEntry = new DirectoryEntry();
DataSchemaSite.CaptureRequirementIfIsTrue(
adAdapter.rootDomainDN.ToLower().Contains(partitionEntry.Properties["nETBIOSName"].Value.ToString().ToLower()),
418,
"The nETBIOSName attribute of the Domain crossRef Object must be the Netbios name of the domain.");
//MS-ADTS-Schema trustParent
DataSchemaSite.Assert.IsNull(
partitionEntry.Properties["trustParent"].Value,
"The trustParent attribute is not present on the root domain NC's crossRef object.");
//MS-ADTS-Schema_R419
systemFlag = partitionEntry.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_ATTR_NOT_REPLICATED|FLAG_ATTR_REQ_PARTIAL_SET_MEMBER");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
419,
@"The systemFlags attribute of the Domain crossRef Object must be FLAG_CR_NTDS_NC | FLAG_CR_NTDS_DOMAIN.");
}
if (partitionEntry.Properties["nCName"].Value.ToString().Equals(adAdapter.childDomainDN))
{
//MS-ADTS-Schema_R416
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
partitionEntry.Properties["name"].Value.ToString(),
partitionEntry.Properties["nETBIOSName"].Value.ToString(),
416,
"The name attribute of the Domain crossRef Object must be the Netbios name of the domain.");
//MS-ADTS-Schema_R417
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
adAdapter.childDomainDN,
partitionEntry.Properties["nCName"].Value.ToString(),
417,
"The nCName attribute of the Domain crossRef Object must be reference to the Domain NC root.");
//MS-ADTS-Schema_R418
if (!adAdapter.GetObjectByDN(adAdapter.childDomainDN, out domainEntry))
{
DataSchemaSite.Assume.IsTrue(false, adAdapter.childDomainDN + " Object is not found in server");
}
DirectoryEntry domainChildEntry = new DirectoryEntry();
DataSchemaSite.CaptureRequirementIfIsTrue(
adAdapter.childDomainDN.ToLower().Contains(partitionEntry.Properties["nETBIOSName"].Value.ToString().ToLower()),
418,
"The nETBIOSName attribute of the Domain crossRef Object must be the Netbios name of the domain.");
//MS-ADTS-Schema trustParent
DirectoryEntry parentEntry = new DirectoryEntry();
string netbiosDomain = adAdapter.PrimaryDomainNetBiosName;
parentEntry = dirPartitions.Children.Find(string.Format("CN={0}", netbiosDomain));
DataSchemaSite.Assert.AreEqual <string>(
parentEntry.Properties["distinguishedName"].Value.ToString(),
partitionEntry.Properties["trustParent"].Value.ToString(),
"For child NCs, the trustParent attribute value references the parent NC's crossRef object.");
//MS-ADTS-Schema_R419
systemFlag = partitionEntry.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_ATTR_NOT_REPLICATED|FLAG_ATTR_REQ_PARTIAL_SET_MEMBER");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
419,
@"The systemFlags attribute of the Domain crossRef Object must be FLAG_CR_NTDS_NC | FLAG_CR_NTDS_DOMAIN.");
}
}
}
//MS-ADTS-Schema_R420
dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower();
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
strReturn.ToLower(),
dnsRoot.ToLower(),
420,
"In AD/DS the the value for dnsRoot for an application NC crossRef is derived by syntactically "
+ "converting the DN portion of the crossRef's nCName into a fully qualified DNS name.");
}
// <summary>
/// This method validates the requirements under
/// SitesContainer Scenario.
/// </summary>
public void ValidateSitesContainer()
{
//Declaring the DirectoryEntry variables for holding the objects.
DirectoryEntry dirPartitions = new DirectoryEntry();
DirectoryEntry domainEntry = new DirectoryEntry();
DirectoryEntry childEntry = new DirectoryEntry();
string currDomain = adAdapter.rootDomainDN;
string configNC = "CN=Configuration," + currDomain;
string SchemaNC = "CN=Schema," + configNC;
string systemFlag = String.Empty;
int systemFlagVal;
//MS-ADTS-Schema_R423
if (!adAdapter.GetObjectByDN("CN=Sites," + configNC, out dirPartitions))
{
DataSchemaSite.Assume.IsTrue(false, "CN=Sites," + configNC + " Object is not found in server");
}
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Configuration",
dirPartitions.Parent.Name.ToString(),
423,
"Each forest contains a Sites container in the Config NC.");
//MS-ADTS-Schema_R425
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Configuration",
dirPartitions.Parent.Name.ToString(),
425,
"The parent of the Sites Container must be Config NC root object.");
//MS-ADTS-Schema_R426
DataSchemaSite.CaptureRequirementIfIsTrue(
dirPartitions.Properties["objectClass"].Contains((object)"sitesContainer"),
426,
"The objectClass attribute of the Sites Container must be sitesContainer.");
//MS-ADTS-Schema_R428
DirectoryEntries dirEntriesForValue = dirPartitions.Children;
bool isParentRoles = false;
foreach (DirectoryEntry child in dirEntriesForValue)
{
if (child.Parent.Name.ToString().Equals("CN=Sites"))
{
isParentRoles = true;
}
}
DataSchemaSite.CaptureRequirementIfIsTrue(
isParentRoles,
428,
"The parent of the Site Object must be Sites container.");
//MS-ADTS-Schema_R429
childEntry = dirPartitions.Children.Find("CN=Default-First-Site-Name");
DataSchemaSite.CaptureRequirementIfIsTrue(
childEntry.Properties["objectClass"].Contains((object)"site"),
429,
"The objectClass attribute of the Site Object must be Site.");
//MS-ADTS-Schema_R427
systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE|FLAG_DISALLOW_MOVE_ON_DELETE");
if (systemFlag != (systemFlagVal.ToString()))
{
isParseSystemFlagsValue = false;
}
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
427,
@"The SytemFlags attribute of the Sites Container must be
either of FLAG_DISALLOW_DELETE|FLAG_DISALLOW_MOVE_ON_DELETE.");
if (systemFlag != (systemFlagVal.ToString()))
{
isParseSystemFlagsValue = false;
}
//MS-ADTS-Schema_R430
systemFlag = childEntry.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME|FLAG_DISALLOW_MOVE_ON_DELETE");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
430,
@"The SytemFlags attribute of the Site Object must be
either of FLAG_CONFIG_ALLOW_RENAME|FLAG_DISALLOW_MOVE_ON_DELETE.");
if (systemFlag != (systemFlagVal.ToString()))
{
isParseSystemFlagsValue = false;
}
//MS-ADTS-Schema_R431
DirectoryEntry sitesEntry = new DirectoryEntry();
if (!adAdapter.GetObjectByDN("CN=Sites,CN=Configuration," + currDomain, out sitesEntry))
{
DataSchemaSite.Assume.IsTrue(
false,
"CN=Sites,CN=Configuration,"
+ currDomain
+ " Object is not found in server");
}
sitesEntry = sitesEntry.Children.Find("CN=Default-First-Site-Name");
DirectoryEntries sitesChildren = sitesEntry.Children;
foreach (DirectoryEntry child in sitesChildren)
{
PropertyValueCollection v = child.Properties["objectClass"];
if (child.Properties["objectClass"].Contains((object)"nTDSSiteSettings"))
{
//MS-ADTS-Schema_R432
// [Since objectClass (sitesEntry) contains nTDSSiteSettings, R432 is captured.]
DataSchemaSite.CaptureRequirement(
432,
"The objectClass attribute of the NTDS Site Settings Object must be nTDSSiteSettings.");
}
}
//MS-ADTS-Schema_R431
DataSchemaSite.Log.Add(LogEntryKind.Debug, "Verify MS-ADTS-Schema_R431");
DataSchemaSite.CaptureRequirementIfIsTrue(
sitesEntry.Parent.Name.ToString().Contains("CN=Sites"),
431,
"The parent of the NTDS Site Settings Object must be site object.");
//MS-ADTS-Schema_R457
if (!adAdapter.GetObjectByDN("CN=Subnets,CN=Sites," + configNC, out dirPartitions))
{
DataSchemaSite.Assume.IsTrue(
false,
"CN=Subnets,CN=Sites,"
+ configNC
+ " Object is not found in server");
}
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Sites",
dirPartitions.Parent.Name.ToString(),
457,
"Each forest contains a Subnets container in the config NC.");
//MS-ADTS-Schema_R458
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Sites",
dirPartitions.Parent.Name.ToString(),
458,
"The Parent of the Subnet container must be Sites container.");
//MS-ADTS-Schema_R459
DataSchemaSite.CaptureRequirementIfIsTrue(
dirPartitions.Properties["objectClass"].Contains((object)"subnetContainer"),
459,
"The ObjectClass attribute of the Subnet container must be subnetContainer.");
//MS-ADTS-Schema_R460
systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
460,
"The SystemFlags attribute of the Subnet container must be FLAG_DISALLOW_DELETE.");
if (systemFlag != (systemFlagVal.ToString()))
{
isParseSystemFlagsValue = false;
}
//MS-ADTS-Schema_R465
if (!adAdapter.GetObjectByDN("CN=Inter-Site Transports,CN=Sites," + configNC, out dirPartitions))
{
DataSchemaSite.Assume.IsTrue(
false,
"CN=Inter-Site Transports,CN=Sites,"
+ configNC
+ " Object is not found in server");
}
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Sites",
dirPartitions.Parent.Name.ToString(),
465,
"The Parent of the IP Transport Container must be Inter-Site Transports container.");
//MS-ADTS-Schema_R466
DataSchemaSite.CaptureRequirementIfIsTrue(
dirPartitions.Properties["objectClass"].Contains((object)"interSiteTransportContainer"),
466,
"The ObjectClass attribute of the Inter-Site Transports Container must be interSiteTransportContainer.");
//MS-ADTS-Schema_R467
systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
467,
"The SystemFlags attribute of the Inter-Site Transports Container must be FLAG_DISALLOW_DELETE.");
if (systemFlag != (systemFlagVal.ToString()))
{
isParseSystemFlagsValue = false;
}
//MS-ADTS-Schema_R468
childEntry = dirPartitions.Children.Find("CN=IP");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Inter-Site Transports",
childEntry.Parent.Name.ToString(),
468,
"The Parent of the IP Transport Container must be Inter-Site Transports container.");
//MS-ADTS-Schema_R469
DataSchemaSite.CaptureRequirementIfIsTrue(
childEntry.Properties["objectClass"].Contains((object)"interSiteTransport"),
469,
"The ObjectClass attribute of the IP Transport Container must be interSiteTransport.");
List <DirectoryAttribute> atts = new List <DirectoryAttribute>();
string ret = AdLdapClient.Instance().ConnectAndBind(
adAdapter.PDCNetbiosName,
adAdapter.PDCIPAddr,
Convert.ToInt32(adAdapter.ADDSPortNum),
adAdapter.DomainAdministratorName,
adAdapter.DomainUserPassword,
adAdapter.PrimaryDomainNetBiosName,
AuthType.Basic | AuthType.Kerberos);
if (ret.Equals("Success_STATUS_SUCCESS"))
{
atts.Add(new DirectoryAttribute("objectClass", new String[] { "top", "site" }));
string testDistinguishedName = "CN=test,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN;
AdLdapClient.Instance().AddObject(testDistinguishedName, atts, null);
atts.Clear();
atts.Add(new DirectoryAttribute("siteList", new String[] { "CN=test,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN }));
atts.Add(new DirectoryAttribute("objectClass", new String[] { "top", "siteLink" }));
string testLinkDistinguishedName = "CN=testlink,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN;
AdLdapClient.Instance().AddObject(testLinkDistinguishedName, atts, null);
atts.Clear();
atts.Add(new DirectoryAttribute("siteLinkList", new String[]
{ "CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN,
"CN=testLink,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN }));
atts.Add(new DirectoryAttribute("objectClass", new String[] { "top", "siteLinkBridge" }));
string testLinkBridgeDistinguishedName = "CN=testLinkBridge,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN;
string result = AdLdapClient.Instance().AddObject(testLinkBridgeDistinguishedName, atts, null);
DataSchemaSite.Assert.AreEqual <string>("Success_STATUS_SUCCESS", result, "create dynamic object {0} succeeded", testLinkBridgeDistinguishedName);
if (!adAdapter.GetObjectByDN("CN=Subnets,CN=Sites," + configNC, out dirPartitions))
{
DataSchemaSite.Assume.IsTrue(
false,
"CN=Subnets,CN=Sites,"
+ configNC
+ " Object is not found in server");
}
//MS-ADTS-Schema_R462,MS-ADTS-Schema_R463 and MS-ADTS-Schema_R464
//The Parent of the Subnet Object must be Subnets container.
DirectoryEntries subnetChilds;
subnetChilds = dirPartitions.Children;
foreach (DirectoryEntry child in subnetChilds)
{
DataSchemaSite.Log.Add(LogEntryKind.Debug, "Subnet name is a valid subnet name if:");
string name = child.Properties["name"].Value.ToString();
int count = name.Split('/').Length - 1;
DataSchemaSite.Assert.AreEqual(1, count, "1. There should be only one occurrence of the character \"/\" in subnet name:{0}.", name);
int i = name.IndexOf('/');
string s1 = name.Substring(0, i);
DataSchemaSite.Assert.AreNotEqual(0, s1.IndexOf('0'), "2. Let i be the index of the character \"/\" in name, the substring name[0, i-1]:{0} does not have any leading zeros.", s1);
System.Net.IPAddress subnetIP = null;
bool isValid = false;
isValid = System.Net.IPAddress.TryParse(s1, out subnetIP);
DataSchemaSite.Assert.IsTrue(isValid, "2. The substring name[0, i-1]:{0} should be either a valid IPv4 address in dotted decimal notation or a valid IPv6 address in colon-hexadecimal form or compressed form.", s1);
string s2 = name.Substring(i + 1);
DataSchemaSite.Assert.AreNotEqual(0, s2.IndexOf('0'), "3. The substring name[i+1, l-1]:{0} does not have any leading zeros.", s2);
uint n;
isValid = false;
isValid = uint.TryParse(s2, out n);
DataSchemaSite.Assert.IsTrue(isValid, "3. The substring name[i+1, l-1] should be able to be converted to an unsigned integer n:{0}.", n);
isValid = false;
if (subnetIP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
{
if (n > 0 && n <= 32)
{
isValid = true;
}
}
else if (subnetIP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6)
{
if (n > 0 && n <= 128)
{
isValid = true;
}
}
else
{
isValid = false;
}
DataSchemaSite.Assert.IsTrue(isValid, "4. When the address is in IPv4 format, 0 < n:{0} <= 32. When the address is in IPv6 format, 0 < n:{0} <= 128.", n);
uint[] bitMask = new uint[] { 0x00000000, 0x00000080, 0x000000C0, 0x000000E0, 0x000000F0, 0x000000F8, 0x000000FC, 0x000000FE, 0x000000FF, 0x000080FF, 0x0000C0FF, 0x0000E0FF, 0x0000F0FF, 0x0000F8FF, 0x0000FCFF, 0x0000FEFF, 0x0000FFFF, 0x0080FFFF, 0x00C0FFFF, 0x00E0FFFF, 0x00F0FFFF, 0x00F8FFFF, 0x00FCFFFF, 0x00FEFFFF, 0x00FFFFFF, 0x80FFFFFF, 0xC0FFFFFF, 0xE0FFFFFF, 0xF0FFFFFF, 0xF8FFFFFF, 0xFCFFFFFF, 0xFEFFFFFF, 0xFFFFFFFF };
if (subnetIP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
{
uint ipInt = BitConverter.ToUInt32(subnetIP.GetAddressBytes().Reverse().ToArray(), 0);
uint res = ipInt & (~bitMask[n]);
DataSchemaSite.Assert.AreEqual <uint>(0, res, "5. Let b be the binary representation of the address, when the address is in IPv4 format, b & (~BitMask[n]) = 0.");
DataSchemaSite.Assert.IsTrue(ipInt != bitMask[n], "6. When the address is in IPv4 format, b != BitMask[n].");
}
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Subnets",
child.Parent.Name.ToString(),
462,
"The Parent of the Subnet Object must be Subnets container.");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"subnet",
child.SchemaClassName,
463,
"The ObjectClass attribute of the Subnet Object must be Subnet.");
systemFlag = child.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
464,
"The SystemFlags attribute of the Subnet must be FLAG_CONFIG_ALLOW_RENAME.");
}
//MS-ADTS-Schema_R476,MS-ADTS-Schema_R477 and MS-ADTS-Schema_R478
subnetChilds = childEntry.Children;
foreach (DirectoryEntry child in subnetChilds)
{
if (child.SchemaClassName.ToLower() == "siteLinkBridge".ToLower())
{
DataSchemaSite.CaptureRequirementIfIsTrue(
child.Properties["objectClass"].Contains("siteLinkBridge"),
476,
"The ObjectClass attribute of the Site Link Bridge Object must be siteLinkBridge.");
systemFlag = child.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
477,
"The SystemFlags attribute of the Site Link Bridge Object must be FLAG_CONFIG_ALLOW_RENAME.");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=IP",
child.Parent.Name.ToString(),
478,
@"The Parent of the Site Link Bridge Object must be
Either IP Transport container or SMTP Transport container.");
}
}
if (!AdLdapClient.Instance().DeleteObject(testLinkBridgeDistinguishedName, null).Equals("Success_STATUS_SUCCESS"))
{
DataSchemaSite.Assume.Fail("The created dynamic object" + testLinkBridgeDistinguishedName + " can not be deleted.");
}
if (!AdLdapClient.Instance().DeleteObject(testLinkDistinguishedName, null).Equals("Success_STATUS_SUCCESS"))
{
DataSchemaSite.Assume.Fail("The created dynamic object" + testLinkDistinguishedName + " can not be deleted.");
}
if (!AdLdapClient.Instance().DeleteObject(testDistinguishedName, null).Equals("Success_STATUS_SUCCESS"))
{
DataSchemaSite.Assume.Fail("The created dynamic object" + testDistinguishedName + " can not be deleted.");
}
}
else
{
DataSchemaSite.Assume.Fail("It's failed to connect and bind to AD/DS ");
}
AdLdapClient.Instance().Unbind();
//MS-ADTS-Schema_R472
domainEntry = childEntry.Children.Find("CN=DEFAULTIPSITELINK");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=IP",
domainEntry.Parent.Name.ToString(),
472,
@"The Parent of the Site Link Bridge Object must be
Either IP Transport container or SMTP Transport container.");
//MS-ADTS-Schema_R473
DataSchemaSite.CaptureRequirementIfIsTrue(
domainEntry.Properties["objectClass"].Contains((object)"siteLink"),
473,
"The ObjectClass attribute of the Site Link Object must be siteLink.");
//MS-ADTS-Schema_R474
systemFlag = domainEntry.Properties["systemFlags"].Value.ToString();
systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
systemFlagVal.ToString(),
systemFlag,
474,
"The SystemFlags attribute of the Site Link Object must be FLAG_CONFIG_ALLOW_RENAME.");
if (systemFlag != (systemFlagVal.ToString()))
{
isParseSystemFlagsValue = false;
}
if (!adAdapter.GetObjectByDN("CN=Inter-Site Transports,CN=Sites," + configNC, out dirPartitions))
{
DataSchemaSite.Assume.IsTrue(
false,
"CN=Inter-Site Transports,CN=Sites,"
+ configNC
+ " Object is not found in server");
}
//MS-ADTS-Schema_R470
childEntry = dirPartitions.Children.Find("CN=SMTP");
DataSchemaSite.CaptureRequirementIfAreEqual <string>(
"CN=Inter-Site Transports",
childEntry.Parent.Name.ToString(),
470,
"The Parent of the SMTP Transport Container must be Inter-Site Transports container.");
//MS-ADTS-Schema_R471
DataSchemaSite.CaptureRequirementIfIsTrue(
childEntry.Properties["objectClass"].Contains((object)"interSiteTransport"),
471,
"The ObjectClass attribute of the SMTP Transport Container must be interSiteTransport.");
}
