/// <summary>
/// Returns true if the domain identified by sid is in a forest trusted by the caller's forest,
/// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise.
/// </summary>
/// <param name="dc"></param>
/// <param name="sid">The SID of a domain.</param>
/// <returns></returns>
static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid)
{
FOREST_TRUST_INFORMATION f;
bool b;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string[] tdos = LdapUtility.GetAttributeValuesString(
dc,
rootDse.rootDomainNamingContext,
"distinguishedName",
"(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
System.DirectoryServices.Protocols.SearchScope.Subtree);
foreach (string o in tdos)
{
byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
{
return(false);
}
foreach (Record e in f.Records)
{
if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo &&
(DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) &&
((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0))
{
b = true;
foreach (Record g in f.Records)
{
if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx &&
(g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 &&
(
((RecordTopLevelName)g.ForestTrustData).TopLevelName
== ((RecordDomainInfo)e.ForestTrustData).DnsName
||
TrustInfo.IsSubdomainOf(
((RecordDomainInfo)e.ForestTrustData).DnsName,
((RecordTopLevelName)g.ForestTrustData).TopLevelName)
)
)
{
b = false;
break;
}
}
if (b)
{
return(true);
}
}
}
}
return(false);
}
static bool IsDomainDnsNameInTrustedForest(DsServer dc, string name, ref string referredDomain)
{
FOREST_TRUST_INFORMATION f;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string[] tdos = LdapUtility.GetAttributeValuesString(
dc,
rootDse.rootDomainNamingContext,
"distinguishedName",
"(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
System.DirectoryServices.Protocols.SearchScope.Subtree);
if (tdos == null)
{
return(false);
}
foreach (string o in tdos)
{
byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
{
return(false);
}
foreach (Record e in f.Records)
{
if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo)
{
RecordDomainInfo ee = (RecordDomainInfo)e.ForestTrustData;
if (ee.DnsName == name &&
(e.Flags & (uint)TrustInfo.FOREST_TRUST_RECORD_FLAGS_DOMAIN_INFO.LSA_SID_DISABLED_ADMIN) == 0 &&
(e.Flags & (uint)TrustInfo.FOREST_TRUST_RECORD_FLAGS_DOMAIN_INFO.LSA_SID_DISABLED_CONFLICT) == 0 &&
ForestTrustOwnsName(f, ee.DnsName))
{
referredDomain = (string)LdapUtility.GetAttributeValue(dc, o, "trustPartner");
return(true);
}
}
}
}
return(false);
}