/// <summary> /// Finds all immediate child objects of a container. /// </summary> /// <param name="distinguishedName"></param> /// <param name="containerName"></param> /// <returns></returns> public IEnumerable <TypedPrincipal> GetContainerChildObjects(string distinguishedName, string containerName = "") { var filter = new LDAPFilter().AddComputers().AddUsers().AddGroups().AddOUs().AddContainers(); foreach (var childEntry in _utils.QueryLDAP(filter.GetFilter(), SearchScope.OneLevel, CommonProperties.ObjectID, Helpers.DistinguishedNameToDomain(distinguishedName), adsPath: distinguishedName)) { var dn = childEntry.DistinguishedName; if (IsDistinguishedNameFiltered(dn)) { _log.LogTrace("Skipping filtered child {Child} for {Container}", dn, containerName); continue; } var id = childEntry.GetObjectIdentifier(); if (id == null) { _log.LogTrace("Got null ID for {ChildDN} under {Container}", childEntry.DistinguishedName, containerName); continue; } var res = _utils.ResolveIDAndType(id, Helpers.DistinguishedNameToDomain(dn)); if (res == null) { _log.LogTrace("Failed to resolve principal for {ID}", id); continue; } yield return(res); } }
/// <summary> /// Processes domain trusts for a domain object /// </summary> /// <param name="domain"></param> /// <returns></returns> public IEnumerable <DomainTrust> EnumerateDomainTrusts(string domain) { var query = CommonFilters.TrustedDomains; foreach (var result in _utils.QueryLDAP(query, SearchScope.Subtree, CommonProperties.DomainTrustProps, domain)) { var trust = new DomainTrust(); var targetSidBytes = result.GetByteProperty(LDAPProperties.SecurityIdentifier); if (targetSidBytes == null || targetSidBytes.Length == 0) { _log.LogTrace("Trust sid is null or empty for target: {Domain}", domain); continue; } string sid; try { sid = new SecurityIdentifier(targetSidBytes, 0).Value; } catch { _log.LogTrace("Failed to convert bytes to SID for target: {Domain}", domain); continue; } trust.TargetDomainSid = sid; if (int.TryParse(result.GetProperty(LDAPProperties.TrustDirection), out var td)) { trust.TrustDirection = (TrustDirection)td; } else { _log.LogTrace("Failed to convert trustdirection for target: {Domain}", domain); continue; } TrustAttributes attributes; if (int.TryParse(result.GetProperty(LDAPProperties.TrustAttributes), out var ta)) { attributes = (TrustAttributes)ta; } else { _log.LogTrace("Failed to convert trustattributes for target: {Domain}", domain); continue; } trust.IsTransitive = (attributes & TrustAttributes.NonTransitive) == 0; var name = result.GetProperty(LDAPProperties.CanonicalName)?.ToUpper(); if (name != null) { trust.TargetDomainName = name; } trust.SidFilteringEnabled = (attributes & TrustAttributes.FilterSids) != 0; trust.TrustType = TrustAttributesToType(attributes); yield return(trust); } }