/// <summary>
/// Finds all immediate child objects of a container.
/// </summary>
/// <param name="distinguishedName"></param>
/// <param name="containerName"></param>
/// <returns></returns>
public IEnumerable <TypedPrincipal> GetContainerChildObjects(string distinguishedName, string containerName = "")
{
var filter = new LDAPFilter().AddComputers().AddUsers().AddGroups().AddOUs().AddContainers();
foreach (var childEntry in _utils.QueryLDAP(filter.GetFilter(), SearchScope.OneLevel,
CommonProperties.ObjectID, Helpers.DistinguishedNameToDomain(distinguishedName),
adsPath: distinguishedName))
{
var dn = childEntry.DistinguishedName;
if (IsDistinguishedNameFiltered(dn))
{
_log.LogTrace("Skipping filtered child {Child} for {Container}", dn, containerName);
continue;
}
var id = childEntry.GetObjectIdentifier();
if (id == null)
{
_log.LogTrace("Got null ID for {ChildDN} under {Container}", childEntry.DistinguishedName,
containerName);
continue;
}
var res = _utils.ResolveIDAndType(id, Helpers.DistinguishedNameToDomain(dn));
if (res == null)
{
_log.LogTrace("Failed to resolve principal for {ID}", id);
continue;
}
yield return(res);
}
}
/// <summary>
/// Processes domain trusts for a domain object
/// </summary>
/// <param name="domain"></param>
/// <returns></returns>
public IEnumerable <DomainTrust> EnumerateDomainTrusts(string domain)
{
var query = CommonFilters.TrustedDomains;
foreach (var result in _utils.QueryLDAP(query, SearchScope.Subtree, CommonProperties.DomainTrustProps,
domain))
{
var trust = new DomainTrust();
var targetSidBytes = result.GetByteProperty(LDAPProperties.SecurityIdentifier);
if (targetSidBytes == null || targetSidBytes.Length == 0)
{
_log.LogTrace("Trust sid is null or empty for target: {Domain}", domain);
continue;
}
string sid;
try
{
sid = new SecurityIdentifier(targetSidBytes, 0).Value;
}
catch
{
_log.LogTrace("Failed to convert bytes to SID for target: {Domain}", domain);
continue;
}
trust.TargetDomainSid = sid;
if (int.TryParse(result.GetProperty(LDAPProperties.TrustDirection), out var td))
{
trust.TrustDirection = (TrustDirection)td;
}
else
{
_log.LogTrace("Failed to convert trustdirection for target: {Domain}", domain);
continue;
}
TrustAttributes attributes;
if (int.TryParse(result.GetProperty(LDAPProperties.TrustAttributes), out var ta))
{
attributes = (TrustAttributes)ta;
}
else
{
_log.LogTrace("Failed to convert trustattributes for target: {Domain}", domain);
continue;
}
trust.IsTransitive = (attributes & TrustAttributes.NonTransitive) == 0;
var name = result.GetProperty(LDAPProperties.CanonicalName)?.ToUpper();
if (name != null)
{
trust.TargetDomainName = name;
}
trust.SidFilteringEnabled = (attributes & TrustAttributes.FilterSids) != 0;
trust.TrustType = TrustAttributesToType(attributes);
yield return(trust);
}
}
