Exemple #1
0
 public static void OutputDomainFindingInfoToConsoleForDomainOnMachine(string machine, string domain)
 {
     OutputToConsole(0, "Outputting domain networking information for domain {0} retrieved from {1}", domain, string.IsNullOrEmpty(machine) ? "localhost" : machine);
     try
     {
         var dci = NativeWrapped.GetDc(domain, DsFlag.DS_RETURN_DNS_NAME | DsFlag.DS_ONLY_LDAP_NEEDED, machine);
         OutputToConsole(1, "Results from DsGetDcName:");
         OutputToConsole(2, "{0}:\t{1}", "ClientSiteName", dci.ClientSiteName);
         OutputToConsole(2, "{0}:\t{1}", "DcSiteName", dci.DcSiteName);
         OutputToConsole(2, "{0}:\t{1}", "DnsForestName", dci.DnsForestName);
         OutputToConsole(2, "{0}:\t{1}", "DomainControllerAddress", dci.DomainControllerAddress);
         OutputToConsole(2, "{0}:\t{1}", "DomainControllerAddressType", dci.DomainControllerAddressType);
         OutputToConsole(2, "{0}:\t{1}", "DomainControllerName", dci.DomainControllerName);
         OutputToConsole(2, "{0}:\t{1}", "DomainGuid", dci.DomainGuid);
         OutputToConsole(2, "{0}:\t{1}", "DomainName", dci.DomainName);
         OutputToConsole(2, "{0}:\t{1}", "Flags", string.Join(", ", GetFlagsFromEnum <DsReturnFlags>(dci.Flags)));
         OutputNetworkResolutionInformationToConsole(2, dci.DomainControllerAddress);
         OutputToConsole(1, "Results from DsGetDcNext for {0}:", dci.DomainName);
         //Note: The following won't get results from RoDCs
         var dcs = NativeWrapped.EnumerateDCs(dci.DomainName, DsFlag.None);
         foreach (var dc in dcs)
         {
             OutputNetworkResolutionInformationToConsole(2, dc);
         }
     }
     catch (Exception ex)
     {
         OutputToConsole(0, "Error outputting domain information for {0} retrieved from {2}:\t{1}", domain, ex, string.IsNullOrEmpty(machine) ? "localhost" : machine);
     }
 }
Exemple #2
0
        /// <summary>
        /// Validates credentials using TLS
        /// </summary>
        /// <param name="username">User name</param>
        /// <param name="domainname">Domain name</param>
        /// <param name="password">User Password</param>
        /// <param name="serverNameUsed">Name of the server used; if return value is false and this is null, no server that could use TLS was found for the domain</param>
        /// <returns>Success in validating the credentials</returns>
        public static bool ValidateCredentialsTLS(string username, string domainname, string password, out string serverNameUsed)
        {
            //Reference port numbers = https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
            int LdapSSLPort   = 636;
            int LdapGcSSLPort = 3269;

            foreach (var dc in NativeWrapped.EnumerateDCs(domainname, DsFlag.DS_ONLY_LDAP_NEEDED))
            {
                if (TryConnect(dc, LdapSSLPort))
                {
                    serverNameUsed = dc;
                    try
                    {
                        return(ValidateCredentials(username, domainname, password, dc, ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind));
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("Failed validating credentials for {0} on {1}:\t{2}", username, dc, ex);
                        try
                        {
                            return(ManuallyValidateTLSCredentials(username, domainname, password, dc, LdapSSLPort));
                        }
                        catch (Exception ex2)
                        {
                            Console.WriteLine("Failed manually validating credentials for {0} on {1}:\t{2}", username, dc, ex2);
                        }
                    }
                }
                else if (TryConnect(dc, LdapGcSSLPort))
                {
                    serverNameUsed = dc;
                    //You could roll your own validator using LDAPConnection for this if you wanted and as I have done for a fallback on
                    //the above where the ldap options set for the session within the .NET library can cause credential validation to fail,
                    //but the ValidateCredentials method is hard coded to the other port
                    try
                    {
                        return(ManuallyValidateTLSCredentials(username, domainname, password, dc, LdapGcSSLPort));
                    }
                    catch (Exception ex2)
                    {
                        Console.WriteLine("Failed manually validating credentials for {0} on {1}:\t{2}", username, dc, ex2);
                    }
                }
            }
            serverNameUsed = null;
            return(false);
        }