public void DRSR_DRSReadNgcKey_V1_Success()
{
DrsrTestChecker.Check();
EnvironmentConfig.Machine dcServer = EnvironmentConfig.Machine.WritableDC1;
DsServer dcServerMachine = (DsServer)EnvironmentConfig.MachineStore[dcServer];
uint? outVersion;
DRS_MSG_READNGCKEYREPLY?outMessage;
string newObjDN = ldapAdapter.TestAddComputerObj(dcServerMachine);
AddObjectUpdate addUpdate = new AddObjectUpdate(dcServer, newObjDN);
updateStorage.PushUpdate(addUpdate);
string ngcKey = newObjDN;
ResultCode r = ldapAdapter.SetNgcKey(dcServerMachine, newObjDN, ngcKey);
BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, r, "IDL_DRSReadNgcKey: modify the msDS-KeyCredentialLink of " + newObjDN);
BaseTestSite.Log.Add(LogEntryKind.Comment, "IDL_DRSBind: Binding to DC server: {0}", dcServer);
uint ret = drsTestClient.DrsBind(dcServer, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSBind: Checking return value - got: {0}, expect: 0, should return 0 with a success bind to DC", ret);
ret = drsTestClient.DrsReadNgcKey(dcServer, (uint)1, newObjDN, out outVersion, out outMessage);
BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSReadNgcKey: Checking return value - got: {0}, expect: 0, should return 0 if successful.", ret);
string readNgcKey = Encoding.Unicode.GetString(outMessage.Value.V1.pNgcKey);
BaseTestSite.Assert.AreEqual <string>(ngcKey, readNgcKey, "IDL_DRSReadNgcKey: Checking Ngc Key on an object - got: {0}, expect: {1}", readNgcKey, ngcKey);
}
public void DRSR_DRSCloneDC_V1_Success()
{
DrsrTestChecker.Check();
DsServer svr = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
AddObjectUpdate machineAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
svr.ComputerObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName));
updateStorage.PushUpdate(machineAccount);
AddObjectUpdate ntdsContainerAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
"CN=" + EnvironmentConfig.ClonedDCNetbiosName + "," + DrsrHelper.GetParentDNFromChildDN(DrsrHelper.GetParentDNFromChildDN(svr.NtdsDsaObjectName)));
updateStorage.PushUpdate(ntdsContainerAccount);
AddObjectUpdate ntdsAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
svr.NtdsDsaObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName));
updateStorage.PushUpdate(ntdsAccount);
BaseTestSite.Assert.IsTrue(ldapAdapter.GrantControlAccess(svr,
EnvironmentConfig.UserStore[EnvironmentConfig.User.MainDCAccount],
svr.Domain.Name,
System.DirectoryServices.ActiveDirectoryRights.ExtendedRight,
System.Security.AccessControl.AccessControlType.Allow,
DRSConstants.ExtendRights.DSCloneDomainController),
"Grant control access to clone DC firstly");
drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.MainDCAccount, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
drsTestClient.DrsAddCloneDC(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.ClonedDCNetbiosName, svr.Site.CN);
}
public void DRSR_DRSGetNCChanges_Failed_NoStrongEncryptionByClient()
{
DrsrTestChecker.Check();
EnvironmentConfig.Machine dcServer = EnvironmentConfig.Machine.WritableDC1;
EnvironmentConfig.Machine dcPartner = EnvironmentConfig.Machine.WritableDC2;
DsServer dcServerMachine = (DsServer)EnvironmentConfig.MachineStore[dcServer];
DsServer dcPartnerMachine = (DsServer)EnvironmentConfig.MachineStore[dcPartner];
NamingContext specifiedNC = NamingContext.DomainNC;
string userdn = ldapAdpter.TestAddUserObj(dcServerMachine);
AddObjectUpdate aou = new AddObjectUpdate(dcServer, userdn);
updateStorage.PushUpdate(aou);
string groupdn = DRSTestData.DRSGetNCChange_ExistGroup + "," + LdapUtility.ConvertUshortArrayToString(((AddsDomain)dcServerMachine.Domain).DomainNC.StringName);
DRS_OPTIONS ulFlags = DRS_OPTIONS.NONE;
try
{
ldapAdpter.RemoveObjectFromGroup(dcServerMachine, userdn, groupdn);
}
catch
{
//it's OK if user is not in group
}
drsTestClient.SyncDCs(dcServer, dcServer);
//add a user to group dn
BaseTestSite.Log.Add(LogEntryKind.Comment, "Add user dn {0} to group dn {1} on DC {2}", userdn, groupdn, dcServer);
ResultCode addret = ldapAdpter.AddObjectToGroup(dcServerMachine, userdn, groupdn);
BaseTestSite.Assert.IsTrue(addret == ResultCode.Success, "add userdn {0} to group dn {1} failed", userdn, groupdn);
AddObjectUpdate adduserUpdate = new AddObjectUpdate(dcServer, userdn);
updateStorage.PushUpdate(adduserUpdate);
DRS_EXTENSIONS_IN_FLAGS clientCapbilities = DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6; // not contains | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION;
BaseTestSite.Log.Add(LogEntryKind.Comment, "Bind to DC server: {0}", dcServer);
uint ret = drsTestClient.DrsBind(dcServer, EnvironmentConfig.User.WritableDC2Account, clientCapbilities);
BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSBind should return 0 with a success bind to DC");
BaseTestSite.Log.Add(LogEntryKind.Comment,
"Calling IDL_DRSNCChanges (V8 request) to get changes for a specified NC from a DC server. The reply compression is not required.");
uint?outVersion;
DRS_MSG_GETCHGREPLY?outMessage;
ret = drsTestClient.DrsGetNCChanges(
dcServer,
DrsGetNCChanges_Versions.V8,
dcPartner,
ulFlags,
specifiedNC,
EXOP_REQ_Codes.None,
FSMORoles.None,
null,
out outVersion,
out outMessage);
BaseTestSite.Assert.AreNotEqual <uint>(0, ret, "IDL_DRSGetNCChanges should not return 0x0 for failure");
BaseTestSite.Assert.AreEqual <uint>((uint)Win32ErrorCode_32.SEC_E_ALGORITHM_MISMATCH, ret, "Verify error code detail: IDL_DRSNCChanges should return SEC_E_ALGORITHM_MISMATCH due to DRS_EXT_STRONG_ENCRYPTION not included in bind.");
}
