void aliasTestPrerequisite() { Site.Log.Add(LogEntryKind.TestStep, "SamrBind-->SamrConnect5-->SamrOpenDomain"); ConnectAndOpenDomain(_samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle); try { AdLdapClient.Instance().ConnectAndBind(_samrProtocolAdapter.pdcNetBIOSName, System.Net.IPAddress.Parse(_samrProtocolAdapter.PDCIPAddress), 389, _samrProtocolAdapter.DomainAdministratorName, _samrProtocolAdapter.DomainUserPassword, _samrProtocolAdapter.primaryDomainFqdn, AuthType.Kerberos); string result = AdLdapClient.Instance().DeleteObject("cn=" + testAliasName + "," + _samrProtocolAdapter.primaryDomainUserContainerDN, null); } catch { } }
/// <summary> /// This method validates the requirements under /// QueryNC Scenario. /// </summary> public void ValidateQueryNC() { //Variables holding the directory entries required. DirectoryEntry dirEntry = new DirectoryEntry(); DirectoryEntry schemaEntry = new DirectoryEntry(); DirectoryEntry serverDirEntry = new DirectoryEntry(); DirectoryEntry partitionsDirEntry = new DirectoryEntry(); if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out dirEntry)) { DataSchemaSite.Assert.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server"); } //MS-ADTS-Schema_R853 DataSchemaSite.CaptureRequirementIfIsTrue( dirEntry.Properties.Contains("nTMixedDomain"), 853, "The attribute nTMixedDomain is present on each domain NC root object."); if (!adAdapter.GetObjectByDN("CN=Configuration," + adAdapter.rootDomainDN, out dirEntry)) { DataSchemaSite.Assert.IsTrue( false, "CN=Configuration," + adAdapter.rootDomainDN + " Object is not found in server"); } if (!adAdapter.GetObjectByDN("CN=Schema,CN=Configuration," + adAdapter.rootDomainDN, out schemaEntry)) { DataSchemaSite.Assert.IsTrue( false, "CN=Schema,CN=Configuration," + adAdapter.rootDomainDN + " Object is not found in server"); } if (!adAdapter.GetObjectByDN("CN=" + adAdapter.PDCNetbiosName + ",OU=Domain Controllers," + adAdapter.rootDomainDN, out dirEntry)) { DataSchemaSite.Assert.IsTrue( false, "CN=" + adAdapter.PDCNetbiosName + ",OU=Domain Controllers," + adAdapter.rootDomainDN + " Object is not found in server"); } if (!adAdapter.GetObjectByDN( "CN=" + adAdapter.PDCNetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN, out serverDirEntry)) { DataSchemaSite.Assert.IsTrue( false, "CN=" + adAdapter.PDCNetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN + " Object is not found in server"); } //Validate the objectVersion of Schema NC if (serverOS == OSVersion.WinSvr2008) { DataSchemaSite.Assert.AreEqual <string>("44", schemaEntry.Properties["objectVersion"].Value.ToString(), "The objectVersion of {0} should be 44.", serverOS); } else if (serverOS == OSVersion.WinSvr2008R2) { DataSchemaSite.Assert.AreEqual <string>("47", schemaEntry.Properties["objectVersion"].Value.ToString(), "The objectVersion of {0} should be 47.", serverOS); } else if (serverOS == OSVersion.WinSvr2012) { DataSchemaSite.Assert.AreEqual <string>("56", schemaEntry.Properties["objectVersion"].Value.ToString(), "The objectVersion of {0} should be 56.", serverOS); } else if (serverOS == OSVersion.WinSvr2012R2) { DataSchemaSite.Assert.AreEqual <string>("69", schemaEntry.Properties["objectVersion"].Value.ToString(), "The objectVersion of {0} should be 69.", serverOS); } else if (serverOS == OSVersion.Win2016) { DataSchemaSite.Assert.AreEqual <string>("87", schemaEntry.Properties["objectVersion"].Value.ToString(), "The objectVersion of {0} should be 87.", serverOS); } else if (serverOS >= OSVersion.Winv1803) { DataSchemaSite.Assert.AreEqual <string>("88", schemaEntry.Properties["objectVersion"].Value.ToString(), "The objectVersion of {0} should be 88.", serverOS); } //MS-ADTS-Schema_R848 DataSchemaSite.CaptureRequirementIfAreEqual <string>( dirEntry.Properties["dNSHostName"].Value.ToString(), serverDirEntry.Properties["dNSHostName"].Value.ToString(), 848, @"On AD/DS, the dNSHostName attribute of the domain controller object must equal the dNSHostName attribute of the server object."); //MS-ADTS-Schema_R847 DataSchemaSite.CaptureRequirementIfAreEqual <string>( dirEntry.Properties["distinguishedName"].Value.ToString(), serverDirEntry.Properties["serverReference"].Value.ToString(), 847, @"On AD/DS, the attribute serverReference on the server object must equal the dsname of the domain controller object."); //MS-ADTS-Schema_R845 DataSchemaSite.CaptureRequirementIfAreEqual <string>( adAdapter.PDCNetbiosName.ToLower(), serverDirEntry.Properties["cn"].Value.ToString().ToLower(), 845, "On AD/DS, the name of the server object is the computer name of the DC."); //MS-ADTS-Schema_R849 DataSchemaSite.CaptureRequirementIfAreEqual <string>( dirEntry.Properties["dNSHostName"].Value.ToString(), serverDirEntry.Properties["dNSHostName"].Value.ToString(), 849, @"The dNSHostName attribute of the server object must equal the DNS Hostname of the computer that is physically the DC."); //MS-ADTS-Schema_R850 PropertyValueCollection val = dirEntry.Properties["servicePrincipalName"]; foreach (string value in val) { // Extract the hostname string partvar = value.Substring(value.IndexOf('/') + 1); string hostname = (partvar.IndexOf('/') == -1) ? partvar : partvar.Substring(0, partvar.IndexOf('/')); // Ignore the port number if (hostname.Contains(":")) { hostname = hostname.Substring(0, hostname.IndexOf(':')); } // If it is a DNS hostname if (hostname.Contains(".") && !hostname.Contains("_msdcs")) { DataSchemaSite.CaptureRequirementIfIsTrue( hostname.ToLower().Equals(dirEntry.Properties["dNSHostName"].Value.ToString().ToLower()), 850, @"On AD/DS, every value of the servicePrincipalName attribute of the domain controller object, which has a DNS Hostname as the instance name should have instance name equal to the dNSHostName of the domain controller object."); } } if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out dirEntry)) { DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server"); } DirectoryEntry entry = new DirectoryEntry("LDAP://" + adAdapter.PDCNetbiosName + "/rootDSE"); DirectoryEntry applicationEntry = new DirectoryEntry(); DirectoryEntry ncEntry = new DirectoryEntry(); PropertyValueCollection allNCs = entry.Properties["namingContexts"]; HashSet <string> collectionOfNCs = new HashSet <string>(); bool rootDomainNCAsChild = false, domainOfApplicationNC = false; foreach (string eachNC in allNCs) { if (collectionOfNCs.Contains(eachNC)) { collectionOfNCs.Add(eachNC); } collectionOfNCs.Add(eachNC); } if (!Utilities.IsObjectExist(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, adAdapter.PDCNetbiosName, adAdapter.ADDSPortNum, adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword)) { //To create the Application NC in the Active Directory. AdLdapClient.Instance().ConnectAndBind(adAdapter.PDCNetbiosName, adAdapter.PDCIPAddr, Convert.ToInt32(adAdapter.ADDSPortNum), adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword, adAdapter.PrimaryDomainDnsName, AuthType.Basic | AuthType.Kerberos); List <DirectoryAttribute> attrs = new List <DirectoryAttribute>(); attrs.Add(new DirectoryAttribute("instancetype:5")); attrs.Add(new DirectoryAttribute("objectclass:domainDNS")); AdLdapClient.Instance().AddObject(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, attrs, null); AdLdapClient.Instance().Unbind(); } if (!adAdapter.GetObjectByDN( adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, out applicationEntry)) { DataSchemaSite.Assume.IsTrue( false, adAdapter.PartitionPath + "," + adAdapter.rootDomainDN + " Object is not found in server"); } foreach (DirectoryEntry eachChild in applicationEntry.Children) { if (eachChild.Name == adAdapter.rootDomainDN) { domainOfApplicationNC = true; } } //MS-ADTS-Schema_R8 DataSchemaSite.CaptureRequirementIfIsTrue( !domainOfApplicationNC, 8, "In a forest, the Domain NC must not be a child of application NC."); bool sidofdomainNCnotnull = false; bool sidofcongNcnull = false; bool sidofschemaNcnull = false; bool sidofapplicationNcnull = false; bool isDomainNc = false; bool isConfigurationNc = false; bool isSchemaNc = false; bool isApplicationNc = false; //Get all NC objects foreach (string singleNC in collectionOfNCs) { if (adAdapter.GetObjectByDN(singleNC, out ncEntry)) { //Get SID of this NC object objectSid = ncEntry.Properties["objectSid"].Value; if (objectSid != null) { System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier((byte[])objectSid, 0); sidofdomainNCnotnull = true; } if (ncEntry.Properties["distinguishedName"].Value.ToString().Equals(adAdapter.rootDomainDN, StringComparison.OrdinalIgnoreCase)) { isDomainNc = true; } else if (ncEntry.Name == "CN=Configuration") { isConfigurationNc = true; if (objectSid == null) { sidofcongNcnull = true; } } else if (ncEntry.Name == "CN=Schema") { isSchemaNc = true; if (objectSid == null) { sidofschemaNcnull = true; } } else { isApplicationNc = true; if (objectSid == null) { sidofapplicationNcnull = true; } } } } //Verify MS-AD_Schema requirement: MS-AD_Schema_R4557. DataSchemaSite.CaptureRequirementIfIsTrue( isDomainNc, 4557, @"[NC, NC Replica]Active Directory supports four NC types: Domain NC."); //Verify MS-AD_Schema requirement: MS-AD_Schema_R4558. DataSchemaSite.CaptureRequirementIfIsTrue( sidofdomainNCnotnull, 4558, @"[NC, NC Replica]The sid field of a domain NC is not NULL."); //Verify MS-AD_Schema requirement: MS-AD_Schema_R4559. DataSchemaSite.CaptureRequirementIfIsTrue( isConfigurationNc, 4559, @"[NC, NC Replica]Active Directory supports four NC types: Config NC."); //Verify MS-AD_Schema requirement: MS-AD_Schema_R4560. DataSchemaSite.CaptureRequirementIfIsTrue( sidofcongNcnull, 4560, @"[NC, NC Replica]The sid field of a config NC is NULL."); //Verify MS-AD_Schema requirement: MS-AD_Schema_R4561. DataSchemaSite.CaptureRequirementIfIsTrue( isSchemaNc, 4561, @"[NC, NC Replica]Active Directory supports four NC types: Schema NC."); //Verify MS-AD_Schema requirement: MS-AD_Schema_R4562. DataSchemaSite.CaptureRequirementIfIsTrue( sidofschemaNcnull, 4562, @"[NC, NC Replica]The sid field of a schema NC is NULL."); //Verify MS-AD_Schema requirement: MS-AD_Schema_R4564. DataSchemaSite.CaptureRequirementIfIsTrue( sidofapplicationNcnull, 4564, @"[NC, NC Replica]The sid field of an application NC is NULL."); // //Verify MS-AD_Schema requirement: MS-AD_Schema_R4563. // DataSchemaSite.CaptureRequirementIfIsTrue( isApplicationNc, 4563, @"[NC, NC Replica]Active Directory supports four NC types: Application NC."); if (!adAdapter.GetObjectByDN( "CN=Partitions,CN=Configuration," + adAdapter.rootDomainDN, out partitionsDirEntry)) { DataSchemaSite.Assume.IsTrue( false, "CN=Partitions,CN=Configuration," + adAdapter.rootDomainDN + " Object is not found in server"); } foreach (DirectoryEntry eachNC in partitionsDirEntry.Children) { if (eachNC.Properties["msDS-SDReferenceDomain"].Value != null) { if (dirEntry.Properties["distinguishedName"].Value.ToString() == eachNC.Properties["distinguishedName"].Value.ToString()) { rootDomainNCAsChild = true; } } } //MS-ADTS-Schema_R9 DataSchemaSite.CaptureRequirementIfIsTrue( !rootDomainNCAsChild, 9, "In a forest, the root domain NC must not be a child of another domain NC in the forest."); }
/// <summary> /// Method validates the requirements under CrossRefContainer Scenario. /// </summary> public void ValidateCrossRefContainer() { //Variables required for Directory Entries. DirectoryEntry dirPartitions = new DirectoryEntry(); DirectoryEntry domainEntry = new DirectoryEntry(); DirectoryEntry childEntry = new DirectoryEntry(); if (!Utilities.IsObjectExist(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, adAdapter.PDCNetbiosName, adAdapter.ADDSPortNum, adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword)) { //To create the Application NC in the Active Directory. AdLdapClient.Instance().ConnectAndBind(adAdapter.PDCNetbiosName, adAdapter.PDCIPAddr, Convert.ToInt32(adAdapter.ADDSPortNum), adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword, adAdapter.PrimaryDomainDnsName, AuthType.Basic | AuthType.Kerberos); List <DirectoryAttribute> attrs = new List <DirectoryAttribute>(); attrs.Add(new DirectoryAttribute("instancetype:5")); attrs.Add(new DirectoryAttribute("objectclass:domainDNS")); AdLdapClient.Instance().AddObject(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, attrs, null); AdLdapClient.Instance().Unbind(); } string configNC = "CN=Configuration," + adAdapter.rootDomainDN; string SchemaNC = "CN=Schema," + configNC; //Returns Fully Qualified DNS Name for the Current Domain. string strReturn = adAdapter.PrimaryDomainDnsName; if (!adAdapter.GetObjectByDN("CN=Partitions," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, "CN=Partitions," + configNC + " Object is not found in server"); } string parent = dirPartitions.Parent.Name, systemFlag; bool isPresent = false; int systemFlagVal; //MS-ADTS-Schema_R402 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Configuration", parent, 402, "The Parent of the Cross-Ref-Container Container must be Config NC root."); //MS-ADTS-Schema_R403 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "Partitions", dirPartitions.Properties["name"].Value.ToString(), 403, @"The name attribute of the Cross-Ref-Container Container must be Partitions."); //MS-ADTS-Schema_R404 PropertyValueCollection objectClass = dirPartitions.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"crossRefContainer"), 404, "The objectClass attribute of the Cross-Ref-Container Container must be crossRefContainer."); string fsmoRoleOwner = dirPartitions.Properties["fSMORoleOwner"].Value.ToString(); //MS-ADTS-Schema_R406 systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 406, "The systemFlags attribute of the Cross-Ref-Container Container must be FLAG_DISALLOW_DELETE."); //MS-ADTS-Schema_R405 if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out domainEntry)) { DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server"); } string domainFSMO = domainEntry.Properties["fSMORoleOwner"].Value.ToString(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( fsmoRoleOwner, domainFSMO, 405, "The fSMORoleOwner attribute of the Cross-Ref-Container Container must references the Domain " + "Naming Master FSMO role owner."); //MS-ADTS-Schema_R408 //Query the Partitions for CrossRef container get the childrens and validate the requirments as such. bool isCrossRef = true; bool isObjectClassCrossRef = true; DirectoryEntries Childs = dirPartitions.Children; foreach (DirectoryEntry child in Childs) { if (!child.Parent.Name.Equals("CN=Partitions")) { isCrossRef = false; } PropertyValueCollection objClass = child.Properties["objectClass"]; objClass.RemoveAt(0); if (objClass.Count != 1 || !objClass.Contains((object)"crossRef")) { isObjectClassCrossRef = false; } if (dirPartitions.Parent.Name.ToString().Equals("CN=Configuration")) { isPresent = true; } } //Validate the parent of the crossref objects,objectClass,nCName and //dnsRoot for all childs and crossRef container in the configNC. DataSchemaSite.CaptureRequirementIfIsTrue( isCrossRef, 408, "The parent of the Cross-Ref Objects must be crossRefContainer object."); //MS-ADTS-Schema_R851 DataSchemaSite.CaptureRequirementIfIsTrue( isPresent & isCrossRef, 851, "For any NC in the forest crossRef,NC root objects must be exist."); // MS-ADTS-Schema_R409 DataSchemaSite.CaptureRequirementIfIsTrue( isObjectClassCrossRef, 409, "The objectClass attribute of the Cross-Ref Objects must be crossRef."); //This is the crossRef container or crossRefObject //MS-ADTS-Schema_R410 childEntry = dirPartitions.Children.Find("CN=Enterprise Configuration"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( configNC.ToLower(), childEntry.Properties["nCName"].Value.ToString().ToLower(), 410, "The nCName attribute of the Configuration crossRef Object must equal to the config NC root."); //MS-ADTS-Schema_R411 string dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( strReturn.ToLower(), dnsRoot.ToLower(), 411, "In AD/DS the dnsroot attribute of the Configuration crossRef Object must be the forest " + "root's fully qualified DNS name."); //This is the crossRef child or crossRefObject //MS-ADTS-Schema_R413 childEntry = dirPartitions.Children.Find("CN=Enterprise Schema"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( SchemaNC.ToLower(), childEntry.Properties["nCName"].Value.ToString().ToLower(), 413, "The nCName attribute of the Schema crossRef Object must equal to the Schema NC root."); //MS-ADTS-Schema_R414 dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( strReturn.ToLower(), dnsRoot.ToLower(), 414, "In AD/DS the dnsroot attribute of the Schema crossRef Object must be the forest " + "root's fully qualified DNS name."); //MS-ADTS-Schema_R852 if (!adAdapter.GetObjectByDN(SchemaNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, SchemaNC + " Object is not found in server"); } DataSchemaSite.CaptureRequirementIfAreEqual <string>( childEntry.Properties["nCName"].Value.ToString(), dirPartitions.Properties["distinguishedName"].Value.ToString(), 852, "The nCName attribute of the crossRef object must equal the dsname of the NC root object."); if (!adAdapter.GetObjectByDN("CN=Partitions," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, "CN=Partitions," + configNC + " Object is not found in server"); } foreach (DirectoryEntry partitionEntry in dirPartitions.Children) { if (partitionEntry.Properties["objectCategory"].Value.ToString().ToLower().Contains("cn=cross-ref")) { if (partitionEntry.Properties["nCName"].Value.ToString().Contains(adAdapter.PartitionPath)) { partitionEntry.RefreshCache(new string[] { "msDS-SDReferenceDomain" }); if (partitionEntry.Properties.Contains("msDS-SDReferenceDomain") && partitionEntry.Properties["msDS-SDReferenceDomain"].Value != null) { //MS-ADTS-Schema_R422 DataSchemaSite.CaptureRequirementIfAreEqual <string>( adAdapter.rootDomainDN.ToLower(), partitionEntry.Properties["msDS-SDReferenceDomain"].Value.ToString().ToLower(), 422, "In AD/DS msDS-SDReferenceDomain attribute of the Application NC crossRef object," + "references an NC root object for a domain. All security descriptors in this application NC " + "must use the NC represented as the reference domain for resolution."); } else { DataSchemaSite.Log.Add(LogEntryKind.Warning, "The value of msDS-SDReferenceDomain attribute of the Application NC crossRef object is null"); } } if (partitionEntry.Properties["nCName"].Value.ToString().Equals(adAdapter.rootDomainDN)) { //MS-ADTS-Schema_R416 DataSchemaSite.CaptureRequirementIfAreEqual <string>( partitionEntry.Properties["name"].Value.ToString(), partitionEntry.Properties["nETBIOSName"].Value.ToString(), 416, "The name attribute of the Domain crossRef Object must be the Netbios name of the domain."); //MS-ADTS-Schema_R417 DataSchemaSite.CaptureRequirementIfAreEqual <string>( adAdapter.rootDomainDN, partitionEntry.Properties["nCName"].Value.ToString(), 417, "The nCName attribute of the Domain crossRef Object must be reference to the Domain NC root."); //MS-ADTS-Schema_R418 if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out domainEntry)) { DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server"); } DirectoryEntry domainChildEntry = new DirectoryEntry(); DataSchemaSite.CaptureRequirementIfIsTrue( adAdapter.rootDomainDN.ToLower().Contains(partitionEntry.Properties["nETBIOSName"].Value.ToString().ToLower()), 418, "The nETBIOSName attribute of the Domain crossRef Object must be the Netbios name of the domain."); //MS-ADTS-Schema trustParent DataSchemaSite.Assert.IsNull( partitionEntry.Properties["trustParent"].Value, "The trustParent attribute is not present on the root domain NC's crossRef object."); //MS-ADTS-Schema_R419 systemFlag = partitionEntry.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_ATTR_NOT_REPLICATED|FLAG_ATTR_REQ_PARTIAL_SET_MEMBER"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 419, @"The systemFlags attribute of the Domain crossRef Object must be FLAG_CR_NTDS_NC | FLAG_CR_NTDS_DOMAIN."); } if (partitionEntry.Properties["nCName"].Value.ToString().Equals(adAdapter.childDomainDN)) { //MS-ADTS-Schema_R416 DataSchemaSite.CaptureRequirementIfAreEqual <string>( partitionEntry.Properties["name"].Value.ToString(), partitionEntry.Properties["nETBIOSName"].Value.ToString(), 416, "The name attribute of the Domain crossRef Object must be the Netbios name of the domain."); //MS-ADTS-Schema_R417 DataSchemaSite.CaptureRequirementIfAreEqual <string>( adAdapter.childDomainDN, partitionEntry.Properties["nCName"].Value.ToString(), 417, "The nCName attribute of the Domain crossRef Object must be reference to the Domain NC root."); //MS-ADTS-Schema_R418 if (!adAdapter.GetObjectByDN(adAdapter.childDomainDN, out domainEntry)) { DataSchemaSite.Assume.IsTrue(false, adAdapter.childDomainDN + " Object is not found in server"); } DirectoryEntry domainChildEntry = new DirectoryEntry(); DataSchemaSite.CaptureRequirementIfIsTrue( adAdapter.childDomainDN.ToLower().Contains(partitionEntry.Properties["nETBIOSName"].Value.ToString().ToLower()), 418, "The nETBIOSName attribute of the Domain crossRef Object must be the Netbios name of the domain."); //MS-ADTS-Schema trustParent DirectoryEntry parentEntry = new DirectoryEntry(); string netbiosDomain = adAdapter.PrimaryDomainNetBiosName; parentEntry = dirPartitions.Children.Find(string.Format("CN={0}", netbiosDomain)); DataSchemaSite.Assert.AreEqual <string>( parentEntry.Properties["distinguishedName"].Value.ToString(), partitionEntry.Properties["trustParent"].Value.ToString(), "For child NCs, the trustParent attribute value references the parent NC's crossRef object."); //MS-ADTS-Schema_R419 systemFlag = partitionEntry.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_ATTR_NOT_REPLICATED|FLAG_ATTR_REQ_PARTIAL_SET_MEMBER"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 419, @"The systemFlags attribute of the Domain crossRef Object must be FLAG_CR_NTDS_NC | FLAG_CR_NTDS_DOMAIN."); } } } //MS-ADTS-Schema_R420 dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( strReturn.ToLower(), dnsRoot.ToLower(), 420, "In AD/DS the the value for dnsRoot for an application NC crossRef is derived by syntactically " + "converting the DN portion of the crossRef's nCName into a fully qualified DNS name."); }
// <summary> /// This method validates the requirements under /// SitesContainer Scenario. /// </summary> public void ValidateSitesContainer() { //Declaring the DirectoryEntry variables for holding the objects. DirectoryEntry dirPartitions = new DirectoryEntry(); DirectoryEntry domainEntry = new DirectoryEntry(); DirectoryEntry childEntry = new DirectoryEntry(); string currDomain = adAdapter.rootDomainDN; string configNC = "CN=Configuration," + currDomain; string SchemaNC = "CN=Schema," + configNC; string systemFlag = String.Empty; int systemFlagVal; //MS-ADTS-Schema_R423 if (!adAdapter.GetObjectByDN("CN=Sites," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, "CN=Sites," + configNC + " Object is not found in server"); } DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Configuration", dirPartitions.Parent.Name.ToString(), 423, "Each forest contains a Sites container in the Config NC."); //MS-ADTS-Schema_R425 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Configuration", dirPartitions.Parent.Name.ToString(), 425, "The parent of the Sites Container must be Config NC root object."); //MS-ADTS-Schema_R426 DataSchemaSite.CaptureRequirementIfIsTrue( dirPartitions.Properties["objectClass"].Contains((object)"sitesContainer"), 426, "The objectClass attribute of the Sites Container must be sitesContainer."); //MS-ADTS-Schema_R428 DirectoryEntries dirEntriesForValue = dirPartitions.Children; bool isParentRoles = false; foreach (DirectoryEntry child in dirEntriesForValue) { if (child.Parent.Name.ToString().Equals("CN=Sites")) { isParentRoles = true; } } DataSchemaSite.CaptureRequirementIfIsTrue( isParentRoles, 428, "The parent of the Site Object must be Sites container."); //MS-ADTS-Schema_R429 childEntry = dirPartitions.Children.Find("CN=Default-First-Site-Name"); DataSchemaSite.CaptureRequirementIfIsTrue( childEntry.Properties["objectClass"].Contains((object)"site"), 429, "The objectClass attribute of the Site Object must be Site."); //MS-ADTS-Schema_R427 systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE|FLAG_DISALLOW_MOVE_ON_DELETE"); if (systemFlag != (systemFlagVal.ToString())) { isParseSystemFlagsValue = false; } DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 427, @"The SytemFlags attribute of the Sites Container must be either of FLAG_DISALLOW_DELETE|FLAG_DISALLOW_MOVE_ON_DELETE."); if (systemFlag != (systemFlagVal.ToString())) { isParseSystemFlagsValue = false; } //MS-ADTS-Schema_R430 systemFlag = childEntry.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME|FLAG_DISALLOW_MOVE_ON_DELETE"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 430, @"The SytemFlags attribute of the Site Object must be either of FLAG_CONFIG_ALLOW_RENAME|FLAG_DISALLOW_MOVE_ON_DELETE."); if (systemFlag != (systemFlagVal.ToString())) { isParseSystemFlagsValue = false; } //MS-ADTS-Schema_R431 DirectoryEntry sitesEntry = new DirectoryEntry(); if (!adAdapter.GetObjectByDN("CN=Sites,CN=Configuration," + currDomain, out sitesEntry)) { DataSchemaSite.Assume.IsTrue( false, "CN=Sites,CN=Configuration," + currDomain + " Object is not found in server"); } sitesEntry = sitesEntry.Children.Find("CN=Default-First-Site-Name"); DirectoryEntries sitesChildren = sitesEntry.Children; foreach (DirectoryEntry child in sitesChildren) { PropertyValueCollection v = child.Properties["objectClass"]; if (child.Properties["objectClass"].Contains((object)"nTDSSiteSettings")) { //MS-ADTS-Schema_R432 // [Since objectClass (sitesEntry) contains nTDSSiteSettings, R432 is captured.] DataSchemaSite.CaptureRequirement( 432, "The objectClass attribute of the NTDS Site Settings Object must be nTDSSiteSettings."); } } //MS-ADTS-Schema_R431 DataSchemaSite.Log.Add(LogEntryKind.Debug, "Verify MS-ADTS-Schema_R431"); DataSchemaSite.CaptureRequirementIfIsTrue( sitesEntry.Parent.Name.ToString().Contains("CN=Sites"), 431, "The parent of the NTDS Site Settings Object must be site object."); //MS-ADTS-Schema_R457 if (!adAdapter.GetObjectByDN("CN=Subnets,CN=Sites," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue( false, "CN=Subnets,CN=Sites," + configNC + " Object is not found in server"); } DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Sites", dirPartitions.Parent.Name.ToString(), 457, "Each forest contains a Subnets container in the config NC."); //MS-ADTS-Schema_R458 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Sites", dirPartitions.Parent.Name.ToString(), 458, "The Parent of the Subnet container must be Sites container."); //MS-ADTS-Schema_R459 DataSchemaSite.CaptureRequirementIfIsTrue( dirPartitions.Properties["objectClass"].Contains((object)"subnetContainer"), 459, "The ObjectClass attribute of the Subnet container must be subnetContainer."); //MS-ADTS-Schema_R460 systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 460, "The SystemFlags attribute of the Subnet container must be FLAG_DISALLOW_DELETE."); if (systemFlag != (systemFlagVal.ToString())) { isParseSystemFlagsValue = false; } //MS-ADTS-Schema_R465 if (!adAdapter.GetObjectByDN("CN=Inter-Site Transports,CN=Sites," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue( false, "CN=Inter-Site Transports,CN=Sites," + configNC + " Object is not found in server"); } DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Sites", dirPartitions.Parent.Name.ToString(), 465, "The Parent of the IP Transport Container must be Inter-Site Transports container."); //MS-ADTS-Schema_R466 DataSchemaSite.CaptureRequirementIfIsTrue( dirPartitions.Properties["objectClass"].Contains((object)"interSiteTransportContainer"), 466, "The ObjectClass attribute of the Inter-Site Transports Container must be interSiteTransportContainer."); //MS-ADTS-Schema_R467 systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 467, "The SystemFlags attribute of the Inter-Site Transports Container must be FLAG_DISALLOW_DELETE."); if (systemFlag != (systemFlagVal.ToString())) { isParseSystemFlagsValue = false; } //MS-ADTS-Schema_R468 childEntry = dirPartitions.Children.Find("CN=IP"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Inter-Site Transports", childEntry.Parent.Name.ToString(), 468, "The Parent of the IP Transport Container must be Inter-Site Transports container."); //MS-ADTS-Schema_R469 DataSchemaSite.CaptureRequirementIfIsTrue( childEntry.Properties["objectClass"].Contains((object)"interSiteTransport"), 469, "The ObjectClass attribute of the IP Transport Container must be interSiteTransport."); List <DirectoryAttribute> atts = new List <DirectoryAttribute>(); string ret = AdLdapClient.Instance().ConnectAndBind( adAdapter.PDCNetbiosName, adAdapter.PDCIPAddr, Convert.ToInt32(adAdapter.ADDSPortNum), adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword, adAdapter.PrimaryDomainNetBiosName, AuthType.Basic | AuthType.Kerberos); if (ret.Equals("Success_STATUS_SUCCESS")) { atts.Add(new DirectoryAttribute("objectClass", new String[] { "top", "site" })); string testDistinguishedName = "CN=test,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN; AdLdapClient.Instance().AddObject(testDistinguishedName, atts, null); atts.Clear(); atts.Add(new DirectoryAttribute("siteList", new String[] { "CN=test,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN })); atts.Add(new DirectoryAttribute("objectClass", new String[] { "top", "siteLink" })); string testLinkDistinguishedName = "CN=testlink,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN; AdLdapClient.Instance().AddObject(testLinkDistinguishedName, atts, null); atts.Clear(); atts.Add(new DirectoryAttribute("siteLinkList", new String[] { "CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN, "CN=testLink,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN })); atts.Add(new DirectoryAttribute("objectClass", new String[] { "top", "siteLinkBridge" })); string testLinkBridgeDistinguishedName = "CN=testLinkBridge,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration," + adAdapter.rootDomainDN; string result = AdLdapClient.Instance().AddObject(testLinkBridgeDistinguishedName, atts, null); DataSchemaSite.Assert.AreEqual <string>("Success_STATUS_SUCCESS", result, "create dynamic object {0} succeeded", testLinkBridgeDistinguishedName); if (!adAdapter.GetObjectByDN("CN=Subnets,CN=Sites," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue( false, "CN=Subnets,CN=Sites," + configNC + " Object is not found in server"); } //MS-ADTS-Schema_R462,MS-ADTS-Schema_R463 and MS-ADTS-Schema_R464 //The Parent of the Subnet Object must be Subnets container. DirectoryEntries subnetChilds; subnetChilds = dirPartitions.Children; foreach (DirectoryEntry child in subnetChilds) { DataSchemaSite.Log.Add(LogEntryKind.Debug, "Subnet name is a valid subnet name if:"); string name = child.Properties["name"].Value.ToString(); int count = name.Split('/').Length - 1; DataSchemaSite.Assert.AreEqual(1, count, "1. There should be only one occurrence of the character \"/\" in subnet name:{0}.", name); int i = name.IndexOf('/'); string s1 = name.Substring(0, i); DataSchemaSite.Assert.AreNotEqual(0, s1.IndexOf('0'), "2. Let i be the index of the character \"/\" in name, the substring name[0, i-1]:{0} does not have any leading zeros.", s1); System.Net.IPAddress subnetIP = null; bool isValid = false; isValid = System.Net.IPAddress.TryParse(s1, out subnetIP); DataSchemaSite.Assert.IsTrue(isValid, "2. The substring name[0, i-1]:{0} should be either a valid IPv4 address in dotted decimal notation or a valid IPv6 address in colon-hexadecimal form or compressed form.", s1); string s2 = name.Substring(i + 1); DataSchemaSite.Assert.AreNotEqual(0, s2.IndexOf('0'), "3. The substring name[i+1, l-1]:{0} does not have any leading zeros.", s2); uint n; isValid = false; isValid = uint.TryParse(s2, out n); DataSchemaSite.Assert.IsTrue(isValid, "3. The substring name[i+1, l-1] should be able to be converted to an unsigned integer n:{0}.", n); isValid = false; if (subnetIP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork) { if (n > 0 && n <= 32) { isValid = true; } } else if (subnetIP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6) { if (n > 0 && n <= 128) { isValid = true; } } else { isValid = false; } DataSchemaSite.Assert.IsTrue(isValid, "4. When the address is in IPv4 format, 0 < n:{0} <= 32. When the address is in IPv6 format, 0 < n:{0} <= 128.", n); uint[] bitMask = new uint[] { 0x00000000, 0x00000080, 0x000000C0, 0x000000E0, 0x000000F0, 0x000000F8, 0x000000FC, 0x000000FE, 0x000000FF, 0x000080FF, 0x0000C0FF, 0x0000E0FF, 0x0000F0FF, 0x0000F8FF, 0x0000FCFF, 0x0000FEFF, 0x0000FFFF, 0x0080FFFF, 0x00C0FFFF, 0x00E0FFFF, 0x00F0FFFF, 0x00F8FFFF, 0x00FCFFFF, 0x00FEFFFF, 0x00FFFFFF, 0x80FFFFFF, 0xC0FFFFFF, 0xE0FFFFFF, 0xF0FFFFFF, 0xF8FFFFFF, 0xFCFFFFFF, 0xFEFFFFFF, 0xFFFFFFFF }; if (subnetIP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork) { uint ipInt = BitConverter.ToUInt32(subnetIP.GetAddressBytes().Reverse().ToArray(), 0); uint res = ipInt & (~bitMask[n]); DataSchemaSite.Assert.AreEqual <uint>(0, res, "5. Let b be the binary representation of the address, when the address is in IPv4 format, b & (~BitMask[n]) = 0."); DataSchemaSite.Assert.IsTrue(ipInt != bitMask[n], "6. When the address is in IPv4 format, b != BitMask[n]."); } DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Subnets", child.Parent.Name.ToString(), 462, "The Parent of the Subnet Object must be Subnets container."); DataSchemaSite.CaptureRequirementIfAreEqual <string>( "subnet", child.SchemaClassName, 463, "The ObjectClass attribute of the Subnet Object must be Subnet."); systemFlag = child.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 464, "The SystemFlags attribute of the Subnet must be FLAG_CONFIG_ALLOW_RENAME."); } //MS-ADTS-Schema_R476,MS-ADTS-Schema_R477 and MS-ADTS-Schema_R478 subnetChilds = childEntry.Children; foreach (DirectoryEntry child in subnetChilds) { if (child.SchemaClassName.ToLower() == "siteLinkBridge".ToLower()) { DataSchemaSite.CaptureRequirementIfIsTrue( child.Properties["objectClass"].Contains("siteLinkBridge"), 476, "The ObjectClass attribute of the Site Link Bridge Object must be siteLinkBridge."); systemFlag = child.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 477, "The SystemFlags attribute of the Site Link Bridge Object must be FLAG_CONFIG_ALLOW_RENAME."); DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=IP", child.Parent.Name.ToString(), 478, @"The Parent of the Site Link Bridge Object must be Either IP Transport container or SMTP Transport container."); } } if (!AdLdapClient.Instance().DeleteObject(testLinkBridgeDistinguishedName, null).Equals("Success_STATUS_SUCCESS")) { DataSchemaSite.Assume.Fail("The created dynamic object" + testLinkBridgeDistinguishedName + " can not be deleted."); } if (!AdLdapClient.Instance().DeleteObject(testLinkDistinguishedName, null).Equals("Success_STATUS_SUCCESS")) { DataSchemaSite.Assume.Fail("The created dynamic object" + testLinkDistinguishedName + " can not be deleted."); } if (!AdLdapClient.Instance().DeleteObject(testDistinguishedName, null).Equals("Success_STATUS_SUCCESS")) { DataSchemaSite.Assume.Fail("The created dynamic object" + testDistinguishedName + " can not be deleted."); } } else { DataSchemaSite.Assume.Fail("It's failed to connect and bind to AD/DS "); } AdLdapClient.Instance().Unbind(); //MS-ADTS-Schema_R472 domainEntry = childEntry.Children.Find("CN=DEFAULTIPSITELINK"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=IP", domainEntry.Parent.Name.ToString(), 472, @"The Parent of the Site Link Bridge Object must be Either IP Transport container or SMTP Transport container."); //MS-ADTS-Schema_R473 DataSchemaSite.CaptureRequirementIfIsTrue( domainEntry.Properties["objectClass"].Contains((object)"siteLink"), 473, "The ObjectClass attribute of the Site Link Object must be siteLink."); //MS-ADTS-Schema_R474 systemFlag = domainEntry.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 474, "The SystemFlags attribute of the Site Link Object must be FLAG_CONFIG_ALLOW_RENAME."); if (systemFlag != (systemFlagVal.ToString())) { isParseSystemFlagsValue = false; } if (!adAdapter.GetObjectByDN("CN=Inter-Site Transports,CN=Sites," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue( false, "CN=Inter-Site Transports,CN=Sites," + configNC + " Object is not found in server"); } //MS-ADTS-Schema_R470 childEntry = dirPartitions.Children.Find("CN=SMTP"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Inter-Site Transports", childEntry.Parent.Name.ToString(), 470, "The Parent of the SMTP Transport Container must be Inter-Site Transports container."); //MS-ADTS-Schema_R471 DataSchemaSite.CaptureRequirementIfIsTrue( childEntry.Properties["objectClass"].Contains((object)"interSiteTransport"), 471, "The ObjectClass attribute of the SMTP Transport Container must be interSiteTransport."); }