public IEnumerable <DPAPIBackupKey> GetDPAPIBackupKeys(string domainNamingContext)
{
// TODO: Move schema from constructor to property?
// TODO: Split this function into RSA and Legacy Part so that exception in one of them does not crash the whole process
var schema = BasicSchemaFactory.CreateSchema();
// Fetch the legacy pointer first, because there is a higher chance that it is present than the RSA one.
string legacyPointerDN = DPAPIBackupKey.GetPreferredLegacyKeyPointerDN(domainNamingContext);
var legacyPointer = this.GetLSASecret(legacyPointerDN, schema);
yield return(legacyPointer);
string legacyKeyDN = DPAPIBackupKey.GetKeyDN(legacyPointer.KeyId, domainNamingContext);
var legacyKey = this.GetLSASecret(legacyKeyDN, schema);
yield return(legacyKey);
string rsaPointerDN = DPAPIBackupKey.GetPreferredRSAKeyPointerDN(domainNamingContext);
var rsaPointer = this.GetLSASecret(rsaPointerDN, schema);
yield return(rsaPointer);
string rsaKeyDN = DPAPIBackupKey.GetKeyDN(rsaPointer.KeyId, domainNamingContext);
var rsaKey = this.GetLSASecret(rsaKeyDN, schema);
yield return(rsaKey);
}
public IEnumerable <DSAccount> GetAccounts(ReplicationCookie cookie)
{
Validator.AssertNotNull(cookie, "cookie");
// Set Schema
var schema = BasicSchemaFactory.CreateSchema();
ReplicationResult result;
do
{
result = this.drsConnection.ReplicateAllObjects(cookie);
foreach (var obj in result.Objects)
{
obj.Schema = schema;
if (!obj.IsAccount)
{
continue;
}
var account = new DSAccount(obj, this.SecretDecryptor);
yield return(account);
}
/* We are modifying the original cookie. Originally, the cookie was immutable,
* but the new value could not be returned because iterators do not support out/ref.
* This is probably a poor design and it might be done in a more elegant way. */
cookie.Assign(result.Cookie);
} while (result.HasMoreData);
}
public DSAccount GetAccount(Guid objectGuid)
{
var obj = this.drsConnection.ReplicateSingleObject(objectGuid);
var schema = BasicSchemaFactory.CreateSchema();
obj.Schema = schema;
return(new DSAccount(obj, this.SecretDecryptor));
}
public DSAccount GetAccount(string distinguishedName)
{
var obj = this.drsConnection.ReplicateSingleObject(distinguishedName);
// TODO: Extract?
var schema = BasicSchemaFactory.CreateSchema();
obj.Schema = schema;
return(new DSAccount(obj, this.SecretDecryptor));
}
public IEnumerable <DSAccount> GetAccounts(ReplicationCookie initialCookie, ReplicationProgressHandler progressReporter = null)
{
Validator.AssertNotNull(initialCookie, nameof(initialCookie));
// Create AD schema
var schema = BasicSchemaFactory.CreateSchema();
var currentCookie = initialCookie;
ReplicationResult result;
int processedObjectCount = 0;
do
{
// Perform one replication cycle
result = this.drsConnection.ReplicateAllObjects(currentCookie);
// Report replication progress
if (progressReporter != null)
{
processedObjectCount += result.Objects.Count;
progressReporter(result.Cookie, processedObjectCount, result.TotalObjectCount);
}
// Process the returned objects
foreach (var obj in result.Objects)
{
obj.Schema = schema;
if (!obj.IsAccount)
{
continue;
}
var account = new DSAccount(obj, this.SecretDecryptor);
yield return(account);
}
// Update the position of the replication cursor
currentCookie = result.Cookie;
} while (result.HasMoreData);
}
