public static void DisableDomainNetBIOSName(string targetForestName, string targetDomainName)
{
try
{
// bind to the current forest
Forest sourceForest = Forest.GetCurrentForest();
//get the trust relationship
ForestTrustRelationshipInformation forestTrust =
sourceForest.GetTrustRelationship(targetForestName);
foreach (ForestTrustDomainInformation domainInfo in
forestTrust.TrustedDomainInformation)
{
if (domainInfo.DnsName == targetDomainName)
{
domainInfo.Status =
ForestTrustDomainStatus.NetBiosNameAdminDisabled;
Console.WriteLine("\nNetBIOS Domain Name routing for {0}\n" +
"is now set to {1}",
targetDomainName,
domainInfo.Status);
}
}
forestTrust.Save();
}
catch (Exception e)
{
Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}",
e.GetType().Name, e.Message);
}
}
// This function is used to check if we will be able to lookup a SID from the
// target domain by targeting the local computer. This is done by checking for either
// a outbound or bidirectional trust between the computers domain and the target
// domain or the current forest and the target domain's forest.
// target domain must be the full DNS domain name of the target domain to make the string
// compare below work properly.
static internal bool VerifyOutboundTrust(string targetDomain, string username, string password)
{
Domain currentDom = null;
try
{
currentDom = Domain.GetComputerDomain();
}
catch (ActiveDirectoryObjectNotFoundException)
{
// The computer is not domain joined so there cannot be a trust...
return(false);
}
catch (System.Security.Authentication.AuthenticationException)
{
// The computer is domain joined but we are running with creds that can't access it. We can't determine trust.
return(false);
}
// If this is the same domain then we have a trust.
// Domain.Name always returns full dns name.
// function is always supplied with a full DNS domain name.
if (String.Equals(currentDom.Name, targetDomain, StringComparison.OrdinalIgnoreCase))
{
return(true);
}
try
{
TrustRelationshipInformation TRI = currentDom.GetTrustRelationship(targetDomain);
if (TrustDirection.Outbound == TRI.TrustDirection || TrustDirection.Bidirectional == TRI.TrustDirection)
{
return(true);
}
}
catch (ActiveDirectoryObjectNotFoundException)
{
}
// Since we were able to retrive the computer domain above we should be able to access the current forest here.
Forest currentForest = Forest.GetCurrentForest();
Domain targetdom = Domain.GetDomain(new DirectoryContext(DirectoryContextType.Domain, targetDomain, username, password));
try
{
ForestTrustRelationshipInformation FTC = currentForest.GetTrustRelationship(targetdom.Forest.Name);
if (TrustDirection.Outbound == FTC.TrustDirection || TrustDirection.Bidirectional == FTC.TrustDirection)
{
return(true);
}
}
catch (ActiveDirectoryObjectNotFoundException)
{
}
return(false);
}
public static void AddExcludedDomain(string targetForestName, string targetDomainName)
{
try
{
// bind to the current forest
Forest sourceForest = Forest.GetCurrentForest();
// get the trust relationship
ForestTrustRelationshipInformation forestTrust =
sourceForest.GetTrustRelationship(targetForestName);
// add a top level name
forestTrust.ExcludedTopLevelNames.Add(targetDomainName);
forestTrust.Save();
Console.WriteLine("\nName suffix routing is now disabled for:");
foreach (string s in forestTrust.ExcludedTopLevelNames)
{
Console.WriteLine("\t{0}", s);
}
}
catch (Exception e)
{
Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}",
e.GetType().Name, e.Message);
}
}
public static void GetTrustWithTargetForest(string targetForestName)
{
try
{
//get the current forest context and bind to the forest
Forest currentForest = Forest.GetCurrentForest();
Console.WriteLine("\nTrust with the target forest:\n");
ForestTrustRelationshipInformation forestTrust =
currentForest.GetTrustRelationship(targetForestName);
//display common trust information
Console.WriteLine("Forest trust: {0} - {1}\n" +
"Trust direction: {2}\nTrust type: {3}",
forestTrust.SourceName.ToUpper(),
forestTrust.TargetName.ToUpper(),
forestTrust.TrustDirection,
forestTrust.TrustType);
//display selective authentication status of the forest trust
Console.WriteLine("SelectiveAuthenticationStatus of the trust: {0}",
currentForest.GetSelectiveAuthenticationStatus(targetForestName));
//display Sid filtering status of the domain trust
Console.WriteLine("SidFilteringStatus of the trust: {0}",
currentForest.GetSidFilteringStatus(targetForestName));
}
catch (Exception e)
{
Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}",
e.GetType().Name, e.Message);
}
}
internal static bool VerifyOutboundTrust(string targetDomain, string username, string password)
{
bool flag;
Domain computerDomain = null;
try
{
computerDomain = Domain.GetComputerDomain();
}
catch (ActiveDirectoryObjectNotFoundException activeDirectoryObjectNotFoundException)
{
flag = false;
return(flag);
}
catch (AuthenticationException authenticationException)
{
flag = false;
return(flag);
}
if (string.Compare(computerDomain.Name, targetDomain, StringComparison.OrdinalIgnoreCase) != 0)
{
try
{
TrustRelationshipInformation trustRelationship = computerDomain.GetTrustRelationship(targetDomain);
if (TrustDirection.Outbound == trustRelationship.TrustDirection || TrustDirection.Bidirectional == trustRelationship.TrustDirection)
{
flag = true;
return(flag);
}
}
catch (ActiveDirectoryObjectNotFoundException activeDirectoryObjectNotFoundException1)
{
}
Forest currentForest = Forest.GetCurrentForest();
Domain domain = Domain.GetDomain(new DirectoryContext(DirectoryContextType.Domain, targetDomain, username, password));
try
{
ForestTrustRelationshipInformation forestTrustRelationshipInformation = currentForest.GetTrustRelationship(domain.Forest.Name);
if (TrustDirection.Outbound == forestTrustRelationshipInformation.TrustDirection || TrustDirection.Bidirectional == forestTrustRelationshipInformation.TrustDirection)
{
flag = true;
return(flag);
}
}
catch (ActiveDirectoryObjectNotFoundException activeDirectoryObjectNotFoundException2)
{
}
return(false);
}
else
{
return(true);
}
return(flag);
}
public static void CreateCrossForestTrust(string targetForestName, string userNameTargetForest, string password)
{
try
{
// bind to the current forest
Forest sourceForest = Forest.GetCurrentForest();
// get context to the target forest
DirectoryContext targetContext = new DirectoryContext(
DirectoryContextType.Forest,
targetForestName,
userNameTargetForest,
password);
// bind to the target forest
Forest targetForest = Forest.GetForest(targetContext);
// create an outbound forest trust
// The CreateTrustRelationship establishes both sides of the relationship.
// if you don't have permission to complete the entire relationship, you can
// use the sourceForest.CreateLocalSideOfTrustRelationship method instead.
// Create an bidirectional trust between the source and target forest.
sourceForest.CreateTrustRelationship(targetForest,
TrustDirection.Bidirectional);
Console.WriteLine("\nCross forest trust created.");
// verify the trust relationship
sourceForest.VerifyTrustRelationship(targetForest,
TrustDirection.Bidirectional);
Console.WriteLine("\nThe forest trust has been successfully validated.");
// get the trust relationship to report on properties of the trust
ForestTrustRelationshipInformation forestTrust =
sourceForest.GetTrustRelationship(targetForestName);
Console.WriteLine("\nNew forest trust: {0} - {1}\n" +
"Trust direction: {2}\nTrust type: {3}",
forestTrust.SourceName.ToUpper(),
forestTrust.TargetName.ToUpper(),
forestTrust.TrustDirection,
forestTrust.TrustType);
}
catch (Exception e)
{
Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}",
e.GetType().Name, e.Message);
}
}
public static void ChangeForestTrustToOutbound(string targetForestName, string userNameTargetForest, string password)
{
try
{
// bind to the current forest
Forest sourceForest = Forest.GetCurrentForest();
// get context to the target forest
DirectoryContext targetContext = new DirectoryContext(
DirectoryContextType.Forest,
targetForestName,
userNameTargetForest,
password);
// bind to the target forest
Forest targetForest = Forest.GetForest(targetContext);
// update the trust direction
sourceForest.UpdateTrustRelationship(targetForest,
TrustDirection.Outbound);
Console.WriteLine("\nUpdateTrustRelationship succeeded");
// verify outbound side of the trust relationship.
// Pass the name of the target forest. Unlike VerifyTrustRelationship,
// there is no need to bind to the target forest or
// pass a trust direction.
sourceForest.VerifyOutboundTrustRelationship(targetForestName);
Console.WriteLine("\nVerifyOutboundTrustRelationship succeeded\n");
// check that the trust direction has been updated
ForestTrustRelationshipInformation forestTrust =
sourceForest.GetTrustRelationship(targetForestName);
//display common trust information
Console.WriteLine("Forest trust: {0} - {1}\n" +
"Trust direction: {2}\nTrust type: {3}",
forestTrust.SourceName.ToUpper(),
forestTrust.TargetName.ToUpper(),
forestTrust.TrustDirection,
forestTrust.TrustType);
}
catch (Exception e)
{
Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}",
e.GetType().Name, e.Message);
}
}
static void Main()
{
try
{
string sourceForestName = "fabrikam.com";
string targetForestName = "app.com";
string excludedTopLevelName1 = "external.app.com";
// trust lifetime management
Forest sourceForest = Forest.GetForest(new DirectoryContext(
DirectoryContextType.Forest,
sourceForestName));
Forest targetForest = Forest.GetForest(new DirectoryContext(
DirectoryContextType.Forest,
targetForestName));
// create an inbound forest trust
sourceForest.CreateTrustRelationship(targetForest,
TrustDirection.Outbound);
Console.WriteLine("\nCreateTrustRelationship succeed");
// obtain the newly created trust
ForestTrustRelationshipInformation forestTrust =
sourceForest.GetTrustRelationship(targetForestName);
Console.WriteLine("\nThe new forest trust: \"{0}\" - \"{1}\", " +
"trust direction is {2}, trust type is {3}",
sourceForestName,
targetForestName,
forestTrust.TrustDirection,
forestTrust.TrustType);
Console.WriteLine("SelectiveAuthenticationStatus of the trust is {0}",
sourceForest.GetSelectiveAuthenticationStatus(
targetForestName));
Console.WriteLine("SidFilteringStatus of the trust is {0}",
sourceForest.GetSidFilteringStatus(targetForestName));
// change trust attribute
sourceForest.SetSelectiveAuthenticationStatus(targetForestName, true);
sourceForest.SetSidFilteringStatus(targetForestName, false);
Console.WriteLine("\nSelectiveAuthenticationStatus of the " +
"trust is now {0}",
sourceForest.GetSelectiveAuthenticationStatus(
targetForestName));
Console.WriteLine("SidFilteringStatus of the trust is now {0}",
sourceForest.GetSidFilteringStatus(targetForestName));
// verify trust relationship
sourceForest.VerifyOutboundTrustRelationship(targetForestName);
Console.WriteLine("\nVerifyOutboundTrustRelationship succeeded\n");
// update the trust direction
sourceForest.UpdateTrustRelationship(targetForest,
TrustDirection.Bidirectional);
Console.WriteLine("\nUpdateTrustRelationship succeeded\n");
// check the trust direction has been updated
forestTrust = sourceForest.GetTrustRelationship(targetForestName);
Console.WriteLine("\nAfter updating the trust direction: " +
"\"{0}\" - \"{1}\", trust direction is {2}, " +
"trust type is {3}",
sourceForestName,
targetForestName,
forestTrust.TrustDirection,
forestTrust.TrustType);
// verify the trust direction again
sourceForest.VerifyTrustRelationship(targetForest,
TrustDirection.Bidirectional);
Console.WriteLine("\nVerifyTrustRelationship succeeded\n");
// get the forest trust information
Console.WriteLine("\nGet forest trust information");
Console.WriteLine("TopLevelNems include:");
foreach (TopLevelName t in forestTrust.TopLevelNames)
{
Console.WriteLine("\t{0}, status is {1}", t.Name, t.Status);
}
Console.WriteLine("ExcludedTopLevelNems include:");
foreach (string s in forestTrust.ExcludedTopLevelNames)
{
Console.WriteLine("\t{0}", s);
}
Console.WriteLine("ForestTrustDomainInformation:");
foreach (ForestTrustDomainInformation info in
forestTrust.TrustedDomainInformation)
{
Console.WriteLine("\tDNS name is {0}, NetBIOS name is {1}, " +
"domain sid is {2} and status is {3}",
info.DnsName,
info.NetBiosName,
info.DomainSid,
info.Status);
}
// modify the excluded top level name
forestTrust.ExcludedTopLevelNames.Add(excludedTopLevelName1);
forestTrust.Save();
Console.WriteLine("\nAfter modifying, ExcludedTopLevelNames include:");
foreach (string s in forestTrust.ExcludedTopLevelNames)
{
Console.WriteLine("\t{0}", s);
}
// repair the trust when necessary
sourceForest.RepairTrustRelationship(targetForest);
Console.WriteLine("\nRepairTrustRelationship succeeded");
// delete the forest trust
sourceForest.DeleteTrustRelationship(targetForest);
Console.WriteLine("\nDeleteTrustRelationship succeeded");
}
catch (Exception e)
{
Console.WriteLine("\r\nUnexpected exception occured:\r\n\t" +
e.GetType().Name + ":" + e.Message);
}
}
static void Main()
{
try
{
string targetDomainName = "fabrikam.com";
string targetForestName = "corp.fabrikam.com";
Domain currentDomain = Domain.GetCurrentDomain();
Forest currentForest = Forest.GetCurrentForest();
// Retrieve all the domain trusts
Console.WriteLine("\nRetrieve all the trusts with current domain:\n");
foreach (TrustRelationshipInformation trust in
currentDomain.GetAllTrustRelationships())
{
// for each domain trust relationship, get its properties
Console.WriteLine("\"{0}\" - \"{1}\", trust direction is {2}, " +
"trust type is {3}",
trust.SourceName,
trust.TargetName,
trust.TrustDirection,
trust.TrustType);
}
// Retrieve all the forest trusts
Console.WriteLine("\nRetrieve all the forest trusts " +
"with current forest:\n");
foreach (ForestTrustRelationshipInformation trust in
currentForest.GetAllTrustRelationships())
{
// for each forest trust relationship, get its properties
Console.WriteLine("\"{0}\" - \"{1}\", trust direction is {2}, " +
"trust type is {3}",
trust.SourceName,
trust.TargetName,
trust.TrustDirection,
trust.TrustType);
}
// Retrieve trust by name
Console.WriteLine("\nRetrieve the trust with the target domain:\n");
TrustRelationshipInformation domainTrust =
currentDomain.GetTrustRelationship(targetDomainName);
Console.WriteLine("\"{0}\" - \"{1}\", trust direction is {2}, " +
"trust type is {3}",
currentDomain.Name,
targetDomainName,
domainTrust.TrustDirection,
domainTrust.TrustType);
Console.WriteLine("\nRetrieve the trust with the target forest:\n");
ForestTrustRelationshipInformation forestTrust =
currentForest.GetTrustRelationship(targetForestName);
Console.WriteLine("\"{0}\" - \"{1}\", trust direction is {2}, " +
"trust type is {3}",
currentForest.Name,
targetForestName,
forestTrust.TrustDirection,
forestTrust.TrustType);
}
catch (Exception e)
{
Console.WriteLine("\r\nUnexpected exception occured:\r\n\t" +
e.GetType().Name + ":" + e.Message);
}
}
