private static void GetSendas(UserInfo utente)
{
string pathNameDomain = "LDAP://" + sDomain + "/" + utente.Distinguishedname;
var direcotyEntry = new DirectoryEntry(pathNameDomain, username, password);
var directorySearcher = new DirectorySearcher(direcotyEntry);
directorySearcher.PropertiesToLoad.Add("msExchRecipientTypeDetails");
directorySearcher.PropertiesToLoad.Add("distinguishedname");
directorySearcher.PropertiesToLoad.Add("mail");
var res = directorySearcher.FindOne();
DirectoryEntry ssStoreObj = res.GetDirectoryEntry();
ActiveDirectorySecurity StoreobjSec = ssStoreObj.ObjectSecurity;
AuthorizationRuleCollection Storeacls = StoreobjSec.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
foreach (ActiveDirectoryAccessRule ace in Storeacls)
{
if (ace.IdentityReference.Value != "S-1-5-7" & ace.IdentityReference.Value != "S-1-1-0" & ace.IsInherited != true & ace.IdentityReference.Value != "S-1-5-10")
{
if (ace.ActiveDirectoryRights.ToString() == "ExtendedRight")
{
bool found = false;
try
{
filead.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.IdentityReference.Value)).Mail + ",SendAS," + exRighthash[ace.ObjectType.ToString()].ToString() + ",,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::SendAS::OK::SendAS permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
filead.WriteLine(utente.Mail + "," + GruppiInfo.Find(x => x.ObjectSID.Contains(ace.IdentityReference.Value)).samaccountname + ",SendAS," + exRighthash[ace.ObjectType.ToString()].ToString() + ",,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::SendAS::OK::SendAS permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.IdentityReference.Value);
}
}
}
}
}
static void GetMBXPermissions(UserInfo utente)
{
DirectoryEntry ent = new DirectoryEntry("LDAP://" + sDomain + "/" + utente.Distinguishedname.ToString(), username, password);
SecurityDescriptor sd = (SecurityDescriptor)ent.Properties["msexchmailboxsecuritydescriptor"].Value;
AccessControlList acl = (AccessControlList)sd.DiscretionaryAcl;
foreach (AccessControlEntry ace in (IEnumerable)acl)
{
// Console.WriteLine("Trustee: {0}", ace.Trustee);
// Console.WriteLine("AccessMask: {0}", ace.AccessMask);
// Console.WriteLine("Access Type: {0}", ace.AceType);
// Console.WriteLine("InheritedObjectType: {0}", ace.InheritedObjectType);
// || ace.InheritedObjectType != null
if (ace.Trustee != "NT AUTHORITY\\SELF")
{
switch (ace.AccessMask)
{
case 131073:
bool found = false;
try
{
string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
case 131072:
found = false;
try
{
string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
case 983041:
found = false;
try
{
string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
case 65537:
found = false;
try
{
string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
case 1:
found = false;
try
{
filemp.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail + ",MBX,FullAccess,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
filemp.WriteLine(utente.Mail + "," + GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname + ",MBX,FullAccess,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
default:
try
{
filemp.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail + ",MBX," + ace.AccessMask + ",,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
}
}
}
}
