public DomainPolicy(System.DirectoryServices.DirectoryEntry domainRoot)
{
string[] policyAttributes = new string[] {
"maxPwdAge", "minPwdAge", "minPwdLength",
"lockoutDuration", "lockOutObservationWindow",
"lockoutThreshold", "pwdProperties",
"pwdHistoryLength", "objectClass",
"distinguishedName"
};
//we take advantage of the marshaling with
//DirectorySearcher for LargeInteger values...
System.DirectoryServices.DirectorySearcher ds = new System.DirectoryServices.DirectorySearcher(domainRoot, "(objectClass=domainDNS)"
, policyAttributes, System.DirectoryServices.SearchScope.Base
);
System.DirectoryServices.SearchResult result = ds.FindOne();
//do some quick validation...
if (result == null)
{
throw new System.ArgumentException("domainRoot is not a domainDNS object.");
}
this.attribs = result.Properties;
}
static void GetGroupMembers()
{
string ldapHost = MySamples.TestSettings.ldapHost;
int ldapPort = MySamples.TestSettings.ldapPort;//System.Convert.ToInt32(args[1]);
string msldap = $"LDAP://{ldapHost}:{ldapPort}/DC=COR,DC=local";
string ms1 = $"LDAP://{ldapHost}:{ldapPort}/OU=Gruppen,OU=COR,DC=COR,DC=local";
string loginDN = MySamples.TestSettings.loginDN; // args[2];
string password = MySamples.TestSettings.password; // args[3];
string strGroup = "COR-VMPost";
strGroup = "G-ADM-APERTURE-UAT";
// System.DirectoryServices.AccountManagement.
//bool valid = false;
//// https://stackoverflow.com/questions/326818/how-to-validate-domain-credentials
//using (System.DirectoryServices.AccountManagement.PrincipalContext context =
// new System.DirectoryServices.AccountManagement.PrincipalContext(System.DirectoryServices.AccountManagement.ContextType.Domain))
//{
// valid = context.ValidateCredentials("username", "password");
//}
bool bException = false;
using (System.DirectoryServices.DirectoryEntry ldapConnection =
new System.DirectoryServices.DirectoryEntry(msldap, loginDN, password))
{
try
{
// deRootObject.boun
if (ldapConnection.NativeObject == null)
{
bException = true;
}
}
catch (System.Exception ex)
{
bException = true;
System.Console.WriteLine(ex.Message);
System.Console.WriteLine(ex.StackTrace);
throw new System.InvalidOperationException("Cannot login with wrong credentials or LDAP-Path.");
}
using (System.DirectoryServices.DirectorySearcher dsSearcher =
new System.DirectoryServices.DirectorySearcher(ldapConnection))
{
dsSearcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;
dsSearcher.Filter = "(&(objectCategory=group)(CN=" + strGroup + "))";
using (System.DirectoryServices.SearchResultCollection srcSearchResultCollection =
dsSearcher.FindAll())
{
try
{
foreach (System.DirectoryServices.SearchResult srSearchResult in srcSearchResultCollection)
{
System.DirectoryServices.ResultPropertyCollection resultPropColl = srSearchResult.Properties;
System.DirectoryServices.PropertyValueCollection memberProperty = srSearchResult.GetDirectoryEntry().Properties["member"];
for (int i = 0; i < memberProperty.Count; ++i)
{
string strUserName = System.Convert.ToString(memberProperty[i]);
System.Console.WriteLine(strUserName);
} // Next i
} // Next srSearchResult
} // End Try
catch (System.Exception ex)
{
System.Console.WriteLine(ex.Message);
System.Console.WriteLine(ex.StackTrace);
}
} // End using srcSearchResultCollection
} // End Using dsSearcher
} // End Using ldapConnection
System.Console.WriteLine(System.Environment.NewLine);
System.Console.WriteLine(" --- Press any key to continue --- ");
System.Console.ReadKey();
}
