public DomainPolicy(System.DirectoryServices.DirectoryEntry domainRoot) { string[] policyAttributes = new string[] { "maxPwdAge", "minPwdAge", "minPwdLength", "lockoutDuration", "lockOutObservationWindow", "lockoutThreshold", "pwdProperties", "pwdHistoryLength", "objectClass", "distinguishedName" }; //we take advantage of the marshaling with //DirectorySearcher for LargeInteger values... System.DirectoryServices.DirectorySearcher ds = new System.DirectoryServices.DirectorySearcher(domainRoot, "(objectClass=domainDNS)" , policyAttributes, System.DirectoryServices.SearchScope.Base ); System.DirectoryServices.SearchResult result = ds.FindOne(); //do some quick validation... if (result == null) { throw new System.ArgumentException("domainRoot is not a domainDNS object."); } this.attribs = result.Properties; }
static void GetGroupMembers() { string ldapHost = MySamples.TestSettings.ldapHost; int ldapPort = MySamples.TestSettings.ldapPort;//System.Convert.ToInt32(args[1]); string msldap = $"LDAP://{ldapHost}:{ldapPort}/DC=COR,DC=local"; string ms1 = $"LDAP://{ldapHost}:{ldapPort}/OU=Gruppen,OU=COR,DC=COR,DC=local"; string loginDN = MySamples.TestSettings.loginDN; // args[2]; string password = MySamples.TestSettings.password; // args[3]; string strGroup = "COR-VMPost"; strGroup = "G-ADM-APERTURE-UAT"; // System.DirectoryServices.AccountManagement. //bool valid = false; //// https://stackoverflow.com/questions/326818/how-to-validate-domain-credentials //using (System.DirectoryServices.AccountManagement.PrincipalContext context = // new System.DirectoryServices.AccountManagement.PrincipalContext(System.DirectoryServices.AccountManagement.ContextType.Domain)) //{ // valid = context.ValidateCredentials("username", "password"); //} bool bException = false; using (System.DirectoryServices.DirectoryEntry ldapConnection = new System.DirectoryServices.DirectoryEntry(msldap, loginDN, password)) { try { // deRootObject.boun if (ldapConnection.NativeObject == null) { bException = true; } } catch (System.Exception ex) { bException = true; System.Console.WriteLine(ex.Message); System.Console.WriteLine(ex.StackTrace); throw new System.InvalidOperationException("Cannot login with wrong credentials or LDAP-Path."); } using (System.DirectoryServices.DirectorySearcher dsSearcher = new System.DirectoryServices.DirectorySearcher(ldapConnection)) { dsSearcher.SearchScope = System.DirectoryServices.SearchScope.Subtree; dsSearcher.Filter = "(&(objectCategory=group)(CN=" + strGroup + "))"; using (System.DirectoryServices.SearchResultCollection srcSearchResultCollection = dsSearcher.FindAll()) { try { foreach (System.DirectoryServices.SearchResult srSearchResult in srcSearchResultCollection) { System.DirectoryServices.ResultPropertyCollection resultPropColl = srSearchResult.Properties; System.DirectoryServices.PropertyValueCollection memberProperty = srSearchResult.GetDirectoryEntry().Properties["member"]; for (int i = 0; i < memberProperty.Count; ++i) { string strUserName = System.Convert.ToString(memberProperty[i]); System.Console.WriteLine(strUserName); } // Next i } // Next srSearchResult } // End Try catch (System.Exception ex) { System.Console.WriteLine(ex.Message); System.Console.WriteLine(ex.StackTrace); } } // End using srcSearchResultCollection } // End Using dsSearcher } // End Using ldapConnection System.Console.WriteLine(System.Environment.NewLine); System.Console.WriteLine(" --- Press any key to continue --- "); System.Console.ReadKey(); }