/// <summary> /// This method is to help enable the compound identity feature on the computer account in the specific domain. /// </summary> /// <param name="domainName">The domain name of the service principal.</param> /// <param name="computerName">The host name of the service principal.</param> /// <param name="adminName">Need administrator's credential to modify active directory account.</param> /// <param name="adminPwd">Need administrator's credential to modify active directory account.</param> public void enableCompId(string domainName, string computerName, string adminName, string adminPwd) { LdapConnection connection = new LdapConnection(domainName); NetworkCredential cred = new NetworkCredential(adminName, adminPwd, domainName); connection.Credential = cred; string dn = PacHelper.GetDomainDnFromDomainName(domainName); string targetOu = "cn=Computers," + dn; computerName = computerName.Replace("$", ""); string filter = "cn=" + computerName; string[] attributesToReturn = new string[] { "msDS-SupportedEncryptionTypes" }; SearchRequest searchRequest = new SearchRequest(targetOu, filter, SearchScope.Subtree, attributesToReturn); SearchResponse searchResponse = (SearchResponse)connection.SendRequest(searchRequest); SearchResultAttributeCollection attributes = searchResponse.Entries[0].Attributes; object attributeValue = null; attributeValue = PacHelper.getAttributeValue(attributes, "msDS-SupportedEncryptionTypes"); uint?supportedEncTypes = (uint?)Convert.ToInt32(attributeValue); uint compIdFlag = 131072; if ((supportedEncTypes.Value & compIdFlag) != compIdFlag) { string computerDN = filter + "," + targetOu; supportedEncTypes = supportedEncTypes + compIdFlag; ModifyRequest modRequest = new ModifyRequest(computerDN, DirectoryAttributeOperation.Replace, "msDS-SupportedEncryptionTypes", supportedEncTypes.ToString()); ModifyResponse modResponse = (ModifyResponse)connection.SendRequest(modRequest); } }
/// <summary> /// This method is used to get an authentication policy TGT life time by policy name and attribute name /// If the TGT lifetime is not set, null will return /// </summary> /// <param name="domainName">Domain Name</param> /// <param name="policyname">authentication policy name</param> /// <param name="tgtlifetimeattributename">the lifetime attribute name, such as msds-ComputerTGTLifetime, msds-UserTGTLifetime or msds-ServiceTGTLifetime</param> /// <param name="adminName">Admin user Name</param> /// <param name="adminPwd">Admin password</param> public double?getAuthPolicyTGTLifeTime(string domainName, string policyName, string tgtLifetimeAttributeName, string adminName, string adminPwd) { LdapConnection connection = new LdapConnection(domainName); NetworkCredential cred = new NetworkCredential(adminName, adminPwd, domainName); connection.Credential = cred; string dn = PacHelper.GetDomainDnFromDomainName(domainName); string targetOu = "CN=" + policyName + ",CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=" + domainName + ",DC=com"; string filter = "CN=" + policyName; string[] attributesToReturn = new string[] { tgtLifetimeAttributeName }; double? tgtLifeTime = null; SearchRequest searchRequest = null; SearchResponse searchResponse = null; try { searchRequest = new SearchRequest(targetOu, filter, SearchScope.Subtree, attributesToReturn); searchResponse = (SearchResponse)connection.SendRequest(searchRequest); SearchResultAttributeCollection attributes = searchResponse.Entries[0].Attributes; object attributeValue = PacHelper.getAttributeValue(attributes, tgtLifetimeAttributeName); tgtLifeTime = (double?)Convert.ToDouble(attributeValue); } catch { throw new InvalidOperationException("Request attribute failed with targetOU: " + targetOu + ", filter: " + filter + ", attribute: " + tgtLifetimeAttributeName); } return(tgtLifeTime); }
/// <summary> /// This method is used to get attribute display name of an account /// </summary> /// <param name="domainName">Local domain Name</param> /// <param name="accountName">Account name, user name or computer name</param> /// <param name="accountType">Users or computers</param> /// <param name="attributename">The attribute of account to query</param> /// <param name="adminName">Admin user Name</param> /// <param name="adminPwd">Admin password</param> public string getAccountAttributeDN(string domainName, string accountName, string accountType, string attributeName, string adminName, string adminPwd) { LdapConnection connection = new LdapConnection(domainName); NetworkCredential cred = new NetworkCredential(adminName, adminPwd, domainName); connection.Credential = cred; string dn = PacHelper.GetDomainDnFromDomainName(domainName); string targetOu = "CN=" + accountName + ",CN=" + accountType + ",DC=" + domainName + ",DC=com"; string filter = "CN=" + accountName; string[] attributesToReturn = new string[] { attributeName }; SearchRequest searchRequest = null; SearchResponse searchResponse = null; string attributeValue = null; try { searchRequest = new SearchRequest(targetOu, filter, SearchScope.Subtree, attributesToReturn); searchResponse = (SearchResponse)connection.SendRequest(searchRequest); SearchResultAttributeCollection attributes = searchResponse.Entries[0].Attributes; object attribute = null; attribute = PacHelper.getAttributeValue(attributes, attributeName); attributeValue = Convert.ToString(attribute); } catch { throw new InvalidOperationException("Request attribute failed with targetOU: " + targetOu + ", filter: " + filter + ", attribute: " + attributeName); } return(attributeValue); }