public static LdapConnection CreateConnection(
string hostDnsName,
DsUser user,
ref DsServer srv,
bool forceCreate = false,
AuthType authType = AuthType.Kerberos)
{
if (!forceCreate && srv.LdapConn != null)
{
// If there is an active connection, return it.
return(srv.LdapConn);
}
LdapConnection conn = new LdapConnection(hostDnsName);
if (authType == AuthType.Basic)
{
conn.AuthType = AuthType.Basic;
conn.Credential = new NetworkCredential(user.Domain.NetbiosName + "\\" + user.Username, user.Password /*, user.Domain.Name*/);
}
else
{
conn.Credential = new NetworkCredential(user.Username, user.Password, user.Domain.DNSName);
}
conn.Timeout = new TimeSpan(0, 5, 0);
// Bind the connection to the server
conn.Bind();
srv.LdapConn = conn;
return(conn);
}
/// <summary>
/// finish objects for UserStore
/// </summary>
static void InitUserObjects()
{
#region user objects
string[] enum_vals = Enum.GetNames(typeof(EnvironmentConfig.User));
foreach (string s in enum_vals)
{
User tmpU = (EnvironmentConfig.User)Enum.Parse(typeof(EnvironmentConfig.User), s);
if (tmpU == User.None)
{
continue;
}
DsUser user = new DsUser();
if (s.Contains("Admin"))
{
user.Username = ADCommonServerAdapter.Instance(testSite).DomainAdministratorName;
}
else
{
user.Username = DomainUserName;
}
user.Password = ADCommonServerAdapter.Instance(testSite).DomainUserPassword;
//force load domain dns name for loading domain info via ldap adapter
switch (tmpU)
{
case User.ExternalDomainAdmin:
user.Domain = new AddsDomain();
user.Domain.NetbiosName = testSite.Properties[DomainEnum.ExternalDomain.ToString() + ".NetbiosName"];
user.Domain.DNSName = testSite.Properties[DomainEnum.ExternalDomain.ToString() + ".DNSName"];
break;
case User.LDSDomainAdmin:
user.Domain = new AdldsDomain();
user.Domain.DNSName = testSite.Properties[DomainEnum.LDSDomain.ToString() + ".DNSName"];
break;
case User.MainDCAccount:
//machine account not initialized yet
continue;
case User.WritableDC2Account:
continue;
case User.RODCMachineAccount:
continue;
default:
user.Domain = new AddsDomain();
user.Domain.NetbiosName = testSite.Properties[DomainEnum.PrimaryDomain.ToString() + ".NetbiosName"];
user.Domain.DNSName = ADCommonServerAdapter.Instance(testSite).PrimaryDomainDnsName;
break;
}
UserStore.Add((EnvironmentConfig.User)Enum.Parse(typeof(EnvironmentConfig.User), s), user);
}
#endregion
}
public void DRSR_DRSInterDomainMove_LDAP_Move_Object_From_Child_To_Parent()
{
DrsrTestChecker.Check();
EnvironmentConfig.Machine parentDcType = EnvironmentConfig.Machine.WritableDC1;
DsServer parentDc = (DsServer)EnvironmentConfig.MachineStore[parentDcType];
EnvironmentConfig.Machine childDcType = EnvironmentConfig.Machine.CDC;
DsServer childDc = (DsServer)EnvironmentConfig.MachineStore[childDcType];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
string srcObjDn = ldapAdapter.TestAddUserObj(childDc);
BaseTestSite.Log.Add(LogEntryKind.Comment, "LDAP add a new object: {0}.", srcObjDn);
string newObjRdn = DrsrHelper.GetRDNFromDN(srcObjDn);
string tgtParentObjDn = "CN=Users," + DrsrHelper.GetNamingContextDN(parentDc.Domain, NamingContext.DomainNC);
string newObjDn = newObjRdn + "," + tgtParentObjDn;
bool bNewObjAdded = ldapAdapter.IsObjectExist(parentDc, newObjDn);
if (bNewObjAdded)
{
ResultCode rCode = ldapAdapter.DeleteObject(parentDc, newObjDn);
BaseTestSite.Assume.AreEqual <ResultCode>(ResultCode.Success, rCode, "LDAP: {0} should be removed.", newObjDn);
}
using (LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(childDc.DnsHostName))) // connecting to the child domain in which the object exists
{
connection.Credential = new System.Net.NetworkCredential(user.Username, user.Password, parentDc.Domain.DNSName);
connection.SessionOptions.ProtocolVersion = 3;
connection.SessionOptions.SspiFlag = connection.SessionOptions.SspiFlag | 1; //Set Delegate flag.
connection.AuthType = AuthType.Kerberos;
connection.Bind();
try
{
BaseTestSite.Log.Add(LogEntryKind.Comment, "LDAP ModifyDN: moving object {0} to {1}.", srcObjDn, newObjDn);
ModifyDNRequest modDnRequest = new ModifyDNRequest(srcObjDn, tgtParentObjDn, newObjRdn);
modDnRequest.Controls.Add(new CrossDomainMoveControl(parentDc.DnsHostName)); // parent domain to which the object need to move
ModifyDNResponse modDnResponse = (ModifyDNResponse)connection.SendRequest(modDnRequest);
BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, modDnResponse.ResultCode,
"LDAP ModifyDN: server should invoke IDL_DRSInterDomainMove on target Dc and move the object.");
bool bOldObjDeleted = ldapAdapter.IsObjectExist(childDc, srcObjDn);
bNewObjAdded = ldapAdapter.IsObjectExist(parentDc, newObjDn);
BaseTestSite.Assert.IsFalse(bOldObjDeleted, "LDAP ModifyDN: the old object should be deleted from source DC.");
BaseTestSite.Assert.IsTrue(bNewObjAdded, "LDAP ModifyDN: the new object should be added into target DC.");
}
catch (DirectoryOperationException e)
{
BaseTestSite.Log.Add(LogEntryKind.Debug, "LDAP ModifyDN: ResultCode:{0}", e.Response.ResultCode.ToString());
BaseTestSite.Log.Add(LogEntryKind.Debug, "LDAP ModifyDN: ErrorMessage:{0}", e.Response.ErrorMessage.ToString());
BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, e.Response.ResultCode,
"LDAP ModifyDN: server should invoke the IDL_DRSInterDomainMove on target Dc and move the object.");
}
}
}
public void DRSR_DRSGetMemberships_Get_Global_Groups_Non_Transitive()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSBind: should return 0 with a success bind to DC");
DSNAME dsUser = ldapAdapter.GetDsName(
server,
ldapAdapter.GetUserDn(
server,
user
)
).Value;
ret = drsTestClient.DrsGetMemberships(
srv,
dwInVersion_Values.V1,
dsUser,
false,
REVERSE_MEMBERSHIP_OPERATION_TYPE.RevMembGlobalGroupsNonTransitive,
((AddsDomain)(server.Domain)).DomainNC);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSGetMemberships: return value should be 0");
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSUnbind: return value should be 0");
}
public void DRSR_DRSGetMemberships_Get_Group_Members_Transitive()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSBind: should return 0 with a success bind to DC");
string groupDn = "CN=Domain Users,CN=Users," + DrsrHelper.GetDNFromFQDN(ADCommonServerAdapter.Instance(Site).PrimaryDomainDnsName);
DSNAME dsGroup = LdapUtility.CreateDSNameForObject(
server,
groupDn
);
ret = drsTestClient.DrsGetMemberships(
srv,
dwInVersion_Values.V1,
dsGroup,
false,
REVERSE_MEMBERSHIP_OPERATION_TYPE.GroupMembersTransitive,
null);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSGetMemberships: return value should be 0");
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSUnbind: return value should be 0");
}
public void DRSR_DRSRemoveDsServer_Remove_DC()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
EnvironmentConfig.Machine dst = EnvironmentConfig.Machine.CDC;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsServer child = (DsServer)EnvironmentConfig.MachineStore[dst];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSBind: should return 0 with a success bind to DC");
string serverDn = child.ServerObjectName;
string domainDn = child.Domain.Name;
ret = drsTestClient.DrsRemoveDsServer(
srv,
IDL_DRSRemoveDsServer_dwInVersion_Values.V1,
serverDn,
domainDn,
true); // DANGEROUS: We're actually going to remove this server!
BaseTestSite.Assert.AreEqual <uint>(
ret,
0,
"IDL_DRSRemoveDsServer: return value should be 0");
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSUnbind: return value should be 0");
}
public void DRSR_DRSRemoveDsServer_Verify_LastDC()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(0, ret,
"IDL_DRSBind: Checking return value - got: {0}, expect: {1}, return value should always be 0 with a success bind to DC",
ret, 0);
string serverDn = server.ServerObjectName;
string domainDn = server.Domain.Name;
ret = drsTestClient.DrsRemoveDsServer(
srv,
IDL_DRSRemoveDsServer_dwInVersion_Values.V1,
serverDn,
domainDn,
false);
BaseTestSite.Assert.AreEqual <uint>(0, ret,
"IDL_DRSRemoveDsServer: Checking return value - got: {0}, expect: {1}, return value should always be 0",
ret, 0);
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(0, ret,
"IDL_DRSUnbind: Checking return value - got: {0}, expect: {1}, return value should always be 0",
ret, 0);
}
public void DRSR_DRSVerifyNames_Verify_SAM_Account_Names()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSBind: should return 0 with a success bind to DC");
// Create a DSNAME with only SAMAccountName.
string userDn = ldapAdapter.GetUserDn(server, user);
string sAMAccountName = (string)ldapAdapter.GetAttributeValue(server, userDn, "sAMAccountName");
DSNAME dsUser = DrsuapiClient.CreateDsName(sAMAccountName, Guid.Empty, null);
// Prefix table
SCHEMA_PREFIX_TABLE prefixTable = OIDUtility.CreatePrefixTable();
// Create the attribute block. Here we go to RDN attribute.
string rdnAttrId = DRSConstants.RDN_OID;
uint attrTyp = OIDUtility.MakeAttid(prefixTable, rdnAttrId);
ATTRVAL attrVal = DrsuapiClient.CreateATTRVAL(null);
ATTRVALBLOCK attrValBlock = DrsuapiClient.CreateATTRVALBLOCK(new ATTRVAL[] { attrVal });
ATTR attr = DrsuapiClient.CreateATTR(attrTyp, attrValBlock);
ATTRBLOCK attrBlock = DrsuapiClient.CreateATTRBLOCK(new ATTR[] { attr });
// Actual RPC call.
ret = drsTestClient.DrsVerifyNames(
srv,
dwInVersion_Values.V1,
DRS_MSG_VERIFYREQ_V1_dwFlags_Values.DRS_VERIFY_SAM_ACCOUNT_NAMES,
new DSNAME[] { dsUser },
new string[] { userDn },
attrBlock,
prefixTable
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSVerifyNames: return value should be 0"
);
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSUnbind: return value should be 0");
}
/// <summary>
/// load all infos
/// </summary>
/// <param name="site">PTD test site</param>
public static void Initialize(ITestSite site)
{
if (site == null)
{
throw new ApplicationException("TestSite could not be NULL.");
}
//only initialize once
if (dataLoaded)
{
if (!init_succeed)
{
site.Assert.Fail("EnvironmentConfig init failed in previous cases");
}
return;
}
//try
//{
testSite = site;
ldapAd = site.GetAdapter <ILdapAdapter>();
ldapAd.Site = site;
testDS = bool.Parse(site.Properties["MS_DRSR.TestDS"]);
funcLv = (Microsoft.Protocols.TestTools.StackSdk.ActiveDirectory.Drsr.DrsrDomainFunctionLevel)(ADCommonServerAdapter.Instance(testSite).DomainFunctionLevel);
UseKerberos = bool.Parse(site.Properties["MS_DRSR.UseKerberos"]);
UseNativeRpcLib = bool.Parse(site.Properties["MS_DRSR.UseNativeRpcLib"]);
//create normal user account if it does not exist yet
string serverName = ADCommonServerAdapter.Instance(testSite).PDCNetbiosName;
string serverPort = ADCommonServerAdapter.Instance(testSite).ADDSPortNum;
string domainNC = "DC=" + ADCommonServerAdapter.Instance(testSite).PrimaryDomainDnsName.Replace(".", ",DC=");
string parentDN = string.Format("CN=Users,{0}", domainNC);
string userDN = string.Format("CN={0},CN=Users,{1}", DomainUserName, domainNC);
string userPassword = ADCommonServerAdapter.Instance(testSite).DomainUserPassword;
if (!Utilities.IsObjectExist(userDN, serverName, serverPort))
{
Utilities.NewUser(serverName, serverPort, parentDN, DomainUserName, userPassword);
}
//please do all object intialization in this call following example
InitUserObjects();
InitDomainObjects();
InitMachineObjects();
FinishUserObjects();
//load DS AppNC late due to rootDSE search issue
if (testDS && !string.IsNullOrEmpty(AppNCDistinguishedName))
{
((AddsDomain)DomainStore[DomainEnum.PrimaryDomain]).OtherNCs = new DSNAME[1];
((AddsDomain)DomainStore[DomainEnum.PrimaryDomain]).OtherNCs[0] = ldapAd.GetDsName((DsServer)MachineStore[Machine.WritableDC1], AppNCDistinguishedName).Value;
}
MainDC = (AddsServer)EnvironmentConfig.MachineStore[Machine.MainDC];
DsServer s1 = (DsServer)EnvironmentConfig.MachineStore[Machine.WritableDC1];
transport_obj = ldapAd.GetDsName(
s1,
"cn=ip,cn=inter-site transports,cn=sites,"
+ LdapUtility.ConvertUshortArrayToString(s1.Domain.ConfigNC.StringName)
).Value;
DsUser dcAccount = new DsUser();
dcAccount.Domain = s1.Domain;
dcAccount.Username = s1.NetbiosName + "$";
dcAccount.Password = ADCommonServerAdapter.Instance(testSite).PDCPassword;
UserStore.Add(User.MainDCAccount, dcAccount);
//not always need dc2
if (EnvironmentConfig.MachineStore.ContainsKey(Machine.WritableDC2))
{
DsServer s2 = (DsServer)EnvironmentConfig.MachineStore[Machine.WritableDC2];
DsUser dcAccount2 = new DsUser();
dcAccount2.Domain = s2.Domain;
dcAccount2.Username = s2.NetbiosName + "$";
dcAccount2.Password = ADCommonServerAdapter.Instance(testSite).SDCPassword;
UserStore.Add(User.WritableDC2Account, dcAccount2);
}
if (EnvironmentConfig.MachineStore.ContainsKey(Machine.RODC))
{
DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[Machine.RODC];
DsUser rodcAccount = new DsUser();
rodcAccount.Domain = rodc.Domain;
rodcAccount.Username = rodc.NetbiosName + "$";
rodcAccount.Password = ADCommonServerAdapter.Instance(testSite).RODCPassword;
UserStore.Add(User.RODCMachineAccount, rodcAccount);
}
//}
//catch (Exception e)
//{
// init_succeed = false;
// site.Assert.Fail("data initialization failed due to exception:" + e.InnerException == null ? e.Message : e.InnerException.Message);
//}
//alwasy only init once
dataLoaded = true;
}
public void DRSR_DRSRemoveDsDomain_Remove_Domain()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
// The destination server in an external forest. The external forest will be
// removed after this call.
EnvironmentConfig.Machine dst = EnvironmentConfig.Machine.CDC;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsServer child = (DsServer)EnvironmentConfig.MachineStore[dst];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSBind: should return 0 with a success bind to DC");
string domainDn = child.Domain.Name;
// We call RemoveDsServer to remove an actual
// DC in the external forest, so that a crossRef object
// pointing to a removed NC will exists.
string serverDn = child.ServerObjectName;
ret = drsTestClient.DrsRemoveDsServer(
srv,
IDL_DRSRemoveDsServer_dwInVersion_Values.V1,
serverDn,
domainDn,
true);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSRemoveDsDomain: should return 0 after removal of server");
// Note that by far, the NTDS DSA object of this server should be removed already.
ret = drsTestClient.DrsRemoveDsDomain(
srv,
IDL_DRSRemoveDsDomain_dwInVersion_Values.V1,
domainDn
);
BaseTestSite.Assert.AreEqual <uint>(
ret,
0,
"IDL_DRSRemoveDsDomain: return value should be 0");
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSUnbind: return value should be 0");
}