/// <summary> /// 删除站点主机头(根据站点号,也就是站点标识) /// </summary> /// <param name="SiteNum"></param> /// <param name="IPAddress"></param> /// <param name="Port"></param> /// <param name="Url"></param> public void DeleteHostHeader(long SiteNum, string IPAddress, string Port, string Url) { if (SiteNum < 0) { throw new Exception("IIS 站点号“" + SiteNum.ToString() + "”打开失败。"); } string entry = String.Format("IIS://{0}/w3svc/{1}", HostName, SiteNum); DirectoryEntry site = GetDirectoryEntry(entry); if (site == null) { throw new Exception("IIS 站点号“" + SiteNum.ToString() + "”打开失败。"); } PropertyValueCollection serverBindings = site.Properties["ServerBindings"]; string headerStr = string.Format("{0}:{1}:{2}", IPAddress, Port, Url); if (serverBindings.Contains(headerStr)) { serverBindings.Remove(headerStr); site.CommitChanges(); } }
/// <summary> /// VerifyMsdsIsGC method is used to verify the value of options of given directory entry is even or odd. /// </summary> /// <param name="reqEntry">DirectoryEntry</param> /// <returns>Returns true if the options field contains odd value.</returns> public bool VerifyMsdsIsGC(DirectoryEntry reqEntry) { PropertyValueCollection objectClassValue = reqEntry.Properties["objectclass"]; if (objectClassValue.Contains("nTDSDSA")) { int optionValue = (int)reqEntry.Properties["options"].Value; optionValue = optionValue & 1; if (optionValue == 1) { return(true); } } if (objectClassValue.Contains("server")) { string childDN = String.Empty; DirectoryEntry TN = reqEntry.Children.Find("CN=NTDS Settings"); childDN = TN.Properties["distinguishedname"].Value.ToString(); if (childDN.Equals("CN=NTDS Settings," + reqEntry.Properties[StandardNames.distinguishedName].Value.ToString())) { return(VerifyMsdsIsGC(TN)); } } if (objectClassValue.Contains("computer")) { //Get server object with its serverReferenceBL attribute. DirectoryEntry TS = null; if (!adAdapter.GetObjectByDN(reqEntry.Properties["serverReferenceBL"].Value.ToString(), out TS)) { DataSchemaSite.Assume.IsTrue( false, reqEntry.Properties["serverReferenceBL"].Value.ToString() + " Object is not found in server"); } if (TS != null) { return(VerifyMsdsIsGC(TS)); } } return(false); }
// // PAPI --> S.DS (LDAP or WinNT) conversion routines // static internal void MultiStringToDirectoryEntryConverter(Principal p, string propertyName, DirectoryEntry de, string suggestedProperty) { PrincipalValueCollection <string> trackingList = (PrincipalValueCollection <string>)p.GetValueForProperty(propertyName); if (p.unpersisted && trackingList == null) { return; } List <string> insertedValues = trackingList.Inserted; List <string> removedValues = trackingList.Removed; List <Pair <string, string> > changedValues = trackingList.ChangedValues; PropertyValueCollection properties = de.Properties[suggestedProperty]; // We test to make sure the change hasn't already been applied to the PropertyValueCollection, // because PushChangesToNative can be called multiple times prior to committing the changes and // we want to maintain idempotency foreach (string value in removedValues) { if (value != null && properties.Contains(value)) { properties.Remove(value); } } foreach (Pair <string, string> changedValue in changedValues) { // Remove the original value and add in the new value Debug.Assert(changedValue.Left != null); // since it came from the system properties.Remove(changedValue.Left); if (changedValue.Right != null && !properties.Contains(changedValue.Right)) { properties.Add(changedValue.Right); } } foreach (string value in insertedValues) { if (value != null && !properties.Contains(value)) { properties.Add(value); } } }
private void ProcessCollection(DataTable dt, ActivityInfoCollection activities, int level) { level++; foreach (Mediachase.Ibn.Assignments.ActivityInfo activityInfo in activities) { DataRow row = dt.NewRow(); if (activityInfo.Type == ActivityType.Block) { row["Subject"] = GetGlobalResourceObject("IbnFramework.BusinessProcess", "ParallelBlock").ToString(); } else { row["Subject"] = (activityInfo.Subject != null) ? activityInfo.Subject : String.Empty; } if (activityInfo.UserId.HasValue) { row["User"] = CommonHelper.GetUserStatus(activityInfo.UserId.Value); } row["State"] = (int)activityInfo.State; if (activityInfo.ExecutionResult.HasValue) { row["Result"] = activityInfo.ExecutionResult.Value; } if (activityInfo.ActualFinishDate.HasValue) { row["FinishDate"] = String.Concat(activityInfo.ActualFinishDate.Value.ToShortDateString(), " ", activityInfo.ActualFinishDate.Value.ToShortTimeString()); } row["Comment"] = CHelper.ParseText(activityInfo.Comment, true, true, true); row["Indent"] = (level - 1) * indentSize; if (activityInfo.ClosedBy.HasValue) { row["ClosedBy"] = CommonHelper.GetUserStatus(activityInfo.ClosedBy.Value); } if (activityInfo.PlanFinishDate.HasValue) { row["PlanFinishDate"] = String.Concat(activityInfo.PlanFinishDate.Value.ToShortDateString(), " ", activityInfo.PlanFinishDate.Value.ToShortTimeString()); } row["ReadOnly"] = false; PropertyValueCollection properties = activityInfo.AssignmentProperties; if (properties.Contains(AssignmentCustomProperty.ReadOnlyLibraryAccess)) { bool?readOnly = properties[AssignmentCustomProperty.ReadOnlyLibraryAccess] as bool?; if (readOnly.HasValue) { row["ReadOnly"] = readOnly.Value; } } dt.Rows.Add(row); ProcessCollection(dt, activityInfo.Activities, level); } }
public bool CanWriteAttibute(string attribute) { if (allowedAttributesEffective == null) { DirectoryEntry de = (DirectoryEntry)GetUnderlyingObject(); de.RefreshCache(new string[] { "allowedAttributesEffective" }); allowedAttributesEffective = de.Properties["allowedAttributesEffective"]; } return(allowedAttributesEffective.Contains(attribute)); }
internal static void MultiStringToDirectoryEntryConverter(Principal p, string propertyName, DirectoryEntry de, string suggestedProperty) { PrincipalValueCollection <string> valueForProperty = (PrincipalValueCollection <string>)p.GetValueForProperty(propertyName); if (!p.unpersisted || valueForProperty != null) { List <string> inserted = valueForProperty.Inserted; List <string> removed = valueForProperty.Removed; List <Pair <string, string> > changedValues = valueForProperty.ChangedValues; PropertyValueCollection item = de.Properties[suggestedProperty]; foreach (string str in removed) { if (str == null || !item.Contains(str)) { continue; } item.Remove(str); } foreach (Pair <string, string> changedValue in changedValues) { item.Remove(changedValue.Left); if (changedValue.Right == null || item.Contains(changedValue.Right)) { continue; } item.Add(changedValue.Right); } foreach (string str1 in inserted) { if (str1 == null || item.Contains(str1)) { continue; } item.Add(str1); } return; } else { return; } }
public static void DeleteHostHeader(int siteid, string ip, int port, string domain)//删除主机头(站点编号.ip.端口.域名) { DirectoryEntry site = new DirectoryEntry("IIS://localhost/W3SVC/" + siteid); PropertyValueCollection serverBindings = site.Properties["ServerBindings"]; string headerStr = string.Format("{0}:{1}:{2}", ip, port, domain); if (serverBindings.Contains(headerStr)) { serverBindings.Remove(headerStr); } site.CommitChanges(); }
/// <summary> /// 添加域名绑定 /// </summary> /// <param name="serverName">服务器名称</param> /// <param name="siteid">站点编号</param> /// <param name="ip">ip</param> /// <param name="port">端口</param> /// <param name="domain">域名</param> public static void AddHostHeader(string serverName, int siteid, string ip, int port, string domain) { DirectoryEntry site = new DirectoryEntry("IIS://" + serverName + "/W3SVC/" + siteid); PropertyValueCollection serverBindings = site.Properties["ServerBindings"]; string headerStr = string.Format("{0}:{1}:{2}", ip, port, domain); if (!serverBindings.Contains(headerStr)) { serverBindings.Add(headerStr); } //默认情况下,对缓存进行本地更改。修改或添加节点之后, //必须调用 CommitChanges 方法,以便提交更改,将它们保存到树中。 //如果在调用 CommitChanges 之前调用 RefreshCache,则将丢失对属性缓存的任何未提交的更改。 site.CommitChanges(); }
public string RemoveHostHeader(string websiteName, string ipAddress, string port, string hostname) { string websiteID = GetWebsiteID(websiteName); string websitePath = "IIS://" + mServer + "/w3svc/" + websiteID; DirectoryEntry website = null; try { website = new DirectoryEntry(websitePath); } catch (Exception error) { throw new Exception("Error creating the web directory entry.\n" + error.Message + "\n" + error.InnerException); } PropertyValueCollection websiteBindings = null; try { websiteBindings = website.Properties["ServerBindings"]; } catch (Exception error) { throw new Exception("Error getting the host header listing.\n" + error.Message + "\n" + error.InnerException); } string hostHeader = string.Format("{0}:{1}:{2}", ipAddress, port, hostname); if (!websiteBindings.Contains(hostHeader)) { return("missing"); } try { websiteBindings.Remove(hostHeader); website.CommitChanges(); } catch (System.Exception error) { throw new Exception("Error removing the host header.\n" + error.Message + "\n" + error.InnerException); } return("removed"); }
private static bool CheckEquals(PropertyValueCollection properties, string[] values) { if (values == null) { return(properties.Count == 0); } if (properties.Count != values.Length) { return(false); } foreach (var v in values) { if (!properties.Contains(v)) { return(false); } } return(true); }
/// <summary> /// Users the can write. /// </summary> /// <param name="entity">The entity.</param> /// <returns></returns> private bool CanUserWrite(AssignmentEntity entity) { if (entity.WorkflowInstanceId.HasValue && !string.IsNullOrEmpty(entity.WorkflowActivityName)) { PropertyValueCollection properties = WorkflowActivityWrapper.GetAssignmentProperties((Guid)entity.WorkflowInstanceId.Value, entity.WorkflowActivityName); if (properties.Contains(AssignmentCustomProperty.ReadOnlyLibraryAccess)) { bool?value = properties[AssignmentCustomProperty.ReadOnlyLibraryAccess] as bool?; if (value.HasValue) { return(!value.Value); } } } return(true); }
protected override void OnRemoveValue(object value) { object[] array = value as object[]; if (array == null) { array = new object[] { value }; } PropertyValueCollection values = DirectoryUtils.GetPropertyValues(Entry, AttributeName); foreach (object val in array) { if (values.Contains(val)) { values.Remove(val); } } Entry.CommitChanges(); }
public static int AddHostHeader(int siteid, string ip, int port, string domain)//增加主机头(站点编号.ip.端口.域名) { int mark = 0; try { DirectoryEntry site = new DirectoryEntry("IIS://localhost/W3SVC/" + siteid); PropertyValueCollection serverBindings = site.Properties["ServerBindings"]; string headerStr = string.Format("{0}:{1}:{2}", ip, port, domain); if (!serverBindings.Contains(headerStr)) { serverBindings.Add(headerStr); } site.CommitChanges(); mark = 1; } catch { mark = 0; } return(mark); }
public void DeleteHostHeader(long SiteNum, string IPAddress, string Port, string Url) { if (SiteNum < 0L) { throw new Exception("IIS 站点号“" + SiteNum.ToString() + "”打开失败。"); } string entryPath = string.Format("IIS://{0}/w3svc/{1}", this.HostName, SiteNum); DirectoryEntry directoryEntry = this.GetDirectoryEntry(entryPath); if (directoryEntry == null) { throw new Exception("IIS 站点号“" + SiteNum.ToString() + "”打开失败。"); } PropertyValueCollection values = directoryEntry.Properties["ServerBindings"]; string str2 = string.Format("{0}:{1}:{2}", IPAddress, Port, Url); if (values.Contains(str2)) { values.Remove(str2); directoryEntry.CommitChanges(); } }
/// <summary> /// CaptureServerContainer is a Common method for Both AD/DS and AD/LDS Server Container Requirements Validation /// Retrieves the required Directory Entry for a specified DN and its attributes. /// </summary> public void CaptureServerContainer() { if (isDS) { if (!adAdapter.GetObjectByDN("CN=Sites,CN=Configuration," + adAdapter.rootDomainDN, out sitesEntry)) { DataSchemaSite.Assume.IsTrue( false, "CN=Sites,CN=Configuration," + adAdapter.rootDomainDN + " Object is not found in server"); } } else { if (!adAdapter.GetLdsObjectByDN("CN=Sites,CN=Configuration," + adAdapter.LDSRootObjectName, out sitesEntry)) { DataSchemaSite.Assume.IsTrue( false, "CN=Sites,CN=Configuration," + adAdapter.LDSRootObjectName + " Object is not found in server"); } } DirectoryEntries sitesChildern = sitesEntry.Children; foreach (DirectoryEntry child in sitesChildern) { if (child.Properties["objectClass"].Contains((object)"site") && child.Name.Equals("CN=Default-First-Site-Name")) { serverParentEntry = child.Children.Find("CN=Servers"); //MS-ADTS-Schema_R433 // [Since objectClass of the child is a site object, R433 is captured.] DataSchemaSite.CaptureRequirement( 433, "The parent of the Servers Container must be site object."); } } if (isDS) { string dnServers = serverParentEntry.Properties["distinguishedName"].Value.ToString(); if (!adAdapter.GetObjectByDN(dnServers, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, dnServers + " Object is not found in server"); } } parent = serverParentEntry.Parent.Name; objectClass = serverParentEntry.Properties["objectClass"]; //MS-ADTS-Schema_R434 DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"serversContainer"), 434, "The ObjectClass Attribute of the Servers Container must be serversContainer."); systemFlag = serverParentEntry.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_MOVE_ON_DELETE"); //MS-ADTS-Schema_R435 DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 435, "The systemFlags Attribute of the Servers Container must be FLAG_DISALLOW_MOVE_ON_DELETE."); DirectoryEntries serverChildren = null; foreach (DirectoryEntry sitechild in sitesChildern) { if (sitechild.Properties["objectClass"].Contains((object)"site") && sitechild.Name.Equals("CN=Default-First-Site-Name")) { serverParentEntry = sitechild.Children.Find("CN=Servers"); serverChildren = serverParentEntry.Children; foreach (DirectoryEntry child in serverChildren) { if (!child.Parent.Name.Equals("CN=Servers")) { isParent = false; } objectClass = child.Properties["objectClass"]; if (!objectClass.Contains((object)"server")) { isObjectClass = false; } systemFlag = child.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME|FLAG_CONFIG_ALLOW_LIMITED_MOVE|FLAG_DISALLOW_MOVE_ON_DELETE"); if (systemFlag != (systemFlagVal.ToString())) { isParseSystemFlagsValue = false; } } } } //MS-ADTS-Schema_R436 DataSchemaSite.CaptureRequirementIfIsTrue( isParent, 436, "The parent of the Server Object must be servers Container object."); //MS-ADTS-Schema_R437 DataSchemaSite.CaptureRequirementIfIsTrue( isObjectClass, 437, "The ObjectClass Attribute of the Server Object must be Server."); //MS-ADTS-Schema_R438 DataSchemaSite.CaptureRequirementIfIsTrue( isParseSystemFlagsValue, 438, "The systemFlags Attribute of the Server Object must be either of" + "FLAG_CONFIG_ALLOW_RENAME | FLAG_CONFIG_ALLOW_LIMITED_MOVE | FLAG_DISALLOW_MOVE_ON_DELETE."); if (isDS) { if (!adAdapter.GetObjectByDN("OU=Domain Controllers," + adAdapter.rootDomainDN, out sitesEntry)) { DataSchemaSite.Assume.IsTrue( false, "OU=Domain Controllers," + adAdapter.rootDomainDN + " Object is not found in server"); } DirectoryEntries domainChildren = sitesEntry.Children; isObjectClass = true; foreach (DirectoryEntry childDomain in domainChildren) { string cnName = childDomain.Properties["cn"].Value.ToString(); foreach (DirectoryEntry sitechild in sitesChildern) { if (sitechild.Properties["objectClass"].Contains((object)"site")) { if (sitechild.Name.Equals("CN=Default-First-Site-Name")) { serverParentEntry = sitechild.Children.Find("CN=Servers"); serverChildren = serverParentEntry.Children; foreach (DirectoryEntry child in serverChildren) { serverEntry = serverParentEntry.Children.Find("CN=" + cnName); DirectoryEntries serverEntryChildern = serverEntry.Children; foreach (DirectoryEntry serverEntryChild in serverEntryChildern) { PropertyValueCollection objClass = serverEntryChild.Properties["objectClass"]; dnName = serverEntryChild.Properties["distinguishedName"].Value.ToString(); if (dnName.StartsWith("CN=NTDS Settings")) { if (dnName.Contains(adAdapter.PDCNetbiosName)) { nTDSName = dnName; } if (!objClass.Contains((object)"nTDSDSA")) { isObjectClass = false; } } } } } } } } bool hasDNSHostName = false; string dnsHostName = null; string[] hostName = null; string domainStr = null; foreach (DirectoryEntry child in serverChildren) { dnsHostName = child.Properties["dnsHostName"].Value.ToString().ToLower(); hostName = dnsHostName.Split('.'); domainStr = dnsHostName.Substring(hostName[0].Length + 1, dnsHostName.Length - (hostName[0].Length + 1)); if (hostName[0].Equals(adAdapter.PDCNetbiosName.ToLower())) { hasDNSHostName = true; break; } } //MS-ADTS-Schema_R439 DataSchemaSite.CaptureRequirementIfIsTrue( hasDNSHostName && (domainStr.ToLower().Equals(adAdapter.PrimaryDomainDnsName.ToLower())), 439, "The dNSHostName Attribute of the Server Object must be fully qualified DNS name of the DC."); //MS-ADTS-Schema_R440 DataSchemaSite.CaptureRequirementIfIsTrue( isObjectClass, 440, "Each DC in a domain has an nTDSDSA object in the config NC."); if (!adAdapter.GetObjectByDN(nTDSName, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, nTDSName + " Object is not found in server"); } string dMDLocation = dirPartitions.Properties["dMDLocation"].Value.ToString(); //MS-ADTS-Schema_R444 DataSchemaSite.CaptureRequirementIfAreEqual <string>( ("CN=Schema,CN=Configuration," + adAdapter.rootDomainDN).ToLower(), dMDLocation.ToLower(), 444, "The dMDLocation Attribute of the nTDSDSA Object must be dsname of the schema NC root."); } else { foreach (DirectoryEntry serverEntryChild in serverChildren) { DirectoryEntries serverEntryChildsChild = serverEntryChild.Children; foreach (DirectoryEntry serverChild in serverEntryChildsChild) { string dnsHostName = serverEntryChild.Properties["dNSHostName"].Value.ToString().ToLower(); string[] hostName = dnsHostName.Split('.'); string domainStr = dnsHostName.Substring(hostName[0].Length + 1, dnsHostName.Length - (hostName[0].Length + 1)); if ((hostName[0].ToLower().Equals(adAdapter.PDCNetbiosName.ToLower())) && (domainStr.ToLower().Equals(adAdapter.PrimaryDomainDnsName.ToLower()))) { isTrue = true; } dnName = serverChild.Properties["distinguishedName"].Value.ToString(); if (dnName.StartsWith("CN=NTDS Settings")) { nTDSName = dnName; } } } //MS-ADTS-Schema_R439 DataSchemaSite.CaptureRequirementIfIsTrue( isTrue, 439, "The dNSHostName Attribute of the Server Object must be fully qualified DNS name of the DC."); if (!adAdapter.GetLdsObjectByDN(nTDSName, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, nTDSName + " Object is not found in server"); } string dMDLocation = dirPartitions.Properties["dMDLocation"].Value.ToString(); //MS-ADTS-Schema_R444 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName, dMDLocation, 444, "The dMDLocation Attribute of the nTDSDSA Object must be dsname of the schema NC root."); } string name = dirPartitions.Properties["name"].Value.ToString(); //MS-ADTS-Schema_R441 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "NTDS Settings", name, 441, "The name Attribute of the nTDSDSA Object must be NTDS Settings."); objectClass = dirPartitions.Parent.Properties["objectClass"]; //MS-ADTS-Schema_R442 DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"server"), 442, "The parent of the nTDSDSA Object must be an object with objectClass server."); objectClass = dirPartitions.Properties["objectClass"]; //MS-ADTS-Schema_R443 DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"nTDSDSA"), 443, "The ObjectClass Attribute of the nTDSDSA Object must be nTDSDSA."); //MS-ADTS-Schema_R445 PropertyValueCollection allNCs = null; systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_MOVE_ON_DELETE"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 445, "The SystemFlags attribute of the nTDSDSA Object must be FLAG_DISALLOW_MOVE_ON_DELETE."); if (isDS) { entry = new DirectoryEntry("LDAP://" + adAdapter.PDCNetbiosName + "/rootDSE"); } else { entry = new DirectoryEntry("LDAP://" + adAdapter.adamServerPort + "/rootDSE"); try { allNCs = entry.Properties["namingContexts"]; } catch (Exception) { entry = new DirectoryEntry("LDAP://" + adAdapter.adamServerPort + "/rootDSE"); } } allNCs = entry.Properties["namingContexts"];//namingContexts PropertyValueCollection hasMasterNCs = dirPartitions.Properties["hasMasterNCs"]; PropertyValueCollection msDSHasMasterNCs = dirPartitions.Properties["msDS-hasMasterNCs"]; PropertyValueCollection msDSHasFullReplicasNCs; bool isHasMasterNCs = true, ismsDSHasMasterNCs = true, ismsDSHasFullReplicasNCs = true; for (int index = 0; index < hasMasterNCs.Count; index++) { if (!allNCs.Contains(hasMasterNCs[index])) { isHasMasterNCs = false; } } for (int index = 0; index < msDSHasMasterNCs.Count; index++) { if (!allNCs.Contains(msDSHasMasterNCs[index])) { ismsDSHasMasterNCs = false; } } //MS-ADTS-Schema_R449 DataSchemaSite.CaptureRequirementIfIsTrue( isHasMasterNCs, 449, @"hasMasterNCs attribute in nTDSDSA Object Contains the dsnames of the NC root objects representing the schema NC, config NC,and domain NC for the default domain of the DC. This attribute always contains these three values, and only these three values."); //MS-ADTS-Schema_R451 DataSchemaSite.CaptureRequirementIfIsTrue( ismsDSHasMasterNCs, 451, @"msDS-hasMasterNCs attribute in nTDSDSA Object Contains the dsnames of the root objects of all writable NC replicas hosted by the DC."); if (isDS) { if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out entry)) { DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server"); } PropertyValueCollection msds = entry.Properties["distinguishedName"]; PropertyValueCollection msDSHasDomainNCs = dirPartitions.Properties["msDS-HasDomainNCs"]; //MS-ADTS-Schema_R450 DataSchemaSite.CaptureRequirementIfIsTrue( msds.Value.ToString() == msDSHasDomainNCs.Value.ToString(), 450, @"msDS-HasDomainNCs attribute in nTDSDSA Object Equals to the dsname of the NC root object for which the DC is hosting a regular NC replica. This attribute must have only one value. "); } if (isDS) { isParseSystemFlagsValue = true; isParent = true; isObjectClass = true; bool isNotExistingRODC = true; //The value optionsvalue=0x41 can be got from TD [MS-ADTS] 7.1.1.2.2.1.2.1.3 const int optionsvalue = 0x41; foreach (DirectoryEntry serverEntryChild in serverChildren) { if (serverEntryChild.Name.ToLower() == ("CN=" + adAdapter.RODCNetbiosName).ToLower()) { DirectoryEntries nTDSEntries = serverEntryChild.Children; foreach (DirectoryEntry nTDSEntry in nTDSEntries) { msDSHasFullReplicasNCs = nTDSEntry.Properties["msDS-hasFullReplicaNCs"]; for (int index = 0; index < hasMasterNCs.Count; index++) { if (!allNCs.Contains(msDSHasFullReplicasNCs[index])) { ismsDSHasFullReplicasNCs = false; } } //Checking For the Parent equal to Servers if (!nTDSEntry.Properties["objectClass"].Contains((object)"nTDSDSA")) { isParent = false; } foreach (DirectoryEntry nTDSConnectionObjects in nTDSEntry.Children) { //Check schedule attribute if (nTDSConnectionObjects.Properties["schedule"].Value != null) { bool verifySuccessed = VerifyScheduleStructure((byte[])nTDSConnectionObjects.Properties["schedule"].Value); if (verifySuccessed != true) { isSchedule = false; } } objectClass = nTDSConnectionObjects.Properties["objectClass"]; if (!objectClass.Contains((object)"nTDSConnection")) { isObjectClass = false; } string s = (string)nTDSConnectionObjects.Properties["fromServer"].Value; if (!s.Contains("CN=NTDS Settings")) { isRefertontdsdsa = false; } //Checking For the attribute options. if (optionsvalue != ((int)(nTDSConnectionObjects.Properties["options"].Value))) { isOptions = false; } //Checking For the name equals to RODC Connection. name = nTDSConnectionObjects.Properties["name"].Value.ToString(); if ((bool)(nTDSConnectionObjects.Properties["enabledConnection"].Value) != true) { isEnabledconnection = false; } systemFlag = nTDSConnectionObjects.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_CONFIG_ALLOW_RENAME"); if (systemFlag != (systemFlagVal.ToString())) { isParseSystemFlagsValue = false; } } } } if (serverEntryChild.Name.ToLower() == ("CN=" + adAdapter.PDCNetbiosName.ToLower())) { DirectoryEntries nTDSDCEntries = serverEntryChild.Children; foreach (DirectoryEntry nTDSDCEntry in nTDSDCEntries) { foreach (DirectoryEntry nTDSConnectionDCObjects in nTDSDCEntry.Children) { nonRODCConnection = nTDSConnectionDCObjects.Properties["name"].Value.ToString(); if ((serverOS == OSVersion.WinSvr2012 || serverOS == OSVersion.WinSvr2012R2) && nonRODCConnection.Equals("RODC Connection (SYSVOL)")) { isNotExistingRODC = false; } else if ((serverOS == OSVersion.WinSvr2008 || serverOS == OSVersion.WinSvr2008R2) && nonRODCConnection.Equals("RODC Connection (FRS)")) { isNotExistingRODC = false; } } } } } //Verify MS-AD_Schema requirement:MS-AD_Schema_R4511 DataSchemaSite.CaptureRequirementIfIsTrue( isRefertontdsdsa, 4511, @"[Each RODC NTFRS connection object has the following attributes:]fromServer: A reference to the nTDSDSA object of the source DC."); //Verify MS-AD_Schema requirement:MS-AD_Schema_R4512 DataSchemaSite.CaptureRequirementIfIsTrue( isSchedule, 4512, @"[Each RODC NTFRS connection object has the following attributes:]schedule: Contains a SCHEDULE structure that specifies the time intervals when replication can be performed between the source and the destination DCs."); //Verify MS-AD_Schema requirement:MS-AD_Schema_R4504 DataSchemaSite.CaptureRequirementIfIsTrue( isNotExistingRODC, 4504, @"RODC NTFRS connection objects do not exist for DCs."); //Verify MS-AD_Schema requirement:MS-AD_Schema_R4503 if (serverOS >= OSVersion.WinSvr2012) { DataSchemaSite.CaptureRequirementIfAreEqual <string>( "RODC Connection (SYSVOL)", name, 4503, @"An RODC NTFRS connection object exists for each RODC in the forest."); } else { DataSchemaSite.CaptureRequirementIfAreEqual <string>( "RODC Connection (FRS)", name, 4503, @"An RODC NTFRS connection object exists for each RODC in the forest."); } //Verify MS-AD_Schema requirement:MS-AD_Schema_R4508 DataSchemaSite.CaptureRequirementIfIsTrue( isParent, 4508, @"[Each RODC NTFRS connection object has the following attributes:]parent: nTDSDSA object."); //Verify MS-AD_Schema requirement:MS-AD_Schema_R4506 DataSchemaSite.CaptureRequirementIfIsTrue( isParent, 4506, @"This object[RODC NTFRS Connection Object] is a child of the nTDSDSA object of the destination RODC."); //MS-ADTS-Schema_R455 DataSchemaSite.CaptureRequirementIfIsTrue( isObjectClass, 455, "The objectClass attribute of the Connection object must be nTDSConnection."); //Verify MS-AD_Schema requirement:MS-AD_Schema_R4510 DataSchemaSite.CaptureRequirementIfIsTrue( isEnabledconnection, 4510, @"[Each RODC NTFRS connection object has the following attributes:]enabledConnection: true."); // //Verify MS-AD_Schema requirement:MS-AD_Schema_R4513 // DataSchemaSite.CaptureRequirementIfIsTrue( isParseSystemFlagsValue, 4513, @"[Each RODC NTFRS connection object has the following attributes:]systemFlags: {FLAG_CONFIG_ALLOW_RENAME}."); //Verify MS-AD_Schema requirement:MS-AD_Schema_R4509 DataSchemaSite.CaptureRequirementIfIsTrue( isObjectClass, 4509, @"[Each RODC NTFRS connection object has the following attributes:]objectClass: nTDSConnection."); //Verify MS-AD_Schema requirement:MS-AD_Schema_R4507 if (serverOS >= OSVersion.WinSvr2012) { DataSchemaSite.CaptureRequirementIfAreEqual <string>( "RODC Connection (SYSVOL)", name, 4507, @"[Each RODC NTFRS connection object has the following attributes:]name: RODC Connection (SYSVOL)."); } else { DataSchemaSite.CaptureRequirementIfAreEqual <string>( "RODC Connection (FRS)", name, 4507, @"[Each RODC NTFRS connection object has the following attributes:]name: RODC Connection (FRS)."); } //Verify MS-AD_Schema requirement:MS-AD_Schema_R4514 DataSchemaSite.CaptureRequirementIfIsTrue( isOptions, 4514, @"[Each RODC NTFRS connection object has the following attributes:]options: Both of the bits from the following diagram[The 26th bit is RT, the last bit is IG, and the rest are X]. "); //Verify MS-AD_Schema requirement:MS-AD_Schema_R4517 DataSchemaSite.CaptureRequirementIfIsTrue( isOptions, 4517, @"[In RODC NTFRS connection object, options attribute]X: Must be zero and ignored."); } //MS-ADTS-Schema_R452 DataSchemaSite.CaptureRequirementIfIsTrue( ismsDSHasFullReplicasNCs, 452, @"msDS-hasFullReplicaNCs attribute in nTDSDSA Object Contains the dsnames of the root objects of all writable NC replicas hosted by the DC."); //MS-ADTS-Schema_R454 DataSchemaSite.CaptureRequirementIfIsTrue( isParent, 454, "The parent of the Connection object must be nTDSDSA object."); //MS-ADTS-Schema_R456 DataSchemaSite.CaptureRequirementIfIsTrue( isParseSystemFlagsValue, 456, @"The SystemFlags attribute of the Connection object must be FLAG_CONFIG_ALLOW_RENAME | FLAG_CONFIG_ALLOW_MOVE."); }
/// <summary> /// Method validates the requirements under LDSCrossRefContainer Scenario. /// </summary> public void ValidateLDSCrossRefContainer() { DirectoryEntry dirPartitions = new DirectoryEntry(); DirectoryEntry domainEntry = new DirectoryEntry(); DirectoryEntry childEntry = new DirectoryEntry(); DirectoryEntry requiredEntry = new DirectoryEntry(); string systemFlag; int systemFlagVal; //Variables for holding the paths for NCs. if (!adAdapter.GetLdsObjectByDN("CN=Partitions,CN=Configuration," + adAdapter.LDSRootObjectName, out dirPartitions)) { DataSchemaSite.Assert.IsTrue( false, "CN=Partitions,CN=Configuration," + adAdapter.LDSRootObjectName + "Object is not found in server"); } string parentAttribute = dirPartitions.Parent.Name.ToString(); //MS-ADTS-Schema_R402 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Configuration", parentAttribute, 402, "The Parent of the Cross-Ref-Container Container must be Config NC root."); //MS-ADTS-Schema_R403 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "Partitions", dirPartitions.Properties["name"].Value.ToString(), 403, "The name attribute of the Cross-Ref-Container Container must be Partitions."); PropertyValueCollection objectClass = dirPartitions.Properties["objectClass"]; //MS-ADTS-Schema_R404 DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"crossRefContainer"), 404, "The objectClass attribute of the Cross-Ref-Container Container must be crossRefContainer."); //MS-ADTS-Schema_R406 systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 406, "The systemFlags attribute of the Cross-Ref-Container Container must be FLAG_DISALLOW_DELETE."); bool isCrossRef = true; bool isObjectClassCrossRef = true; DirectoryEntries Childs = dirPartitions.Children; foreach (DirectoryEntry child in Childs) { if (!child.Parent.Name.Equals("CN=Partitions")) { isCrossRef = false; } PropertyValueCollection objClass = child.Properties["objectClass"]; objClass.RemoveAt(0); if (objClass.Count != 1 || !objClass.Contains((object)"crossRef")) { isObjectClassCrossRef = false; } } //MS-ADTS-Schema_R408 DataSchemaSite.CaptureRequirementIfIsTrue( isCrossRef, 408, "The parent of the Cross-Ref Objects must be crossRefContainer object."); //MS-ADTS-Schema_R409 DataSchemaSite.CaptureRequirementIfIsTrue( isObjectClassCrossRef, 409, "The objectClass attribute of the Cross-Ref Objects must be crossRef."); childEntry = dirPartitions.Children.Find("CN=Enterprise Configuration"); //MS-ADTS-Schema_R410 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Configuration," + adAdapter.LDSRootObjectName, childEntry.Properties["nCName"].Value.ToString(), 410, "The nCName attribute of the Configuration crossRef Object must equal to the config NC root."); //MS-ADTS-Schema_R412 DataSchemaSite.CaptureRequirementIfIsFalse( childEntry.Properties.Contains("dnsRoot"), 412, "In AD/LDS the dnsroot attribute is not presented for the Configuration crossRef Object. "); childEntry = dirPartitions.Children.Find("CN=Enterprise Schema"); //MS-ADTS-Schema_R413 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName, childEntry.Properties["nCName"].Value.ToString(), 413, "The nCName attribute of the Schema crossRef Object must equal to the Schema NC root."); //MS-ADTS-Schema_R415 DataSchemaSite.CaptureRequirementIfIsFalse( childEntry.Properties.Contains("dnsRoot"), 415, "In AD/LDS the dnsroot attribute is not presented for the Schema crossRef Object."); childEntry = dirPartitions.Children.Find("CN=Enterprise Configuration"); //MS-ADTS-Schema_R421 DataSchemaSite.CaptureRequirementIfIsFalse( childEntry.Properties.Contains("dnsRoot"), 421, "In AD/LDS the dnsroot attribute is not presented for Application NC crossRef Object."); //MS-ADTS-Schema_R852 childEntry = dirPartitions.Children.Find("CN=Enterprise Schema"); if (!adAdapter.GetLdsObjectByDN("CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName, out dirPartitions)) { DataSchemaSite.Assert.IsTrue( false, "CN=Schema,CN=Configuration," + adAdapter.LDSRootObjectName + " Object is not found in server"); } DataSchemaSite.CaptureRequirementIfAreEqual <string>( childEntry.Properties["nCName"].Value.ToString(), dirPartitions.Properties["distinguishedName"].Value.ToString(), 852, "The nCName attribute of the crossRef object must equal the dsname of the NC root object."); }
/// <summary> /// Method validates the requirements under CrossRefContainer Scenario. /// </summary> public void ValidateCrossRefContainer() { //Variables required for Directory Entries. DirectoryEntry dirPartitions = new DirectoryEntry(); DirectoryEntry domainEntry = new DirectoryEntry(); DirectoryEntry childEntry = new DirectoryEntry(); if (!Utilities.IsObjectExist(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, adAdapter.PDCNetbiosName, adAdapter.ADDSPortNum, adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword)) { //To create the Application NC in the Active Directory. AdLdapClient.Instance().ConnectAndBind(adAdapter.PDCNetbiosName, adAdapter.PDCIPAddr, Convert.ToInt32(adAdapter.ADDSPortNum), adAdapter.DomainAdministratorName, adAdapter.DomainUserPassword, adAdapter.PrimaryDomainDnsName, AuthType.Basic | AuthType.Kerberos); List <DirectoryAttribute> attrs = new List <DirectoryAttribute>(); attrs.Add(new DirectoryAttribute("instancetype:5")); attrs.Add(new DirectoryAttribute("objectclass:domainDNS")); AdLdapClient.Instance().AddObject(adAdapter.PartitionPath + "," + adAdapter.rootDomainDN, attrs, null); AdLdapClient.Instance().Unbind(); } string configNC = "CN=Configuration," + adAdapter.rootDomainDN; string SchemaNC = "CN=Schema," + configNC; //Returns Fully Qualified DNS Name for the Current Domain. string strReturn = adAdapter.PrimaryDomainDnsName; if (!adAdapter.GetObjectByDN("CN=Partitions," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, "CN=Partitions," + configNC + " Object is not found in server"); } string parent = dirPartitions.Parent.Name, systemFlag; bool isPresent = false; int systemFlagVal; //MS-ADTS-Schema_R402 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "CN=Configuration", parent, 402, "The Parent of the Cross-Ref-Container Container must be Config NC root."); //MS-ADTS-Schema_R403 DataSchemaSite.CaptureRequirementIfAreEqual <string>( "Partitions", dirPartitions.Properties["name"].Value.ToString(), 403, @"The name attribute of the Cross-Ref-Container Container must be Partitions."); //MS-ADTS-Schema_R404 PropertyValueCollection objectClass = dirPartitions.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"crossRefContainer"), 404, "The objectClass attribute of the Cross-Ref-Container Container must be crossRefContainer."); string fsmoRoleOwner = dirPartitions.Properties["fSMORoleOwner"].Value.ToString(); //MS-ADTS-Schema_R406 systemFlag = dirPartitions.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_DISALLOW_DELETE"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 406, "The systemFlags attribute of the Cross-Ref-Container Container must be FLAG_DISALLOW_DELETE."); //MS-ADTS-Schema_R405 if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out domainEntry)) { DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server"); } string domainFSMO = domainEntry.Properties["fSMORoleOwner"].Value.ToString(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( fsmoRoleOwner, domainFSMO, 405, "The fSMORoleOwner attribute of the Cross-Ref-Container Container must references the Domain " + "Naming Master FSMO role owner."); //MS-ADTS-Schema_R408 //Query the Partitions for CrossRef container get the childrens and validate the requirments as such. bool isCrossRef = true; bool isObjectClassCrossRef = true; DirectoryEntries Childs = dirPartitions.Children; foreach (DirectoryEntry child in Childs) { if (!child.Parent.Name.Equals("CN=Partitions")) { isCrossRef = false; } PropertyValueCollection objClass = child.Properties["objectClass"]; objClass.RemoveAt(0); if (objClass.Count != 1 || !objClass.Contains((object)"crossRef")) { isObjectClassCrossRef = false; } if (dirPartitions.Parent.Name.ToString().Equals("CN=Configuration")) { isPresent = true; } } //Validate the parent of the crossref objects,objectClass,nCName and //dnsRoot for all childs and crossRef container in the configNC. DataSchemaSite.CaptureRequirementIfIsTrue( isCrossRef, 408, "The parent of the Cross-Ref Objects must be crossRefContainer object."); //MS-ADTS-Schema_R851 DataSchemaSite.CaptureRequirementIfIsTrue( isPresent & isCrossRef, 851, "For any NC in the forest crossRef,NC root objects must be exist."); // MS-ADTS-Schema_R409 DataSchemaSite.CaptureRequirementIfIsTrue( isObjectClassCrossRef, 409, "The objectClass attribute of the Cross-Ref Objects must be crossRef."); //This is the crossRef container or crossRefObject //MS-ADTS-Schema_R410 childEntry = dirPartitions.Children.Find("CN=Enterprise Configuration"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( configNC.ToLower(), childEntry.Properties["nCName"].Value.ToString().ToLower(), 410, "The nCName attribute of the Configuration crossRef Object must equal to the config NC root."); //MS-ADTS-Schema_R411 string dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( strReturn.ToLower(), dnsRoot.ToLower(), 411, "In AD/DS the dnsroot attribute of the Configuration crossRef Object must be the forest " + "root's fully qualified DNS name."); //This is the crossRef child or crossRefObject //MS-ADTS-Schema_R413 childEntry = dirPartitions.Children.Find("CN=Enterprise Schema"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( SchemaNC.ToLower(), childEntry.Properties["nCName"].Value.ToString().ToLower(), 413, "The nCName attribute of the Schema crossRef Object must equal to the Schema NC root."); //MS-ADTS-Schema_R414 dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( strReturn.ToLower(), dnsRoot.ToLower(), 414, "In AD/DS the dnsroot attribute of the Schema crossRef Object must be the forest " + "root's fully qualified DNS name."); //MS-ADTS-Schema_R852 if (!adAdapter.GetObjectByDN(SchemaNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, SchemaNC + " Object is not found in server"); } DataSchemaSite.CaptureRequirementIfAreEqual <string>( childEntry.Properties["nCName"].Value.ToString(), dirPartitions.Properties["distinguishedName"].Value.ToString(), 852, "The nCName attribute of the crossRef object must equal the dsname of the NC root object."); if (!adAdapter.GetObjectByDN("CN=Partitions," + configNC, out dirPartitions)) { DataSchemaSite.Assume.IsTrue(false, "CN=Partitions," + configNC + " Object is not found in server"); } foreach (DirectoryEntry partitionEntry in dirPartitions.Children) { if (partitionEntry.Properties["objectCategory"].Value.ToString().ToLower().Contains("cn=cross-ref")) { if (partitionEntry.Properties["nCName"].Value.ToString().Contains(adAdapter.PartitionPath)) { partitionEntry.RefreshCache(new string[] { "msDS-SDReferenceDomain" }); if (partitionEntry.Properties.Contains("msDS-SDReferenceDomain") && partitionEntry.Properties["msDS-SDReferenceDomain"].Value != null) { //MS-ADTS-Schema_R422 DataSchemaSite.CaptureRequirementIfAreEqual <string>( adAdapter.rootDomainDN.ToLower(), partitionEntry.Properties["msDS-SDReferenceDomain"].Value.ToString().ToLower(), 422, "In AD/DS msDS-SDReferenceDomain attribute of the Application NC crossRef object," + "references an NC root object for a domain. All security descriptors in this application NC " + "must use the NC represented as the reference domain for resolution."); } else { DataSchemaSite.Log.Add(LogEntryKind.Warning, "The value of msDS-SDReferenceDomain attribute of the Application NC crossRef object is null"); } } if (partitionEntry.Properties["nCName"].Value.ToString().Equals(adAdapter.rootDomainDN)) { //MS-ADTS-Schema_R416 DataSchemaSite.CaptureRequirementIfAreEqual <string>( partitionEntry.Properties["name"].Value.ToString(), partitionEntry.Properties["nETBIOSName"].Value.ToString(), 416, "The name attribute of the Domain crossRef Object must be the Netbios name of the domain."); //MS-ADTS-Schema_R417 DataSchemaSite.CaptureRequirementIfAreEqual <string>( adAdapter.rootDomainDN, partitionEntry.Properties["nCName"].Value.ToString(), 417, "The nCName attribute of the Domain crossRef Object must be reference to the Domain NC root."); //MS-ADTS-Schema_R418 if (!adAdapter.GetObjectByDN(adAdapter.rootDomainDN, out domainEntry)) { DataSchemaSite.Assume.IsTrue(false, adAdapter.rootDomainDN + " Object is not found in server"); } DirectoryEntry domainChildEntry = new DirectoryEntry(); DataSchemaSite.CaptureRequirementIfIsTrue( adAdapter.rootDomainDN.ToLower().Contains(partitionEntry.Properties["nETBIOSName"].Value.ToString().ToLower()), 418, "The nETBIOSName attribute of the Domain crossRef Object must be the Netbios name of the domain."); //MS-ADTS-Schema trustParent DataSchemaSite.Assert.IsNull( partitionEntry.Properties["trustParent"].Value, "The trustParent attribute is not present on the root domain NC's crossRef object."); //MS-ADTS-Schema_R419 systemFlag = partitionEntry.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_ATTR_NOT_REPLICATED|FLAG_ATTR_REQ_PARTIAL_SET_MEMBER"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 419, @"The systemFlags attribute of the Domain crossRef Object must be FLAG_CR_NTDS_NC | FLAG_CR_NTDS_DOMAIN."); } if (partitionEntry.Properties["nCName"].Value.ToString().Equals(adAdapter.childDomainDN)) { //MS-ADTS-Schema_R416 DataSchemaSite.CaptureRequirementIfAreEqual <string>( partitionEntry.Properties["name"].Value.ToString(), partitionEntry.Properties["nETBIOSName"].Value.ToString(), 416, "The name attribute of the Domain crossRef Object must be the Netbios name of the domain."); //MS-ADTS-Schema_R417 DataSchemaSite.CaptureRequirementIfAreEqual <string>( adAdapter.childDomainDN, partitionEntry.Properties["nCName"].Value.ToString(), 417, "The nCName attribute of the Domain crossRef Object must be reference to the Domain NC root."); //MS-ADTS-Schema_R418 if (!adAdapter.GetObjectByDN(adAdapter.childDomainDN, out domainEntry)) { DataSchemaSite.Assume.IsTrue(false, adAdapter.childDomainDN + " Object is not found in server"); } DirectoryEntry domainChildEntry = new DirectoryEntry(); DataSchemaSite.CaptureRequirementIfIsTrue( adAdapter.childDomainDN.ToLower().Contains(partitionEntry.Properties["nETBIOSName"].Value.ToString().ToLower()), 418, "The nETBIOSName attribute of the Domain crossRef Object must be the Netbios name of the domain."); //MS-ADTS-Schema trustParent DirectoryEntry parentEntry = new DirectoryEntry(); string netbiosDomain = adAdapter.PrimaryDomainNetBiosName; parentEntry = dirPartitions.Children.Find(string.Format("CN={0}", netbiosDomain)); DataSchemaSite.Assert.AreEqual <string>( parentEntry.Properties["distinguishedName"].Value.ToString(), partitionEntry.Properties["trustParent"].Value.ToString(), "For child NCs, the trustParent attribute value references the parent NC's crossRef object."); //MS-ADTS-Schema_R419 systemFlag = partitionEntry.Properties["systemFlags"].Value.ToString(); systemFlagVal = ParseSystemFlagsValue("FLAG_ATTR_NOT_REPLICATED|FLAG_ATTR_REQ_PARTIAL_SET_MEMBER"); DataSchemaSite.CaptureRequirementIfAreEqual <string>( systemFlagVal.ToString(), systemFlag, 419, @"The systemFlags attribute of the Domain crossRef Object must be FLAG_CR_NTDS_NC | FLAG_CR_NTDS_DOMAIN."); } } } //MS-ADTS-Schema_R420 dnsRoot = childEntry.Properties["dnsRoot"].Value.ToString().ToLower(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( strReturn.ToLower(), dnsRoot.ToLower(), 420, "In AD/DS the the value for dnsRoot for an application NC crossRef is derived by syntactically " + "converting the DN portion of the crossRef's nCName into a fully qualified DNS name."); }
/// <summary> /// This method validates the requirements under /// ServiceAndQueryPolicyContainer for both AD/DS and LDS Scenario's /// </summary> public void LDSAndDSCommonCallForServices(DirectoryEntry reqEntry) { PropertyValueCollection objectClass; DirectoryEntry requiredEntry = new DirectoryEntry(); DirectoryEntry childEntry = new DirectoryEntry(); requiredEntry = reqEntry; //MS-ADTS-Schema_R482 string parentAttribute = requiredEntry.Parent.Name.ToString(); DataSchemaSite.CaptureRequirementIfIsTrue( parentAttribute.Equals("CN=Configuration"), 482, "The parent of the Services Container must be Config NC root object."); //MS-ADTS-Schema_R483 objectClass = requiredEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"container"), 483, "The ObjectClass attribute of the Services Container must be container."); //MS-ADTS-Schema_R484 childEntry = requiredEntry.Children.Find("CN=Windows NT"); parentAttribute = childEntry.Parent.Name.ToString(); DataSchemaSite.CaptureRequirementIfIsTrue( parentAttribute.Equals("CN=Services"), 484, "The Parent of the Windows NT Service must be Services."); //MS-ADTS-Schema_R485 PropertyValueCollection objectClassForWinNT = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClassForWinNT.Contains((object)"container"), 485, "The ObjectClass attribute of the Windows NT Service must be container."); //MS-ADTS-Schema_R486 childEntry = childEntry.Children.Find("CN=Directory Service"); requiredEntry = childEntry; string parentAttributeDirectory = childEntry.Parent.Name.ToString(); DataSchemaSite.CaptureRequirementIfIsTrue( parentAttributeDirectory.Equals("CN=Windows NT"), 486, "The Parent of the Directory Service which is a type of Windows NT Service must be Windows NT."); //MS-ADTS-Schema_R487 PropertyValueCollection objectClassForDirService = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClassForDirService.Contains((object)"nTDSService"), 487, @"The ObjectClass attribute of the Directory Service which is a type of Windows NT Service must be nTDSService."); //MS-ADTS-Schema_R102689 PropertyValueCollection dSHeuristicsForDirService = childEntry.Properties["dSHeuristics"]; if (dSHeuristicsForDirService.Value == null) { DataSchemaSite.CaptureRequirementIfIsNull( dSHeuristicsForDirService.Value, 102689, "[In Directory Service] dSHeuristics: By default, this attribute is not set."); } else { DataSchemaSite.Log.Add(LogEntryKind.Comment, "dSHeuristics has been changed by other test suites, the value is: {0}", dSHeuristicsForDirService.Value); } //MS-ADTS-Schema_R490 childEntry = childEntry.Children.Find("CN=Query-Policies"); parentAttribute = childEntry.Parent.Name.ToString(); DataSchemaSite.CaptureRequirementIfIsTrue( parentAttribute.Equals("CN=Directory Service"), 490, "The Parent of the Query-Policies which is a type of Windows NT Service must be Directory Service."); //MS-ADTS-Schema_R491 PropertyValueCollection objectClassQueryPolicy = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClassQueryPolicy.Contains((object)"container"), 491, "The ObjectClass attribute of the Query-Policies which is a type of Windows NT Service must be container."); //MS-ADTS-Schema_R492 childEntry = childEntry.Children.Find("CN=Default Query Policy"); parentAttribute = childEntry.Parent.Name.ToString(); DataSchemaSite.CaptureRequirementIfIsTrue( parentAttribute.Equals("CN=Query-Policies"), 492, "The Parent of the Default Query Policy must be Query-Policies."); //MS-ADTS-Schema_R493 objectClassQueryPolicy = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClassQueryPolicy.Contains((object)"queryPolicy"), 493, "The ObjectClass attribute of the Default Query Policy must be queryPolicy."); }
/// <summary> /// This method validates the requirements under /// WellKnownSecurityDomainPrincipal for both AD/DS and LDS Scenario's. /// The common requirements are logged here. /// </summary> public void LDSAndDSCommonCall(DirectoryEntry directEntry) { GroupTypeFlags gType; //Holding Directory entries. DirectoryEntry dirEntry = new DirectoryEntry(); DirectoryEntry childEntry = new DirectoryEntry(); dirEntry = directEntry; //MS-ADTS-Schema_R810 DirectoryEntries rolesChilds = dirEntry.Children; bool isParentRoles = true; foreach (DirectoryEntry child in rolesChilds) { if (!child.Parent.Name.ToString().Equals("CN=Users")) { isParentRoles = false; } } DataSchemaSite.CaptureRequirementIfIsTrue( isParentRoles, 810, "For the Well-Known Domain-Relative Security Principals the Parent must be Users container"); //MS-ADTS-Schema_R813 childEntry = dirEntry.Children.Find("CN=Administrator"); PropertyValueCollection objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"user"), 813, "The objectClass attribute of Administrator Well-Known Domain-Relative Security Principals must be user"); //MS-ADTS-Schema_R814 childEntry = dirEntry.Children.Find("CN=Guest"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"user"), 814, "The objectClass attribute of Guest Well-Known Domain-Relative Security Principals must be user"); //MS-ADTS-Schema_R815 childEntry.RefreshCache(new string[] { "primaryGroupID" }); string primary = childEntry.Properties["primaryGroupID"].Value.ToString(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( "514", primary, 815, @"The primaryGroupID attribute of Guest Well-Known Domain-Relative Security Principals must be 514 (Domain Guests)"); //MS-ADTS-Schema_R816 childEntry = dirEntry.Children.Find("CN=krbtgt"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"user"), 816, @"The objectClass attribute of Key Distribution Center Service Account Well-Known Domain-Relative Security Principals must be user"); //MS-ADTS-Schema_R817 childEntry.RefreshCache(new string[] { "primaryGroupID" }); primary = childEntry.Properties["primaryGroupID"].Value.ToString(); DataSchemaSite.CaptureRequirementIfAreEqual <string>( "513", primary, 817, @"The primaryGroupID attribute of Key Distribution Center Service Account Well-Known Domain-Relative Security Principals must be 513 (Domain Users)"); //MS-ADTS-Schema_R818 childEntry = dirEntry.Children.Find("CN=Cert Publishers"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 818, @"The objectClass attribute of Key Distribution Center Service Account Well-Known Domain-Relative Security Principals must be user"); //MS-ADTS-Schema_R819 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_RESOURCE_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 819, @"The groupType attribute of Cert Publishers Well-Known Domain-Relative Security Principals is {GROUP_TYPE_RESOURCE_GROUP | GROUP_TYPE_SECURITY_ENABLED}.This means that in groupType field the two above bits are set, which means that the groupType is 0x80000004"); //MS-ADTS-Schema_R820 childEntry = dirEntry.Children.Find("CN=Domain Admins"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 820, @"The objectClass attribute of Domain Administrators Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R821 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_ACCOUNT_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 821, @"The groupType attribute of Domain Administrators, Well-Known Domain-Relative Security Principals is {GROUP_TYPE_ACCOUNT_GROUP | GROUP_TYPE_SECURITY_ENABLED}.This means that in groupType field the two above bits are set, which means that the groupType is 0x80000002"); //MS-ADTS-Schema_R822 childEntry = dirEntry.Children.Find("CN=Domain Computers"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 822, @"The objectClass attribute of Domain Computers Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R823 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_ACCOUNT_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 823, @"The groupType attribute of Domain Computers Well-Known Domain-Relative Security Principals is {GROUP_TYPE_ACCOUNT_GROUP | GROUP_TYPE_SECURITY_ENABLED}.This means that in groupType field the two above bits are set, which means that the groupType is 0x80000002"); //MS-ADTS-Schema_R824 childEntry = dirEntry.Children.Find("CN=Domain Controllers"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 824, @"The objectClass attribute of Domain Controllers, Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R825 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_ACCOUNT_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 825, @"The groupType attribute of Domain Controllers Well-Known Domain-Relative Security Principals is {GROUP_TYPE_ACCOUNT_GROUP | GROUP_TYPE_SECURITY_ENABLED}.This means that in groupType field the two above bits are set, which means that the groupType is 0x80000002"); //MS-ADTS-Schema_R826 childEntry = dirEntry.Children.Find("CN=Domain Guests"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 826, @"The objectClass attribute of Domain Guests Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R827 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_ACCOUNT_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 827, @"The groupType attribute of Domain Guests Well-Known Domain-Relative Security Principals is {GROUP_TYPE_ACCOUNT_GROUP | GROUP_TYPE_SECURITY_ENABLED}.This means that in groupType field the two above bits are set, which means that the groupType is 0x80000002"); //MS-ADTS-Schema_R828 childEntry = dirEntry.Children.Find("CN=Domain Users"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 828, "The objectClass attribute of Domain Users Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R829 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_ACCOUNT_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 829, @"The groupType attribute of Domain Users Well-Known Domain-Relative Security Principals must be either of GROUP_TYPE_ACCOUNT_GROUP | GROUP_TYPE_SECURITY_ENABLED"); //MS-ADTS-Schema_R833 childEntry = dirEntry.Children.Find("CN=Group Policy Creator Owners"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 833, @"The objectClass attribute of Group Policy Creator Owners Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R834 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_ACCOUNT_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 834, @"The groupType attribute of Group Policy Creator Owners Well-Known Domain-Relative Security Principals is {GROUP_TYPE_ACCOUNT_GROUP | GROUP_TYPE_SECURITY_ENABLED}.This means that in groupType field the two above bits are set, which means that the groupType is 0x80000002"); //MS-ADTS-Schema_R835 childEntry = dirEntry.Children.Find("CN=RAS and IAS Servers"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 835, @"The objectClass attribute of RAS and IAS Servers Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R836 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_RESOURCE_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 836, @"The groupType attribute of RAS and IAS Servers Well-Known Domain-Relative Security Principals is {GROUP_TYPE_RESOURCE_GROUP | GROUP_TYPE_SECURITY_ENABLED}.This means that in groupType field the two above bits are set, which means that the groupType is 0x80000004"); //MS-ADTS-Schema_R841 childEntry = dirEntry.Children.Find("CN=Schema Admins"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 841, @"The objectClass attribute of Schema Admins Well-Known Domain-Relative Security Principals must be group"); if (serverOS >= OSVersion.WinSvr2008) { //MS-ADTS-Schema_R830 childEntry = dirEntry.Children.Find("CN=Enterprise Admins"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 830, @"The objectClass attribute of Enterprise Administrators Well-Known Domain-Relative Security Principals must be group."); //MS-ADTS-Schema_R837 childEntry = dirEntry.Children.Find("CN=Read-only Domain Controllers"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 837, @"The objectClass attribute of Read-Only Domain Controllers Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R838 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_ACCOUNT_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 838, @"The groupType attribute of Read-Only Domain Controllers Well-Known Domain-Relative Security Principals is {GROUP_TYPE_ACCOUNT_GROUP|GROUP_TYPE_SECURITY_ENABLED} This means that in groupType field the two above bits are set, which means that the groupType is 0x80000002."); //MS-ADTS-Schema_R839 childEntry = dirEntry.Children.Find("CN=Enterprise Read-only Domain Controllers"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.CaptureRequirementIfIsTrue( objectClass.Contains((object)"group"), 839, @"The objectClass attribute of Enterprise Read-Only Domain Controllers Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_R840 groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.CaptureRequirementIfAreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_UNIVERSAL_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, 840, @"The groupType attribute of Enterprise Read-Only Domain Controllers Well-Known Domain-Relative Security Principals is {GROUP_TYPE_UNIVERSAL_GROUP|GROUP_TYPE_SECURITY_ENABLED} This means that in groupType field the two above bits are set, which means that the groupType is 0x80000008."); //MS-ADTS-Schema_Allowed RODC Password Replication Group childEntry = dirEntry.Children.Find("CN=Allowed RODC Password Replication Group"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.Assert.IsTrue( objectClass.Contains((object)"group"), @"The objectClass attribute of Allowed RODC Password Replication Group Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_Allowed RODC Password Replication Group groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.Assert.AreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_RESOURCE_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, @"The groupType attribute of Allowed RODC Password Replication Group Well-Known Domain-Relative Security Principals is {GROUP_TYPE_RESOURCE_GROUP|GROUP_TYPE_SECURITY_ENABLED} This means that in groupType field the two above bits are set, which means that the groupType is 0x80000004."); //MS-ADTS-Schema_Denied RODC Password Replication Group childEntry = dirEntry.Children.Find("CN=Denied RODC Password Replication Group"); objectClass = childEntry.Properties["objectClass"]; DataSchemaSite.Assert.IsTrue( objectClass.Contains((object)"group"), @"The objectClass attribute of Denied RODC Password Replication Group Well-Known Domain-Relative Security Principals must be group"); //MS-ADTS-Schema_Denied RODC Password Replication Group groupType = childEntry.Properties["groupType"]; gType = (GroupTypeFlags)Convert.ToInt32(groupType.Value); DataSchemaSite.Assert.AreEqual <GroupTypeFlags>( GroupTypeFlags.GROUP_TYPE_RESOURCE_GROUP | GroupTypeFlags.GROUP_TYPE_SECURITY_ENABLED, gType, @"The groupType attribute of Denied RODC Password Replication Group Well-Known Domain-Relative Security Principals is {GROUP_TYPE_RESOURCE_GROUP|GROUP_TYPE_SECURITY_ENABLED} This means that in groupType field the two above bits are set, which means that the groupType is 0x80000004."); } }