static bool IsDomainDnsNameInTrustedForest(DsServer dc, string name, ref string referredDomain) { FOREST_TRUST_INFORMATION f; RootDSE rootDse = LdapUtility.GetRootDSE(dc); string[] tdos = LdapUtility.GetAttributeValuesString( dc, rootDse.rootDomainNamingContext, "distinguishedName", "(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))", System.DirectoryServices.Protocols.SearchScope.Subtree); if (tdos == null) { return(false); } foreach (string o in tdos) { byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo"); if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f)) { return(false); } foreach (Record e in f.Records) { if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo) { RecordDomainInfo ee = (RecordDomainInfo)e.ForestTrustData; if (ee.DnsName == name && (e.Flags & (uint)TrustInfo.FOREST_TRUST_RECORD_FLAGS_DOMAIN_INFO.LSA_SID_DISABLED_ADMIN) == 0 && (e.Flags & (uint)TrustInfo.FOREST_TRUST_RECORD_FLAGS_DOMAIN_INFO.LSA_SID_DISABLED_CONFLICT) == 0 && ForestTrustOwnsName(f, ee.DnsName)) { referredDomain = (string)LdapUtility.GetAttributeValue(dc, o, "trustPartner"); return(true); } } } } return(false); }
/// <summary> /// The UnmarshalForestTrustInfo procedure unmarshals the byte stream inputBuffer, /// which holds the content of a msDS-TrustForestTrustInfo attribute that contains forest trust information, /// as described in FOREST_TRUST_INFORMATION, into the forestTrustInfo structure. /// </summary> /// <param name="inputBuffer"></param> /// <param name="forestTrustInfo"></param> /// <returns></returns> public static bool UnmarshalForestTrustInfo(byte[] inputBuffer, out FOREST_TRUST_INFORMATION forestTrustInfo) { forestTrustInfo = new FOREST_TRUST_INFORMATION(); uint index = 0; uint version = inputBuffer[index]; if (version != 1) { return(false); } index += 4; uint recordCount = inputBuffer[index]; forestTrustInfo.RecordCount = recordCount; forestTrustInfo.Records = new Record[recordCount]; index += 4; for (int i = 0; i < recordCount; ++i) { uint recordLength = inputBuffer[index]; forestTrustInfo.Records[i].RecordLen = recordLength; index += 4; uint flags = inputBuffer[index]; forestTrustInfo.Records[i].Flags = flags; index += 4; long ulTime = (long)(inputBuffer[index] << 32) + (long)inputBuffer[index + 4]; forestTrustInfo.Records[i].Timestamp.int64Value = ulTime; index += 8; forestTrustInfo.Records[i].RecordType = inputBuffer[index]; index += 1; if (forestTrustInfo.Records[i].RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName || forestTrustInfo.Records[i].RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx) { RecordTopLevelName r = new RecordTopLevelName(); uint sz = inputBuffer[index]; index += 4; r.TopLevelName = ExtractString(inputBuffer, index, sz); index += sz; forestTrustInfo.Records[i].ForestTrustData = r; } else if (forestTrustInfo.Records[i].RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo) { uint sz = inputBuffer[index]; index += 4; RecordDomainInfo r = new RecordDomainInfo(); r.Sid.Data = ExtractBinary(inputBuffer, index, sz); index += sz; sz = inputBuffer[index]; index += 4; r.DnsName = ExtractString(inputBuffer, index, sz); index += sz; sz = inputBuffer[index]; index += 4; r.NetbiosName = ExtractString(inputBuffer, index, sz); index += sz; forestTrustInfo.Records[i].ForestTrustData = r; } else { uint sz = inputBuffer[index]; index += 4; forestTrustInfo.Records[i].ForestTrustData = ExtractBinary(inputBuffer, index, sz); index += sz; } } return(true); }