public static DS_DOMAIN_TRUSTS[] GetDsEnumerateDomainTrusts()
{
string SourceDomainName = Searcher.LdapInfo.DomainName;
logger.Debug($"Enumerating Domain Trust for {SourceDomainName}");
uint domainCount = 0;
IntPtr BufferPtr = new IntPtr();
try
{
var result = DsEnumerateDomainTrusts(SourceDomainName, 63, out BufferPtr, out domainCount);
logger.Debug($"{domainCount} Trust Domain(s) Enumerated");
if ((domainCount > 0) && (result == 0))
{
var BufferOffset = BufferPtr;
var trustResults = new DS_DOMAIN_TRUSTS[domainCount];
for (int i = 0; i < domainCount; i++)
{
trustResults[i] = (DS_DOMAIN_TRUSTS)Marshal.PtrToStructure(BufferOffset, typeof(DS_DOMAIN_TRUSTS));
BufferOffset = (IntPtr)(BufferOffset.ToInt64() + (long)Marshal.SizeOf(typeof(DS_DOMAIN_TRUSTS)));
}
NetApiBufferFree(BufferPtr);
return(trustResults);
}
return(null);
}
catch (Exception e)
{
logger.Error(e.Message);
return(null);
}
}
public List <Trust> AnalyzeTrust(DS_DOMAIN_TRUSTS[] trustResults)
{
if (trustResults == null)
{
return(null);
}
DS_DOMAIN_TRUSTS currentDomain = new DS_DOMAIN_TRUSTS();
foreach (var domain in trustResults)
{
if (domain.DnsDomainName.ToUpper() == SourceDomainName.ToUpper())
{
currentDomain = domain;
break;
}
}
foreach (var trust in trustResults)
{
var dnsDomainName = trust.DnsDomainName;
if (dnsDomainName.ToUpper() == SourceDomainName.ToUpper())
{
continue;
}
var trustAttributes = (TrustAttributes)trust.TrustAttributes;
var trustFlags = (TrustFlags)trust.Flags;
var netbiosName = trust.NetbiosDomainName;
//var domainSid = (new SecurityIdentifier(trust.DomainSid)).ToString();
bool sidFiltering = trustAttributes.HasFlag(TrustAttributes.FilterSids) ? true : false;
bool isTransitive = trustAttributes.HasFlag(TrustAttributes.NonTransitive) ? false : true;
TrustDirection trustDirection;
if (trustFlags.HasFlag(TrustFlags.DirectInBound) && trustFlags.HasFlag(TrustFlags.DirectOutBound))
{
trustDirection = TrustDirection.BiDirectional;
}
else if (trustFlags.HasFlag(TrustFlags.DirectInBound))
{
trustDirection = TrustDirection.InBound;
}
else if (trustFlags.HasFlag(TrustFlags.DirectOutBound))
{
trustDirection = TrustDirection.OutBound;
}
else
{
trustDirection = TrustDirection.Disable;
}
TrustType trustType;
//If the target domain is the current tree root or if target domain is a child domain of the current domain
if ((trustFlags.HasFlag(TrustFlags.TreeRoot) &&
trustFlags.HasFlag(TrustFlags.InForest) &&
(currentDomain.DnsDomainName.ToUpper().Contains(dnsDomainName.ToUpper()))) ||
(trustResults[trust.ParentIndex].DnsDomainName.ToUpper() == SourceDomainName.ToUpper()))
{
trustType = TrustType.ParentChild;
}
else if (trustFlags.HasFlag(TrustFlags.TreeRoot) && trustFlags.HasFlag(TrustFlags.InForest))
{
trustType = TrustType.TreeRoot;
}
else if (trustFlags.HasFlag(TrustFlags.InForest))
{
trustType = TrustType.ShortCut;
}
else if (trustAttributes.HasFlag(TrustAttributes.ForestTransitive))
{
trustType = TrustType.Forest;
}
else
{
trustType = TrustType.External;
}
Trusts.Add(new Trust()
{
SourceDomainName = SourceDomainName,
NetBIOSName = netbiosName,
TargetDomainName = dnsDomainName,
//DomainSid = domainSid,
IsTransitive = isTransitive,
TrustDirection = trustDirection,
TrustType = trustType,
FilteringSID = sidFiltering
});
}
return(Trusts);
}