public static string GetDomainJoin(String username, String password, String Domain, String Machine, String OU, String DC, out string DomainJoinBlob)
{
WindowsIdentity winId = WindowsIdentity.GetCurrent();
//Console.WriteLine("Current User Identity : {0}", winId.Name);
//if (winId != null)
//{
// if (string.Compare(winId.Name, username, true) == 0)
// {
// return null;
// }
//}
//define the handles
IntPtr existingTokenHandle = IntPtr.Zero;
IntPtr duplicateTokenHandle = IntPtr.Zero;
//split domain and name
String[] splitUserName = username.Split('\\');
userdomain = splitUserName[0];
username = splitUserName[1];
try
{
//get a security token
Console.WriteLine("Before Calling AdvApi32.LogonUser");
bool isOkay = AdvApi32.LogonUser(username, userdomain, password,
(int)AdvApi32.LogonTypes.LOGON32_LOGON_NEW_CREDENTIALS,
(int)AdvApi32.LogonProvider.LOGON32_PROVIDER_WINNT50,
out existingTokenHandle);
Console.WriteLine("After Calling AdvApi32.LogonUser");
if (!isOkay)
{
int lastWin32Error = Marshal.GetLastWin32Error();
int lastError = Kernel32.GetLastError();
throw new Exception("LogonUser Failed: " + lastWin32Error + " - " + lastError);
}
// copy the token
Console.WriteLine("Before Calling AdvApi32.DuplicateToken");
isOkay = AdvApi32.DuplicateToken(existingTokenHandle,
(int)AdvApi32.SecurityImpersonationLevel.SecurityImpersonation,
out duplicateTokenHandle);
Console.WriteLine("After Calling AdvApi32.DuplicateToken");
if (!isOkay)
{
int lastWin32Error = Marshal.GetLastWin32Error();
int lastError = Kernel32.GetLastError();
Kernel32.CloseHandle(existingTokenHandle);
throw new Exception("DuplicateToken Failed: " + lastWin32Error + " - " + lastError);
}
// create an identity from the token
Console.WriteLine("Before Calling AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle)");
AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle);
Console.WriteLine("After Calling AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle)");
Console.WriteLine("After AdvApi32.ImpersonateLoggedOnUser User Identity : {0}", winId.Name);
Netapi32.NetsetupProvisoningParams provisioningParams = new Netapi32.NetsetupProvisoningParams();
provisioningParams.dwVersion = 1;
provisioningParams.lpDomain = domain;
provisioningParams.lpHostName = machine;
provisioningParams.dwProvisionOptions = 2; // Reuse https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netprovisioncomputeraccount
provisioningParams.lpMachineAccountOU = OU;
provisioningParams.lpDcName = DC;
//IntPtr blob = new IntPtr();
//StringBuilder blob = new StringBuilder();
String blob = String.Empty;
//working - int result = Netapi32.NetCreateProvisioningPackage(provisioningParams, out a, out b, blob);
int result = Netapi32.NetCreateProvisioningPackage(provisioningParams, IntPtr.Zero, IntPtr.Zero, out blob);
DomainJoinBlob = blob;
//string str = Marshal.PtrToStringAuto(blobptr);
Console.WriteLine("Domain Blob: {0}", blob);
//Console.WriteLine("Before Calling WindowsIdentity(duplicateTokenHandle)");
WindowsIdentity newId = new WindowsIdentity(duplicateTokenHandle);
//Console.WriteLine("After Calling WindowsIdentity(duplicateTokenHandle)");
//Console.WriteLine("Before Calling newId.Impersonate()");
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
//Console.WriteLine("After Calling newId.Impersonate()");
//Console.WriteLine("After Impersonation User Identity : {0}", winId.Name);
//return impersonatedUser;
return(blob);
}
finally
{
//Console.WriteLine("Inside Finally");
//free all handles
if (existingTokenHandle != IntPtr.Zero)
{
Kernel32.CloseHandle(existingTokenHandle);
}
if (duplicateTokenHandle != IntPtr.Zero)
{
Kernel32.CloseHandle(duplicateTokenHandle);
}
}
}
public static int GetDomainJoin(string username, string password, string Domain, string Machine, string OU, string DC, out string DomainJoinBlob)
{
int Result = -1;
//define the handles
IntPtr existingTokenHandle = IntPtr.Zero;
IntPtr duplicateTokenHandle = IntPtr.Zero;
//split domain and name
String[] splitUserName = username.Split('\\');
string userdomain = splitUserName[0];
username = splitUserName[1];
try
{
//get a security token
Console.WriteLine("Before Calling AdvApi32.LogonUser");
bool isOkay = AdvApi32.LogonUser(username, userdomain, password,
(int)AdvApi32.LogonTypes.LOGON32_LOGON_NEW_CREDENTIALS,
(int)AdvApi32.LogonProvider.LOGON32_PROVIDER_WINNT50,
out existingTokenHandle);
Console.WriteLine("After Calling AdvApi32.LogonUser");
if (!isOkay)
{
int lastWin32Error = Marshal.GetLastWin32Error();
int lastError = Kernel32.GetLastError();
throw new Exception("LogonUser Failed: " + lastWin32Error + " - " + lastError);
}
// copy the token
Console.WriteLine("Before Calling AdvApi32.DuplicateToken");
isOkay = AdvApi32.DuplicateToken(existingTokenHandle,
(int)AdvApi32.SecurityImpersonationLevel.SecurityImpersonation,
out duplicateTokenHandle);
//Console.WriteLine("After Calling AdvApi32.DuplicateToken");
if (!isOkay)
{
int lastWin32Error = Marshal.GetLastWin32Error();
int lastError = Kernel32.GetLastError();
Kernel32.CloseHandle(existingTokenHandle);
throw new Exception("DuplicateToken Failed: " + lastWin32Error + " - " + lastError);
}
// create an identity from the token
Console.WriteLine("Before Calling AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle)");
AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle);
Console.WriteLine("After Calling AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle)");
String blob = String.Empty;
Console.WriteLine("Calling NetProvisionComputerAccount");
Result = Netapi32.NetProvisionComputerAccount(Domain, Machine, OU, DC, 2, IntPtr.Zero, IntPtr.Zero, out blob);
DomainJoinBlob = blob;
Console.WriteLine("Domain Blob: {0}", blob);
Console.WriteLine("Before Calling RevertToSelf");
if (AdvApi32.RevertToSelf())
{
Console.WriteLine("RevertToSelf Succeeded");
}
else
{
Console.WriteLine("RevertToSelf Failed");
}
}
finally
{
//free all handles
if (existingTokenHandle != IntPtr.Zero)
{
Kernel32.CloseHandle(existingTokenHandle);
}
if (duplicateTokenHandle != IntPtr.Zero)
{
Kernel32.CloseHandle(duplicateTokenHandle);
}
}
return(Result);
}
