public static uint[] GetResourceGroupIds(string domainName, NetworkCredential cred, uint resourceGroupCount, Group[] resourceGroups)
{
LdapConnection connection = new LdapConnection(domainName);
connection.Credential = cred;
uint[] rid = new uint[resourceGroupCount];
for (int i = 0; i < resourceGroupCount; i++)
{
string dn = GetDomainDnFromDomainName(domainName);
string targetOu = dn;
string filter = "cn=" + resourceGroups[i].GroupName;
SearchRequest searchRequest = new SearchRequest(targetOu, filter, SearchScope.Subtree, "objectSid");
SearchResponse searchResponse = (SearchResponse)connection.SendRequest(searchRequest);
if (searchResponse.Entries.Count > 1)
{
throw new Exception("There are more than one entries with the same resourceGroupName.");
}
SearchResultAttributeCollection groupAttributes = searchResponse.Entries[0].Attributes;
string[] tmp = GetobjectSid(groupAttributes).Split('-');
rid[i] = Convert.ToUInt32(tmp[tmp.Length - 1]);
}
return rid;
}
public static KERB_SID_AND_ATTRIBUTES[] GetResourceGroupExtraSids(string domainName, NetworkCredential cred, uint resourceGroupCount, Group[] resourceGroups)
{
LdapConnection connection = new LdapConnection(domainName);
connection.Credential = cred;
KERB_SID_AND_ATTRIBUTES[] resourceGroupExtraSids = new KERB_SID_AND_ATTRIBUTES[resourceGroupCount];
for (int i = 0; i < resourceGroupCount; i++)
{
string dn = GetDomainDnFromDomainName(domainName);
string targetOu = dn;
string filter = "cn=" + resourceGroups[i].GroupName;
SearchRequest searchRequest = new SearchRequest(targetOu, filter, SearchScope.Subtree, "objectSid");
SearchResponse searchResponse = (SearchResponse)connection.SendRequest(searchRequest);
if (searchResponse.Entries.Count > 1)
{
throw new Exception("There are more than one entries with the same resourceGroupName.");
}
SearchResultAttributeCollection groupAttributes = searchResponse.Entries[0].Attributes;
string[] tmp = GetobjectSid(groupAttributes).Split('-');
_RPC_SID resourceGroupSid = new _RPC_SID();
resourceGroupSid.Revision = 0x01;
resourceGroupSid.IdentifierAuthority = new _RPC_SID_IDENTIFIER_AUTHORITY();
resourceGroupSid.IdentifierAuthority.Value = new byte[] { 0, 0, 0, 0, 0, 5 };
resourceGroupSid.SubAuthorityCount = Convert.ToByte(tmp.Length - 3);
resourceGroupSid.SubAuthority = new uint[tmp.Length - 3];
for (int j = 3; j < tmp.Length; j++)
{
resourceGroupSid.SubAuthority[j - 3] = Convert.ToUInt32(tmp[j]);
}
resourceGroupExtraSids[i] = new KERB_SID_AND_ATTRIBUTES();
resourceGroupExtraSids[i].Attributes = Attributes_Values.Mandatory | Attributes_Values.EnabledByDefault | Attributes_Values.Enabled | Attributes_Values.Resource;
resourceGroupExtraSids[i].SID = new _RPC_SID[1];
resourceGroupExtraSids[i].SID[0] = resourceGroupSid;
}
return resourceGroupExtraSids;
}