public static List <AccessRuleObject> GetAccessRules(DirectoryEntry de)
{
if (de == null)
{
throw new AdException($"DirectoryEntry Can Not Be NULL", AdStatusType.MissingInput);
}
List <AccessRuleObject> accessRules = new List <AccessRuleObject>();
Dictionary <string, Principal> principals = new Dictionary <string, Principal>();
AuthorizationRuleCollection rules = de?.ObjectSecurity?.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
if (rules != null)
{
foreach (AuthorizationRule rule in rules)
{
ActiveDirectoryAccessRule accessRule = (ActiveDirectoryAccessRule)rule;
AccessRuleObject aro = new AccessRuleObject()
{
ControlType = accessRule.AccessControlType,
Rights = accessRule.ActiveDirectoryRights,
IdentityReference = accessRule.IdentityReference.Value,
InheritanceFlags = accessRule.InheritanceFlags,
IsInherited = accessRule.IsInherited,
};
Principal principal = null;
if (principals.ContainsKey(aro.IdentityReference))
{
principal = principals[aro.IdentityReference];
}
else
{
principal = DirectoryServices.GetPrincipal(aro.IdentityReference);
principals.Add(aro.IdentityReference, principal);
}
aro.IdentityName = principal.Name;
accessRules.Add(aro);
}
}
return(accessRules);
}
public static List <AccessRuleObject> GetAccessRules(DirectoryEntry de)
{
if (de == null)
{
throw new AdException($"DirectoryEntry Can Not Be NULL", AdStatusType.MissingInput);
}
List <AccessRuleObject> accessRules = new List <AccessRuleObject>();
AuthorizationRuleCollection rules = de?.ObjectSecurity?.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
if (rules != null)
{
foreach (AuthorizationRule rule in rules)
{
ActiveDirectoryAccessRule accessRule = (ActiveDirectoryAccessRule)rule;
AccessRuleObject aro = new AccessRuleObject()
{
ControlType = accessRule.AccessControlType,
Rights = accessRule.ActiveDirectoryRights,
IdentityReference = accessRule.IdentityReference.Value,
InheritanceFlags = accessRule.InheritanceFlags,
IsInherited = accessRule.IsInherited,
};
String identity = aro.IdentityReference;
if (DirectoryServices.IsSid(aro.IdentityReference))
{
// Get User-Readable Principal Name from Sid
System.Security.Principal.SecurityIdentifier sid = (System.Security.Principal.SecurityIdentifier)rule.IdentityReference;
System.Security.Principal.NTAccount acct = (System.Security.Principal.NTAccount)sid.Translate(typeof(System.Security.Principal.NTAccount));
identity = acct.Value;
}
aro.IdentityName = identity;
accessRules.Add(aro);
}
}
return(accessRules);
}
