public static void DisableDomainNetBIOSName(string targetForestName, string targetDomainName) { try { // bind to the current forest Forest sourceForest = Forest.GetCurrentForest(); //get the trust relationship ForestTrustRelationshipInformation forestTrust = sourceForest.GetTrustRelationship(targetForestName); foreach (ForestTrustDomainInformation domainInfo in forestTrust.TrustedDomainInformation) { if (domainInfo.DnsName == targetDomainName) { domainInfo.Status = ForestTrustDomainStatus.NetBiosNameAdminDisabled; Console.WriteLine("\nNetBIOS Domain Name routing for {0}\n" + "is now set to {1}", targetDomainName, domainInfo.Status); } } forestTrust.Save(); } catch (Exception e) { Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}", e.GetType().Name, e.Message); } }
// This function is used to check if we will be able to lookup a SID from the // target domain by targeting the local computer. This is done by checking for either // a outbound or bidirectional trust between the computers domain and the target // domain or the current forest and the target domain's forest. // target domain must be the full DNS domain name of the target domain to make the string // compare below work properly. static internal bool VerifyOutboundTrust(string targetDomain, string username, string password) { Domain currentDom = null; try { currentDom = Domain.GetComputerDomain(); } catch (ActiveDirectoryObjectNotFoundException) { // The computer is not domain joined so there cannot be a trust... return(false); } catch (System.Security.Authentication.AuthenticationException) { // The computer is domain joined but we are running with creds that can't access it. We can't determine trust. return(false); } // If this is the same domain then we have a trust. // Domain.Name always returns full dns name. // function is always supplied with a full DNS domain name. if (String.Equals(currentDom.Name, targetDomain, StringComparison.OrdinalIgnoreCase)) { return(true); } try { TrustRelationshipInformation TRI = currentDom.GetTrustRelationship(targetDomain); if (TrustDirection.Outbound == TRI.TrustDirection || TrustDirection.Bidirectional == TRI.TrustDirection) { return(true); } } catch (ActiveDirectoryObjectNotFoundException) { } // Since we were able to retrive the computer domain above we should be able to access the current forest here. Forest currentForest = Forest.GetCurrentForest(); Domain targetdom = Domain.GetDomain(new DirectoryContext(DirectoryContextType.Domain, targetDomain, username, password)); try { ForestTrustRelationshipInformation FTC = currentForest.GetTrustRelationship(targetdom.Forest.Name); if (TrustDirection.Outbound == FTC.TrustDirection || TrustDirection.Bidirectional == FTC.TrustDirection) { return(true); } } catch (ActiveDirectoryObjectNotFoundException) { } return(false); }
public static void AddExcludedDomain(string targetForestName, string targetDomainName) { try { // bind to the current forest Forest sourceForest = Forest.GetCurrentForest(); // get the trust relationship ForestTrustRelationshipInformation forestTrust = sourceForest.GetTrustRelationship(targetForestName); // add a top level name forestTrust.ExcludedTopLevelNames.Add(targetDomainName); forestTrust.Save(); Console.WriteLine("\nName suffix routing is now disabled for:"); foreach (string s in forestTrust.ExcludedTopLevelNames) { Console.WriteLine("\t{0}", s); } } catch (Exception e) { Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}", e.GetType().Name, e.Message); } }
public static void GetTrustWithTargetForest(string targetForestName) { try { //get the current forest context and bind to the forest Forest currentForest = Forest.GetCurrentForest(); Console.WriteLine("\nTrust with the target forest:\n"); ForestTrustRelationshipInformation forestTrust = currentForest.GetTrustRelationship(targetForestName); //display common trust information Console.WriteLine("Forest trust: {0} - {1}\n" + "Trust direction: {2}\nTrust type: {3}", forestTrust.SourceName.ToUpper(), forestTrust.TargetName.ToUpper(), forestTrust.TrustDirection, forestTrust.TrustType); //display selective authentication status of the forest trust Console.WriteLine("SelectiveAuthenticationStatus of the trust: {0}", currentForest.GetSelectiveAuthenticationStatus(targetForestName)); //display Sid filtering status of the domain trust Console.WriteLine("SidFilteringStatus of the trust: {0}", currentForest.GetSidFilteringStatus(targetForestName)); } catch (Exception e) { Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}", e.GetType().Name, e.Message); } }
internal static bool VerifyOutboundTrust(string targetDomain, string username, string password) { bool flag; Domain computerDomain = null; try { computerDomain = Domain.GetComputerDomain(); } catch (ActiveDirectoryObjectNotFoundException activeDirectoryObjectNotFoundException) { flag = false; return(flag); } catch (AuthenticationException authenticationException) { flag = false; return(flag); } if (string.Compare(computerDomain.Name, targetDomain, StringComparison.OrdinalIgnoreCase) != 0) { try { TrustRelationshipInformation trustRelationship = computerDomain.GetTrustRelationship(targetDomain); if (TrustDirection.Outbound == trustRelationship.TrustDirection || TrustDirection.Bidirectional == trustRelationship.TrustDirection) { flag = true; return(flag); } } catch (ActiveDirectoryObjectNotFoundException activeDirectoryObjectNotFoundException1) { } Forest currentForest = Forest.GetCurrentForest(); Domain domain = Domain.GetDomain(new DirectoryContext(DirectoryContextType.Domain, targetDomain, username, password)); try { ForestTrustRelationshipInformation forestTrustRelationshipInformation = currentForest.GetTrustRelationship(domain.Forest.Name); if (TrustDirection.Outbound == forestTrustRelationshipInformation.TrustDirection || TrustDirection.Bidirectional == forestTrustRelationshipInformation.TrustDirection) { flag = true; return(flag); } } catch (ActiveDirectoryObjectNotFoundException activeDirectoryObjectNotFoundException2) { } return(false); } else { return(true); } return(flag); }
public static void CreateCrossForestTrust(string targetForestName, string userNameTargetForest, string password) { try { // bind to the current forest Forest sourceForest = Forest.GetCurrentForest(); // get context to the target forest DirectoryContext targetContext = new DirectoryContext( DirectoryContextType.Forest, targetForestName, userNameTargetForest, password); // bind to the target forest Forest targetForest = Forest.GetForest(targetContext); // create an outbound forest trust // The CreateTrustRelationship establishes both sides of the relationship. // if you don't have permission to complete the entire relationship, you can // use the sourceForest.CreateLocalSideOfTrustRelationship method instead. // Create an bidirectional trust between the source and target forest. sourceForest.CreateTrustRelationship(targetForest, TrustDirection.Bidirectional); Console.WriteLine("\nCross forest trust created."); // verify the trust relationship sourceForest.VerifyTrustRelationship(targetForest, TrustDirection.Bidirectional); Console.WriteLine("\nThe forest trust has been successfully validated."); // get the trust relationship to report on properties of the trust ForestTrustRelationshipInformation forestTrust = sourceForest.GetTrustRelationship(targetForestName); Console.WriteLine("\nNew forest trust: {0} - {1}\n" + "Trust direction: {2}\nTrust type: {3}", forestTrust.SourceName.ToUpper(), forestTrust.TargetName.ToUpper(), forestTrust.TrustDirection, forestTrust.TrustType); } catch (Exception e) { Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}", e.GetType().Name, e.Message); } }
public static void ChangeForestTrustToOutbound(string targetForestName, string userNameTargetForest, string password) { try { // bind to the current forest Forest sourceForest = Forest.GetCurrentForest(); // get context to the target forest DirectoryContext targetContext = new DirectoryContext( DirectoryContextType.Forest, targetForestName, userNameTargetForest, password); // bind to the target forest Forest targetForest = Forest.GetForest(targetContext); // update the trust direction sourceForest.UpdateTrustRelationship(targetForest, TrustDirection.Outbound); Console.WriteLine("\nUpdateTrustRelationship succeeded"); // verify outbound side of the trust relationship. // Pass the name of the target forest. Unlike VerifyTrustRelationship, // there is no need to bind to the target forest or // pass a trust direction. sourceForest.VerifyOutboundTrustRelationship(targetForestName); Console.WriteLine("\nVerifyOutboundTrustRelationship succeeded\n"); // check that the trust direction has been updated ForestTrustRelationshipInformation forestTrust = sourceForest.GetTrustRelationship(targetForestName); //display common trust information Console.WriteLine("Forest trust: {0} - {1}\n" + "Trust direction: {2}\nTrust type: {3}", forestTrust.SourceName.ToUpper(), forestTrust.TargetName.ToUpper(), forestTrust.TrustDirection, forestTrust.TrustType); } catch (Exception e) { Console.WriteLine("\r\nUnexpected exception occured:\n\t{0}\n{1}", e.GetType().Name, e.Message); } }
static void Main() { try { string sourceForestName = "fabrikam.com"; string targetForestName = "app.com"; string excludedTopLevelName1 = "external.app.com"; // trust lifetime management Forest sourceForest = Forest.GetForest(new DirectoryContext( DirectoryContextType.Forest, sourceForestName)); Forest targetForest = Forest.GetForest(new DirectoryContext( DirectoryContextType.Forest, targetForestName)); // create an inbound forest trust sourceForest.CreateTrustRelationship(targetForest, TrustDirection.Outbound); Console.WriteLine("\nCreateTrustRelationship succeed"); // obtain the newly created trust ForestTrustRelationshipInformation forestTrust = sourceForest.GetTrustRelationship(targetForestName); Console.WriteLine("\nThe new forest trust: \"{0}\" - \"{1}\", " + "trust direction is {2}, trust type is {3}", sourceForestName, targetForestName, forestTrust.TrustDirection, forestTrust.TrustType); Console.WriteLine("SelectiveAuthenticationStatus of the trust is {0}", sourceForest.GetSelectiveAuthenticationStatus( targetForestName)); Console.WriteLine("SidFilteringStatus of the trust is {0}", sourceForest.GetSidFilteringStatus(targetForestName)); // change trust attribute sourceForest.SetSelectiveAuthenticationStatus(targetForestName, true); sourceForest.SetSidFilteringStatus(targetForestName, false); Console.WriteLine("\nSelectiveAuthenticationStatus of the " + "trust is now {0}", sourceForest.GetSelectiveAuthenticationStatus( targetForestName)); Console.WriteLine("SidFilteringStatus of the trust is now {0}", sourceForest.GetSidFilteringStatus(targetForestName)); // verify trust relationship sourceForest.VerifyOutboundTrustRelationship(targetForestName); Console.WriteLine("\nVerifyOutboundTrustRelationship succeeded\n"); // update the trust direction sourceForest.UpdateTrustRelationship(targetForest, TrustDirection.Bidirectional); Console.WriteLine("\nUpdateTrustRelationship succeeded\n"); // check the trust direction has been updated forestTrust = sourceForest.GetTrustRelationship(targetForestName); Console.WriteLine("\nAfter updating the trust direction: " + "\"{0}\" - \"{1}\", trust direction is {2}, " + "trust type is {3}", sourceForestName, targetForestName, forestTrust.TrustDirection, forestTrust.TrustType); // verify the trust direction again sourceForest.VerifyTrustRelationship(targetForest, TrustDirection.Bidirectional); Console.WriteLine("\nVerifyTrustRelationship succeeded\n"); // get the forest trust information Console.WriteLine("\nGet forest trust information"); Console.WriteLine("TopLevelNems include:"); foreach (TopLevelName t in forestTrust.TopLevelNames) { Console.WriteLine("\t{0}, status is {1}", t.Name, t.Status); } Console.WriteLine("ExcludedTopLevelNems include:"); foreach (string s in forestTrust.ExcludedTopLevelNames) { Console.WriteLine("\t{0}", s); } Console.WriteLine("ForestTrustDomainInformation:"); foreach (ForestTrustDomainInformation info in forestTrust.TrustedDomainInformation) { Console.WriteLine("\tDNS name is {0}, NetBIOS name is {1}, " + "domain sid is {2} and status is {3}", info.DnsName, info.NetBiosName, info.DomainSid, info.Status); } // modify the excluded top level name forestTrust.ExcludedTopLevelNames.Add(excludedTopLevelName1); forestTrust.Save(); Console.WriteLine("\nAfter modifying, ExcludedTopLevelNames include:"); foreach (string s in forestTrust.ExcludedTopLevelNames) { Console.WriteLine("\t{0}", s); } // repair the trust when necessary sourceForest.RepairTrustRelationship(targetForest); Console.WriteLine("\nRepairTrustRelationship succeeded"); // delete the forest trust sourceForest.DeleteTrustRelationship(targetForest); Console.WriteLine("\nDeleteTrustRelationship succeeded"); } catch (Exception e) { Console.WriteLine("\r\nUnexpected exception occured:\r\n\t" + e.GetType().Name + ":" + e.Message); } }
static void Main() { try { string targetDomainName = "fabrikam.com"; string targetForestName = "corp.fabrikam.com"; Domain currentDomain = Domain.GetCurrentDomain(); Forest currentForest = Forest.GetCurrentForest(); // Retrieve all the domain trusts Console.WriteLine("\nRetrieve all the trusts with current domain:\n"); foreach (TrustRelationshipInformation trust in currentDomain.GetAllTrustRelationships()) { // for each domain trust relationship, get its properties Console.WriteLine("\"{0}\" - \"{1}\", trust direction is {2}, " + "trust type is {3}", trust.SourceName, trust.TargetName, trust.TrustDirection, trust.TrustType); } // Retrieve all the forest trusts Console.WriteLine("\nRetrieve all the forest trusts " + "with current forest:\n"); foreach (ForestTrustRelationshipInformation trust in currentForest.GetAllTrustRelationships()) { // for each forest trust relationship, get its properties Console.WriteLine("\"{0}\" - \"{1}\", trust direction is {2}, " + "trust type is {3}", trust.SourceName, trust.TargetName, trust.TrustDirection, trust.TrustType); } // Retrieve trust by name Console.WriteLine("\nRetrieve the trust with the target domain:\n"); TrustRelationshipInformation domainTrust = currentDomain.GetTrustRelationship(targetDomainName); Console.WriteLine("\"{0}\" - \"{1}\", trust direction is {2}, " + "trust type is {3}", currentDomain.Name, targetDomainName, domainTrust.TrustDirection, domainTrust.TrustType); Console.WriteLine("\nRetrieve the trust with the target forest:\n"); ForestTrustRelationshipInformation forestTrust = currentForest.GetTrustRelationship(targetForestName); Console.WriteLine("\"{0}\" - \"{1}\", trust direction is {2}, " + "trust type is {3}", currentForest.Name, targetForestName, forestTrust.TrustDirection, forestTrust.TrustType); } catch (Exception e) { Console.WriteLine("\r\nUnexpected exception occured:\r\n\t" + e.GetType().Name + ":" + e.Message); } }