private void VerifyRecycledObjects(List <string> attributesAreNotNull, ADImplementations service)
{
Site.CaptureRequirementIfIsFalse(
attributesAreNotNull.Contains("objectCategory".ToLower(CultureInfo.InvariantCulture)) || attributesAreNotNull.Contains("sAMAccountType".ToLower(CultureInfo.InvariantCulture)),
4424,
"[Recycled-Object Requirements]A recycled-object does not have values for the attributes objectCategory or sAMAccountType.");
bool isAttributesReserverd = false;
foreach (string attribute in attributesAreNotNull)
{
int searchFlags = Utilities.GetSearchFlagsFromSchemaAttribute(this.schemaNC, attribute);
// Search special attribute to check if PR (fPRESERVEONDELETE) is set in this attribute defination
if (Utilities.IsAttributeReserved(searchFlags))
{
isAttributesReserverd = true;
}
}
Site.CaptureRequirementIfIsTrue(
isAttributesReserverd,
4425,
@"[Recycled-Object Requirements]A recycled-object does not have values for any attributes except for
the following:Attributes marked as being preserved on deletion (see section 2.2.9).");
Site.CaptureRequirementIfIsTrue(
attributesAreNotNull.Contains("cn"),
4426,
@"[Recycled-Object Requirements]A recycled-object does not have values for any attributes except for
the following:The attribute that is the RDN of the recycled-object.");
Site.CaptureRequirementIfIsTrue(
attributesAreNotNull.Contains("nTSecurityDescriptor".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("attributeID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("attributeSyntax".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("dNReferenceUpdate".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("dNSHostName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("flatName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("governsID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("groupType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("instanceType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("lDAPDisplayName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("legacyExchangeDN".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("isDeleted".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("isRecycled".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("lastKnownParent".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("msDS-LastKnownRDN".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("mS-DS-CreatorSID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("mSMQOwnerID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("nCName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectClass".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("distinguishedName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectGUID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectSid".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("oMSyntax".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("proxiedObjectName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("name".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("replPropertyMetaData".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("sAMAccountName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("securityIdentifier".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("sIDHistory".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("subClassOf".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("systemFlags".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustPartner".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustDirection".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustAttributes".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("userAccountControl".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("uSNChanged".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("uSNCreated".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("whenCreated".ToLower(CultureInfo.InvariantCulture)),
4427,
@"[Recycled-Object Requirements]A recycled-object does not have values for any attributes except for the following:
nTSecurityDescriptor, attributeID, attributeSyntax, dNReferenceUpdate, dNSHostName, flatName, governsID, groupType,
instanceType, lDAPDisplayName, legacyExchangeDN, isDeleted, isRecycled, lastKnownParent, msDS-LastKnownRDN,
mS-DS-CreatorSID, mSMQOwnerID, nCName, objectClass, distinguishedName, objectGUID, objectSid, oMSyntax,
proxiedObjectName, name, replPropertyMetaData, sAMAccountName, securityIdentifier, sIDHistory, subClassOf,
systemFlags, trustPartner, trustDirection, trustType, trustAttributes, userAccountControl, uSNChanged, uSNCreated,
whenCreated.");
Site.CaptureRequirementIfIsTrue(
attributesAreNotNull.Contains("nTSecurityDescriptor".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("attributeID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("attributeSyntax".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("dNReferenceUpdate".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("dNSHostName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("flatName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("governsID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("groupType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("instanceType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("lDAPDisplayName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("legacyExchangeDN".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("isDeleted".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("isRecycled".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("lastKnownParent".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("msDS-LastKnownRDN".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("mS-DS-CreatorSID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("mSMQOwnerID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("nCName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectClass".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("distinguishedName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectGUID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectSid".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("oMSyntax".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("proxiedObjectName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("name") ||
attributesAreNotNull.Contains("replPropertyMetaData".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("sAMAccountName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("securityIdentifier".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("sIDHistory".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("subClassOf".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("systemFlags".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustPartner".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustDirection".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustAttributes".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("userAccountControl".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("uSNChanged".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("uSNCreated".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("whenCreated".ToLower(CultureInfo.InvariantCulture)),
4451,
@"[When the delete operation results in the transformation of an object into a recycled-object]All attribute values
are removed from the object, with the following exceptions: nTSecurityDescriptor, attributeID, attributeSyntax,
dNReferenceUpdate, dNSHostName, flatName, governsID, groupType, instanceType, lDAPDisplayName, lastKnownParent,
ms-DS-lastKnownRDN, legacyExchangeDN, mS-DS-CreatorSID, mSMQOwnerID, nCName, objectClass, distinguishedName, objectGUID,
objectSid, oMSyntax, proxiedObjectName, name, replPropertyMetaData, sAMAccountName, securityIdentifier, sIDHistory,
subClassOf, systemFlags, trustPartner, trustDirection, trustType, trustAttributes, userAccountControl, uSNChanged,
uSNCreated, whenCreated.");
Site.CaptureRequirementIfIsTrue(
attributesAreNotNull.Contains("cn"),
4453,
@"[When the delete operation results in the transformation of an object into a recycled-object]All attribute values are
removed from the object, with the following exceptions: The attribute that equals the rdnType of the object (for example,
cn for a user object) is retained.");
Site.CaptureRequirementIfIsTrue(
isAttributesReserverd,
4454,
@"[When the delete operation results in the transformation of an object into a recycled-object]All attribute values are
removed from the object, with the following exceptions: Any attribute that has the fPRESERVEONDELETE flag set in its
searchFlags is retained, except objectCategory and sAMAccountType, which are always removed, regardless of the value of
their searchFlags.");
}
private void VerifyTombstone(
List <string> attributesAreNotNull,
ADImplementations service)
{
Site.CaptureRequirementIfIsFalse(
attributesAreNotNull.Contains("objectCategory".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("sAMAccountType".ToLower(CultureInfo.InvariantCulture)),
4398,
@"[Tombstone Requirements]A tombstone does not have values for the attributes objectCategory or sAMAccountType.");
bool isAttributesReserverd = false;
foreach (string attribute in attributesAreNotNull)
{
int searchFlags = Utilities.GetSearchFlagsFromSchemaAttribute(
schemaNC,
attribute);
// Search special attribute to check if PR (fPRESERVEONDELETE) is set in this attribute defination
if (Utilities.IsAttributeReserved(searchFlags))
{
isAttributesReserverd = true;
}
}
Site.CaptureRequirementIfIsTrue(
isAttributesReserverd,
4399,
@"[Tombstone Requirements]A tombstone does not have values for any attributes except for the following:
Attributes marked as being preserved on deletion (see section 2.2.9).");
Site.CaptureRequirementIfIsTrue(
attributesAreNotNull.Contains("cn"),
4400,
@"[Tombstone Requirements]A tombstone does not have values for any attributes except for the following:
The attribute that is the RDN of the tombstone.");
Site.CaptureRequirementIfIsTrue(
attributesAreNotNull.Contains("nTSecurityDescriptor".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("attributeID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("attributeSyntax".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("dNReferenceUpdate".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("dNSHostName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("flatName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("governsID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("groupType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("instanceType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("lDAPDisplayName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("legacyExchangeDN".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("isDeleted".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("isRecycled".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("lastKnownParent".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("msDS-LastKnownRDN".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("mS-DS-CreatorSID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("mSMQOwnerID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("nCName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectClass".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("distinguishedName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectGUID".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("objectSid".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("oMSyntax".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("proxiedObjectName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("name".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("replPropertyMetaData".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("sAMAccountName".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("securityIdentifier".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("sIDHistory".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("subClassOf".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("systemFlags".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustPartner".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustDirection".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustType".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("trustAttributes".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("userAccountControl".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("uSNChanged".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("uSNCreated".ToLower(CultureInfo.InvariantCulture)) ||
attributesAreNotNull.Contains("whenCreated".ToLower(CultureInfo.InvariantCulture)),
4401,
@"[Tombstone Requirements]A tombstone does not have values for any attributes except for the following:
nTSecurityDescriptor,attributeID, attributeSyntax, dNReferenceUpdate, dNSHostName, flatName, governsID,
groupType, instanceType, lDAPDisplayName,legacyExchangeDN, isDeleted, isRecycled, lastKnownParent,
msDS-LastKnownRDN, mS-DS-CreatorSID, mSMQOwnerID, nCName, objectClass,distinguishedName, objectGUID,
objectSid, oMSyntax, proxiedObjectName, name, replPropertyMetaData, sAMAccountName, securityIdentifier,
sIDHistory, subClassOf, systemFlags, trustPartner, trustDirection, trustType, trustAttributes,
userAccountControl, uSNChanged, uSNCreated, whenCreated.");
}