private static void GetSendas(UserInfo utente)
{
string pathNameDomain = "LDAP://" + sDomain + "/" + utente.Distinguishedname;
var direcotyEntry = new DirectoryEntry(pathNameDomain, username, password);
var directorySearcher = new DirectorySearcher(direcotyEntry);
directorySearcher.PropertiesToLoad.Add("msExchRecipientTypeDetails");
directorySearcher.PropertiesToLoad.Add("distinguishedname");
directorySearcher.PropertiesToLoad.Add("mail");
var res = directorySearcher.FindOne();
DirectoryEntry ssStoreObj = res.GetDirectoryEntry();
ActiveDirectorySecurity StoreobjSec = ssStoreObj.ObjectSecurity;
AuthorizationRuleCollection Storeacls = StoreobjSec.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
foreach (ActiveDirectoryAccessRule ace in Storeacls)
{
if (ace.IdentityReference.Value != "S-1-5-7" & ace.IdentityReference.Value != "S-1-1-0" & ace.IsInherited != true & ace.IdentityReference.Value != "S-1-5-10")
{
if (ace.ActiveDirectoryRights.ToString() == "ExtendedRight")
{
bool found = false;
try
{
filead.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.IdentityReference.Value)).Mail + ",SendAS," + exRighthash[ace.ObjectType.ToString()].ToString() + ",,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::SendAS::OK::SendAS permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
filead.WriteLine(utente.Mail + "," + GruppiInfo.Find(x => x.ObjectSID.Contains(ace.IdentityReference.Value)).samaccountname + ",SendAS," + exRighthash[ace.ObjectType.ToString()].ToString() + ",,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::SendAS::OK::SendAS permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.IdentityReference.Value);
}
}
}
}
}
static void GetMBXPermissions(UserInfo utente)
{
DirectoryEntry ent = new DirectoryEntry("LDAP://" + sDomain + "/" + utente.Distinguishedname.ToString(), username, password);
SecurityDescriptor sd = (SecurityDescriptor)ent.Properties["msexchmailboxsecuritydescriptor"].Value;
AccessControlList acl = (AccessControlList)sd.DiscretionaryAcl;
foreach (AccessControlEntry ace in (IEnumerable)acl)
{
// Console.WriteLine("Trustee: {0}", ace.Trustee);
// Console.WriteLine("AccessMask: {0}", ace.AccessMask);
// Console.WriteLine("Access Type: {0}", ace.AceType);
// Console.WriteLine("InheritedObjectType: {0}", ace.InheritedObjectType);
// || ace.InheritedObjectType != null
if (ace.Trustee != "NT AUTHORITY\\SELF")
{
switch (ace.AccessMask)
{
case 131073:
bool found = false;
try
{
string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
case 131072:
found = false;
try
{
string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
case 983041:
found = false;
try
{
string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
case 65537:
found = false;
try
{
string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
case 1:
found = false;
try
{
filemp.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail + ",MBX,FullAccess,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
try
{
filemp.WriteLine(utente.Mail + "," + GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname + ",MBX,FullAccess,,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
}
if (!found)
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
default:
try
{
filemp.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail + ",MBX," + ace.AccessMask + ",,");
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
found = true;
}
catch
{
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
}
break;
}
}
}
}
static void GetGroupsInfo(PrincipalContext ctx)
{
string pathNameDomain = "LDAP://" + sDomain + "/" + distinguishedName.ToString();
var direcotyEntry = new DirectoryEntry(pathNameDomain, username, password);
var directorySearcher = new DirectorySearcher(direcotyEntry)
{
// Filter = "(&(objectClass=group)(msExchRecipientDisplayType=1073741833))"
Filter = "((objectClass=group))"
};
directorySearcher.PropertiesToLoad.Add("msExchRecipientTypeDetails");
directorySearcher.PropertiesToLoad.Add("distinguishedname");
directorySearcher.PropertiesToLoad.Add("DisplayName");
directorySearcher.PropertiesToLoad.Add("mail");
directorySearcher.PropertiesToLoad.Add("objectSid");
directorySearcher.PropertiesToLoad.Add("mailNickname");
directorySearcher.PropertiesToLoad.Add("samaccountname");
directorySearcher.SizeLimit = 2000;
directorySearcher.PageSize = 2000;
var searchResults = directorySearcher.FindAll();
foreach (SearchResult searchResult in searchResults)
{
var row = new GroupInfo();
row.Distinguishedname = searchResult.Properties["distinguishedname"][0].ToString();
row.samaccountname = searchResult.Properties["samaccountname"][0].ToString();
var sidBytes = searchResult.Properties["objectSid"][0] as byte[];
var sid = new SecurityIdentifier(sidBytes, 0).ToString();
row.ObjectSID = sid.ToString();
var temp = searchResult.Properties["mail"];
if (temp.Count != 0)
{
row.Mail = temp[0].ToString();
}
var temp2 = searchResult.Properties["DisplayName"];
if (temp2.Count != 0)
{
row.DisplayName = searchResult.Properties["DisplayName"][0].ToString();
}
var temp3 = searchResult.Properties["msExchRecipientTypeDetails"];
if (temp3.Count != 0)
{
row.msExchRecipientTypeDetails = searchResult.Properties["msExchRecipientTypeDetails"][0].ToString();
}
var temp4 = searchResult.Properties["mailNickname"];
if (temp4.Count != 0)
{
row.mailNickname = searchResult.Properties["mailNickname"][0].ToString();
}
GruppiInfo.Add(row);
}
Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INIT::found " + GruppiInfo.Count + " Groups");
direcotyEntry.Dispose();
directorySearcher.Dispose();
searchResults.Dispose();
string stringFilePath = "ExportData\\groups.csv";
System.IO.TextWriter writer = File.CreateText(stringFilePath);
string OutputLine = "Name,Alias,DisplayName,WindowsEmailAddress,SamAccountName,GroupType";
writer.WriteLine(OutputLine);
foreach (var row in GruppiInfo)
{
writer.WriteLine(row.DisplayName + "," + row.mailNickname + "," + row.DisplayName + "," + row.Mail + "," + row.samaccountname + "," + row.msExchRecipientTypeDetails);
}
writer.Close();
}