public static void OutputDomainFindingInfoToConsoleForDomainOnMachine(string machine, string domain)
{
OutputToConsole(0, "Outputting domain networking information for domain {0} retrieved from {1}", domain, string.IsNullOrEmpty(machine) ? "localhost" : machine);
try
{
var dci = NativeWrapped.GetDc(domain, DsFlag.DS_RETURN_DNS_NAME | DsFlag.DS_ONLY_LDAP_NEEDED, machine);
OutputToConsole(1, "Results from DsGetDcName:");
OutputToConsole(2, "{0}:\t{1}", "ClientSiteName", dci.ClientSiteName);
OutputToConsole(2, "{0}:\t{1}", "DcSiteName", dci.DcSiteName);
OutputToConsole(2, "{0}:\t{1}", "DnsForestName", dci.DnsForestName);
OutputToConsole(2, "{0}:\t{1}", "DomainControllerAddress", dci.DomainControllerAddress);
OutputToConsole(2, "{0}:\t{1}", "DomainControllerAddressType", dci.DomainControllerAddressType);
OutputToConsole(2, "{0}:\t{1}", "DomainControllerName", dci.DomainControllerName);
OutputToConsole(2, "{0}:\t{1}", "DomainGuid", dci.DomainGuid);
OutputToConsole(2, "{0}:\t{1}", "DomainName", dci.DomainName);
OutputToConsole(2, "{0}:\t{1}", "Flags", string.Join(", ", GetFlagsFromEnum <DsReturnFlags>(dci.Flags)));
OutputNetworkResolutionInformationToConsole(2, dci.DomainControllerAddress);
OutputToConsole(1, "Results from DsGetDcNext for {0}:", dci.DomainName);
//Note: The following won't get results from RoDCs
var dcs = NativeWrapped.EnumerateDCs(dci.DomainName, DsFlag.None);
foreach (var dc in dcs)
{
OutputNetworkResolutionInformationToConsole(2, dc);
}
}
catch (Exception ex)
{
OutputToConsole(0, "Error outputting domain information for {0} retrieved from {2}:\t{1}", domain, ex, string.IsNullOrEmpty(machine) ? "localhost" : machine);
}
}
/// <summary>
/// Validates credentials using TLS
/// </summary>
/// <param name="username">User name</param>
/// <param name="domainname">Domain name</param>
/// <param name="password">User Password</param>
/// <param name="serverNameUsed">Name of the server used; if return value is false and this is null, no server that could use TLS was found for the domain</param>
/// <returns>Success in validating the credentials</returns>
public static bool ValidateCredentialsTLS(string username, string domainname, string password, out string serverNameUsed)
{
//Reference port numbers = https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
int LdapSSLPort = 636;
int LdapGcSSLPort = 3269;
foreach (var dc in NativeWrapped.EnumerateDCs(domainname, DsFlag.DS_ONLY_LDAP_NEEDED))
{
if (TryConnect(dc, LdapSSLPort))
{
serverNameUsed = dc;
try
{
return(ValidateCredentials(username, domainname, password, dc, ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind));
}
catch (Exception ex)
{
Console.WriteLine("Failed validating credentials for {0} on {1}:\t{2}", username, dc, ex);
try
{
return(ManuallyValidateTLSCredentials(username, domainname, password, dc, LdapSSLPort));
}
catch (Exception ex2)
{
Console.WriteLine("Failed manually validating credentials for {0} on {1}:\t{2}", username, dc, ex2);
}
}
}
else if (TryConnect(dc, LdapGcSSLPort))
{
serverNameUsed = dc;
//You could roll your own validator using LDAPConnection for this if you wanted and as I have done for a fallback on
//the above where the ldap options set for the session within the .NET library can cause credential validation to fail,
//but the ValidateCredentials method is hard coded to the other port
try
{
return(ManuallyValidateTLSCredentials(username, domainname, password, dc, LdapGcSSLPort));
}
catch (Exception ex2)
{
Console.WriteLine("Failed manually validating credentials for {0} on {1}:\t{2}", username, dc, ex2);
}
}
}
serverNameUsed = null;
return(false);
}
