public void DRSR_DRSReadNgcKey_V1_Success() { DrsrTestChecker.Check(); EnvironmentConfig.Machine dcServer = EnvironmentConfig.Machine.WritableDC1; DsServer dcServerMachine = (DsServer)EnvironmentConfig.MachineStore[dcServer]; uint? outVersion; DRS_MSG_READNGCKEYREPLY?outMessage; string newObjDN = ldapAdapter.TestAddComputerObj(dcServerMachine); AddObjectUpdate addUpdate = new AddObjectUpdate(dcServer, newObjDN); updateStorage.PushUpdate(addUpdate); string ngcKey = newObjDN; ResultCode r = ldapAdapter.SetNgcKey(dcServerMachine, newObjDN, ngcKey); BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, r, "IDL_DRSReadNgcKey: modify the msDS-KeyCredentialLink of " + newObjDN); BaseTestSite.Log.Add(LogEntryKind.Comment, "IDL_DRSBind: Binding to DC server: {0}", dcServer); uint ret = drsTestClient.DrsBind(dcServer, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE); BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSBind: Checking return value - got: {0}, expect: 0, should return 0 with a success bind to DC", ret); ret = drsTestClient.DrsReadNgcKey(dcServer, (uint)1, newObjDN, out outVersion, out outMessage); BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSReadNgcKey: Checking return value - got: {0}, expect: 0, should return 0 if successful.", ret); string readNgcKey = Encoding.Unicode.GetString(outMessage.Value.V1.pNgcKey); BaseTestSite.Assert.AreEqual <string>(ngcKey, readNgcKey, "IDL_DRSReadNgcKey: Checking Ngc Key on an object - got: {0}, expect: {1}", readNgcKey, ngcKey); }
public void DRSR_DRSCloneDC_V1_Success() { DrsrTestChecker.Check(); DsServer svr = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1]; AddObjectUpdate machineAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1, svr.ComputerObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName)); updateStorage.PushUpdate(machineAccount); AddObjectUpdate ntdsContainerAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1, "CN=" + EnvironmentConfig.ClonedDCNetbiosName + "," + DrsrHelper.GetParentDNFromChildDN(DrsrHelper.GetParentDNFromChildDN(svr.NtdsDsaObjectName))); updateStorage.PushUpdate(ntdsContainerAccount); AddObjectUpdate ntdsAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1, svr.NtdsDsaObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName)); updateStorage.PushUpdate(ntdsAccount); BaseTestSite.Assert.IsTrue(ldapAdapter.GrantControlAccess(svr, EnvironmentConfig.UserStore[EnvironmentConfig.User.MainDCAccount], svr.Domain.Name, System.DirectoryServices.ActiveDirectoryRights.ExtendedRight, System.Security.AccessControl.AccessControlType.Allow, DRSConstants.ExtendRights.DSCloneDomainController), "Grant control access to clone DC firstly"); drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.MainDCAccount, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE); drsTestClient.DrsAddCloneDC(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.ClonedDCNetbiosName, svr.Site.CN); }
public void DRSR_DRSGetNCChanges_Failed_NoStrongEncryptionByClient() { DrsrTestChecker.Check(); EnvironmentConfig.Machine dcServer = EnvironmentConfig.Machine.WritableDC1; EnvironmentConfig.Machine dcPartner = EnvironmentConfig.Machine.WritableDC2; DsServer dcServerMachine = (DsServer)EnvironmentConfig.MachineStore[dcServer]; DsServer dcPartnerMachine = (DsServer)EnvironmentConfig.MachineStore[dcPartner]; NamingContext specifiedNC = NamingContext.DomainNC; string userdn = ldapAdpter.TestAddUserObj(dcServerMachine); AddObjectUpdate aou = new AddObjectUpdate(dcServer, userdn); updateStorage.PushUpdate(aou); string groupdn = DRSTestData.DRSGetNCChange_ExistGroup + "," + LdapUtility.ConvertUshortArrayToString(((AddsDomain)dcServerMachine.Domain).DomainNC.StringName); DRS_OPTIONS ulFlags = DRS_OPTIONS.NONE; try { ldapAdpter.RemoveObjectFromGroup(dcServerMachine, userdn, groupdn); } catch { //it's OK if user is not in group } drsTestClient.SyncDCs(dcServer, dcServer); //add a user to group dn BaseTestSite.Log.Add(LogEntryKind.Comment, "Add user dn {0} to group dn {1} on DC {2}", userdn, groupdn, dcServer); ResultCode addret = ldapAdpter.AddObjectToGroup(dcServerMachine, userdn, groupdn); BaseTestSite.Assert.IsTrue(addret == ResultCode.Success, "add userdn {0} to group dn {1} failed", userdn, groupdn); AddObjectUpdate adduserUpdate = new AddObjectUpdate(dcServer, userdn); updateStorage.PushUpdate(adduserUpdate); DRS_EXTENSIONS_IN_FLAGS clientCapbilities = DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6; // not contains | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION; BaseTestSite.Log.Add(LogEntryKind.Comment, "Bind to DC server: {0}", dcServer); uint ret = drsTestClient.DrsBind(dcServer, EnvironmentConfig.User.WritableDC2Account, clientCapbilities); BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSBind should return 0 with a success bind to DC"); BaseTestSite.Log.Add(LogEntryKind.Comment, "Calling IDL_DRSNCChanges (V8 request) to get changes for a specified NC from a DC server. The reply compression is not required."); uint?outVersion; DRS_MSG_GETCHGREPLY?outMessage; ret = drsTestClient.DrsGetNCChanges( dcServer, DrsGetNCChanges_Versions.V8, dcPartner, ulFlags, specifiedNC, EXOP_REQ_Codes.None, FSMORoles.None, null, out outVersion, out outMessage); BaseTestSite.Assert.AreNotEqual <uint>(0, ret, "IDL_DRSGetNCChanges should not return 0x0 for failure"); BaseTestSite.Assert.AreEqual <uint>((uint)Win32ErrorCode_32.SEC_E_ALGORITHM_MISMATCH, ret, "Verify error code detail: IDL_DRSNCChanges should return SEC_E_ALGORITHM_MISMATCH due to DRS_EXT_STRONG_ENCRYPTION not included in bind."); }