public static List <AccessRuleObject> GetAccessRules(DirectoryEntry de) { if (de == null) { throw new AdException($"DirectoryEntry Can Not Be NULL", AdStatusType.MissingInput); } List <AccessRuleObject> accessRules = new List <AccessRuleObject>(); Dictionary <string, Principal> principals = new Dictionary <string, Principal>(); AuthorizationRuleCollection rules = de?.ObjectSecurity?.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); if (rules != null) { foreach (AuthorizationRule rule in rules) { ActiveDirectoryAccessRule accessRule = (ActiveDirectoryAccessRule)rule; AccessRuleObject aro = new AccessRuleObject() { ControlType = accessRule.AccessControlType, Rights = accessRule.ActiveDirectoryRights, IdentityReference = accessRule.IdentityReference.Value, InheritanceFlags = accessRule.InheritanceFlags, IsInherited = accessRule.IsInherited, }; Principal principal = null; if (principals.ContainsKey(aro.IdentityReference)) { principal = principals[aro.IdentityReference]; } else { principal = DirectoryServices.GetPrincipal(aro.IdentityReference); principals.Add(aro.IdentityReference, principal); } aro.IdentityName = principal.Name; accessRules.Add(aro); } } return(accessRules); }
public static List <AccessRuleObject> GetAccessRules(DirectoryEntry de) { if (de == null) { throw new AdException($"DirectoryEntry Can Not Be NULL", AdStatusType.MissingInput); } List <AccessRuleObject> accessRules = new List <AccessRuleObject>(); AuthorizationRuleCollection rules = de?.ObjectSecurity?.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); if (rules != null) { foreach (AuthorizationRule rule in rules) { ActiveDirectoryAccessRule accessRule = (ActiveDirectoryAccessRule)rule; AccessRuleObject aro = new AccessRuleObject() { ControlType = accessRule.AccessControlType, Rights = accessRule.ActiveDirectoryRights, IdentityReference = accessRule.IdentityReference.Value, InheritanceFlags = accessRule.InheritanceFlags, IsInherited = accessRule.IsInherited, }; String identity = aro.IdentityReference; if (DirectoryServices.IsSid(aro.IdentityReference)) { // Get User-Readable Principal Name from Sid System.Security.Principal.SecurityIdentifier sid = (System.Security.Principal.SecurityIdentifier)rule.IdentityReference; System.Security.Principal.NTAccount acct = (System.Security.Principal.NTAccount)sid.Translate(typeof(System.Security.Principal.NTAccount)); identity = acct.Value; } aro.IdentityName = identity; accessRules.Add(aro); } } return(accessRules); }