Last active
December 29, 2015 03:09
-
-
Save gbrayut/7605918 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void Main() | |
| { | |
| var username = @"ad\u0861240"; | |
| var userNameNoDomain = username.Split('\\').Last(); | |
| var Context = new System.DirectoryServices.AccountManagement.PrincipalContext( System.DirectoryServices.AccountManagement.ContextType.Domain | |
| ,"ad.utah.edu","OU=People,DC=ad,DC=utah,DC=edu",@"",""); | |
| var directoryEntry = new DirectoryEntry("LDAP://DC=ad,DC=utah,DC=edu"); | |
| var directoryEntryBase = new DirectoryEntry("LDAP://DC=ad,DC=utah,DC=edu"); | |
| using (var directorySearcher = new DirectorySearcher(directoryEntry) | |
| { | |
| Filter = string.Format("(sAMAccountName={0})", userNameNoDomain) | |
| }) | |
| { | |
| directorySearcher.PropertiesToLoad.AddRange(new string[]{"msDS-PrincipalName","displayName","adspath"}); | |
| var resultset = directorySearcher.FindOne(); | |
| //resultset.Dump(); | |
| var adspath = resultset.Properties["adspath"][0].ToString(); | |
| //get tokengroups (see http://stackoverflow.com/questions/3833785/) | |
| var deuser = new DirectoryEntry(adspath); | |
| var tokengroups = new List<System.Security.Principal.SecurityIdentifier>(); | |
| var groupnames = new List<string>(); | |
| using (DirectorySearcher dstargetuser = new DirectorySearcher(deuser)){ | |
| dstargetuser.SearchScope = SearchScope.Base; //tokengroups is a constructed attribute, so have to ask for it while performing a search | |
| dstargetuser.Filter = "(objectclass=*)"; //this is closest thing i can find to an always true filter | |
| dstargetuser.PropertiesToLoad.Add("tokengroups"); | |
| SearchResult srtargetuser = dstargetuser.FindOne(); | |
| //srtargetuser.Dump(); | |
| StringBuilder sbgroupsids = new StringBuilder("(|"); | |
| foreach (byte[] byteGroupSid in srtargetuser.Properties["tokenGroups"]) | |
| { | |
| System.Security.Principal.SecurityIdentifier groupSid = new System.Security.Principal.SecurityIdentifier(byteGroupSid, 0); | |
| tokengroups.Add(groupSid); | |
| sbgroupsids.Append(GetSIDSearchFilter(groupSid)); | |
| } | |
| sbgroupsids.Append(")"); | |
| //sbgroupsids.Dump(); | |
| tokengroups.First().Dump(); | |
| //tokengroups.dump("ldap tokengroups attribute"); | |
| using(DirectorySearcher dstargetsids = new DirectorySearcher(directoryEntry)){ | |
| dstargetsids.Filter = sbgroupsids.ToString(); | |
| foreach(SearchResult adgroup in dstargetsids.FindAll()){ | |
| var groupname = adgroup.Properties["name"][0].ToString(); | |
| groupnames.Add(groupname); | |
| } | |
| } | |
| groupnames.Sort(); | |
| groupnames.Dump("group names"); | |
| } | |
| } | |
| } | |
| // Define other methods and classes here | |
| public static string GetSIDSearchFilter(SecurityIdentifier sid) | |
| { | |
| byte[] byteSid = new byte[sid.BinaryLength]; | |
| sid.GetBinaryForm(byteSid, 0); | |
| return string.Format("(objectSid={0})", BuildFilterOctetString(byteSid)); | |
| } | |
| public static string BuildFilterOctetString(byte[] bytes) | |
| { | |
| StringBuilder sb = new StringBuilder(); | |
| for (int i = 0; i < bytes.Length; i++) | |
| { | |
| sb.AppendFormat("\\{0}", bytes[i].ToString("X2")); | |
| } | |
| return sb.ToString(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment