From aa123ff987fe7ecc666b313bac6cd65ff57ef514 Mon Sep 17 00:00:00 2001 From: Robert Muehsig Date: Thu, 31 Dec 2020 00:29:07 +0100 Subject: [PATCH] ldap stuff --- 2020/SecGroupsAndDistributionListsTester.sln | 25 ++++ .../Program.cs | 117 ++++++++++++++++++ ...SecGroupsAndDistributionListsTester.csproj | 13 ++ 3 files changed, 155 insertions(+) create mode 100644 2020/SecGroupsAndDistributionListsTester.sln create mode 100644 2020/SecGroupsAndDistributionListsTester/Program.cs create mode 100644 2020/SecGroupsAndDistributionListsTester/SecGroupsAndDistributionListsTester.csproj diff --git a/2020/SecGroupsAndDistributionListsTester.sln b/2020/SecGroupsAndDistributionListsTester.sln new file mode 100644 index 00000000..1ae83183 --- /dev/null +++ b/2020/SecGroupsAndDistributionListsTester.sln @@ -0,0 +1,25 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.30709.132 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecGroupsAndDistributionListsTester", "SecGroupsAndDistributionListsTester\SecGroupsAndDistributionListsTester.csproj", "{BA2B62A0-7A1C-4B71-B126-A7CC063F2192}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {BA2B62A0-7A1C-4B71-B126-A7CC063F2192}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {BA2B62A0-7A1C-4B71-B126-A7CC063F2192}.Debug|Any CPU.Build.0 = Debug|Any CPU + {BA2B62A0-7A1C-4B71-B126-A7CC063F2192}.Release|Any CPU.ActiveCfg = Release|Any CPU + {BA2B62A0-7A1C-4B71-B126-A7CC063F2192}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {EFC6375E-72F8-4AF2-ACB6-C8EC0581A9DB} + EndGlobalSection +EndGlobal diff --git a/2020/SecGroupsAndDistributionListsTester/Program.cs b/2020/SecGroupsAndDistributionListsTester/Program.cs new file mode 100644 index 00000000..89dba189 --- /dev/null +++ b/2020/SecGroupsAndDistributionListsTester/Program.cs @@ -0,0 +1,117 @@ +using System; +using System.Collections.Generic; +using System.DirectoryServices; +using System.DirectoryServices.AccountManagement; +using System.DirectoryServices.ActiveDirectory; +using System.Security.Principal; + +namespace SecGroupsAndDistributionListsTester +{ + class Program + { + static void Main(string[] args) + { + + Console.WriteLine("Enter User:"); + var name = Console.ReadLine(); + + var domain = Domain.GetComputerDomain(); + try + { + Console.WriteLine("ListAllGroupsViaLdapQuery:"); + + Console.WriteLine($"Try to get all groups for {name} in {domain.Name}."); + + // Be aware that some "system level" groups are not part of the returned list + // Use a comibination of this + tokenGroups + ListAllGroupsViaLdapQuery(name, domain.Name); + } + catch (Exception exc) + { + Console.WriteLine(exc.Message); + } + + Console.Read(); + } + + + private static List ListAllGroupsViaLdapQuery(string username, string domainName) + { + List result = new List(); + + using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domainName)) + using (var searcher = new DirectorySearcher(new DirectoryEntry("LDAP://" + domainContext.Name))) + { + searcher.Filter = String.Format("(&(objectClass=user)(sAMAccountName={0}))", username); + SearchResult sr = searcher.FindOne(); + + DirectoryEntry user = sr.GetDirectoryEntry(); + + var dn = user.Properties["distinguishedname"]; + var x = GetGroupsForDistinguishedName(new DirectoryEntry("LDAP://" + domainContext.Name), dn.Value.ToString()); + + foreach (var groupX in x) + { + Console.WriteLine(groupX.ToString()); + } + + } + + return result; + } + + private static DirectorySearcher CreateDirectorySearcher(string filter) + { + Domain domain = Domain.GetComputerDomain(); + + DirectorySearcher searcher; + + string targetSearchRoot = "LDAP://" + domain.Name; + + + searcher = new DirectorySearcher(new DirectoryEntry(targetSearchRoot)); + searcher.Filter = filter; + + searcher.SearchScope = SearchScope.Subtree; + + return searcher; + } + + public class GroupResult + { + public string Name { get; set; } + public string ObjectSid { get; set; } + public int GroupType { get; set; } + + public override string ToString() + { + return $"{Name} ({ObjectSid}) - Type: {GroupType}"; + } + + } + + private static List GetGroupsForDistinguishedName(DirectoryEntry domainDirectoryEntry, string distinguishedName) + { + var groups = new List(); + if (!string.IsNullOrEmpty(distinguishedName)) + { + var getGroupsFilterForDn = $"(&(objectClass=group)(member:1.2.840.113556.1.4.1941:= {distinguishedName}))"; + using (var dirSearch = CreateDirectorySearcher(getGroupsFilterForDn)) + { + using (var results = dirSearch.FindAll()) + { + foreach (SearchResult result in results) + { + if (result.Properties.Contains("name") && result.Properties.Contains("objectSid") && result.Properties.Contains("groupType")) + groups.Add(new GroupResult() { Name = (string)result.Properties["name"][0], GroupType = (int)result.Properties["groupType"][0], ObjectSid = new SecurityIdentifier((byte[])result.Properties["objectSid"][0], 0).ToString() }); + } + } + } + } + + return groups; + } + + + } +} diff --git a/2020/SecGroupsAndDistributionListsTester/SecGroupsAndDistributionListsTester.csproj b/2020/SecGroupsAndDistributionListsTester/SecGroupsAndDistributionListsTester.csproj new file mode 100644 index 00000000..4c29fdf0 --- /dev/null +++ b/2020/SecGroupsAndDistributionListsTester/SecGroupsAndDistributionListsTester.csproj @@ -0,0 +1,13 @@ + + + + Exe + netcoreapp3.1 + + + + + + + +