I am working on some sort of health monitoring and I want to validate that my application has access and proper right in Active Directory. When I initialise DirectoryEntry
, this will show me that I see given domain/path from the machine. That's OK, but I need to check if I am able to read/write in the domain. It that even possible without creating actual object in AD?
Thanks in regards
At last, it was quite easy with oldovets' comment. Here is the code I used:
using (DirectoryEntry entry = directorySearcher.FindOne()?.GetDirectoryEntry())
{
if (entry == null)
{
//report error
}
entry.RefreshCache(new string[] { "allowedAttributesEffective" });
if (entry.Properties["allowedAttributesEffective"].Value != null)
{
if (this.properties == null || this.properties.All(property => entry.Properties["allowedAttributesEffective"].Contains(property)))
{
//sufficient rights
}
else
{
//insufficient rights
}
}
else
{
//not possible to check attribute "allowedAttributesEffective", it is missing or you have insufficient rights to read it
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.