stackoom
  简体   繁体   中英

How to get object of “ntSecurityDescriptor” of a active directory user

 原文  2012-11-04 15:11:03       c#/ asp.net/ openldap

Question

I am working on a website. I have to find the value of user can't change password property of a user. I get this link http://msdn.microsoft.com/en-us/library/aa746448(v=vs.85).aspx[^] according to which I have to find "ntSecurityDescriptor" value of that user. They are using DirectoryEntry class to find that but in my case I am using LdapConnection class. If I use entry class I was not able to make connectivity with server So that I change it to LdapConnection class. Now I don't know how to find value.

1 answers

solution1
 0 ACCPTED  2012-11-24 06:42:19

I find my solution. 

 SearchResponse response = (SearchResponse)connection.SendRequest(request);
            DirectoryAttribute attribute = response.Entries[0].Attributes["ntSecurityDescriptor"];

            if (attribute != null)
            {
                const string PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}";
                const int ADS_ACETYPE_ACCESS_DENIED_OBJECT = 6;
                bool fEveryone = false;
                bool fSelf = false;

                ActiveDs.ADsSecurityUtility secUtility = new ActiveDs.ADsSecurityUtility();
                ActiveDs.IADsSecurityDescriptor sd = (IADsSecurityDescriptor)secUtility.ConvertSecurityDescriptor((byte[])attribute[0], (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_RAW, (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
                ActiveDs.IADsAccessControlList acl = (ActiveDs.IADsAccessControlList)sd.DiscretionaryAcl;

                foreach (ActiveDs.IADsAccessControlEntry ace in acl)
                {
                    if ((ace.ObjectType != null) && (ace.ObjectType.ToUpper() == PASSWORD_GUID.ToUpper()))
                    {
                        if ((ace.Trustee == "Everyone") && (ace.AceType == ADS_ACETYPE_ACCESS_DENIED_OBJECT))
                        {
                            fEveryone = true;
                        }
                        if ((ace.Trustee == @"NT AUTHORITY\SELF") && (ace.AceType == ADS_ACETYPE_ACCESS_DENIED_OBJECT))
                        {
                            fSelf = true;
                        }

                        break;
                    }
                }

                if (fEveryone || fSelf)
                {
                    return Global.RequestContants.CANT_CHANGE_PASSWORD;
                }
                else
                {
                    return string.Empty;
                }
            }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get the Active directory token of a user? How to get username from Azure Active Directory using user Id (object id) Get Active Directory user information Get list of user in Active Directory How do I clear out a user object attribute in Active Directory? How to get Immutable ID of active directory user by using c# How to get Azure Active Directory role or user group How to get user's password expiration date from Active Directory? How to get Active Directory User Account Attributes in C# how to get the security group names of a user in azure active directory
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM