I require a C# developer to extract the AD Extended Rights
Budget
258$
per month
Posted: 4 year ago
Opened
- Description
- I require a simple C# application that extracts all the Advanced Security Settings permissions for a domain as seen in Active Directory Users and Computers. The attached images from a Dev DC shows the Extended Rights we require to extract (labelled Screen 4)
.NET provides easy extraction of the Principals and Access rights for the users for the domain (Screen 3) and returns generic rights like ReadProperty, WriteProperty, GenericExecute and ExtendedRight.
The following code retrieves the higher level users and rights
private List ReadPermissions(string adPath, string UserID, string UserPassword)
{
List rights = new List();
AccessPermissions user = new AccessPermissions();
DirectoryEntry de = new DirectoryEntry(adPath, UserID, UserPassword);
de.Options.SecurityMasks = SecurityMasks.Dacl | SecurityMasks.Sacl;
de.RefreshCache();
ActiveDirectorySecurity Sec = de.ObjectSecurity;
foreach (ActiveDirectoryAccessRule ar in Sec.GetAccessRules(true, true, typeof(NTAccount)))
{
user.Identity = ResolveKnownSid(ar.IdentityReference);
user.ActiveDirectoryRights = ar.ActiveDirectoryRights.ToString();
if(ar.AccessControlType.ToString()=="Allow")
{
user.AccessControlType = AccessControl.Allow;
}
else
{
user.AccessControlType = AccessControl.Deny;
}
lstItems.Items.Add(user.Identity);
lstRights.Items.Add(user.ActiveDirectoryRights);
//lstPermissions.Items.Add(user.AccessControlType);
rights.Add(user);
}
return rights;
}
A small sample app that retrieves the higher level is attached written in c# using VS 2019 - core code is in Form1.cs.
What I require is what can be seen in Screen labelled 4 where we drill down into the extendedRights for the users. In the case of screen labelled 4 - the extended right of -
"Validated write to computer attributes." needs to be extracted.
In the separate Permissions image, I require the extended rights of -
List Contents, Read All Properties, Write all properties, Read permissions, Delete msImaging-PSPs objects and Create MSMQ Queue Alias objects
Naturally, the listed users will have different extended rights so this is just 2 examples from my test environment.
Note: You will need access to a standard Windows Active Directory domain.
If you require any additional information, please do not hesitate to contact me.
Skills:
property writing,.net framework,C# programming language,extraction,image,microsoft active directory,microsoft windows,retrieval,software development
- Category
Source: peopleperhour.com