172 lines
5.9 KiB
VB.net
172 lines
5.9 KiB
VB.net
Imports System.DirectoryServices
|
|
Imports System.DirectoryServices.AccountManagement
|
|
|
|
Public Class ClassActiveDirectory
|
|
Private Shared excludedGroupNames As New List(Of String) From {
|
|
"Abgelehnte",
|
|
"DHCP",
|
|
"Distributed COM",
|
|
"Dns",
|
|
"Domänen-Gäste",
|
|
"Domänencomput",
|
|
"Domänencontroller",
|
|
"Druck",
|
|
"Einstellungen eingehender",
|
|
"Erstellungen",
|
|
"Ereignis",
|
|
"Gäst",
|
|
"Hyper-V",
|
|
"IIS_",
|
|
"Klonbare",
|
|
"Konten-Oper",
|
|
"Kryptografie",
|
|
"Leistungs",
|
|
"Netzwerkskon",
|
|
"PrivUser",
|
|
"Protected User",
|
|
"Prä-Windows",
|
|
"RAS- und IAS-Server",
|
|
"RDS-",
|
|
"Remoteverwaltungs",
|
|
"Replikations",
|
|
"Reporting",
|
|
"Richtlinien-Ersteller",
|
|
"SQLAccess",
|
|
"Schreibgeschützte Domänen",
|
|
"Schlüsseladministratoren",
|
|
"Server-Operatore",
|
|
"Sicherungs",
|
|
"Storage",
|
|
"System Managed",
|
|
"Terminalserver-Liz",
|
|
"WinRMR",
|
|
"Windows-Auth",
|
|
"Unternehme",
|
|
"Zertifikat",
|
|
"Zugriffssteuerungs",
|
|
"Zulässige"
|
|
}
|
|
|
|
Private Shared Function GetDirectoryEntry()
|
|
Dim de As New DirectoryEntry($"LDAP://{Environment.UserDomainName}")
|
|
de.Username = Nothing
|
|
de.Password = Nothing
|
|
de.AuthenticationType = AuthenticationTypes.Secure
|
|
|
|
Return de
|
|
End Function
|
|
|
|
Public Shared Function GetDirectorySearch() As DirectorySearcher
|
|
Dim dirEntry As DirectoryEntry = GetDirectoryEntry()
|
|
Dim dirSearcher As DirectorySearcher = New DirectorySearcher(dirEntry)
|
|
Return dirSearcher
|
|
End Function
|
|
|
|
Public Shared Function GetActiveDirectoryGroups() As List(Of String)
|
|
Dim groups As New List(Of String)
|
|
Dim de As DirectoryEntry = GetDirectoryEntry()
|
|
Dim deSearch As DirectorySearcher = New DirectorySearcher()
|
|
deSearch.SearchRoot = de
|
|
|
|
deSearch.Filter = "(&(objectClass=group) (samAccountName=" & "*" & "))"
|
|
Dim results As SearchResultCollection = deSearch.FindAll()
|
|
For Each r As SearchResult In results
|
|
Try
|
|
'Dim groupName = r.GetDirectoryEntry.Name.Replace("CN=", "")
|
|
Dim groupName = r.Properties.Item("samaccountname").Item(0)
|
|
|
|
If Not IsNothing(groupName) Then
|
|
Dim isExcluded = excludedGroupNames.Where(Function(excludedGroup)
|
|
Return (groupName.Contains(excludedGroup) Or groupName.StartsWith(excludedGroup))
|
|
End Function).Any()
|
|
|
|
If Not isExcluded Then
|
|
groups.Add(groupName)
|
|
End If
|
|
End If
|
|
Catch ex As Exception
|
|
MsgBox("Error while fetching Active Directory groups", MsgBoxStyle.Critical)
|
|
End Try
|
|
Next
|
|
|
|
Return groups
|
|
End Function
|
|
|
|
'Public Shared Function GetActiveDirectoryGroups(samAccountName As String) As List(Of String)
|
|
' Dim groups As New List(Of String)
|
|
' Dim adRoot As New DirectoryEntry() With {
|
|
' .AuthenticationType = AuthenticationTypes.Secure
|
|
' }
|
|
' Dim user As DirectoryEntry = FindUser(adRoot, samAccountName)
|
|
|
|
' If IsNothing(user) Then
|
|
' MsgBox($"Benutzer {samAccountName} wurde nicht in der Active Directory gefunden!")
|
|
' Return groups
|
|
' End If
|
|
|
|
' user.RefreshCache(New String() {"tokenGroups"})
|
|
|
|
' For Each tokenGroup As Byte() In user.Properties("tokenGroups")
|
|
' Dim groupName As String = GetGroupNameFromTokenGroupEntry(adRoot, tokenGroup)
|
|
|
|
' If Not IsNothing(groupName) Then
|
|
' Dim isValidGroup As Boolean = excludedGroupNames.Where(Function(excludedGroup) Not groupName.StartsWith(excludedGroup)).Any()
|
|
|
|
' If isValidGroup Then
|
|
' groups.Add(groupName)
|
|
' End If
|
|
' End If
|
|
' Next
|
|
|
|
' Return groups
|
|
'End Function
|
|
|
|
Public Shared Function GetActiveDirectoryUsersForGroup(groupName As String) As List(Of UserPrincipal)
|
|
Dim users As New List(Of UserPrincipal)
|
|
|
|
Using context As New PrincipalContext(ContextType.Domain)
|
|
Using group As GroupPrincipal = GroupPrincipal.FindByIdentity(context, IdentityType.Name, groupName)
|
|
Using members = group.GetMembers(True)
|
|
|
|
For Each member As UserPrincipal In members
|
|
If TypeOf member Is UserPrincipal Then
|
|
users.Add(member)
|
|
End If
|
|
Next
|
|
|
|
End Using
|
|
End Using
|
|
End Using
|
|
|
|
Return users
|
|
End Function
|
|
|
|
Private Shared Function GetGroupNameFromTokenGroupEntry(rootEntry As DirectoryEntry, tokenGroup As Byte())
|
|
Dim sID As New Security.Principal.SecurityIdentifier(tokenGroup, 0)
|
|
Dim sIDSearch = New DirectorySearcher(rootEntry, $"(objectSid={sID.Value})", New String() {"name"})
|
|
Dim sIDResult = sIDSearch.FindOne()
|
|
|
|
If IsNothing(sIDResult) Then
|
|
Return Nothing
|
|
Else
|
|
Return sIDResult.Properties("name").Item(0).ToString()
|
|
End If
|
|
End Function
|
|
|
|
Private Shared Function FindUser(rootEntry As DirectoryEntry, samAccountName As String) As DirectoryEntry
|
|
Dim userSearch = New DirectorySearcher(
|
|
rootEntry,
|
|
$"(samAccountName={samAccountName})",
|
|
New String() {"displayName"}
|
|
)
|
|
|
|
Dim result = userSearch.FindOne()
|
|
|
|
If IsNothing(result) Then
|
|
Return Nothing
|
|
Else
|
|
Return result.GetDirectoryEntry()
|
|
End If
|
|
End Function
|
|
End Class
|