如何从一个域获取其他域
本文关键字:一个 获取 其他 | 更新日期: 2023-09-27 18:37:21
我尝试获取森林中的所有域。
我可以连接到一个特定的域并像这样获取其目录条目:
DirectoryContext dc =
new DirectoryContext(DirectoryContextType.DirectoryServer, "xx.x.xxx.40", "w28''administrator", "pwd");
Domain domain = Domain.GetDomain(dc);
DirectoryEntry entry = domain.GetDirectoryEntry();
foreach (DirectoryEntry child in entry.Children)
{
Console.WriteLine(" - " + child.Name);
}
但是,当我尝试通过森林属性获取其他域时。
Forest forest = domain.Forest;
Console.WriteLine("Count: " + forest.Domains.Count); //It crashes here
DomainCollection domains = forest.Domains;
我的应用崩溃,异常消息如下所示:System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException:指定的域不存在或无法联系。
在 System.DirectoryServices.ActiveDirectory.Locator.GetDomainControllerInfo(String 计算机名称、字符串域名、字符串站点名称、Int64 标志) System.DirectoryServices.ActiveDirectory.DirectoryContext.isCurrentForest() 在 System.DirectoryServices.ActiveDirectory.DirectoryContext.GetServerName() 在 System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.GetNewDirectoryEntry(String DN) 在 System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.GetCachedDirectoryEntry(String 区分名称)在 System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN DN) 在 System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn) at System.DirectoryServices.ActiveDirectory.Forest.GetDomains() 在 System.DirectoryServices.ActiveDirectory.Forest.get_Domains()
请帮助我。
提前谢谢。
我在我的森林中运行了类似的代码(通过 GetCurrentDomain() 并查询其森林),它们运行良好。我认为问题就像出现的异常和调用堆栈一样 - 它试图通过查询作为 DC 的林根服务器来获取有关您的森林的信息,并且无法联系。我认为您需要检查拓扑,然后查看服务器的状态。
我也有同样的问题。 我在域外,我永远都是,因为我们是网络安全测试人员。
我发现这是一种解决的好方法
class PInvoke {
[DllImport("Netapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DsGetDcName
(
[MarshalAs(UnmanagedType.LPTStr)]
string ComputerName,
[MarshalAs(UnmanagedType.LPTStr)]
string DomainName,
[In] int DomainGuid,
[MarshalAs(UnmanagedType.LPTStr)]
string SiteName,
[MarshalAs(UnmanagedType.U4)]
DSGETDCNAME_FLAGS flags,
out IntPtr pDOMAIN_CONTROLLER_INFO
);
[StructLayout(LayoutKind.Sequential)]
public class GuidClass
{
public Guid TheGuid;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct DOMAIN_CONTROLLER_INFO
{
[MarshalAs(UnmanagedType.LPTStr)]
public string DomainControllerName;
[MarshalAs(UnmanagedType.LPTStr)]
public string DomainControllerAddress;
public uint DomainControllerAddressType;
public Guid DomainGuid;
[MarshalAs(UnmanagedType.LPTStr)]
public string DomainName;
[MarshalAs(UnmanagedType.LPTStr)]
public string DnsForestName;
public uint Flags;
[MarshalAs(UnmanagedType.LPTStr)]
public string DcSiteName;
[MarshalAs(UnmanagedType.LPTStr)]
public string ClientSiteName;
}
[DllImport("Netapi32.dll", SetLastError = true)]
public static extern int NetApiBufferFree(IntPtr Buffer);
[Flags]
public enum DSGETDCNAME_FLAGS : uint
{
DS_FORCE_REDISCOVERY = 0x00000001,
DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
DS_GC_SERVER_REQUIRED = 0x00000040,
DS_PDC_REQUIRED = 0x00000080,
DS_BACKGROUND_ONLY = 0x00000100,
DS_IP_REQUIRED = 0x00000200,
DS_KDC_REQUIRED = 0x00000400,
DS_TIMESERV_REQUIRED = 0x00000800,
DS_WRITABLE_REQUIRED = 0x00001000,
DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
DS_AVOID_SELF = 0x00004000,
DS_ONLY_LDAP_NEEDED = 0x00008000,
DS_IS_FLAT_NAME = 0x00010000,
DS_IS_DNS_NAME = 0x00020000,
DS_RETURN_DNS_NAME = 0x40000000,
DS_RETURN_FLAT_NAME = 0x80000000
}
}
class domain
{
public static void DetectDc(string domain, string username, string password, out string dc, out string dcAddress, out string path)
{
PInvoke.DOMAIN_CONTROLLER_INFO domainInfo;
const int errorSuccess = 0;
var pDci = IntPtr.Zero;
try
{
var val = PInvoke.DsGetDcName(null, domain, 0, "", 0, out pDci);
//check return value for error
if (errorSuccess == val)
{
domainInfo = (PInvoke.DOMAIN_CONTROLLER_INFO)Marshal.PtrToStructure(pDci, typeof(PInvoke.DOMAIN_CONTROLLER_INFO));
}
else
{
dc = "";
dcAddress = "";
path = "";
namingContext = "";
return;
}
}
finally
{
PInvoke.NetApiBufferFree(pDci);
}
dc = domainInfo.DomainControllerName;
dc = dc.Replace("''''", "");
dcAddress = domainInfo.DomainControllerAddress;
dcAddress = dcAddress.Replace("''''", "");
var ldap = new Ldap(domain, dcAddress, username, password);
}
}