如何从一个域获取其他域

本文关键字:一个 获取 其他 | 更新日期: 2023-09-27 18:37:21

我尝试获取森林中的所有域。

我可以连接到一个特定的域并像这样获取其目录条目:

DirectoryContext dc =
    new DirectoryContext(DirectoryContextType.DirectoryServer, "xx.x.xxx.40", "w28''administrator", "pwd");
Domain domain = Domain.GetDomain(dc);
DirectoryEntry entry = domain.GetDirectoryEntry();
foreach (DirectoryEntry child in entry.Children)
{
    Console.WriteLine(" - " + child.Name);
}

但是,当我尝试通过森林属性获取其他域时。

Forest forest = domain.Forest;
Console.WriteLine("Count: " + forest.Domains.Count); //It crashes here
DomainCollection domains = forest.Domains;

我的应用崩溃,异常消息如下所示:System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException:指定的域不存在或无法联系。

在 System.DirectoryServices.ActiveDirectory.Locator.GetDomainControllerInfo(String 计算机名称、字符串域名、字符串站点名称、Int64 标志) System.DirectoryServices.ActiveDirectory.DirectoryContext.isCurrentForest() 在 System.DirectoryServices.ActiveDirectory.DirectoryContext.GetServerName() 在 System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.GetNewDirectoryEntry(String DN) 在 System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.GetCachedDirectoryEntry(String 区分名称)在 System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN DN) 在 System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn) at System.DirectoryServices.ActiveDirectory.Forest.GetDomains() 在 System.DirectoryServices.ActiveDirectory.Forest.get_Domains()

请帮助我。

提前谢谢。

如何从一个域获取其他域

我在我的森林中运行了类似的代码(通过 GetCurrentDomain() 并查询其森林),它们运行良好。我认为问题就像出现的异常和调用堆栈一样 - 它试图通过查询作为 DC 的林根服务器来获取有关您的森林的信息,并且无法联系。我认为您需要检查拓扑,然后查看服务器的状态。

我也有同样的问题。 我在域外,我永远都是,因为我们是网络安全测试人员。

我发现这是一种解决的好方法

 class PInvoke {
[DllImport("Netapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern int DsGetDcName
        (
          [MarshalAs(UnmanagedType.LPTStr)]
            string ComputerName,
          [MarshalAs(UnmanagedType.LPTStr)]
            string DomainName,
          [In] int DomainGuid,
          [MarshalAs(UnmanagedType.LPTStr)]
            string SiteName,
          [MarshalAs(UnmanagedType.U4)]
            DSGETDCNAME_FLAGS flags,
          out IntPtr pDOMAIN_CONTROLLER_INFO
        );
    [StructLayout(LayoutKind.Sequential)]
    public class GuidClass
    {
        public Guid TheGuid;
    }
    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
    public struct DOMAIN_CONTROLLER_INFO
    {
        [MarshalAs(UnmanagedType.LPTStr)]
        public string DomainControllerName;
        [MarshalAs(UnmanagedType.LPTStr)]
        public string DomainControllerAddress;
        public uint DomainControllerAddressType;
        public Guid DomainGuid;
        [MarshalAs(UnmanagedType.LPTStr)]
        public string DomainName;
        [MarshalAs(UnmanagedType.LPTStr)]
        public string DnsForestName;
        public uint Flags;
        [MarshalAs(UnmanagedType.LPTStr)]
        public string DcSiteName;
        [MarshalAs(UnmanagedType.LPTStr)]
        public string ClientSiteName;
    }

    [DllImport("Netapi32.dll", SetLastError = true)]
    public static extern int NetApiBufferFree(IntPtr Buffer);
    [Flags]
    public enum DSGETDCNAME_FLAGS : uint
    {
        DS_FORCE_REDISCOVERY = 0x00000001,
        DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
        DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
        DS_GC_SERVER_REQUIRED = 0x00000040,
        DS_PDC_REQUIRED = 0x00000080,
        DS_BACKGROUND_ONLY = 0x00000100,
        DS_IP_REQUIRED = 0x00000200,
        DS_KDC_REQUIRED = 0x00000400,
        DS_TIMESERV_REQUIRED = 0x00000800,
        DS_WRITABLE_REQUIRED = 0x00001000,
        DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
        DS_AVOID_SELF = 0x00004000,
        DS_ONLY_LDAP_NEEDED = 0x00008000,
        DS_IS_FLAT_NAME = 0x00010000,
        DS_IS_DNS_NAME = 0x00020000,
        DS_RETURN_DNS_NAME = 0x40000000,
        DS_RETURN_FLAT_NAME = 0x80000000
    }
}
class domain
{
   public static void DetectDc(string domain, string username, string password, out string dc, out string dcAddress, out string path)
        {
            PInvoke.DOMAIN_CONTROLLER_INFO domainInfo;
            const int errorSuccess = 0;
            var pDci = IntPtr.Zero;
            try
            {
                var val = PInvoke.DsGetDcName(null, domain, 0, "", 0, out pDci);
                //check return value for error
                if (errorSuccess == val)
                {
                    domainInfo = (PInvoke.DOMAIN_CONTROLLER_INFO)Marshal.PtrToStructure(pDci, typeof(PInvoke.DOMAIN_CONTROLLER_INFO));
                }
                else
                {
                    dc = "";
                    dcAddress = "";
                    path = "";
                    namingContext = "";
                    return;
                }
            }
            finally
            {
                PInvoke.NetApiBufferFree(pDci);
            }
            dc = domainInfo.DomainControllerName;
            dc = dc.Replace("''''", "");
            dcAddress = domainInfo.DomainControllerAddress;
            dcAddress = dcAddress.Replace("''''", "");
            var ldap = new Ldap(domain, dcAddress, username, password);
        }
}
相关文章: