in TestSuites/ADFamily/src/Adapter/MS-ADTS-LDAP/AD_LDAPModelAdapter.cs [2747:4103]
public void ModifyOperation(
IDictionary<string, IList<string>> attribVal,
RightsOnAttributes rights,
string control,
ADImplementations service,
ServerVersion dcLevel,
bool isRODC,
out ConstrOnModOpErrs errorStatus)
{
Site.Log.Add(LogEntryKind.Debug, "[ModifyOperation]: Entering");
#region Variables
errorStatus = ConstrOnModOpErrs.success;
DirectoryAttributeModification modifyAttr = new DirectoryAttributeModification();
List<DirectoryAttributeModification> attrValsToBeModified = new List<DirectoryAttributeModification>();
string serverName = string.Empty;
string attrToModify = string.Empty;
string attrToGetObject = string.Empty;
string objectClass = string.Empty;
string objectDN = string.Empty;
ICollection<AdtsSearchResultEntryPacket> searchResponse;
string[] searchAttrVals = null;
#endregion
#region Connect and Bind
Site.Log.Add(LogEntryKind.Debug, "Construct the target host name from input: ");
foreach (List<string> attribnVals in attribVal.Values)
{
foreach (string item in attribnVals)
{
Site.Log.Add(LogEntryKind.Debug, "Attributes to identify object: {0}", item);
if (item.Contains("DC=NotPDCFSMO"))
{
serverName = ConstructServerHostName(isRODC, "DC=NotPDCFSMO");
}
else if (item.Contains("DC=notWritableDC"))
{
serverName = ConstructServerHostName(isRODC, "DC=notWritableDC");
}
else if (item.Contains("DC=writableDC"))
{
serverName = ConstructServerHostName(isRODC, "DC=WritableDC");
}
else if (item.Contains("DC=WritableDCNotSameDomain"))
{
serverName = ConstructServerHostName(isRODC, "DC=WritableDCNotSameDomain");
}
else if (isRODC)
{
serverName = RODCNetbiosName;
}
else
{
serverName = PDCNetbiosName;
}
}
}
foreach (string key in attribVal.Keys)
{
Site.Log.Add(LogEntryKind.Debug, "Attributes to be modified: {0}", key);
if (key.Contains("becomePdc"))
{
serverName = PDCNetbiosName;
}
if (key.Contains("runProtectAdminGroupsTask:NotPDCFSMOOwner"))
{
serverName = ConstructServerHostName(isRODC, "DC=NotPDCFSMO");
}
}
Site.Log.Add(LogEntryKind.Debug, "Constructed target host name: {0}", serverName);
Site.Log.Add(LogEntryKind.Debug, "Server isConnected: {0}", isConnected);
if (isConnected == false)
{
SetConnectAndBind(service, serverName);
}
#endregion
#region RootDSE Modify schemaUpdateNow
Site.Log.Add(LogEntryKind.Debug, "Update Schema Now: ");
// [MS-ADTS] section 3.1.1.3.3.13 schemaUpdateNow
// After the completion of this operation, the subschema exposed by the server reflects the current state
// of the schema as defined by the attributeSchema and classSchema objects in the schema NC.
DirectoryAttributeModification schemaRefresh = new DirectoryAttributeModification();
schemaRefresh.Name = "schemaUpdateNow";
schemaRefresh.Add("1");
schemaRefresh.Operation = DirectoryAttributeOperation.Add;
List<DirectoryAttributeModification> refreshAttributes = new List<DirectoryAttributeModification>();
refreshAttributes.Add(schemaRefresh);
try
{
Site.Log.Add(LogEntryKind.Debug, "[ModifyObject]: Entering");
result = adLdapClient.ModifyObject(null, refreshAttributes, null, isWindows);
Site.Log.Add(LogEntryKind.Debug, "[ModifyObject]: Exiting");
Site.Assert.IsTrue(result.ToLower().Contains("success"),
string.Format("RootDSE Modify operation on schemaUpdateNow should be successful, actual result: {0}", result));
}
catch (Exception ex)
{
result = string.Empty;
Site.Log.Add(LogEntryKind.Warning, "ModifyObject throw exception: {0}", ex.Message);
}
#endregion
#region Get information for objects and their attributes to be modified
Site.Log.Add(LogEntryKind.Debug, "Get information for objects and their attributes to be modified: ");
foreach (string key in attribVal.Keys)
{
Site.Log.Add(LogEntryKind.Debug, "Attributes to be modified: {0}", key);
#region For RootDSE Modify Negative Cases => remove all related Control Access Rights
Site.Log.Add(LogEntryKind.Debug, "For RootDSE Modify Negative Cases, remove all related Control Access Rights");
string attrName = key.Split(':')[0].Trim();
switch (attrName.ToLower(CultureInfo.InvariantCulture))
{
case "becomedomainmaster":
Utilities.SetControlAcessRights("CN=Partitions," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Domain_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "becomeinfrastructuremaster":
Utilities.SetControlAcessRights("CN=Infrastructure," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Infrastructure_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "becomepdc":
case "becomepdcwithcheckpoint":
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_PDC, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "becomeridmaster":
Utilities.SetControlAcessRights("CN=RID Manager$,CN=System," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Rid_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "becomeschemamaster":
Utilities.SetControlAcessRights(schemaNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Schema_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "checkphantoms":
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.DS_Check_Stale_Phantoms, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "dogarbagecollection":
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "dumpdatabase":
// The requester must be a member of the BUILTIN\Administrtors group
break;
case "fixupinheritance":
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Recalculate_Security_Inheritance, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "invalidateridpool":
Utilities.SetControlAcessRights("CN=RID Manager$,CN=System," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Rid_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "recalchierarchy":
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Recalculate_Hierarchy, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "schemaupdatenow":
Utilities.SetControlAcessRights(schemaNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Update_Schema_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Update_Schema_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "schemaupgradeinprogress":
// The requester must have the "Change-Schema-Master" control access right on the root of the schema NC replica.
break;
case "removelingeringobject":
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.DS_Replication_Synchronize, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "dolinkcleanup":
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "doonlinedefrag":
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "replicatesingleobject":
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.DS_Replication_Synchronize, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "updatecachedmemberships":
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Refresh_Group_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "dogarbagecollectionphantomsnow":
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "invalidategcconnection":
// The requester must be a member of either the BUILTIN\Administrators group or the BUILTIN\Server Operators group.
break;
case "renewservercertificate":
// The requester must have the "Reload-SSL-Certificate" control access right on the nTDSDSA object for the DC.
break;
case "rodcpurgeaccount":
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Read_Only_Replication_Secret_Synchronization, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "runsamupgradetasks":
// The requester MUST be a member of the "Domain Admins" group in the domain to perform this operation.
break;
case "sqmrunonce":
// The requester must have the SE_DEBUG_PRIVILEGE.
break;
case "runprotectadmingroupstask":
// The requester must have the "Run-Protect-Admin-Groups-Task" control access right on the domain root of the DC.
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Run_Protect_Admin_Groups_Task, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
break;
case "disableoptionalfeature":
// The requester must have the correct "Manage-Optional-Features" control access on the object representing the scope.
break;
case "enableoptionalfeature":
// The requester must have the "Manage-Optional-Features" control access right on the object representing the scope.
break;
case "dumpreferences":
// The requester must be a member of the BUILTIN\Administrators group.
break;
case "dumplinks":
// The requester must be a member of the BUILTIN\Administrators group.
break;
case "schemaupdateindicesnow":
// The requester must have the "Update-Schema-Cache" control access right on the nTDSDSA object for the DC or on the root of the schema NC.
break;
case "null":
break;
default:
break;
}
#endregion
#region Construct the list of attributes to be modified from parameter [attribVal]
Site.Log.Add(LogEntryKind.Debug, "Construct the attributes to be modified from: {0}", key);
attrToModify = key;
switch (service)
{
case ADImplementations.AD_LDS:
attrToModify = attrToModify.Replace("CN={368E6FB2-DBCB-41A1-B65B-18FAC4B5516E}", configurationNC.Split(',')[1]);
attrToModify = attrToModify.Replace("CN=ApplicationNamingContext,DC=adts88", defaultNC);
break;
case ADImplementations.AD_DS:
default:
attrToModify = attrToModify.Replace("DC=adts88", rootDomainNC);
attrToModify = attrToModify.Replace("ADTS_XP.adts88", string.Format("{0}.{1}", testComputer1Name, PrimaryDomainDnsName));
attrToModify = attrToModify.Replace("ADTS_XP", testComputer1Name);
attrToModify = attrToModify.Replace("ADTS88", rootDomainNC.Split(',')[0].Trim().Split('=')[1]);
break;
}
attrToModify = attrToModify.Replace("WIN-6IEHBFZ8AMV", currentWorkingDC.NetbiosName);
attrToModify = attrToModify.Replace("single-valuedAttribute", "street");
attrToModify = attrToModify.Replace("linkattribute", "member");
modifyAttr.Name = attrToModify.Split(':')[0].Trim();
//For R693, Value must be removed
if (attrToModify.Equals("DefunctAttribute7: noValue") || attrToModify.Equals("mayContain: noValue"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Delete;
}
else if (attrToModify.Equals("description: <Not Set>"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Delete;
//represents some junk value to be removed which is not set.
modifyAttr.Add("somejunkvalue");
}
else if (attrToModify.Equals("description: <Not Set1>"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Delete;
}
else if (attrToModify.Equals("description: <xyz>"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Add;
modifyAttr.Add("somejunkvalue");
}
else if (attrToModify.Equals("description: <xy>"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Add;
modifyAttr.Add("somejunkvalue");
}
else if (attrToModify.Equals("street: addValue"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Add;
modifyAttr.Add("suzhou street");
}
else if (attrToModify.Contains("member"))
{
if (attrToModify.Contains("removal"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Delete;
modifyAttr.Add(attrToModify.Split(':')[2].ToString());
}
else if (attrToModify.Contains("replacement"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Replace;
modifyAttr.Add(attrToModify.Split(':')[2].ToString());
}
}
else if (attrToModify.Contains("displayName"))
{
if (attrToModify.Contains("removal"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Delete;
}
}
else if (attrToModify.Contains("objectClass: 88object"))
{
modifyAttr.Operation = DirectoryAttributeOperation.Replace;
modifyAttr.Add("classSchema");
modifyAttr.Add("user");
}
else
{
if (attrToModify.Split(':')[1].Contains(";"))
{
if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("replicateSingleObject".ToLower(CultureInfo.InvariantCulture))
|| attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("removeLingeringObject".ToLower(CultureInfo.InvariantCulture)))
{
modifyAttr.Add(attrToModify.Split(':')[1].Trim());
}
else
{
modifyAttr.AddRange(attrToModify.Split(':')[1].Trim().Split(';'));
}
}
else
{
if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("replicateSingleObject".ToLower(CultureInfo.InvariantCulture))
|| attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("removeLingeringObject".ToLower(CultureInfo.InvariantCulture)))
{
modifyAttr.Add(attrToModify.Split(':')[1].Trim() + ":" + attrToModify.Split(':')[2].Trim());
}
else
{
modifyAttr.Add(attrToModify.Split(':')[1].Trim());
}
}
modifyAttr.Operation = DirectoryAttributeOperation.Replace;
}
Site.Log.Add(LogEntryKind.Debug, "Modify attribute name: {0}", modifyAttr.Name);
Site.Log.Add(LogEntryKind.Debug, "Modify attribute operation: {0}", modifyAttr.Operation);
foreach (string value in modifyAttr.GetValues(typeof(System.String)))
{
Site.Log.Add(LogEntryKind.Debug, "Modify attribute value: {0}", value);
}
attrValsToBeModified.Add(modifyAttr);
#endregion
#region Get the attributes that are used to find the object to be modified from parameter [attribVal]
Site.Log.Add(LogEntryKind.Debug, "Get the attributes that are used to find the object to be modified: ");
foreach (string values in attribVal[key])
{
attrToGetObject = values;
switch (service)
{
case ADImplementations.AD_LDS:
attrToGetObject = attrToGetObject.Replace("CN={368E6FB2-DBCB-41A1-B65B-18FAC4B5516E}", configurationNC.Split(',')[1]);
attrToGetObject = attrToGetObject.Replace("CN=ApplicationNamingContext,DC=adts88", defaultNC);
break;
case ADImplementations.AD_DS:
default:
attrToGetObject = attrToGetObject.Replace("DC=adts88", rootDomainNC);
attrToGetObject = attrToGetObject.Replace("ADTS_XP.adts88", string.Format("{0}.{1}", testComputer1Name, PrimaryDomainDnsName));
attrToGetObject = attrToGetObject.Replace("ADTS_XP", testComputer1Name);
attrToGetObject = attrToGetObject.Replace("ADTS88", rootDomainNC.Split(',')[0].Trim().Split('=')[1]);
break;
}
attrToGetObject = attrToGetObject.Replace("WIN-6IEHBFZ8AMV", currentWorkingDC.NetbiosName);
attrToGetObject = attrToGetObject.Replace("single-valuedAttribute", "street");
attrToGetObject = attrToGetObject.Replace("linkattribute", "member");
if (attrToGetObject.Contains("<GUID="))
{
testUserGuid = Utilities.GetUserGuid(
PDCNetbiosName,
PrimaryDomainDnsName,
ADDSPortNum,
testUserName,
testUserPwd,
testUserName);
attrToGetObject = attrToGetObject.Replace("<GUID=", "<GUID=" + testUserGuid);
}
if (attrToGetObject.Contains("<SID="))
{
testUserSid = Utilities.GetUserSid(
PDCNetbiosName,
PrimaryDomainDnsName,
testUserName,
testUserPwd,
testUserName);
attrToGetObject = attrToGetObject.Replace("<SID=", "<SID=" + testUserSid);
}
if (attrToGetObject.Contains("distinguishedName"))
{
objectDN = attrToGetObject.Split(':')[1].Trim();
if (objectDN.Equals("null"))
{
objectDN = null;
}
}
if (attrToGetObject.Contains("objectClass"))
{
objectClass = attrToGetObject.Split(':')[1].Trim();
}
}
#endregion
}
#endregion
#region Modify Operation
if (currentWorkingDC.OSVersion.Equals(ServerVersion.Win2003)
|| objectClass.Equals("msDS-PasswordSettings", StringComparison.InvariantCultureIgnoreCase))
{
errorStatus = ConstrOnModOpErrs.success;
}
else
{
#region Finalize object distinguished name
if (objectDN != null)
{
string rodcNTDSSettingsDN = string.Format("CN=NTDS Settings,CN={0},{1}", RODCNetbiosName, serversContainerDNForDs);
string pdcNTDSSettingsDN = string.Format("CN=NTDS Settings,CN={0},{1}", PDCNetbiosName, serversContainerDNForDs);
objectDN = objectDN.Replace("ADTS_XP", testComputer1Name);
objectDN = objectDN.Replace("DC=NotPDCFSMO", rootDomainNC);
objectDN = objectDN.Replace("CN=RODC,DC=writableDC", rodcNTDSSettingsDN);
objectDN = objectDN.Replace("CN=RODC,DC=notWritableDC", rodcNTDSSettingsDN);
objectDN = objectDN.Replace("CN=RODC,DC=WritableDCNotSameDomain", rodcNTDSSettingsDN);
objectDN = objectDN.Replace(pdcNTDSSettingsDN, rodcNTDSSettingsDN);
}
// Call modify to update deleted object
// objectDN = "CN=user6750,CN=Users,DC=contoso,DC=com"
// objectDN = "CN=user6751,CN=Users,DC=contoso,DC=com"
if (objectDN != null)
{
if(objectDN.Equals(testUser0DNForDs, StringComparison.InvariantCultureIgnoreCase)
|| objectDN.Equals(testUser1DNForDs, StringComparison.InvariantCultureIgnoreCase))
{
// the entry is deleted
if (!Utilities.IsObjectExist(objectDN, currentWorkingDC.FQDN, currentPort))
{
string guid = guidHashTable[objectDN].ToString();
string deletedBaseDN = "CN=Deleted Objects," + rootDomainNC;
string objCN = objectDN.Split(',')[0].Trim().ToString();
string deletedObjDN = objCN + "\\0ADEL:" + guid + "," + deletedBaseDN;
objectDN = deletedObjDN;
}
}
}
#endregion
#region Set Validated Writes for specific attributes modify
// [MS-ADTS] section 3.1.1.5.3.1.1.5 msDS-Behavior-Version
// When modification is taking place, the requester must have the Validated-MS-DS-Behavior-Version validated write right.
if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("msDS-Behavior-Version".ToLower(CultureInfo.InvariantCulture)))
{
Site.Log.Add(LogEntryKind.Debug, "Set Validated-Writes for modifying attribute: {0}", attrToModify);
string currentUser = testUserName;
string currentPwd = testUserPwd;
if (currentWorkingDC.NetbiosName.Equals(CDCNetbiosName))
{
currentUser = childAdminName;
currentPwd = childAdminPwd;
}
Site.Log.Add(LogEntryKind.Debug, "Domain: {0}, Username: {1}, Password: {2}", currentWorkingDC.Domain.FQDN, currentUser, currentPwd);
int retryCount = 0;
while (!Utilities.isAuthorizedOrNot(
objectDN,
currentUser,
currentWorkingDC.Domain.NetbiosName,
ActiveDirectoryRights.WriteProperty,
currentWorkingDC.FQDN,
testUserName,
testUserPwd))
{
if (retryCount++ > 5)
{
throw new TimeoutException();
}
Site.Log.Add(LogEntryKind.Debug, "WriteProperty access right is not set!");
Site.Log.Add(LogEntryKind.Debug, "Set WriteProperty access right...");
Utilities.SetAccessRights(
objectDN,
currentUser,
currentWorkingDC.Domain.NetbiosName,
ActiveDirectoryRights.WriteProperty,
AccessControlType.Allow,
currentWorkingDC.FQDN,
testUserName,
testUserPwd);
Site.Log.Add(LogEntryKind.Debug, "Sleep for 30 seconds for access right to take effect.");
System.Threading.Thread.Sleep(30000);
}
Site.Log.Add(LogEntryKind.Debug, "WriteProperty access right is set successfully!");
retryCount = 0;
while (!Utilities.isAuthorizedOrNotWithGuid(
objectDN,
currentUser,
currentWorkingDC.Domain.NetbiosName,
ActiveDirectoryRights.Self,
ValidatedWrite.Validated_MS_DS_Behavior_Version,
currentWorkingDC.FQDN,
testUserName,
testUserPwd))
{
if (retryCount++ > 5)
{
throw new TimeoutException();
}
Site.Log.Add(LogEntryKind.Debug, "Validated_MS_DS_Behavior_Version access right is not set!");
Site.Log.Add(LogEntryKind.Debug, "Set Validated_MS_DS_Behavior_Version access right...");
Utilities.SetControlAcessRights(
objectDN,
currentUser,
currentWorkingDC.Domain.NetbiosName,
ValidatedWrite.Validated_MS_DS_Behavior_Version,
ActiveDirectoryRights.Self,
AccessControlType.Allow,
currentWorkingDC.FQDN,
testUserName,
testUserPwd);
Site.Log.Add(LogEntryKind.Debug, "Sleep for 30 seconds for access right to take effect.");
System.Threading.Thread.Sleep(30000);
}
Site.Log.Add(LogEntryKind.Debug, "Validated_MS_DS_Behavior_Version access right is set successfully!");
}
#endregion
#region RootDSE Modify => set related Control Access Rights
#region becomeDomainMaster
if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomeDomainMaster".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=Partitions," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Domain_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=Partitions," + configurationNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Domain_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region becomeInfrastructureMaster
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomeInfrastructureMaster".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=Infrastructure," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Infrastructure_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=Infrastructure," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Infrastructure_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region becomePdc
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Split(':')[0].Trim().Equals("becomePdc".ToLower(CultureInfo.InvariantCulture)))
{
#region GettingDomainSid
NTAccount accountname = new NTAccount(currentWorkingDC.Domain.NetbiosName, testUserName);//NTAccount("Domain Name or Account Name?")
SecurityIdentifier sid = (SecurityIdentifier)accountname.Translate(typeof(SecurityIdentifier));//get the account SID
SecurityIdentifier Domainsid = sid.AccountDomainSid;//get the Domain SID
byte[] sidByteArray = new byte[Domainsid.BinaryLength];
Domainsid.GetBinaryForm(sidByteArray, 0);
#endregion
attrValsToBeModified.RemoveAt(0);
DirectoryAttributeModification becomePdcModifyAttr = new DirectoryAttributeModification();
becomePdcModifyAttr.Name = attrToModify.Split(':')[0].Trim();
becomePdcModifyAttr.Add(sidByteArray);
becomePdcModifyAttr.Operation = DirectoryAttributeOperation.Add;
attrValsToBeModified.Add(becomePdcModifyAttr);
Utilities.RemoveControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_PDC, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_PDC, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region becomePdcWithCheckPoint
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomePdcWithCheckPoint".ToLower(CultureInfo.InvariantCulture)))
{
#region GettingDomainSid
NTAccount accountname = new NTAccount(currentWorkingDC.Domain.NetbiosName, testUserName);//NTAccount("Domain Name or Account Name")
SecurityIdentifier sid = (SecurityIdentifier)accountname.Translate(typeof(SecurityIdentifier));//get the account SID
SecurityIdentifier Domainsid = sid.AccountDomainSid;//get the Domain SID
byte[] sidByteArray = new byte[Domainsid.BinaryLength];
Domainsid.GetBinaryForm(sidByteArray, 0);
#endregion
attrValsToBeModified.RemoveAt(0);
DirectoryAttributeModification becomePdcWithCheckPoint = new DirectoryAttributeModification();
becomePdcWithCheckPoint.Name = attrToModify.Split(':')[0].Trim();
becomePdcWithCheckPoint.Add(sidByteArray);
becomePdcWithCheckPoint.Operation = DirectoryAttributeOperation.Add;
attrValsToBeModified.Add(becomePdcWithCheckPoint);
Utilities.RemoveControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_PDC, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_PDC, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region becomeRidMaster
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomeRidMaster".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=RID Manager$,CN=System," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Rid_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=RID Manager$,CN=System," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Rid_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
Utilities.SetAccessRights("CN=RID-Manager-Reference," + schemaNC, testUserName, currentWorkingDC.Domain.NetbiosName, ActiveDirectoryRights.ReadProperty, AccessControlType.Allow);
}
#endregion
#region becomeSchemaMaster
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomeSchemaMaster".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights(schemaNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Schema_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights(schemaNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Schema_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region checkPhantoms
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("checkPhantoms".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.DS_Check_Stale_Phantoms, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.DS_Check_Stale_Phantoms, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
Site.CaptureRequirement(267, "Each of the rootDSE modify operations is executed by performing an LDAP modify operation with a NULL DN for the object to be modified (indicating the rootDSE) and specifying the name of the modify operation as the attribute to be modified.");
}
#endregion
#region doGarbageCollection
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Split(':')[0].Trim().Equals("doGarbageCollection".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
Site.CaptureRequirement(267, "Each of the rootDSE modify operations is executed by performing an LDAP modify operation with a NULL DN for the object to be modified (indicating the rootDSE) and specifying the name of the modify operation as the attribute to be modified.");
}
#endregion
// dumpDatabase, in RootDseModifyOperations Test Case
#region fixupInheritance
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("fixupInheritance".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Recalculate_Security_Inheritance, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Recalculate_Security_Inheritance, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
Site.CaptureRequirement(267, "Each of the rootDSE modify operations is executed by performing an LDAP modify operation with a NULL DN for the object to be modified (indicating the rootDSE) and specifying the name of the modify operation as the attribute to be modified.");
}
#endregion
#region invalidateRidPool
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("invalidateRidPool".ToLower(CultureInfo.InvariantCulture)))
{
#region GettingDomainSid
NTAccount accountname = new NTAccount(currentWorkingDC.Domain.NetbiosName, testUserName);//NTAccount("Domain Name or Account Name")
SecurityIdentifier sid = (SecurityIdentifier)accountname.Translate(typeof(SecurityIdentifier));//get the account SID
SecurityIdentifier Domainsid = sid.AccountDomainSid;//get the Domain SID
byte[] sidByteArray = new byte[Domainsid.BinaryLength];
Domainsid.GetBinaryForm(sidByteArray, 0);
#endregion
attrValsToBeModified.RemoveAt(0);
DirectoryAttributeModification invalidateRIDPool = new DirectoryAttributeModification();
invalidateRIDPool.Name = attrToModify.Split(':')[0].Trim();
invalidateRIDPool.Add(sidByteArray);
invalidateRIDPool.Operation = DirectoryAttributeOperation.Add;
attrValsToBeModified.Add(invalidateRIDPool);
Utilities.RemoveControlAcessRights("CN=RID Manager$,CN=System," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Rid_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=RID Manager$,CN=System," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Change_Rid_Master, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
Utilities.SetAccessRights("CN=RID-Manager-Reference," + schemaNC, testUserName, currentWorkingDC.Domain.NetbiosName, ActiveDirectoryRights.ReadProperty, AccessControlType.Allow);
}
#endregion
#region recalcHierarchy
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("recalcHierarchy".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Recalculate_Hierarchy, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Recalculate_Hierarchy, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region schemaUpdateNow
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("schemaUpdateNow".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=Schema,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Update_Schema_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=Schema,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Update_Schema_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Update_Schema_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Update_Schema_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
// schemaUpgradeInProgress, in AD_DS_RootDSEModify_schema_upgrade_in_progress Test Case
#region removeLingeringObject
// see replicateSingleObject, both require the same Central Access Rights
#endregion
#region doLinkCleanup
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("doLinkCleanup".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region doOnlineDefrag
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("doOnlineDefrag".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region replicateSingleObject
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("replicateSingleObject".ToLower(CultureInfo.InvariantCulture)) || attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("removeLingeringObject".ToLower(CultureInfo.InvariantCulture)))
{
if (!attrToModify.Contains(";"))
{
Utilities.RemoveControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.DS_Replication_Synchronize, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.DS_Replication_Synchronize, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
}
#endregion
#region updateCachedMemberships
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("updateCachedMemberships".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Refresh_Group_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Refresh_Group_Cache, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
#region doGarbageCollectionPhantomsNow
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("doGarbageCollectionPhantomsNow".ToLower(CultureInfo.InvariantCulture)))
{
Utilities.RemoveControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights("CN=NTDS Settings,CN=" + currentWorkingDC.NetbiosName + ",CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration," + rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Do_Garbage_Collection, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
#endregion
// invalidateGCConnection, in RootDseModifyOperations Test Case
// renewServerCertificate, in RootDseModifyOperations Test Case
#region rODCPurgeAccount
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("rODCPurgeAccount".ToLower(CultureInfo.InvariantCulture)))
{
if ((service == ADImplementations.AD_DS) && (currentWorkingDC.OSVersion >= ServerVersion.Win2008))
{
Utilities.RemoveControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Read_Only_Replication_Secret_Synchronization, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Read_Only_Replication_Secret_Synchronization, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
}
#endregion
// runSamUpgradeTasks, in RootDseModifyOperations Test Case
// sqmRunOnce, in RootDSELds Test Case
// runProtectAdminGroupsTask
#region runProtectAdminGroupsTask
else if (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("runProtectAdminGroupsTask".ToLower(CultureInfo.InvariantCulture)))
{
if ((service == ADImplementations.AD_DS) && (currentWorkingDC.OSVersion >= ServerVersion.Win2008R2))
{
attrValsToBeModified.RemoveAt(0);
DirectoryAttributeModification runProtectAdminGroupsTask = new DirectoryAttributeModification();
runProtectAdminGroupsTask.Name = attrToModify.Split(':')[0].Trim();
runProtectAdminGroupsTask.Add("1");
runProtectAdminGroupsTask.Operation = DirectoryAttributeOperation.Add;
attrValsToBeModified.Add(runProtectAdminGroupsTask);
Utilities.RemoveControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Run_Protect_Admin_Groups_Task, ActiveDirectoryRights.ExtendedRight, AccessControlType.Deny);
Utilities.SetControlAcessRights(rootDomainNC, testUserName, currentWorkingDC.Domain.NetbiosName, ControlAccessRight.Run_Protect_Admin_Groups_Task, ActiveDirectoryRights.ExtendedRight, AccessControlType.Allow);
}
}
#endregion
// disableOptionalFeature
// enableOptionalFeature
// dumpReferences, in RootDseModifyOperations Test Case
// dumpLinks, in RootDseModifyOperations Test Case
// schemaUpdateIndicesNow, in RootDseModifyOperations Test Case
// null
#endregion
#region Modify Object
result = adLdapClient.ModifyObject(
objectDN,
attrValsToBeModified,
null,
isWindows);
// get error code
if (!isWindows)
{
#region Switch ErrorStatus Non-Windows
switch (result)
{
case "UnwillingToPerform":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_UnKnownError;
break;
case "Referral":
errorStatus = ConstrOnModOpErrs.referral_UnKnownError;
break;
case "NotAllowedOnRDN":
errorStatus = ConstrOnModOpErrs.NotAllowedOnRdn_UnKnownError;
break;
case "NoSuchObject":
errorStatus = ConstrOnModOpErrs.NoSuchObject_UnKnownError;
break;
case "ConstraintViolation":
errorStatus = ConstrOnModOpErrs.ConstraintViolation_UnKnownError;
break;
case "NoSuchAttribute":
errorStatus = ConstrOnModOpErrs.NoSuchAttribute_UnKnownError;
break;
case "ObjectClassViolation":
errorStatus = ConstrOnModOpErrs.ObjectClassViolation_UnKnownError;
break;
case "AttributeOrValueExists":
errorStatus = ConstrOnModOpErrs.AttributeOrValueExists_UnKnownError;
break;
case "UndefinedAttributeType":
errorStatus = ConstrOnModOpErrs.UndefinedAttributeType_UnKnownError;
break;
case "ERROR_DS_OBJ_NOT_FOUND":
errorStatus = ConstrOnModOpErrs.OperationsError_ERROR_DS_OBJ_NOT_FOUND;
break;
case "Success":
errorStatus = ConstrOnModOpErrs.success;
break;
default:
errorStatus = ConstrOnModOpErrs.UnspecifiedError;
break;
}
#endregion
}
else
{
#region Switch ErrorStatus Windows
switch (result)
{
case "UnwillingToPerform_ERROR_DS_HIGH_DSA_VERSION":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_DS_HIGH_DSA_VERSION;
break;
case "UnwillingToPerform_ERROR_DS_ILLEGAL_MOD_OPERATION":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_DS_ILLEGAL_MOD_OPERATION;
break;
case "UnwillingToPerform_ERROR_DS_SECURITY_ILLEGAL_MODIFY":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_DS_SECURITY_ILLEGAL_MODIFY;
break;
case "UnwillingToPerform_ERROR_DS_CONSTRUCTED_ATT_MOD":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_DS_CONSTRUCTED_ATT_MOD;
break;
case "UnwillingToPerform_ERROR_DS_INVALID_ROLE_OWNER":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_DS_INVALID_ROLE_OWNER;
break;
case "UnwillingToPerform_ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_DS_ILLEGAL_BASE_SCHEMA_MOD;
break;
case "Referral_ERROR_DS_REFERRAL":
errorStatus = ConstrOnModOpErrs.referral_ERROR_DS_REFERRAL;
break;
case "NotAllowedOnRdn_UnKnownError":
errorStatus = ConstrOnModOpErrs.NotAllowedOnRdn_UnKnownError;
break;
case "UndefinedAttributeType_ERROR_DS_ATT_NOT_DEF_IN_SCHEMA":
errorStatus = ConstrOnModOpErrs.UndefinedAttributeType_ERROR_DS_ATT_NOT_DEF_IN_SCHEMA;
break;
case "NotAllowedOnRdn_ERROR_DS_CANT_MOD_SYSTEM_ONLY":
errorStatus = ConstrOnModOpErrs.NotAllowedOnRDN_ERROR_DS_CANT_MOD_SYSTEM_ONLY;
break;
case "NoSuchObject_UnKnownError":
errorStatus = ConstrOnModOpErrs.NoSuchObject_UnKnownError;
break;
case "NoSuchAttribute_ERROR_DS_CANT_REM_MISSING_ATT_VAL":
errorStatus = ConstrOnModOpErrs.NoSuchAttribute_ERROR_DS_CANT_REM_MISSING_ATT_VAL;
break;
case "UnwillingToPerform_ERROR_DS_NOT_SUPPORTED":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_DS_NOT_SUPPORTED;
break;
case "NoSuchAttribute_ERROR_DS_ATT_IS_NOT_ON_OBJ":
errorStatus = ConstrOnModOpErrs.NoSuchAttribute_ERROR_DS_ATT_IS_NOT_ON_OBJ;
break;
case "ConstraintViolation_ERROR_DS_OBJ_CLASS_VIOLATION":
errorStatus = ConstrOnModOpErrs.ConstraintViolation_ERROR_DS_OBJ_CLASS_VIOLATION;
break;
case "UnwillingToPerform_UnKnownError":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_UnKnownError;
break;
case "ObjectClassViolation_ERROR_DS_OBJECT_CLASS_REQUIRED":
errorStatus = ConstrOnModOpErrs.ObjectClassViolation_ERROR_DS_OBJECT_CLASS_REQUIRED;
break;
case "ConstraintViolation_ERROR_DS_NAME_NOT_UNIQUE":
errorStatus = ConstrOnModOpErrs.ConstraintViolation_ERROR_DS_NAME_NOT_UNIQUE;
break;
case "ConstraintViolation_ERROR_DS_SPN_VALUE_NOT_UNIQUE_IN_FOREST":
errorStatus = ConstrOnModOpErrs.ConstraintViolation_ERROR_DS_SPN_VALUE_NOT_UNIQUE_IN_FOREST;
break;
case "ConstraintViolation_ERROR_DS_UPN_VALUE_NOT_UNIQUE_IN_FOREST":
errorStatus = ConstrOnModOpErrs.ConstraintViolation_ERROR_DS_UPN_VALUE_NOT_UNIQUE_IN_FOREST;
break;
case "ConstraintViolation_ERROR_INVALID_PARAMETER":
errorStatus = ConstrOnModOpErrs.ConstraintViolation_ERROR_INVALID_PARAMETER;
break;
case "ConstraintViolation_ERROR_DS_CONSTRAINT_VIOLATION":
errorStatus = ConstrOnModOpErrs.ConstraintViolation_ERROR_DS_CONSTRAINT_VIOLATION;
break;
case "ConstraintViolation_ERROR_DS_CANT_MOD_SYSTEM_ONLY":
errorStatus = ConstrOnModOpErrs.ConstraintViolation_ERROR_DS_CANT_MOD_SYSTEM_ONLY;
break;
case "AttributeOrValueExists_ERROR_DS_ATT_VAL_ALREADY_EXISTS":
errorStatus = ConstrOnModOpErrs.AttributeOrValueExists_ERROR_DS_ATT_VAL_ALREADY_EXISTS;
break;
case "NoSuchAttribute_ERROR_INVALID_PARAMETER":
errorStatus = ConstrOnModOpErrs.NoSuchAttribute_ERROR_INVALID_PARAMETER;
break;
case "ObjectClassViolation_ERROR_DS_ILLEGAL_MOD_OPERATION":
errorStatus = ConstrOnModOpErrs.ObjectClassViolation_ERROR_DS_ILLEGAL_MOD_OPERATION;
break;
case "ObjectClassViolation_ERROR_DS_OBJ_CLASS_NOT_SUBCLASS":
errorStatus = ConstrOnModOpErrs.ObjectClassViolation_ERROR_DS_OBJ_CLASS_NOT_SUBCLASS;
break;
case "OperationsError_ERROR_DS_OBJ_NOT_FOUND":
errorStatus = ConstrOnModOpErrs.OperationsError_ERROR_DS_OBJ_NOT_FOUND;
break;
case "NoSuchObject_ERROR_DS_OBJ_NOT_FOUND":
errorStatus = ConstrOnModOpErrs.NoSuchObject_UnKnownError;
break;
case "UnwillingToPerform_ERROR_DS_LOW_DSA_VERSION":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_DS_LOW_DSA_VERSION;
break;
case "InsufficientAccessRights_UnKnownError":
errorStatus = ConstrOnModOpErrs.insufficientAccessRights;
break;
case "OperationsError_ERROR_DS_GENERIC_ERROR":
errorStatus = ConstrOnModOpErrs.OperationsError_ERROR_DS_GENERIC_ERROR;
break;
case "UnwillingToPerform_ERROR_INVALID_PARAMETER":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_ERROR_INVALID_PARAMETER;
break;
case "UnwillingToPerform_ERROR_NOT_FOUND":
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_UnKnownError;
break;
case "Success_STATUS_SUCCESS":
errorStatus = ConstrOnModOpErrs.success;
break;
default:
errorStatus = ConstrOnModOpErrs.UnspecifiedError;
break;
}
#endregion
}
#endregion
#region Requirements on Modify Operations
if (errorStatus.Equals(ConstrOnModOpErrs.success))
{
#region Verify RootDSE Modify
#region MS-AD_LDAP 292, 1144
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("checkPhantoms".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(292, "The requester must have the \"DS-Check-Stale-Phantoms\" control access right on the nTDSDSA object for the DC while performing checkPhantoms rootDSE modify operation.");
Site.CaptureRequirement(1144, "checkPhantoms rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3 and Windows Server 2008 AD DS, Windows Server 2008 R2 AD DS.");
}
#endregion
#region MS-AD_LDAP 295, 1146
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("doGarbageCollection".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(295, "The requester must have the \"Do-Garbage-Collection\" control access right on the DC's DSA object, while performing doGarbageCollection rootDSE modify operation.");
Site.CaptureRequirement(1146, "doGarbageCollection rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 301, 1148
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("fixupInheritance".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(301, "The requester must have the \"Recalculate-Security-Inheritance\" control access right on the nTDSDSA object for the DC, while performing fixupInheritance rootDSE modify operation.");
Site.CaptureRequirement(1148, "fixupInheritance rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 308, 1151
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("recalcHierarchy".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(308, "The requester must have the \"Recalculate-Hierarchy\" control access right on the nTDSDSA object for the DC, while performing recalcHierarchy rootDSE modify operation.");
Site.CaptureRequirement(1151, "recalcHierarchy rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3 and Windows Server 2008 AD DS, Windows Server 2008 R2 AD DS.");
}
#endregion
#region MS-AD_LDAP 310, 1153
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("schemaUpdateNow".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(310, "The requester must have the \"Update-Schema-Cache\" control access right on the nTDSDSA object for the DC or on the root of the schema NC, while performing schemaUpdateNow rootDSE modify operation.");
Site.CaptureRequirement(1153, "schemaUpdateNow rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 321, 1156
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("doLinkCleanup".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(321, "The requester must have the \"Do-Garbage-Collection\" control access right on the nTDSDSA object for the DC, while performing doLinkCleanup rootDSE modify operation.");
Site.CaptureRequirement(1156, "doLinkCleanup rootDSE attribute is supported by Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 324, 325, 1158
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("doOnlineDefrag".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(324, "The requester must have the \"Do-Garbage-Collection\" control access right on the nTDSDSA object for the DC, while performing doOnlineDefrag rootDSE modify operation.");
Site.CaptureRequirement(325, "Client performs a doOnlineDefrag operation by performing an LDAP modify operation with a NULL DN for the object and specifying \"doOnlineDefrag\" as the attribute to be modified.");
Site.CaptureRequirement(1158, "doOnlineDefrag rootDSE attribute is supported by Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 327, 1160
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("replicateSingleObject".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(327, "The requester must have the \"DS-Replication-Synchronize\" control access right on the root of the NC that contains the object to be replicated, while performing replicateSingleObject rootDSE modify operation.");
Site.CaptureRequirement(1160, "replicateSingleObject rootDSE attribute is supported by Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 324, 330, 1162
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("updateCachedMemberships".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(324, "The requester must have the \"Do-Garbage-Collection\" control access right on the nTDSDSA object for the DC, while performing doOnlineDefrag rootDSE modify operation.");
Site.CaptureRequirement(330, "The requester must have the \"Refresh-Group-Cache\" control access right on the nTDSDSA object for the DC, while performing updateCachedMemberships rootDSE modify operation.");
Site.CaptureRequirement(1162, "updateCachedMemberships rootDSE attribute is supported by Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS.");
}
#endregion
#region MS-AD_LDAP 332, 1164
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("doGarbageCollectionPhantomsNow".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(332, "The requester must have the \"Refresh-Group-Cache\" control access right on the nTDSDSA object for the DC, while performing doGarbageCollectionPhantomsNow rootDSE modify operation.");
Site.CaptureRequirement(1164, "doGarbageCollection PhantomsNow rootDSE attribute is supported by Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 340, 1170
if (currentWorkingDC.OSVersion >= ServerVersion.Win2008
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("rODCPurgeAccount".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(340, "The requester must have the \"Read-Only-Replication-Secret-Synchronization\" control access right on the root of the default NC, while performing rODCPurgeAccount rootDSE modify operation.");
Site.CaptureRequirement(1170, "rODCPurgeAccount rootDSE attribute is supported by Windows Server 2008 AD DS and Windows Server 2008 R2 AD DS.");
}
#endregion
#region MS-AD_LDAP 269, 271, 1131, 1134
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomeDomainMaster".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(269, "The requester must have the \"Change-Domain-Master\" control access right on the Partitions container in the config NC for becomeDomainMaster rootDSE modify operation to succeed.");
Site.CaptureRequirement(271, "Client performs a becomeDomainMaster operation by performing an LDAP modify operation with a NULL DN for the object and specifying \"becomeDomainMaster\" as the attribute to be modified.");
Site.CaptureRequirement(1131, "becomeDomainMaster and becomeInfrastructureMaster rootDSE attributes are write-only.");
Site.CaptureRequirement(1134, "becomeDomainMaster rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 273, 275, 1135
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomeInfrastructureMaster".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(273, "The requester must have the \"Change-Infrastructure-Master\" control access right on the Infrastructure container in the domain NC-replica, while performing becomeInfrastructureMaster rootDSE modify operation.");
Site.CaptureRequirement(275, "Client performs a becomeInfrastructureMaster operation by performing an LDAP modify operation with a NULL DN for the object and specifying \"becomeInfrastructureMaster\" as the attribute to be modified.");
Site.CaptureRequirement(1135, "becomeInfrastructureMaster rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3 and Windows Server 2008 AD DS, Windows Server 2008 R2 AD DS.");
}
#endregion
#region MS-AD_LDAP 284, 1141, 1178
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomeRidMaster".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(284, "While performing becomeRidMaster rootDSE modify Operations, the requester must have the \"Change-RID-Master\" control access right on the RID Manager object, which is the object referenced by the rIDManagerReference attribute located on the root of the domain NC.");
Site.CaptureRequirement(1141, "becomeRidMaster rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3 and Windows Server 2008 AD DS, Windows Server 2008 R2 AD DS.");
Site.CaptureRequirement(1178, "While performing becomeRidMaster rootDSE modify operation, the requester must have the read permission on the rIDManagerReference attribute.");
}
#endregion
#region MS-AD_LDAP 305, 1149
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("invalidateRidPool".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(305, "The requester must have the read permission on the rIDManagerReference attribute, while performing invalidateRidPool rootDSE modify operation.");
Site.CaptureRequirement(1149, "invalidateRidPool rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3 and Windows Server 2008 AD DS, Windows Server 2008 R2 AD DS.");
}
#endregion
#region MS-AD_LDAP 288, 1143
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomeSchemaMaster".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(288, "The requester must have the \"Change-Schema-Master\" control access right on the root of the schema NC-replica, while performing becomeSchemaMaster rootDSE modify operation.");
Site.CaptureRequirement(1143, "becomeSchemaMaster rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#region MS-AD_LDAP 1137
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomePdc".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(1137, "becomePdc rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3 and Windows Server 2008 AD DS, Windows Server 2008 R2 AD DS.");
}
#endregion
#region MS-AD_LDAP 1139
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("becomePdcWithCheckPoint".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(1139, "becomePdcWithCheckPoint rootDSE attribute is supported by Windows 2000, Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3 and Windows Server 2008 AD DS, Windows Server 2008 R2 AD DS.");
}
#endregion
#region MS-AD_LDAP 1154
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("removeLingeringObject".ToLower(CultureInfo.InvariantCulture)))
{
Site.CaptureRequirement(1154, "removeLingeringObject rootDSE attribute is supported by Windows 2000 SP1, Windows Server 2003, Windows Server 2003 SP3, Windows Server 2008 AD DS and Windows Server 2008 AD LDS, Windows Server 2008 R2 AD DS and Windows Server 2008 R2 AD LDS.");
}
#endregion
#endregion
#region Verify Dynamic Object TTL
if (objectDN != null && objectDN.Equals(testUser6DNForDs, StringComparison.InvariantCultureIgnoreCase))
{
int entryTTLValue = int.Parse(Utilities.GetAttributeFromEntry(objectDN, "entryTTL", currentWorkingDC.FQDN, currentPort).ToString(), CultureInfo.InvariantCulture);
VerifyEntryTTL(entryTTLValue, dynamicObjectMinTTL, dynamicObjectTTLModify);
}
#endregion
#region Verify ObjectClass Holes
if (objectClass.ToLower(CultureInfo.InvariantCulture).Contains("inetOrgPerson".ToLower(CultureInfo.InvariantCulture)))
{
result = adLdapClient.SearchObject(
objectDN,
System.DirectoryServices.Protocols.SearchScope.Subtree,
"(objectClass=user)",
null,
null,
out searchResponse);
Site.Assert.IsTrue(result.ToLower().Contains("success"),
string.Format("Search operation on {0} should be successful, actual result: {1}", objectDN, result));
if (searchResponse != null)
{
foreach (AdtsSearchResultEntryPacket entrypacket in searchResponse)
{
searchAttrVals = adLdapClient.GetAttributeValuesInString(entrypacket, "objectClass");
Site.CaptureRequirementIfIsTrue(
(searchAttrVals.Length > 1),
750,
@"[If the DC functional level is DS_BEHAVIOR_WIN2003 or greater, then originating updates of the objectClass attribute are permitted]
If the set of object classes specified by an update contains 'holes' the server fills the 'holes' during the update.");
}
}
}
#endregion
#region Verify CrossRef objects modify are only allowed in domain naming FSMO DC
if (objectClass.ToLower(CultureInfo.InvariantCulture).Contains("crossRef"))
{
//Checks for Domain Naming FSMO.
Site.CaptureRequirementIfAreEqual<string>(
Utilities.GetFsmo("CN=Partitions," + configurationNC),
("CN=" + currentWorkingDC.NetbiosName),
687,
@"During the modify operation, changes to objects in the Partitions container (class crossRef) are only allowed when
the DC is the domain naming FSMO.");
}
#endregion
}
else
{
#region Verify RootDSE Modify Errors
#region MS-AD_LDAP 1192
if (currentWorkingDC.OSVersion >= ServerVersion.Win2003
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("replicateSingleObject".ToLower(CultureInfo.InvariantCulture))
&& errorStatus.Equals(ConstrOnModOpErrs.OperationsError_ERROR_DS_GENERIC_ERROR))
{
Site.CaptureRequirement(1192, "If the DN specified in replicateSingleObject operation is not in the specified format, the server rejects the request with the error operationsError.");
}
#endregion
#region MS-AD_LDAP 344
if (currentWorkingDC.OSVersion >= ServerVersion.Win2008
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("rODCPurgeAccount".ToLower(CultureInfo.InvariantCulture))
&& !isRODC
&& errorStatus.Equals(ConstrOnModOpErrs.OperationsError_ERROR_DS_GENERIC_ERROR))
{
Site.CaptureRequirement(344, "While performing rODCPurgeAccountrootDSE modify operation, if the operation is sent to a DC that is not an RODC, then the error operationsError / ERROR_DS_GENERIC_ERROR is returned.");
}
#endregion
#endregion
}
#endregion
}
#endregion
#region Return values for specific attributes
//Check to handle the error code returned when tried to modify "defaultNamingContext" and "currentTime" attributes as the corresponding windows error code is not provided by the TD.
if (result.ToLower(CultureInfo.InvariantCulture).Contains("UnwillingToPerform".ToLower(CultureInfo.InvariantCulture))
&& (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("defaultNamingContext".ToLower(CultureInfo.InvariantCulture))
|| attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("currentTime".ToLower(CultureInfo.InvariantCulture))))
{
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_UnKnownError;
}
if (result.ToLower(CultureInfo.InvariantCulture).Contains("NotAllowedOnRdn".ToLower(CultureInfo.InvariantCulture))
&& attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("users+user67"))
{
errorStatus = ConstrOnModOpErrs.NotAllowedOnRdn_UnKnownError;
}
//Check for RODC ErrorStatus
if (isRODC && result.ToLower(CultureInfo.InvariantCulture).Contains("NoSuchObject".ToLower(CultureInfo.InvariantCulture)))
{
errorStatus = ConstrOnModOpErrs.NoSuchObject_UnKnownError;
}
if ((errorStatus != ConstrOnModOpErrs.success)
&& (attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("memberOf".ToLower(CultureInfo.InvariantCulture))
|| attrToModify.ToLower(CultureInfo.InvariantCulture).Contains("Aggregate".ToLower(CultureInfo.InvariantCulture))))
{
errorStatus = ConstrOnModOpErrs.UnspecifiedError;
}
if (objectDN != null)
{
if ((errorStatus != ConstrOnModOpErrs.success)
&& ((objectDN.ToLower(CultureInfo.InvariantCulture).Contains("CN=Reps-From".ToLower(CultureInfo.InvariantCulture)))
|| objectDN.ToLower(CultureInfo.InvariantCulture).Contains("CN=Given-Name".ToLower(CultureInfo.InvariantCulture))
|| objectDN.ToLower(CultureInfo.InvariantCulture).Contains("CN=Site-Link".ToLower(CultureInfo.InvariantCulture))
|| objectDN.ToLower(CultureInfo.InvariantCulture).Contains("CN=top".ToLower(CultureInfo.InvariantCulture))))
{
errorStatus = ConstrOnModOpErrs.UnwillingToPerform_UnKnownError;
}
}
#endregion
Site.Log.Add(LogEntryKind.Debug, "[ModifyOperation]: Exiting");
}