Hi I have an exe which I run and it runs under the context of my logged in domain account. The code just queries active directory for users under a specific OU. I run this code from a machine which is joined to the forest: CompanyNameDomain.NET.
Now the security team are asking me to ensure that all communication between this script and the domain controller is secure, encrypted etc. Please note that I'm not passing username /password data in the DirectoryEntry() constructor. I have looked on StackOverflow and most of the questions are about how to encrypt authentication by passing username/password in the DirectoryEntry constructor. But my question is how to ensure all communication between this script and domain controller is encrypted? The code works without any issues. I just don't know if I need to do something else? I use :636 in the LDAP moniker value.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.DirectoryServices;
namespace ConsoleApplication1
{
public class CompanyNameExtranetUser
{
public byte[] objectGUID { get; set; }
public string sAMAccountName { get; set; }
public string givenName { get; set; }
public string sn { get; set; }
public string displayName { get; set; }
public string telephoneNumber { get; set; }
public string extensionAttribute1 { get; set; }
public string extensionAttribute5 { get; set; }
public string extensionAttribute8 { get; set; }
public int userAccountControl { get; set; }
public bool isEnabled { get; set; }
private string _mail;
public string mail { get { return _mail; } set { _mail = value.ToLower(); } }
public string inviteId { get; set; }
public string AzureObjectId { get; set; }
}
class Program
{
static void Main(string[] args)
{
const int UF_ACCOUNTDISABLE = 0x0002;
string ldapPath = "LDAP://CompanyNameDomain.NET:636/OU=CompanyNameClientsSCIMProv,DC=CompanyNameDomain,DC=NET";
DirectoryEntry _de = new DirectoryEntry(ldapPath);
string ldapFilter = "(&(objectClass=user)(extensionAttribute8=2))";
List<CompanyNameExtranetUser> _CompanyNameExtranetUsers;
SearchResultCollection src;
string[] _attributeList = {
"objectGUID",
"sAMAccountName",
"mail",
"givenName",
"sn",
"displayName",
"telephoneNumber",
"userAccountControl",
"extensionAttribute1",
"extensionAttribute5",
"extensionAttribute8"
};
try
{
using (DirectorySearcher _ds = new DirectorySearcher(_de))
{
_ds.SearchScope = SearchScope.Subtree;
_ds.Filter = ldapFilter;
_ds.PropertiesToLoad.AddRange(_attributeList);
_ds.Asynchronous = true;
src = _ds.FindAll();
if (src.Count > 0)
{
_CompanyNameExtranetUsers = new List<CompanyNameExtranetUser>();
foreach (SearchResult sr in src)
{
CompanyNameExtranetUser user = new CompanyNameExtranetUser();
foreach (string _attributeName in _ds.PropertiesToLoad)
{
try
{
switch (_attributeName)
{
case "sAMAccountName":
user.sAMAccountName = sr.Properties[_attributeName][0].ToString();
break;
case "mail":
user.mail = sr.Properties[_attributeName][0].ToString();
break;
case "extensionAttribute1":
user.extensionAttribute1 = sr.Properties[_attributeName][0].ToString();
break;
case "extensionAttribute5":
user.extensionAttribute5 = sr.Properties[_attributeName][0].ToString();
break;
case "extensionAttribute8":
user.extensionAttribute8 = sr.Properties[_attributeName][0].ToString();
break;
case "telephoneNumber":
user.telephoneNumber = sr.Properties[_attributeName][0].ToString();
break;
case "givenName":
user.givenName = sr.Properties[_attributeName][0].ToString();
break;
case "sn":
user.sn = sr.Properties[_attributeName][0].ToString();
break;
case "displayName":
user.displayName = sr.Properties[_attributeName][0].ToString();
break;
case "objectGUID":
user.objectGUID = (byte[])sr.Properties[_attributeName][0];
break;
case "userAccountControl":
user.userAccountControl = (Int32)sr.Properties[_attributeName][0];
user.isEnabled = Convert.ToBoolean(user.userAccountControl & UF_ACCOUNTDISABLE) ? false : true;
break;
default:
break;
}
}
catch (ArgumentOutOfRangeException Ex)
{
// do nothing.
}
}
_CompanyNameExtranetUsers.Add(user);
Console.WriteLine(string.Format("{0}", user.mail));
}
}
}
}
catch(Exception Ex1)
{
}
}
}
}