Active Directory and SSIS

I was looking into ways to get the owner of an Active Directory user. I looked at VBScript and C#.NET. While searching for code and while looking at the objects available in .NET using the object browser I found this MSDN blog entry by Alex Tcherniakhovski.

Extracting object ownership information from Active Directory into SQL

One fact mentioned near the bottom of the blog entry is yet another testimony to keep the Domain Admins group small.

Yet another reason to keep Domain Admins group small.

VBScript

Option Explicit

Dim sADDN,objUser,objNtSecurityDescriptor

sADDN = "LDAP://YourContextHere"

Set objUser = GetObject (sADDN)
 
Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.Owner

C#.NET

References Used
Name: System.DirectoryServices
Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.DirectoryServices.dll
Version: 4.0.0.0
Name: System.DirectoryServices.AccountManagement
Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.DirectoryServices.AccountManagement.dll
Version: 4.0.0.0
Name: Active DS Type Library
Path: C:\Windows\System32\activeds.tlb
Version: 1.0
File Version: 6.1.7600.16385(win7_rtm.090713-1255)

using System;
using System.Security.Principal;
using System.DirectoryServices;
using System.DirectoryServices.ActiveDirectory;
using System.DirectoryServices.AccountManagement;
using ActiveDs;

namespace ADOwner
{
    class Program
    {
        static void Main(string[] args)
        {

            string ADDomain = "yourdomain.com";
            string ADUser = "youraduser";
            string ADPass = "youradpass";
            string ADsAMAccountName = "YOURDOMAIN\\USERNAMEHERE";

            using (var pc = new PrincipalContext(ContextType.Domain, ADDomain, ADUser, ADPass))
            {

                // get UserPrincipal Object
                UserPrincipal inetPerson = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, ADsAMAccountName);

                // Get Directory Entry Object
                DirectoryEntry de = inetPerson.GetUnderlyingObject() as DirectoryEntry;

                // Get Active Directory Security Object
                ActiveDirectorySecurity ads = de.ObjectSecurity;

                // Get sid Object                                                 
                SecurityIdentifier sid = new SecurityIdentifier(ads.GetOwner((typeof(SecurityIdentifier))).Value);

                // Translate sid to account
                NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

                // Get owner string
                Console.WriteLine("Owner: {0}",account.ToString());
                Console.ReadKey();

            }


        }
    }
}

Resources to investigate using Perl

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.