David Walsh

I have discovered a new resource that i’ll be checking out. David is a web developer and software engineer. I found this site and will gather much wisdom from it.

I particularly like this quote from the about page.

Reading books will only get you so far — you should spend time with your debugger, experimenting away with whichever technology you need to learn. Always keep an open mind, use tools you wouldn’t usually use, and never give up.

David Walsh Blog

Active Directory and SSIS

I was looking into ways to get the owner of an Active Directory user. I looked at VBScript and C#.NET. While searching for code and while looking at the objects available in .NET using the object browser I found this MSDN blog entry by Alex Tcherniakhovski.

Extracting object ownership information from Active Directory into SQL

One fact mentioned near the bottom of the blog entry is yet another testimony to keep the Domain Admins group small.

Yet another reason to keep Domain Admins group small.

VBScript

Option Explicit

Dim sADDN,objUser,objNtSecurityDescriptor

sADDN = "LDAP://YourContextHere"

Set objUser = GetObject (sADDN)
 
Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.Owner

C#.NET

References Used
Name: System.DirectoryServices
Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.DirectoryServices.dll
Version: 4.0.0.0
Name: System.DirectoryServices.AccountManagement
Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.1\System.DirectoryServices.AccountManagement.dll
Version: 4.0.0.0
Name: Active DS Type Library
Path: C:\Windows\System32\activeds.tlb
Version: 1.0
File Version: 6.1.7600.16385(win7_rtm.090713-1255)

using System;
using System.Security.Principal;
using System.DirectoryServices;
using System.DirectoryServices.ActiveDirectory;
using System.DirectoryServices.AccountManagement;
using ActiveDs;

namespace ADOwner
{
    class Program
    {
        static void Main(string[] args)
        {

            string ADDomain = "yourdomain.com";
            string ADUser = "youraduser";
            string ADPass = "youradpass";
            string ADsAMAccountName = "YOURDOMAIN\\USERNAMEHERE";

            using (var pc = new PrincipalContext(ContextType.Domain, ADDomain, ADUser, ADPass))
            {

                // get UserPrincipal Object
                UserPrincipal inetPerson = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, ADsAMAccountName);

                // Get Directory Entry Object
                DirectoryEntry de = inetPerson.GetUnderlyingObject() as DirectoryEntry;

                // Get Active Directory Security Object
                ActiveDirectorySecurity ads = de.ObjectSecurity;

                // Get sid Object                                                 
                SecurityIdentifier sid = new SecurityIdentifier(ads.GetOwner((typeof(SecurityIdentifier))).Value);

                // Translate sid to account
                NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

                // Get owner string
                Console.WriteLine("Owner: {0}",account.ToString());
                Console.ReadKey();

            }


        }
    }
}

Resources to investigate using Perl