{"id":105,"date":"2017-06-27T16:09:06","date_gmt":"2017-06-27T16:09:06","guid":{"rendered":"http:\/\/www.polysyncronism.com\/wordpress\/?p=105"},"modified":"2017-07-03T08:30:54","modified_gmt":"2017-07-03T14:30:54","slug":"active-directory-and-ssis","status":"publish","type":"post","link":"http:\/\/www.polysyncronism.com\/wordpress\/2017\/06\/27\/active-directory-and-ssis\/","title":{"rendered":"Active Directory and SSIS"},"content":{"rendered":"

I was looking into ways to get the owner of an Active Directory user. I looked at VBScript and C#.NET. While searching for code and while looking at the objects available in .NET using the object browser I found this MSDN blog entry by Alex Tcherniakhovski<\/a>.<\/p>\n

Extracting object ownership information from Active Directory into SQL<\/a><\/p>\n

One fact mentioned near the bottom of the blog entry is yet another testimony to keep the Domain Admins group small.<\/p>\n

Yet another reason to keep Domain Admins group small.<\/p><\/blockquote>\n

VBScript<\/strong><\/p>\n

Option Explicit\r\n\r\nDim sADDN,objUser,objNtSecurityDescriptor\r\n\r\nsADDN = \"LDAP:\/\/YourContextHere\"\r\n\r\nSet objUser = GetObject (sADDN)\r\n \r\nSet objNtSecurityDescriptor = objUser.Get(\"ntSecurityDescriptor\")\r\nWScript.Echo \"Current owner of this item: \" & objNtSecurityDescriptor.Owner<\/pre>\n
C#.NET<\/strong><\/p>\n
References Used
\nName: System.DirectoryServices
\nPath: C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.5.1\\System.DirectoryServices.dll
\nVersion: 4.0.0.0
\nName: System.DirectoryServices.AccountManagement
\nPath: C:\\Program Files\\Reference Assemblies\\Microsoft\\Framework\\.NETFramework\\v4.5.1\\System.DirectoryServices.AccountManagement.dll
\nVersion: 4.0.0.0
\nName: Active DS Type Library
\nPath: C:\\Windows\\System32\\activeds.tlb
\nVersion: 1.0
\nFile Version: 6.1.7600.16385(win7_rtm.090713-1255)
\n<\/code><\/p>\n
using System;\r\nusing System.Security.Principal;\r\nusing System.DirectoryServices;\r\nusing System.DirectoryServices.ActiveDirectory;\r\nusing System.DirectoryServices.AccountManagement;\r\nusing ActiveDs;\r\n\r\nnamespace ADOwner\r\n{\r\n    class Program\r\n    {\r\n        static void Main(string[] args)\r\n        {\r\n\r\n            string ADDomain = \"yourdomain.com\";\r\n            string ADUser = \"youraduser\";\r\n            string ADPass = \"youradpass\";\r\n            string ADsAMAccountName = \"YOURDOMAIN\\\\USERNAMEHERE\";\r\n\r\n            using (var pc = new PrincipalContext(ContextType.Domain, ADDomain, ADUser, ADPass))\r\n            {\r\n\r\n                \/\/ get UserPrincipal Object\r\n                UserPrincipal inetPerson = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, ADsAMAccountName);\r\n\r\n                \/\/ Get Directory Entry Object\r\n                DirectoryEntry de = inetPerson.GetUnderlyingObject() as DirectoryEntry;\r\n\r\n                \/\/ Get Active Directory Security Object\r\n                ActiveDirectorySecurity ads = de.ObjectSecurity;\r\n\r\n                \/\/ Get sid Object                                                 \r\n                SecurityIdentifier sid = new SecurityIdentifier(ads.GetOwner((typeof(SecurityIdentifier))).Value);\r\n\r\n                \/\/ Translate sid to account\r\n                NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));\r\n\r\n                \/\/ Get owner string\r\n                Console.WriteLine(\"Owner: {0}\",account.ToString());\r\n                Console.ReadKey();\r\n\r\n            }\r\n\r\n\r\n        }\r\n    }\r\n}\r\n<\/pre>\n
Resources to investigate using Perl<\/p>\n