https://github.com/Microsoft/adfsAuthAdapters/tree/master/UsernamePasswordSecondFactor Microsoft has provided source code to allow a Username and Password to be used as a second factor of authentication in ADFS. You may ask, why would you want to have the usernam and password as a second factor? Some automated hacking attempts will can lock out your accounts and/or identify a username and […]
Recently I ran into an issue where trying to enable or disable the option ‘Cannot Change Password’ in Active Directory in my C# code. Using a Domain Administrator account the code worked perfectly fine, but when it was run under a non-administrator I would get “Constrain Violation Occurred” and the following exception "0000051B: AtrErr: […]
A tool I wrote in C# that automatically verifies apple accounts. Below is a link to the source code (Visual Studio 2010), however if you meet the following criteria, you can use it without modifying the code. Windows computer running .Net 4.0 Running Exchange 2010 Know the username and password to the mailbox that […]
The following code will check if a user is a member of a specific group. This will work with a domain trust and Foreign Security Principals. See the update below! groupName = The sAMAccountName of the group you want to check the members of. SearchDomain = This is the FQDN that you will be searching […]
You can use this code to determine the DOMAIN\username from the Foreign Security Principal which is really the SID of the account. Pass the full distinguishedName of the ForeignSecurityPrincipal. static string GetUserNameOfFSP(string ForeignSecurityPrincipal) { //Returns with syntax of "DOMAIN\logonname" try { DirectoryEntry user = new DirectoryEntry("LDAP://" + ForeignSecurityPrincipal); SecurityIdentifier sid = new SecurityIdentifier((byte[])user.InvokeGet("objectSid"), 0); NTAccount […]
Authenticate a user’s credentials with this code against a domain. This also works with a domain trust. static bool AuthenticateUser(string userName, string password, string domain) { bool authentic = false; try { DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password); object nativeObject = entry.NativeObject; authentic = true; } catch (DirectoryServicesCOMException e) { Console.Write(e.Message); } […]
Was working on a ASP.NET app to impersonate a domain user to access a network resource and came across the error “An attempt was made to reference a token that does not exist”. When defining the domain for the following function, make sure it is in the FQDN format. domain.com and not DC=domain,DC=com private […]