Active Directory Federation Services (ADFS) Authentication Adapter Microsoft has provided source code to allow a Username and Password to be used as a second factor of authentication in ADFS. You may ask, why would you want to have the usernam and password as a second factor? Some automated hacking attempts will can lock out your accounts and/or identify a username and […]

Directory Services–Cannot Change Password – Constraint Violation nTSecurityDescriptor

  Recently I ran into an issue where trying to enable or disable the option ‘Cannot Change Password’ in Active Directory in my C# code. Using a Domain Administrator account the code worked perfectly fine, but when it was run under a non-administrator I would get “Constrain Violation Occurred” and the following exception "0000051B: AtrErr: […]

Apple Account Auto Verify

  A tool I wrote in C# that automatically verifies apple accounts. Below is a link to the source code (Visual Studio 2010), however if you meet the following criteria, you can use it without modifying the code. Windows computer running .Net 4.0 Running Exchange 2010 Know the username and password to the mailbox that […]

Check group membership from AD with Foreign Security Principals

The following code will check if a user is a member of a specific group. This will work with a domain trust and Foreign Security Principals. See the update below! groupName = The sAMAccountName of the group you want to check the members of. SearchDomain = This is the FQDN that you will be searching […]

Get username and domain of Foreign Security Principal from domain trust

You can use this code to determine the DOMAIN\username from the Foreign Security Principal which is really the SID of the account. Pass the full distinguishedName of the ForeignSecurityPrincipal. static string GetUserNameOfFSP(string ForeignSecurityPrincipal) { //Returns with syntax of "DOMAIN\logonname" try { DirectoryEntry user = new DirectoryEntry("LDAP://" + ForeignSecurityPrincipal); SecurityIdentifier sid = new SecurityIdentifier((byte[])user.InvokeGet("objectSid"), 0); NTAccount […]

Authenticate a user against Active Directory including domain trust

Authenticate a user’s credentials with this code against a domain. This also works with a domain trust. static bool AuthenticateUser(string userName, string password, string domain) { bool authentic = false; try { DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password); object nativeObject = entry.NativeObject; authentic = true; } catch (DirectoryServicesCOMException e) { Console.Write(e.Message); } […]

WindowsIdentity Impersonation – An attempt was made to reference a token that does not exist

  Was working on a ASP.NET app to impersonate a domain user to access a network resource and came across the error “An attempt was made to reference a token that does not exist”. When defining the domain for the following function, make sure it is in the FQDN format. and not DC=domain,DC=com  private […]