diff --git a/src/CommonLib/LDAPUtils.cs b/src/CommonLib/LDAPUtils.cs index f1679a0b..5711b86a 100644 --- a/src/CommonLib/LDAPUtils.cs +++ b/src/CommonLib/LDAPUtils.cs @@ -1895,8 +1895,10 @@ private string GetDomainSid(LdapConnection connection, DomainInfo info) try { //This ldap filter searches for domain controllers + //Searches for any accounts with a UAC value inclusive of 8192 bitwise + //8192 is the flag for SERVER_TRUST_ACCOUNT, which is set only on Domain Controllers var searchRequest = new SearchRequest(info.DomainSearchBase, - "(userAccountControl:1.2.840.113556.1.4.803:=8192)", + "(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))", SearchScope.Subtree, new[] { "objectsid"}); var response = (SearchResponse)connection.SendRequest(searchRequest); @@ -1915,30 +1917,7 @@ private string GetDomainSid(LdapConnection connection, DomainInfo info) return ""; } } - // - // private DomainWrapper BuildDomainInfo(LdapConnection connection) - // { - // try - // { - // //Do an initial search request to get the rootDSE - // var searchRequest = new SearchRequest("", new LDAPFilter().AddAllObjects().GetFilter(), - // SearchScope.Base, null); - // searchRequest.Controls.Add(new SearchOptionsControl(SearchOption.DomainScope)); - // - // var response = (SearchResponse)connection.SendRequest(searchRequest); - // if (response == null) - // { - // return (false, 0); - // } - // - // return response.Entries.Count > 0 ? (true, 0) : (false, 0); - // } - // catch (LdapException e) - // { - // return (false, e.ErrorCode); - // } - // } - + private void SetupLdapConnection(LdapConnection connection, bool ssl, AuthType authType) { //These options are important!