时间戳

首页 > 解决方案 > 如何检索 GPO 设置

java - 如何检索 GPO 设置

问题描述

在尝试使用 Java 检索域的所有 GPO 时,我正在努力解决以下问题。我能够创建到 Active Directory 的连接并获取策略对象,但是我无法检索我感兴趣的它们的设置。

I was only able to retrieve the following properties: CanonicalName CN Created createTimeStamp Deleted Description DisplayName DistinguishedName dSCorePropagationData flags gPCFileSysPath gPCFunctionalityVersion gPCMachineExtensionNames gPCUserExtensionNames instanceType isCriticalSystemObject isDeleted LastKnownParent Modified modifyTimeStamp Name nTSecurityDescriptor ObjectCategory ObjectClass ObjectGUID ProtectedFromAccidentalDeletion sDRightsEffective showInAdvancedViewOnly systemFlags uSNChanged uSNCreated versionNumber whenChanged whenCreated

你知道我应该如何面对这个问题吗?是否有任何扩展属性可以从中检索每个 GPO 的设置?

我不知道代码是否有用,因为它只是一个连接和一个 ldap 查询:

colAttributes = {"*"};
strSearchRoot = "DC=xx,DC=xx";
this.getActiveDirectoryConnection().setRequestControl(null, Control.NONCRITICAL);
colSearchResult = this.getActiveDirectoryConnection().getQuery(colAttributes, "(ObjectClass=groupPolicyContainer)", strSearchRoot);
    while (colSearchResult.hasMoreElements())
    {
        objSearchResult = (SearchResult) colSearchResult.nextElement();
        objAttributes = objSearchResult.getAttributes();
    }

private void getActiveDirectoryConnection()
{
    return new ActiveDirectory(strDomain, strUsername, strPassword);
}

我试图获取的一个例子是默认域策略,不仅是这个,还有所有的策略。设置通过密码设置,例如 maxPwdAge、lockoutThreshold 等屏幕和电源设置等

import java.io.File;
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
public class ActiveDirectory
{
    private LdapContext objLDAPContext;
    public ActiveDirectory(String strURL, String strUserName, String strPassword) throws NamingException
    {
        Hashtable<String, Object> objEnvironment;
        objEnvironment = new Hashtable<String, Object>(11);
        objEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        objEnvironment.put(Context.PROVIDER_URL,  strURL);
        objEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");
        objEnvironment.put(Context.SECURITY_PRINCIPAL, strUserName);
        objEnvironment.put(Context.SECURITY_CREDENTIALS, strPassword);
        objEnvironment.put("java.naming.ldap.attributes.binary", "objectGUID");
        try
        {
            this.objLDAPContext = new InitialLdapContext(objEnvironment, null);
        }
        catch (NamingException objException)
        {
            System.setProperty("javax.net.ssl.trustStore", "certificates".concat(File.separator).concat("cacerts"));
            objEnvironment.put(Context.PROVIDER_URL, strURL.replace("LDAP:", "LDAPS:").replace(":389", ":636"));
        }
        this.objLDAPContext = new InitialLdapContext(objEnvironment, null);
    }
    private LdapContext getContext()
    {
        return this.objLDAPContext;
    }
    public NamingEnumeration<SearchResult> getQuery(String[] colAttributes, String strLDAPFilter, String strSearchRoot) throws NamingException
    {
        NamingEnumeration<SearchResult> objAnswer;
        SearchControls objSearchControls = new SearchControls();
        objSearchControls.setReturningAttributes(colAttributes);
        objSearchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        objAnswer = this.getContext().search(strSearchRoot, strLDAPFilter, objSearchControls);
        return objAnswer;
    }
    public void close() throws NamingException
    {
        this.getContext().close();
    }
    public void setRequestControl(byte[] objCookie, boolean bolControl)
    {
        int intPageSize;
        intPageSize = 1000;
        try
        {
            this.getContext().setRequestControls(new Control[]
            {
                new PagedResultsControl(intPageSize, objCookie, bolControl)
            });
        }
        catch(NamingException | IOException objException)
        {
            //No more pages could be recovered
        }
    }
    public byte[] getCookie()
    {
        byte[] objCookie;
        objCookie = null;
        try
        {
            Control[] objControl = this.getContext().getResponseControls();
            if (objControl != null)
            {
                for (int intCounter = 0; intCounter < objControl.length; intCounter++)
                {
                    if (objControl[intCounter] instanceof PagedResultsResponseControl)
                    {
                        PagedResultsResponseControl objPagedControl = (PagedResultsResponseControl) objControl[intCounter];
                        objCookie = objPagedControl.getCookie();
                    }
                }
            }
        }
        catch(NamingException objException)
        {
            //Skip errors null cookie will be handled
        }
        return objCookie;
    }
}

标签: javaldapgpo

解决方案

推荐阅读