java - 如何检索 GPO 设置
问题描述
在尝试使用 Java 检索域的所有 GPO 时,我正在努力解决以下问题。我能够创建到 Active Directory 的连接并获取策略对象,但是我无法检索我感兴趣的它们的设置。
I was only able to retrieve the following properties: CanonicalName CN Created createTimeStamp Deleted Description DisplayName DistinguishedName dSCorePropagationData flags gPCFileSysPath gPCFunctionalityVersion gPCMachineExtensionNames gPCUserExtensionNames instanceType isCriticalSystemObject isDeleted LastKnownParent Modified modifyTimeStamp Name nTSecurityDescriptor ObjectCategory ObjectClass ObjectGUID ProtectedFromAccidentalDeletion sDRightsEffective showInAdvancedViewOnly systemFlags uSNChanged uSNCreated versionNumber whenChanged whenCreated
你知道我应该如何面对这个问题吗?是否有任何扩展属性可以从中检索每个 GPO 的设置?
我不知道代码是否有用,因为它只是一个连接和一个 ldap 查询:
colAttributes = {"*"};
strSearchRoot = "DC=xx,DC=xx";
this.getActiveDirectoryConnection().setRequestControl(null, Control.NONCRITICAL);
colSearchResult = this.getActiveDirectoryConnection().getQuery(colAttributes, "(ObjectClass=groupPolicyContainer)", strSearchRoot);
while (colSearchResult.hasMoreElements())
{
objSearchResult = (SearchResult) colSearchResult.nextElement();
objAttributes = objSearchResult.getAttributes();
}
private void getActiveDirectoryConnection()
{
return new ActiveDirectory(strDomain, strUsername, strPassword);
}
我试图获取的一个例子是默认域策略,不仅是这个,还有所有的策略。设置通过密码设置,例如 maxPwdAge、lockoutThreshold 等屏幕和电源设置等
import java.io.File;
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
public class ActiveDirectory
{
private LdapContext objLDAPContext;
public ActiveDirectory(String strURL, String strUserName, String strPassword) throws NamingException
{
Hashtable<String, Object> objEnvironment;
objEnvironment = new Hashtable<String, Object>(11);
objEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
objEnvironment.put(Context.PROVIDER_URL, strURL);
objEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");
objEnvironment.put(Context.SECURITY_PRINCIPAL, strUserName);
objEnvironment.put(Context.SECURITY_CREDENTIALS, strPassword);
objEnvironment.put("java.naming.ldap.attributes.binary", "objectGUID");
try
{
this.objLDAPContext = new InitialLdapContext(objEnvironment, null);
}
catch (NamingException objException)
{
System.setProperty("javax.net.ssl.trustStore", "certificates".concat(File.separator).concat("cacerts"));
objEnvironment.put(Context.PROVIDER_URL, strURL.replace("LDAP:", "LDAPS:").replace(":389", ":636"));
}
this.objLDAPContext = new InitialLdapContext(objEnvironment, null);
}
private LdapContext getContext()
{
return this.objLDAPContext;
}
public NamingEnumeration<SearchResult> getQuery(String[] colAttributes, String strLDAPFilter, String strSearchRoot) throws NamingException
{
NamingEnumeration<SearchResult> objAnswer;
SearchControls objSearchControls = new SearchControls();
objSearchControls.setReturningAttributes(colAttributes);
objSearchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
objAnswer = this.getContext().search(strSearchRoot, strLDAPFilter, objSearchControls);
return objAnswer;
}
public void close() throws NamingException
{
this.getContext().close();
}
public void setRequestControl(byte[] objCookie, boolean bolControl)
{
int intPageSize;
intPageSize = 1000;
try
{
this.getContext().setRequestControls(new Control[]
{
new PagedResultsControl(intPageSize, objCookie, bolControl)
});
}
catch(NamingException | IOException objException)
{
//No more pages could be recovered
}
}
public byte[] getCookie()
{
byte[] objCookie;
objCookie = null;
try
{
Control[] objControl = this.getContext().getResponseControls();
if (objControl != null)
{
for (int intCounter = 0; intCounter < objControl.length; intCounter++)
{
if (objControl[intCounter] instanceof PagedResultsResponseControl)
{
PagedResultsResponseControl objPagedControl = (PagedResultsResponseControl) objControl[intCounter];
objCookie = objPagedControl.getCookie();
}
}
}
}
catch(NamingException objException)
{
//Skip errors null cookie will be handled
}
return objCookie;
}
}
解决方案
推荐阅读
- azure - 执行暂停 Azure SQLDatawarehouse ps 脚本时出错
- azure-devops - 从链式构建中识别发布中包含的工作项
- python - “TypeError:从 scipy.stats.stats 调用 pearsonr 时,没有找到匹配指定签名和强制转换的循环”
- regex - 如何匹配和替换重复的组模式并对齐结果?
- python - 当另一个对象在别处实例化时,如何接收来自另一个对象的 PyQt 信号?
- javascript - 多功能 jQuery onClick 调用脚本
- javascript - 如果有实例,为什么变量未解析?
- python - 如何将嵌套的 JSON 解析为 CSV
- c# - 从 LINQ 语句中获取正确的结果
- python - 是否可以遍历 matplotlib 图形的子图?