C# Active Directory - How can I load the "certificateTemplates" Property from an Enrollment Services directory object?
I am trying to load details about the Microsoft PKI Issuing CAs from my AD Forest by iterating through the Enrollment Services AD container. One of the details that I'd like to include is the list of certificate templates enabled on each CA. In ADSIEdit, I can clearly see that there is a property named certificateTemplates in each Enrollment Services object which contains the information I need (please forgive all the redaction):
However, when I pull any of these objects into a .NET DirectoryEntry object, "certificateTemplates" is not one of the properties that is included by default. I discovered the RefreshCache method, which should allow you to pull in additional properties from a directory entry (so long as they exist on the entry), but this did not work for me:
DirectoryEntry EnrollmentServices = new DirectoryEntry($"LDAP://{MyDC}/CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=example,DC=com");
DirectoryEntries CAs = EnrollmentServices.Children;
foreach(DirectoryEntry CA in CAs)
{
object[] objectClass = (object[])CA.Properties[objectClassProperty].Value;
if (objectClass[1].ToString() == @"pKIEnrollmentService")
{
CA.RefreshCache(new string[] { "certificateTemplates" });
var Templates = CA.Properties["certificateTemplates"].Value;
//Templates remains null
}
}
Has anyone encountered/resolved this issue before?
The RefreshCache() method does, in fact, correctly add the certificateTemplates property to each CA DirectoryEntry object. The first CA encountered in my loop simply has no templates assigned, which explains the null value for Templates in the first iteration of my foreach loop.
Update: If the certificateTemplates property contains only one entry, the property value will be a single string rather than an array containing only 1 element (thanks, Microsoft!). I use a try/catch to handle this edge case. If anyone has a more elegant approach, be my guest.
DirectoryEntry EnrollmentServices = new DirectoryEntry($"LDAP://{MyDC}/CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=example,DC=com");
DirectoryEntries CAs = EnrollmentServices.Children;
List<string> templateNames;
foreach(DirectoryEntry CA in CAs)
{
object[] objectClass = (object[])CA.Properties[objectClassProperty].Value;
if (objectClass[1].ToString() == @"pKIEnrollmentService")
{
CA.RefreshCache(new string[] { "certificateTemplates" });
object[] Templates;
try
{
Templates = (object[])CAEntry.Properties[PropertyIndex.CertificateTemplates].Value;
}
catch (InvalidCastException)
{
Templates = new object[] { CAEntry.Properties[PropertyIndex.CertificateTemplates].Value };
}
//I place the template names into a string list for ease of retrieval later.
templateNames = new List<string>();
if (Templates != null)
{
for (int x = 0; x < Templates.Length; x++) templateNames.Add(Templates[x].ToString());
}
}
}
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct
- Character array typecasting to integer
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How to get the sign, mantissa and exponent of a floating point number
- Why do MCU libraries use logic operations instead of bitfield structs?
- What kind of implementation can I use for a static associative array on a vintage system with very limited resources?
- Determine libraries to link against for a windows library function?
- Passing macro values to arm linker that places variable at a specific location
- running a program with wildcards as arguments
- How to perform addition of two vectors of 8-bit integers with a single addition in C/C++
- GNU RISC-V Embedded GCC throws "x ISA extension `xw' must be set with the versions" error
- Counting pulses using a swiss flow meter with an Arduino, how is it done?
- How to create a folder in C (need to run on both Linux and Windows)
- Is there any way to compute the width of an integer type at compile-time?
- How can I initialize all members of an array to the same value?
- Is C notably faster than C++
- How to get the Windows SDK version number a program is compiling with at compile time
- Confused by difference between expression inside if and expression outside if
- Equivalent of atoi for unsigned integers
- k&r: Exercise 1-18. Program takes input but doesnt produce any output?
- Using in C thrd_sleep() to either wait for time or interrupt by signal. Example?
- How can I compute `exp(x)/2` when `x` is large?
- c programming: answer always equates to 0
- Is it possible to access a parameter of a function from another function in C?
- Will this expression evaluate to true or false (1 or 0) in C?
- What Is the Return Value of strcspn() When Str1 Does not Contain Str2?
- Mapping a numeric range onto another
- Signalled and non-signalled state of event
- Why is faster to do a branch than a lookup?