I need to use the LdapConnection classes in my project because DirectoryEntry/DirectorySearcher do not support ignoring of self signed certificates for LDAPS - as I migrated my code I run into an issue when reading the objectGuid from BuiltIn-Groups - the format is not the same as for custom added Groups - and the return value is strange and can't be casted to anything
Here are 2 code examples that illustrate my problem - or better the result that is different
LdapConnection conn = new LdapConnection("va.dev");
var filter = "(objectClass=group)";
var searchRequest = new SearchRequest("OU=Developer Goups,DC=va,DC=dev", filter, System.DirectoryServices.Protocols.SearchScope.OneLevel, "sAMAccountName", "description", "distinguishedName", "objectSid");
var response = conn.SendRequest(searchRequest) as SearchResponse;
var objectSid = response.Entries[0].Attributes["objectSid"][0];
The result of objectSid is Byte[] - and I can convert it to a SecureIdentifier or string - whatever I need
Now same code reading BuiltIn groups
LdapConnection conn = new LdapConnection("va.dev");
var filter = "(objectClass=group)";
var searchRequest = new SearchRequest("CN=Builtin,DC=va,DC=dev", filter, System.DirectoryServices.Protocols.SearchScope.OneLevel, "sAMAccountName", "description", "distinguishedName", "objectSid");
var response = conn.SendRequest(searchRequest2) as SearchResponse;
var objectSid = response.Entries[0].Attributes["objectSid"][0];
Now the result is very strange for the first BuiltIn Group (and for all others) - it looks like this
"\u0001\u0002\0\0\0\0\0\u0005 \0\0\0,\u0002\0\0" (of type string)
Can't convert it to any known data type - the difference between BuildIn-Groups and manually added Groups is the SID-Length - for example the objectSID for a custom group is "S-1-5-21-978504927-3573220367-3221873571-1300" and for a BuiltIn-Group "S-1-5-32-548".
Before I used DirectorySearcher and DirectoryEntry - and with these classes I get on both entries a valid Byte-Array as return value - is there anything I can do to get it working?!? Conversion of Byte-Array to readable string I have :-)
The string you receive is actually the binary representation of the SID value (each character = 1 byte).
Convert it to a byte array with:
using System.Text.Encoding;
// ...
var binaryForm = Encoding.Ascii.GetBytes(objectSid);
... or:
var binaryForm = objectSid.Select(ch => (byte)ch).ToArray();
Then instantiate a new SecurityIdentifier
based on the binary form:
var sid = new SecurityIdentifier(binaryForm, 0);