Generate GPO report from untrusted domain

Question

Generate GPO report from untrusted domain

I call LogonUser with LOGON_TYPE_NEW_CREDENTIALS and LOGON32_PROVIDER_WINNT50 to force my thread to impersonate a user in another domain. I can connect to remote shared folders, and everything else is in an untrusted domain.

The problem that I am facing now is when I use GPMGMTLib to generate a GPO report. I get the exception "HRESULT: 0x80072020" all the time when it calls GenerateReport ().

using GPMGMTLib;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;

namespace CrossDomainWork
{
    class Program
    {
        static void Main(string[] args)
        {
            ImpersonationContext context = new ImpersonationContext("ourdmzdomain.com", "dmzuser", "dmzpassword");
            context.Start();

            GPM gpm = new GPM();
            var constants = gpm.GetConstants();
            var domain = gpm.GetDomain("ourdmzdomain.com", "", constants.UseAnyDC);
            var gpo = domain.GetGPO("{31B2F340-016D-11D2-945F-00C04FB984F9}");
            object missing = Type.Missing;
            var result = gpo.GenerateReport(GPMReportType.repHTML, ref missing, out missing).Result;

            context.Stop();
        }
    }
}

+4

c # .net active-directory

Superdumbell Apr 25 '16 at 16:06

source share

1 answer

Gabriel Luci · Answer 1 · 2016-04-30T20:56:02+0000

I have no experience here, so this is just an assumption.

GenerateReport, : pvarGPMProgress ( ) pvarGPMCancel (- ).

. , . .

, , Type.Missing . null.

, - ?

ImpersonationContext , ? . , , .

: SetLastError = true DllImport, Marshal.GetLastWin32Error(), . :

try {
    result = gpo.GenerateReport(GPMReportType.repHTML, ref missing, out missing).Result;
} catch {
    var win32 = new Win32Exception(Marshal.GetLastWin32Error());
    Console.Write(win32.Message);
}

,

, .

Generate GPO report from untrusted domain

More articles: