implements searchbase validation

santisq · santisq · commit 46e46b29904e · 2025-10-19T13:32:25.000-07:00
diff --git a/docs/en-US/Get-ADEffectiveAccess.md b/docs/en-US/Get-ADEffectiveAccess.md
@@ -159,7 +159,6 @@ Specifies the AD DS instance to connect to. Accepts:
 - Fully qualified domain name
 - NetBIOS name
 - Directory server name (with optional port, e.g. `myDC01:636`)
-- Global Catalog (e.g. `GC://myChildDomain`)
 
 Defaults to the current domain if not specified.
 
diff --git a/module/ADEffectiveAccess.Format.ps1xml b/module/ADEffectiveAccess.Format.ps1xml
@@ -18,15 +18,15 @@
             <Alignment>Left</Alignment>
           </TableColumnHeader>
           <TableColumnHeader>
-            <Label>ActiveDirectoryRights</Label>
+            <Label>ObjectType</Label>
             <Alignment>Left</Alignment>
           </TableColumnHeader>
           <TableColumnHeader>
-            <Label>ObjectType</Label>
+            <Label>InheritedObjectType</Label>
             <Alignment>Left</Alignment>
           </TableColumnHeader>
           <TableColumnHeader>
-            <Label>InheritedObjectType</Label>
+            <Label>ActiveDirectoryRights</Label>
             <Alignment>Left</Alignment>
           </TableColumnHeader>
         </TableHeaders>
@@ -36,15 +36,15 @@
               <TableColumnItem>
                 <PropertyName>IdentityReference</PropertyName>
               </TableColumnItem>
-              <TableColumnItem>
-                <PropertyName>ActiveDirectoryRights</PropertyName>
-              </TableColumnItem>
               <TableColumnItem>
                 <PropertyName>ObjectTypeToString</PropertyName>
               </TableColumnItem>
               <TableColumnItem>
                 <PropertyName>InheritedObjectTypeToString</PropertyName>
               </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>ActiveDirectoryRights</PropertyName>
+              </TableColumnItem>
             </TableColumnItems>
           </TableRowEntry>
         </TableRowEntries>
diff --git a/src/ADEffectiveAccess/DirectoryEntryBuilder.cs b/src/ADEffectiveAccess/DirectoryEntryBuilder.cs
@@ -31,7 +31,7 @@ internal DirectoryEntryBuilder(
         _password = credential?.GetNetworkCredential().Password;
         _authenticationTypes = authenticationTypes;
         DomainEntry = Create(server: server);
-        SearchBase = searchBase is null ? DomainEntry : Create(searchBase: searchBase);
+        SearchBase = ResolveSearchBase(searchBase);
     }
 
     internal DirectoryEntry Create(string? server = null, string? searchBase = null)
@@ -47,7 +47,31 @@ internal DirectoryEntry Create(string? server = null, string? searchBase = null)
         if (path is not null && !path.Contains("://"))
             path = $"LDAP://{path}";
 
-        return new DirectoryEntry(path, _username, _password, _authenticationTypes);
+        DirectoryEntry entry = new(path, _username, _password, _authenticationTypes);
+        _ = entry.NativeObject; // force bind
+        return entry;
+    }
+
+    private DirectoryEntry ResolveSearchBase(string? searchBase)
+    {
+        if (searchBase is null) return DomainEntry;
+
+        if (!searchBase.Contains("="))
+            throw new ArgumentException(
+                $"SearchBase '{searchBase}' is not a valid DistinguishedName. " +
+                "It must follow the format 'OU=Name,DC=domain,DC=com' for an Organizational Unit or Container.",
+                nameof(searchBase));
+
+        try
+        {
+            return Create(searchBase: searchBase);
+        }
+        catch (Exception exception)
+        {
+            throw new ArgumentException(
+                $"SearchBase '{searchBase}' could not be found in '{DomainDistinguishedName}'.",
+                nameof(searchBase), innerException: exception);
+        }
     }
 
     public void Dispose()
diff --git a/src/ADEffectiveAccess/Extensions.cs b/src/ADEffectiveAccess/Extensions.cs
@@ -58,7 +58,10 @@ internal static string ToFilter(this string identity)
     }
 
     internal static T GetProperty<T>(this SearchResult search, string property)
-        => LanguagePrimitives.ConvertTo<T>(search.Properties[property][0]);
+        => TryGetProperty(search, property, out T? value) ? value
+            : throw new ArgumentNullException(
+                $"Attribute '{property}' is null or empty for path '{search.Path}'.");
+
 
     internal static bool TryGetProperty<T>(
         this SearchResult search,
diff --git a/src/ADEffectiveAccess/GetADEffectiveAccessComand.cs b/src/ADEffectiveAccess/GetADEffectiveAccessComand.cs
@@ -88,6 +88,7 @@ protected override void BeginProcessing()
         }
         catch (Exception exception)
         {
+            GuidResolver.ClearFromTLS();
             exception.ThrowGuidResolverError(this);
         }
     }
diff --git a/src/ADEffectiveAccess/GuidResolver.cs b/src/ADEffectiveAccess/GuidResolver.cs
@@ -22,6 +22,8 @@ private GuidResolver() { }
 
     internal static GuidResolver GetFromTLS() => _state.GetFromTLS();
 
+    internal static void ClearFromTLS() => _state.ClearFromTLS();
+
     internal void SetContext(string? server, DirectoryEntryBuilder builder)
     {
         using DirectoryEntry rootDSE = builder.Create(server, "RootDSE");
diff --git a/src/ADEffectiveAccess/RunspaceSpecificStorage.cs b/src/ADEffectiveAccess/RunspaceSpecificStorage.cs
@@ -17,4 +17,6 @@ internal sealed class RunspaceSpecificStorage<T>(Func<T> factory)
 
     internal T GetForRunspace(Runspace runspace)
         => _map.GetValue(runspace, _ => new Lazy<T>(() => _factory(), _mode)).Value;
+
+    internal void ClearFromTLS() => _map.Remove(Runspace.DefaultRunspace);
 }

Original file line number	Diff line number	Diff line change
`@@ -88,6 +88,7 @@ protected override void BeginProcessing()`
`88`	`88`	`}`
`89`	`89`	`catch (Exception exception)`
`90`	`90`	`{`
	`91`	`+ GuidResolver.ClearFromTLS();`
`91`	`92`	`exception.ThrowGuidResolverError(this);`
`92`	`93`	`}`
`93`	`94`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,8 @@ private GuidResolver() { }`
`22`	`22`
`23`	`23`	`internal static GuidResolver GetFromTLS() => _state.GetFromTLS();`
`24`	`24`
	`25`	`+ internal static void ClearFromTLS() => _state.ClearFromTLS();`
	`26`	`+`
`25`	`27`	`internal void SetContext(string? server, DirectoryEntryBuilder builder)`
`26`	`28`	`{`
`27`	`29`	`using DirectoryEntry rootDSE = builder.Create(server, "RootDSE");`
Original file line number	Diff line number	Diff line change
`@@ -17,4 +17,6 @@ internal sealed class RunspaceSpecificStorage<T>(Func<T> factory)`
`17`	`17`
`18`	`18`	`internal T GetForRunspace(Runspace runspace)`
`19`	`19`	`=> _map.GetValue(runspace, _ => new Lazy<T>(() => _factory(), _mode)).Value;`
	`20`	`+`
	`21`	`+ internal void ClearFromTLS() => _map.Remove(Runspace.DefaultRunspace);`
`20`	`22`	`}`