0

I have built a process to extract data from active directory via a C# script component in SSIS. This data needs to be loaded into SQL Server. I am running into problems where the DistinguishedName (DN) and CanonicalName (CN) contain the double quote (") and backslash (\) escape characters (see weblink below).

https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx

From what I can tell, all escape characters should have a leading backslash (\). Is this correct? I am asking because it appears that I have found instances where this is not true and so I am unable to remove these escape characters, which is causing SSIS import to fail with the error that it cannot find the column delimiter for DN and CN respectively. Note: I have set the double quote (") as a column delimiter in the SSIS connection manager. Is there a way to handle this in code or do I need to have the AD admin fix it? 

string strDistinguishedName = objConverter.ConvertToString(searchResult, "distinguishedName").Replace("\"","").Replace("\\"","");

Input1: "CN=SomethingHere “Got Rocks\\\" OtherTextHere,OU=Blah,OU=Bleh,DC=jweezy,DC=com"

Output1: "CN=SomethingHere “Got Rocks OtherTextHere,OU=Blah,OU=Bleh,DC=jweezy,DC=com"

Input2: "CN=SomethingHere2 “Got Gravel" OtherTextHere2,OU=Blah2,OU=Bleh,DC=jweezy,DC=com"

Output2: "CN=SomethingHere2 “Got Gravel" OtherTextHere2,OU=Blah2,OU=Bleh,DC=jweezy,DC=com"

The problem seems to be caused by the lack of escape character, so I believe the inputs should be as follows:

Input1: "CN=SomethingHere \“Got Rocks\" OtherTextHere,OU=Blah,OU=Bleh,DC=jweezy,DC=com"

Input2: "CN=SomethingHere2 \“Got Gravel\" OtherTextHere2,OU=Blah2,OU=Bleh,DC=jweezy,DC=com"
J Weezy
  • 3,507
  • 3
  • 32
  • 88

2 Answers2

1

When they say that double quotes need to be escaped, they mean the Quotation Mark character: http://www.fileformat.info/info/unicode/char/22/index.htm

In this case:

Input1: "CN=SomethingHere “Got Rocks\\\" OtherTextHere,OU=Blah,OU=Bleh,DC=jweezy,DC=com"

The character you are seeing not escaped () is different. It's the Left Double Quotation Mark: http://www.fileformat.info/info/unicode/char/201C/index.htm

That has no special meaning to AD and so does not need to be escaped.

But this one:

Input2: "CN=SomethingHere2 “Got Gravel" OtherTextHere2,OU=Blah2,OU=Bleh,DC=jweezy,DC=com"

If you copy and pasted that exactly as it is, then I can't comment. The quote after the word "Gravel" should be escaped. Just now, I tried to rename an account and add a quote, and it automatically escaped it in the DN.

Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
  • I've been burned by it before :) – Gabriel Luci Apr 23 '18 at 17:32
  • Do you know how to find the DistinguishedName in ADUC? for Input 1, there is a double backslash after Got Rocks. This is how the DistinguishedName is being outputted in LDAP, which means that I should see a single backslash in the ADUC UI. I am trying to confirm this. – J Weezy May 01 '18 at 16:21
  • 1
    If you're on Windows 8+ you should have an "Attribute Editor" tab, but it only shows up if you open the account from the actual OU it's in, or from a group it's in. You also have to have View menu -> Advanced Features enabled. – Gabriel Luci May 01 '18 at 16:51
1
    /// <summary>
    /// Escapes the LDAP search filter to prevent LDAP injection attacks.
    /// </summary>
    private static string EscapeLdapSearchFilter(string searchFilter)
    {
        StringBuilder escape = new StringBuilder();
        for (int i = 0; i < searchFilter.Length; ++i)
        {
            char current = searchFilter[i];
            switch (current)
            {
                case '\\':
                    escape.Append(@"\5c");
                    break;
                case '/':
                    escape.Append(@"\2f");
                    break;
                case '(':
                    escape.Append(@"\28");
                    break;
                case ')':
                    escape.Append(@"\29");
                    break;
                case '\u0000':
                    escape.Append(@"\00");
                    break;
                case '*':
                    escape.Append(@"\2a");
                    break;
                default:
                    escape.Append(current);
                    break;
            }
        }
        return escape.ToString();
    }

    /// <summary>
    /// When renaming a DirectoryEntry via "DE.Rename(newCN)" 
    /// you will need to escape certain character(s) ... ex. "," to "\,"
    /// </summary>
    private static string EscapeFullNameFilter(string unescapedString)
    {
        StringBuilder escape = new StringBuilder();
        for (int i = 0; i < unescapedString.Length; ++i)
        {
            char current = unescapedString[i];
            switch (current)
            {
                case '\\':
                case ',':
                case ';':
                case '"':
                case '=':
                case '+':
                case '<':
                case '>':
                case '#':
                    escape.Append(@"\"); //We need to show to escape the current char, so we add this before it.
                    escape.Append(current);
                    break;
                default:
                    escape.Append(current);
                    break;
            }
        }
        return escape.ToString();
    }
C Sharp Conner
  • 378
  • 2
  • 11
  • 1
    Thank you for providing this. You are appending the escape character whereas I need to remove it. I am getting 'unable to convert char to string' errors. When I try to use escape.Replace(current.ToString(), ""); then the entire string goes blank. Any ideas? – J Weezy Apr 23 '18 at 15:38
  • 1
    Then I recommend you use string replace function. Ex. If you want all \@ to become @ .... then you would do the following: string before = @"This is \@ my text \@"; string after = before.Replace(@"\@", "@"); System.Diagnostics.Debug.WriteLine(before); System.Diagnostics.Debug.WriteLine(after); Outputs: This is \@ my text \@ This is @ my text @ – C Sharp Conner Apr 24 '18 at 20:34