none
Does a specification of SharePoint Search Index File Format (binary internal structures of the files where the search index is stored) exist?

    Question

  • I want to check what ACLs are stored together with the crawled items (in my case - file share folders) inside the SharePoint 2016 search index. But no matter how hard I googled, I could not find any references to the format of the SP Search index files, nor the tools allowing to explore such files' contents.

    I've got 2 domains:

    1. D_user (a domain where the business users are maintained and usually working)
    2. D_sp (a domain where the SharePoint farm is deployed).

    All the SharePoint web applications are registered in D_user ADFS as relying parties, and the user identities in SharePoint have UPN claim of a specific type that comes from an ActiveDirectory attribute (neither an e-mail nor a Windows user name, but a globally unique ID specific to the company).

    Now, there are file shares inside a D_user-based server. I can crawl the file shares in SharePoint farm (based on D_sp domain servers) using a search crawl rule on behalf of a D_user-based user login/password. The file shares are crawled without any problems, but I cannot see the file shares in the search results when I login in SharePoint Search Center on behalf of a D_user-based user (the user definitely was granted access to the file shares: I can login to Windows on behalf of the D_user-based user in D_user domain and read the file shares).

    Hoping to deceive the SP search querying component, I registered a custom security pre-trimmer class but to no avail. I tried all the possible combinations (pairs - literally the Cartesian product of the possible values) of claim types (returned by Get-SPClaimTypeEncoding) and the claim values like

    • e-mail,
    • <D_user>\<login> names
    • D_user domain SID values

    to add inside the custom pre-trimmer class -- all in vain.

    That is why I want to check what are the ACL values in the search index to try to artificially return the necessary claims (matching the ACL for my file shares) from the pre-trimmer class to SharePoint search. 

    Please, give an advice:

    1. Is this the right way to go (pre-trimmer)?
    2. Am I doomed in this situation and the only solution is smth like D_user <=> D_sp domain trust?

    Friday, November 9, 2018 3:02 PM