/// <summary>
/// Helper function to use commonlib types for IsComputerAvailable
/// </summary>
/// <param name="result"></param>
/// <param name="entry"></param>
/// <returns></returns>
public Task <ComputerStatus> IsComputerAvailable(ResolvedSearchResult result, ISearchResultEntry entry)
{
var name = result.DisplayName;
var os = entry.GetProperty(LDAPProperties.OperatingSystem);
var pwdlastset = entry.GetProperty(LDAPProperties.PasswordLastSet);
return(IsComputerAvailable(name, os, pwdlastset));
}
private static Dictionary <string, object> GetCommonProps(ISearchResultEntry entry)
{
return(new Dictionary <string, object>
{
{
"description", entry.GetProperty(LDAPProperties.Description)
},
{
"whencreated", Helpers.ConvertTimestampToUnixEpoch(entry.GetProperty(LDAPProperties.WhenCreated))
}
});
}
/// <summary>
/// Reads specific LDAP properties related to GPOs
/// </summary>
/// <param name="entry"></param>
/// <returns></returns>
public static Dictionary <string, object> ReadGPOProperties(ISearchResultEntry entry)
{
var props = GetCommonProps(entry);
props.Add("gpcpath", entry.GetProperty(LDAPProperties.GPCFileSYSPath)?.ToUpper());
return(props);
}
/// <summary>
/// Attempts to parse all LDAP attributes outside of the ones already collected and converts them to a human readable
/// format using a best guess
/// </summary>
/// <param name="entry"></param>
private static Dictionary <string, object> ParseAllProperties(ISearchResultEntry entry)
{
var flag = IsTextUnicodeFlags.IS_TEXT_UNICODE_STATISTICS;
var props = new Dictionary <string, object>();
foreach (var property in entry.PropertyNames())
{
if (ReservedAttributes.Contains(property))
{
continue;
}
var collCount = entry.PropCount(property);
if (collCount == 0)
{
continue;
}
if (collCount == 1)
{
var testBytes = entry.GetByteProperty(property);
if (testBytes == null || testBytes.Length == 0 ||
!IsTextUnicode(testBytes, testBytes.Length, ref flag))
{
continue;
}
var testString = entry.GetProperty(property);
if (!string.IsNullOrEmpty(testString))
{
if (property == "badpasswordtime")
{
props.Add(property, Helpers.ConvertFileTimeToUnixEpoch(testString));
}
else
{
props.Add(property, BestGuessConvert(testString));
}
}
}
else
{
var arrBytes = entry.GetByteArrayProperty(property);
if (arrBytes.Length == 0 || !IsTextUnicode(arrBytes[0], arrBytes[0].Length, ref flag))
{
continue;
}
var arr = entry.GetArrayProperty(property);
if (arr.Length > 0)
{
props.Add(property, arr.Select(BestGuessConvert).ToArray());
}
}
}
return(props);
}
private async Task <OU> ProcessOUObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult)
{
var ret = new OU
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
ret.Properties.Add("highvalue", false);
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
ret.Properties = ContextUtils.Merge(ret.Properties, LDAPPropertyProcessor.ReadOUProperties(entry));
if (_context.Flags.CollectAllProperties)
{
ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry),
ret.Properties);
}
}
if ((_methods & ResolvedCollectionMethod.Container) != 0)
{
ret.ChildObjects = _containerProcessor.GetContainerChildObjects(resolvedSearchResult, entry).ToArray();
ret.Properties.Add("blocksinheritance",
ContainerProcessor.ReadBlocksInheritance(entry.GetProperty("gpoptions")));
ret.Links = _containerProcessor.ReadContainerGPLinks(resolvedSearchResult, entry).ToArray();
}
if ((_methods & ResolvedCollectionMethod.GPOLocalGroup) != 0)
{
var gplink = entry.GetProperty(LDAPProperties.GPLink);
ret.GPOChanges = await _gpoLocalGroupProcessor.ReadGPOLocalGroups(gplink, entry.DistinguishedName);
}
return(ret);
}
public static string GetDNSName(this ISearchResultEntry entry, string overrideDNSName)
{
var shortName = entry.GetProperty("samaccountname")?.TrimEnd('$');
var dns = entry.GetProperty("dnshostname");
var cn = entry.GetProperty("cn");
if (dns != null)
{
return(dns);
}
if (shortName == null && cn == null)
{
return($"UNKNOWN.{overrideDNSName}");
}
if (shortName != null)
{
return($"{shortName}.{overrideDNSName}");
}
return($"{cn}.{overrideDNSName}");
}
private async Task <User> ProcessUserObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult)
{
var ret = new User
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
var aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry);
var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership);
ret.Aces = aces.Concat(_aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.Group) != 0)
{
var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID);
ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId);
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
var userProps = await _ldapPropertyProcessor.ReadUserProperties(entry);
ret.Properties = ContextUtils.Merge(ret.Properties, userProps.Props);
ret.HasSIDHistory = userProps.SidHistory;
ret.AllowedToDelegate = userProps.AllowedToDelegate;
}
if ((_methods & ResolvedCollectionMethod.SPNTargets) != 0)
{
var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames);
var targets = new List <SPNPrivilege>();
var enumerator = _spnProcessor.ReadSPNTargets(spn, entry.DistinguishedName)
.GetAsyncEnumerator(_cancellationToken);
while (await enumerator.MoveNextAsync())
{
targets.Add(enumerator.Current);
}
ret.SPNTargets = targets.ToArray();
}
return(ret);
}
/// <summary>
/// Reads specific LDAP properties related to Domains
/// </summary>
/// <param name="entry"></param>
/// <returns></returns>
public static Dictionary <string, object> ReadDomainProperties(ISearchResultEntry entry)
{
var props = GetCommonProps(entry);
if (!int.TryParse(entry.GetProperty(LDAPProperties.DomainFunctionalLevel), out var level))
{
level = -1;
}
props.Add("functionallevel", FunctionalLevelToString(level));
return(props);
}
/// <summary>
/// Reads specific LDAP properties related to Groups
/// </summary>
/// <param name="entry"></param>
/// <returns></returns>
public static Dictionary <string, object> ReadGroupProperties(ISearchResultEntry entry)
{
var props = GetCommonProps(entry);
var ac = entry.GetProperty(LDAPProperties.AdminCount);
if (ac != null)
{
var a = int.Parse(ac);
props.Add("admincount", a != 0);
}
else
{
props.Add("admincount", false);
}
return(props);
}
private async Task <Domain> ProcessDomainObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult)
{
var ret = new Domain
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.Trusts) != 0)
{
ret.Trusts = _domainTrustProcessor.EnumerateDomainTrusts(resolvedSearchResult.Domain).ToArray();
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
ret.Properties = ContextUtils.Merge(ret.Properties, LDAPPropertyProcessor.ReadDomainProperties(entry));
}
if ((_methods & ResolvedCollectionMethod.Container) != 0)
{
ret.ChildObjects = _containerProcessor.GetContainerChildObjects(resolvedSearchResult, entry).ToArray();
ret.Links = _containerProcessor.ReadContainerGPLinks(resolvedSearchResult, entry).ToArray();
}
if ((_methods & ResolvedCollectionMethod.GPOLocalGroup) != 0)
{
var gplink = entry.GetProperty(LDAPProperties.GPLink);
ret.GPOChanges = await _gpoLocalGroupProcessor.ReadGPOLocalGroups(gplink, entry.DistinguishedName);
}
return(ret);
}
private Group ProcessGroupObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult)
{
var ret = new Group
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
ret.Properties.Add("highvalue", IsHighValueGroup(resolvedSearchResult.ObjectId));
ret.Properties.Add("samaccountname", entry.GetProperty(LDAPProperties.SAMAccountName));
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.Group) != 0)
{
ret.Members = _groupProcessor
.ReadGroupMembers(resolvedSearchResult, entry)
.ToArray();
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
var groupProps = LDAPPropertyProcessor.ReadGroupProperties(entry);
ret.Properties = ContextUtils.Merge(ret.Properties, groupProps);
if (_context.Flags.CollectAllProperties)
{
ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry),
ret.Properties);
}
}
return(ret);
}
/// <summary>
/// Reads specific LDAP properties related to Computers
/// </summary>
/// <param name="entry"></param>
/// <returns></returns>
public async Task <ComputerProperties> ReadComputerProperties(ISearchResultEntry entry)
{
var compProps = new ComputerProperties();
var props = GetCommonProps(entry);
var uac = entry.GetProperty(LDAPProperties.UserAccountControl);
bool enabled, unconstrained, trustedToAuth;
if (int.TryParse(uac, out var flag))
{
var flags = (UacFlags)flag;
enabled = (flags & UacFlags.AccountDisable) == 0;
unconstrained = (flags & UacFlags.TrustedForDelegation) == UacFlags.TrustedForDelegation;
trustedToAuth = (flags & UacFlags.TrustedToAuthForDelegation) != 0;
}
else
{
unconstrained = false;
enabled = true;
trustedToAuth = false;
}
var domain = Helpers.DistinguishedNameToDomain(entry.DistinguishedName);
var comps = new List <TypedPrincipal>();
if (trustedToAuth)
{
var delegates = entry.GetArrayProperty(LDAPProperties.AllowedToDelegateTo);
props.Add("allowedtodelegate", delegates);
foreach (var d in delegates)
{
var hname = d.Contains("/") ? d.Split('/')[1] : d;
hname = hname.Split(':')[0];
var resolvedHost = await _utils.ResolveHostToSid(hname, domain);
if (resolvedHost != null && (resolvedHost.Contains(".") || resolvedHost.Contains("S-1")))
{
comps.Add(new TypedPrincipal
{
ObjectIdentifier = resolvedHost,
ObjectType = Label.Computer
});
}
}
}
compProps.AllowedToDelegate = comps.Distinct().ToArray();
var allowedToActPrincipals = new List <TypedPrincipal>();
var rawAllowedToAct = entry.GetByteProperty(LDAPProperties.AllowedToActOnBehalfOfOtherIdentity);
if (rawAllowedToAct != null)
{
var sd = _utils.MakeSecurityDescriptor();
sd.SetSecurityDescriptorBinaryForm(rawAllowedToAct, AccessControlSections.Access);
foreach (var rule in sd.GetAccessRules(true, true, typeof(SecurityIdentifier)))
{
var res = _utils.ResolveIDAndType(rule.IdentityReference(), domain);
allowedToActPrincipals.Add(res);
}
}
compProps.AllowedToAct = allowedToActPrincipals.ToArray();
props.Add("enabled", enabled);
props.Add("unconstraineddelegation", unconstrained);
props.Add("trustedtoauth", trustedToAuth);
props.Add("lastlogon", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogon)));
props.Add("lastlogontimestamp",
Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogonTimestamp)));
props.Add("pwdlastset", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.PasswordLastSet)));
props.Add("serviceprincipalnames", entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames));
var os = entry.GetProperty(LDAPProperties.OperatingSystem);
var sp = entry.GetProperty(LDAPProperties.ServicePack);
if (sp != null)
{
os = $"{os} {sp}";
}
props.Add("operatingsystem", os);
var sh = entry.GetByteArrayProperty(LDAPProperties.SIDHistory);
var sidHistoryList = new List <string>();
var sidHistoryPrincipals = new List <TypedPrincipal>();
foreach (var sid in sh)
{
string sSid;
try
{
sSid = new SecurityIdentifier(sid, 0).Value;
}
catch
{
continue;
}
sidHistoryList.Add(sSid);
var res = _utils.ResolveIDAndType(sSid, domain);
sidHistoryPrincipals.Add(res);
}
compProps.SidHistory = sidHistoryPrincipals.ToArray();
props.Add("sidhistory", sidHistoryList.ToArray());
compProps.Props = props;
return(compProps);
}
/// <summary>
/// Reads specific LDAP properties related to Users
/// </summary>
/// <param name="entry"></param>
/// <returns></returns>
public async Task <UserProperties> ReadUserProperties(ISearchResultEntry entry)
{
var userProps = new UserProperties();
var props = GetCommonProps(entry);
var uac = entry.GetProperty(LDAPProperties.UserAccountControl);
bool enabled, trustedToAuth, sensitive, dontReqPreAuth, passwdNotReq, unconstrained, pwdNeverExpires;
if (int.TryParse(uac, out var flag))
{
var flags = (UacFlags)flag;
enabled = (flags & UacFlags.AccountDisable) == 0;
trustedToAuth = (flags & UacFlags.TrustedToAuthForDelegation) != 0;
sensitive = (flags & UacFlags.NotDelegated) != 0;
dontReqPreAuth = (flags & UacFlags.DontReqPreauth) != 0;
passwdNotReq = (flags & UacFlags.PasswordNotRequired) != 0;
unconstrained = (flags & UacFlags.TrustedForDelegation) != 0;
pwdNeverExpires = (flags & UacFlags.DontExpirePassword) != 0;
}
else
{
trustedToAuth = false;
enabled = true;
sensitive = false;
dontReqPreAuth = false;
passwdNotReq = false;
unconstrained = false;
pwdNeverExpires = false;
}
props.Add("sensitive", sensitive);
props.Add("dontreqpreauth", dontReqPreAuth);
props.Add("passwordnotreqd", passwdNotReq);
props.Add("unconstraineddelegation", unconstrained);
props.Add("pwdneverexpires", pwdNeverExpires);
props.Add("enabled", enabled);
props.Add("trustedtoauth", trustedToAuth);
var domain = Helpers.DistinguishedNameToDomain(entry.DistinguishedName);
var comps = new List <TypedPrincipal>();
if (trustedToAuth)
{
var delegates = entry.GetArrayProperty(LDAPProperties.AllowedToDelegateTo);
props.Add("allowedtodelegate", delegates);
foreach (var d in delegates)
{
if (d == null)
{
continue;
}
var resolvedHost = await _utils.ResolveHostToSid(d, domain);
if (resolvedHost != null && (resolvedHost.Contains(".") || resolvedHost.Contains("S-1")))
{
comps.Add(new TypedPrincipal
{
ObjectIdentifier = resolvedHost,
ObjectType = Label.Computer
});
}
}
}
userProps.AllowedToDelegate = comps.Distinct().ToArray();
props.Add("lastlogon", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogon)));
props.Add("lastlogontimestamp",
Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogonTimestamp)));
props.Add("pwdlastset", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.PasswordLastSet)));
var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames);
props.Add("serviceprincipalnames", spn);
props.Add("hasspn", spn.Length > 0);
props.Add("displayname", entry.GetProperty(LDAPProperties.DisplayName));
props.Add("email", entry.GetProperty(LDAPProperties.Email));
props.Add("title", entry.GetProperty(LDAPProperties.Title));
props.Add("homedirectory", entry.GetProperty(LDAPProperties.HomeDirectory));
props.Add("userpassword", entry.GetProperty(LDAPProperties.UserPassword));
props.Add("unixpassword", entry.GetProperty(LDAPProperties.UnixUserPassword));
props.Add("unicodepassword", entry.GetProperty(LDAPProperties.UnicodePassword));
props.Add("sfupassword", entry.GetProperty(LDAPProperties.MsSFU30Password));
var ac = entry.GetProperty(LDAPProperties.AdminCount);
if (ac != null)
{
if (int.TryParse(ac, out var parsed))
{
props.Add("admincount", parsed != 0);
}
else
{
props.Add("admincount", false);
}
}
else
{
props.Add("admincount", false);
}
var sh = entry.GetByteArrayProperty(LDAPProperties.SIDHistory);
var sidHistoryList = new List <string>();
var sidHistoryPrincipals = new List <TypedPrincipal>();
foreach (var sid in sh)
{
string sSid;
try
{
sSid = new SecurityIdentifier(sid, 0).Value;
}
catch
{
continue;
}
sidHistoryList.Add(sSid);
var res = _utils.ResolveIDAndType(sSid, domain);
sidHistoryPrincipals.Add(res);
}
userProps.SidHistory = sidHistoryPrincipals.Distinct().ToArray();
props.Add("sidhistory", sidHistoryList.ToArray());
userProps.Props = props;
return(userProps);
}
private async Task <Computer> ProcessComputerObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult, Channel <CSVComputerStatus> compStatusChannel)
{
var ret = new Computer
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
ret.Properties.Add("highvalue", false);
ret.Properties.Add("samaccountname", entry.GetProperty(LDAPProperties.SAMAccountName));
var hasLaps = entry.HasLAPS();
ret.Properties.Add("haslaps", hasLaps);
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.Group) != 0)
{
var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID);
ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId);
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
var computerProps = await _ldapPropertyProcessor.ReadComputerProperties(entry);
ret.Properties = ContextUtils.Merge(ret.Properties, computerProps.Props);
if (_context.Flags.CollectAllProperties)
{
ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry),
ret.Properties);
}
ret.AllowedToDelegate = computerProps.AllowedToDelegate;
ret.AllowedToAct = computerProps.AllowedToAct;
ret.HasSIDHistory = computerProps.SidHistory;
}
if (!_methods.IsComputerCollectionSet())
{
return(ret);
}
var apiName = _context.RealDNSName != null
? entry.GetDNSName(_context.RealDNSName)
: resolvedSearchResult.DisplayName;
var availability = await _computerAvailability.IsComputerAvailable(resolvedSearchResult, entry);
if (!availability.Connectable)
{
await compStatusChannel.Writer.WriteAsync(availability.GetCSVStatus(resolvedSearchResult.DisplayName),
_cancellationToken);
return(ret);
}
var samAccountName = entry.GetProperty(LDAPProperties.SAMAccountName)?.TrimEnd('$');
if ((_methods & ResolvedCollectionMethod.Session) != 0)
{
var sessionResult = await _computerSessionProcessor.ReadUserSessions(apiName,
resolvedSearchResult.ObjectId, resolvedSearchResult.Domain);
ret.Sessions = sessionResult;
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = sessionResult.Collected ? StatusSuccess : sessionResult.FailureReason,
Task = "NetSessionEnum",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if ((_methods & ResolvedCollectionMethod.LoggedOn) != 0)
{
var privSessionResult = _computerSessionProcessor.ReadUserSessionsPrivileged(apiName,
samAccountName, resolvedSearchResult.ObjectId);
ret.PrivilegedSessions = privSessionResult;
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = privSessionResult.Collected ? StatusSuccess : privSessionResult.FailureReason,
Task = "NetWkstaUserEnum",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
var registrySessionResult = _computerSessionProcessor.ReadUserSessionsRegistry(apiName,
resolvedSearchResult.Domain, resolvedSearchResult.ObjectId);
ret.RegistrySessions = registrySessionResult;
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = privSessionResult.Collected ? StatusSuccess : privSessionResult.FailureReason,
Task = "RegistrySessions",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if (!_methods.IsLocalGroupCollectionSet())
{
return(ret);
}
try
{
using var server = new SAMRPCServer(resolvedSearchResult.DisplayName, samAccountName,
resolvedSearchResult.ObjectId, resolvedSearchResult.Domain);
if ((_methods & ResolvedCollectionMethod.LocalAdmin) != 0)
{
ret.LocalAdmins = server.GetLocalGroupMembers((int)LocalGroupRids.Administrators);
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = ret.LocalAdmins.Collected ? StatusSuccess : ret.LocalAdmins.FailureReason,
Task = "AdminLocalGroup",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if ((_methods & ResolvedCollectionMethod.DCOM) != 0)
{
ret.DcomUsers = server.GetLocalGroupMembers((int)LocalGroupRids.DcomUsers);
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = ret.DcomUsers.Collected ? StatusSuccess : ret.DcomUsers.FailureReason,
Task = "DCOMLocalGroup",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if ((_methods & ResolvedCollectionMethod.PSRemote) != 0)
{
ret.PSRemoteUsers = server.GetLocalGroupMembers((int)LocalGroupRids.PSRemote);
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = ret.PSRemoteUsers.Collected ? StatusSuccess : ret.PSRemoteUsers.FailureReason,
Task = "PSRemoteLocalGroup",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if ((_methods & ResolvedCollectionMethod.RDP) != 0)
{
ret.RemoteDesktopUsers = server.GetLocalGroupMembers((int)LocalGroupRids.RemoteDesktopUsers);
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = ret.RemoteDesktopUsers.Collected
? StatusSuccess
: ret.RemoteDesktopUsers.FailureReason,
Task = "RDPLocalGroup",
ComputerName = resolvedSearchResult.DisplayName
});
}
}
}
catch (Exception e)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = e.ToString(),
ComputerName = resolvedSearchResult.DisplayName,
Task = "SAMRPCServerInit"
}, _cancellationToken);
ret.DcomUsers = new LocalGroupAPIResult
{
Collected = false,
FailureReason = "SAMRPCServerInit Failed"
};
ret.PSRemoteUsers = new LocalGroupAPIResult
{
Collected = false,
FailureReason = "SAMRPCServerInit Failed"
};
ret.LocalAdmins = new LocalGroupAPIResult
{
Collected = false,
FailureReason = "SAMRPCServerInit Failed"
};
ret.RemoteDesktopUsers = new LocalGroupAPIResult
{
Collected = false,
FailureReason = "SAMRPCServerInit Failed"
};
}
return(ret);
}
public IEnumerable <GPLink> ReadContainerGPLinks(ResolvedSearchResult result, ISearchResultEntry entry)
{
var links = entry.GetProperty(LDAPProperties.GPLink);
return(ReadContainerGPLinks(links));
}
