public static List <User> GetDomainAdmins(Lib.Logger logger) { List <User> lstDas = new List <User>(); PrincipalContext PC = new PrincipalContext(ContextType.Domain); logger.TimestampInfo("Querying for active Domain Admins .."); GroupPrincipal GP = GroupPrincipal.FindByIdentity(PC, "Domain Admins"); foreach (UserPrincipal member in GP.Members) { if (member.Enabled == true) { User user = new User(); user.UserName = member.SamAccountName; user.DisplayName = member.DisplayName; lstDas.Add(user); } } return(lstDas); }
public static List <User> GetADAdmins(int count, Lib.Logger logger) { DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE"); string defaultNamingContext = (String)rootDSE.Properties["defaultNamingContext"].Value; List <User> lstDas = new List <User>(); string DomainPath = "LDAP://" + defaultNamingContext; DirectoryEntry searchRoot = new DirectoryEntry(DomainPath); DirectorySearcher search = new DirectorySearcher(searchRoot); //search.Filter = "(&(objectCategory=person)(objectClass=user)(adminCount=1)(badPwdCount<=3)(!samAccountName=krbtgt)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; search.Filter = "(&(objectCategory=person)(objectClass=user)(adminCount=1)(!samAccountName=krbtgt)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; search.SizeLimit = count * 5; SearchResult result; logger.TimestampInfo("Querying for active administrative users (adminCount=1) .."); SearchResultCollection resultCol = search.FindAll(); if (resultCol != null) { for (int counter = 0; counter < resultCol.Count; counter++) { string UserNameEmailString = string.Empty; result = resultCol[counter]; if (result.Properties.Contains("samaccountname")) { User objSurveyUsers = new User(); //Console.WriteLine((String)result.Properties["samaccountname"][0]); objSurveyUsers.UserName = (String)result.Properties["samaccountname"][0]; //objSurveyUsers.DisplayName = (String)result.Properties["displayname"][0]; lstDas.Add(objSurveyUsers); } } } return(lstDas.OrderBy(arg => Guid.NewGuid()).Take(count).ToList()); }
public static List <User> GetADUsers(int count, Lib.Logger logger, string dc = "", bool Enabled = true) { try { DateTime dt = DateTime.Now.AddDays(-7); long ftAccountExpires = dt.ToFileTime(); DirectorySearcher search = new DirectorySearcher(); DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE"); string defaultNamingContext = (String)rootDSE.Properties["defaultNamingContext"].Value; if (dc == "") { List <Computer> Dcs = GetDcs(); Random random = new Random(); int index = random.Next(Dcs.Count); logger.TimestampInfo(String.Format("Randomly Picked DC for LDAP queries {0}", Dcs[index].ComputerName)); DirectoryEntry searchRoot = new DirectoryEntry("LDAP://" + Dcs[index].Fqdn); search = new DirectorySearcher(searchRoot); } else { logger.TimestampInfo(String.Format("Using LogonServer {0} for LDAP queries", dc)); DirectoryEntry searchRoot = new DirectoryEntry("LDAP://" + dc); search = new DirectorySearcher(searchRoot); } List <User> lstADUsers = new List <User>(); string DomainPath = "LDAP://" + defaultNamingContext; // (!(userAccountControl:1.2.840.113556.1.4.803:=2)) - get active users only // badPwdCount<=3 minimize the risk of locking accounts if (Enabled) { search.Filter = "(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; } //if (Enabled) search.Filter = "(&(objectCategory=person)(objectClass=user)(lastLogon>=" + ftAccountExpires.ToString() + ")(badPwdCount<=3)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; //if (Enabled) search.Filter = "(&(objectCategory=person)(objectClass=user)(lastLogon>=" + ftAccountExpires.ToString() + ")(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; else { search.Filter = "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"; } search.PropertiesToLoad.Add("samaccountname"); search.PropertiesToLoad.Add("usergroup"); search.PropertiesToLoad.Add("displayname"); search.SizeLimit = count * 5; SearchResult result; if (Enabled) { logger.TimestampInfo("Querying for active domain users with badPwdCount <= 3.."); } else { logger.TimestampInfo("Querying for disabled domain users .."); } SearchResultCollection resultCol = search.FindAll(); if (resultCol != null) { for (int counter = 0; counter < resultCol.Count; counter++) { string UserNameEmailString = string.Empty; result = resultCol[counter]; if (result.Properties.Contains("samaccountname") && result.Properties.Contains("displayname")) { User objSurveyUsers = new User(); objSurveyUsers.UserName = (String)result.Properties["samaccountname"][0]; objSurveyUsers.DisplayName = (String)result.Properties["displayname"][0]; lstADUsers.Add(objSurveyUsers); } } } return(lstADUsers.OrderBy(arg => Guid.NewGuid()).Take(count).ToList()); } catch (Exception ex) { Console.WriteLine(ex); return(null); } }
public static List <Computer> GetADComputers(int count, Lib.Logger logger, string dc = "", string username = "", string password = "") { DateTime dt = DateTime.Now.AddDays(-1); long ftAccountExpires = dt.ToFileTime(); DirectorySearcher search = new DirectorySearcher(); if (dc == "") { List <Computer> Dcs = GetDcs(); Random random = new Random(); int index = random.Next(Dcs.Count); logger.TimestampInfo(String.Format("Randomly Picked DC for LDAP queries {0}", Dcs[index].ComputerName)); DirectoryEntry searchRoot = new DirectoryEntry(); if (!username.Equals("") && !password.Equals("")) { searchRoot = new DirectoryEntry("LDAP://" + Dcs[index].Fqdn, username, password); } else { searchRoot = new DirectoryEntry("LDAP://" + Dcs[index].Fqdn); } search = new DirectorySearcher(searchRoot); } else { logger.TimestampInfo(String.Format("Using {0} for LDAP queries", dc)); DirectoryEntry searchRoot = new DirectoryEntry(); if (!username.Equals("") && !password.Equals("")) { searchRoot = new DirectoryEntry("LDAP://" + dc, username, password); } else { searchRoot = new DirectoryEntry("LDAP://" + dc); } search = new DirectorySearcher(searchRoot); } List <Computer> lstADComputers = new List <Computer>(); search.Filter = "(&(objectClass=computer)(lastLogon>=" + ftAccountExpires.ToString() + "))"; search.PropertiesToLoad.Add("samaccountname"); search.PropertiesToLoad.Add("Name"); search.PropertiesToLoad.Add("DNSHostname"); search.SizeLimit = count * 5; SearchResult result; SearchResultCollection resultCol = search.FindAll(); if (resultCol != null) { //Console.WriteLine("Initial query obtained " + resultCol.Count.ToString() + " records;"); List <Task> tasklist = new List <Task>(); for (int counter = 0; counter < resultCol.Count; counter++) { try { result = resultCol[counter]; if (result.Properties.Contains("samaccountname") && result.Properties.Contains("DNSHostname")) { string Name = (String)result.Properties["Name"][0]; string dnshostname = (String)result.Properties["DNSHostname"][0]; if (!Name.ToUpper().Contains(Environment.MachineName.ToUpper())) { tasklist.Add(Task.Factory.StartNew(() => { //TODO: Firewalls may block ping. Instead of pinging, i should should resolve. //Console.WriteLine("[+] Trying to ping {0}", dnshostname); string ipv4 = PurpleSharp.Lib.Networking.PingHost(dnshostname); if (ipv4 != "") { TimeSpan interval = TimeSpan.FromSeconds(3); if (PurpleSharp.Lib.Networking.OpenPort(ipv4, 445, interval)) { Computer newhost = new Computer(); newhost.ComputerName = Name; newhost.IPv4 = ipv4; newhost.Fqdn = dnshostname; lstADComputers.Add(newhost); } } })); } } } catch { continue; } } Task.WaitAll(tasklist.ToArray()); } return(lstADComputers.OrderBy(arg => Guid.NewGuid()).Take(count).ToList()); }