public ImportProviderBitLocker(ImportSettingsBitLocker settings, ILogger <ImportProviderBitLocker> logger, IDirectory directory, IComputerPrincipalProviderBitLocker provider) : base(settings, logger, directory) { this.logger = logger; this.directory = directory; this.provider = provider; this.settings = settings; }
public ImportProviderLaps(ImportSettingsLaps settings, ILogger <ImportProviderLaps> logger, IDirectory directory, IComputerPrincipalProviderLaps provider) : base(settings, logger, directory) { this.logger = logger; this.directory = directory; this.provider = provider; this.settings = settings; }
protected ImportResults PerformComputerDiscovery(IComputerPrincipalProvider provider) { OUPrincipalMapping ou = new OUPrincipalMapping($"LDAP://{settings.ImportOU}", settings.ImportOU); ImportResults results = new ImportResults { DiscoveryErrors = new List <DiscoveryError>(), }; principalCache = new ConcurrentDictionary <SecurityIdentifier, ISecurityPrincipal>(); this.PerformComputerDiscovery(ou, provider, results.DiscoveryErrors); principalCache.Clear(); results.Targets = this.ConvertToTargets(ou); return(results); }
private void PerformComputerDiscovery(OUPrincipalMapping ou, IComputerPrincipalProvider principalProvider, List <DiscoveryError> discoveryErrors) { settings.CancellationToken.ThrowIfCancellationRequested(); foreach (SearchResult computer in this.GetComputersFromOU(ou.AdsPath, false, principalProvider)) { settings.CancellationToken.ThrowIfCancellationRequested(); string computerName = computer.GetPropertyString("msDS-PrincipalName"); try { this.OnItemProcessStart?.Invoke(this, new ImportProcessingEventArgs(computerName)); if (this.ShouldFilterComputer(computer)) { this.logger.LogTrace("Filtering computer {computer}", computerName); continue; } this.logger.LogTrace("Found computer {computer} in ou {ou}", computerName, ou.OUName); ComputerPrincipalMapping ce = new ComputerPrincipalMapping(computer, ou); ou.Computers.Add(ce); try { HashSet <SecurityIdentifier> principalsForComputer = new HashSet <SecurityIdentifier>(principalProvider.GetPrincipalsForComputer(computer, settings.FilterLocalAccounts)); this.logger.LogTrace("Got {number} principals from computer {computer}", principalsForComputer.Count, computerName); foreach (var principal in principalsForComputer) { settings.CancellationToken.ThrowIfCancellationRequested(); if (this.ShouldFilter(principal, out DiscoveryError filterReason)) { if (filterReason != null) { filterReason.Target = computerName; ce.DiscoveryErrors.Add(filterReason); this.logger.LogTrace("Filtering principal {principal} with reason: {reason}", principal.ToString(), filterReason); } } else { ce.Principals.Add(principal); } } } catch (OperationCanceledException) { return; } catch (Exception ex) { this.logger.LogTrace(ex, "Failed to get principals from computer {computer}", computerName); ce.HasError = true; ce.Exception = ex; ce.IsMissing = ex is ObjectNotFoundException; ce.DiscoveryErrors.Add(new DiscoveryError() { Target = computerName, Message = ex.Message, Type = DiscoveryErrorType.Error }); } if (ce.DiscoveryErrors.Count > 0) { discoveryErrors.AddRange(ce.DiscoveryErrors); } } finally { this.OnItemProcessFinish?.Invoke(this, new ImportProcessingEventArgs(computerName)); } } foreach (var childOU in this.GetOUs(ou.AdsPath, false)) { settings.CancellationToken.ThrowIfCancellationRequested(); this.logger.LogTrace("Found ou {ou}", childOU.GetPropertyString("distinguishedName")); OUPrincipalMapping childou = new OUPrincipalMapping(childOU, ou); ou.DescendantOUs.Add(childou); this.PerformComputerDiscovery(childou, principalProvider, discoveryErrors); } }
private IEnumerable <SearchResult> GetComputersFromOU(string adsPath, bool includeSubTree, IComputerPrincipalProvider provider) { string additionaFilter = string.Empty; if (this.settings.FilterDisabledComputers) { additionaFilter += "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"; } DirectorySearcher d = new DirectorySearcher { SearchRoot = new DirectoryEntry(adsPath), SearchScope = includeSubTree ? SearchScope.Subtree : SearchScope.OneLevel, Filter = $"(&(objectCategory=computer){additionaFilter})", PageSize = 1000, SecurityMasks = SecurityMasks.Dacl | SecurityMasks.Group | SecurityMasks.Owner }; HashSet <string> properties = new HashSet <string>(provider.ComputerPropertiesToGet, StringComparer.OrdinalIgnoreCase) { "distinguishedName", "samAccountName", "cn", "msDS-PrincipalName", "objectSid" }; if (this.settings.ExcludeConflictObjects) { properties.Add("CNF"); } d.PropertiesToLoad.AddRange(properties.ToArray()); SearchResultCollection resultCollection = d.FindAll(); foreach (SearchResult item in resultCollection) { yield return(item); } }