/// <summary> /// Reads specific LDAP properties related to Computers /// </summary> /// <param name="entry"></param> /// <returns></returns> public async Task <ComputerProperties> ReadComputerProperties(ISearchResultEntry entry) { var compProps = new ComputerProperties(); var props = GetCommonProps(entry); var uac = entry.GetProperty(LDAPProperties.UserAccountControl); bool enabled, unconstrained, trustedToAuth; if (int.TryParse(uac, out var flag)) { var flags = (UacFlags)flag; enabled = (flags & UacFlags.AccountDisable) == 0; unconstrained = (flags & UacFlags.TrustedForDelegation) == UacFlags.TrustedForDelegation; trustedToAuth = (flags & UacFlags.TrustedToAuthForDelegation) != 0; } else { unconstrained = false; enabled = true; trustedToAuth = false; } var domain = Helpers.DistinguishedNameToDomain(entry.DistinguishedName); var comps = new List <TypedPrincipal>(); if (trustedToAuth) { var delegates = entry.GetArrayProperty(LDAPProperties.AllowedToDelegateTo); props.Add("allowedtodelegate", delegates); foreach (var d in delegates) { var hname = d.Contains("/") ? d.Split('/')[1] : d; hname = hname.Split(':')[0]; var resolvedHost = await _utils.ResolveHostToSid(hname, domain); if (resolvedHost != null && (resolvedHost.Contains(".") || resolvedHost.Contains("S-1"))) { comps.Add(new TypedPrincipal { ObjectIdentifier = resolvedHost, ObjectType = Label.Computer }); } } } compProps.AllowedToDelegate = comps.Distinct().ToArray(); var allowedToActPrincipals = new List <TypedPrincipal>(); var rawAllowedToAct = entry.GetByteProperty(LDAPProperties.AllowedToActOnBehalfOfOtherIdentity); if (rawAllowedToAct != null) { var sd = _utils.MakeSecurityDescriptor(); sd.SetSecurityDescriptorBinaryForm(rawAllowedToAct, AccessControlSections.Access); foreach (var rule in sd.GetAccessRules(true, true, typeof(SecurityIdentifier))) { var res = _utils.ResolveIDAndType(rule.IdentityReference(), domain); allowedToActPrincipals.Add(res); } } compProps.AllowedToAct = allowedToActPrincipals.ToArray(); props.Add("enabled", enabled); props.Add("unconstraineddelegation", unconstrained); props.Add("trustedtoauth", trustedToAuth); props.Add("lastlogon", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogon))); props.Add("lastlogontimestamp", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogonTimestamp))); props.Add("pwdlastset", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.PasswordLastSet))); props.Add("serviceprincipalnames", entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames)); var os = entry.GetProperty(LDAPProperties.OperatingSystem); var sp = entry.GetProperty(LDAPProperties.ServicePack); if (sp != null) { os = $"{os} {sp}"; } props.Add("operatingsystem", os); var sh = entry.GetByteArrayProperty(LDAPProperties.SIDHistory); var sidHistoryList = new List <string>(); var sidHistoryPrincipals = new List <TypedPrincipal>(); foreach (var sid in sh) { string sSid; try { sSid = new SecurityIdentifier(sid, 0).Value; } catch { continue; } sidHistoryList.Add(sSid); var res = _utils.ResolveIDAndType(sSid, domain); sidHistoryPrincipals.Add(res); } compProps.SidHistory = sidHistoryPrincipals.ToArray(); props.Add("sidhistory", sidHistoryList.ToArray()); compProps.Props = props; return(compProps); }