public GraphObjectReference ExportData(List <string> UsersToInvestigate) { ADDomainInfo domainInfo = null; RelationFactory relationFactory = null; GraphObjectReference objectReference = null; DisplayAdvancement("Getting domain information (" + Server + ")"); using (ADWebService adws = new ADWebService(Server, Port, Credential)) { domainInfo = GetDomainInformation(adws); Storage.Initialize(domainInfo); Trace.WriteLine("Creating new relation factory"); relationFactory = new RelationFactory(Storage, domainInfo, Credential); DisplayAdvancement("Exporting objects from Active Directory"); objectReference = new GraphObjectReference(domainInfo); ExportReportData(adws, domainInfo, relationFactory, Storage, objectReference, UsersToInvestigate); } DisplayAdvancement("Inserting relations between nodes in the database"); Trace.WriteLine("Inserting relations on hold"); Storage.InsertRelationOnHold(); Trace.WriteLine("Add trusted domains"); AddTrustedDomains(Storage); Trace.WriteLine("Done"); DisplayAdvancement("Export completed"); DisplayAdvancement("Doing the analysis"); return(objectReference); }
private ADDomainInfo GetDomainInformation(ADWebService adws) { ADDomainInfo domainInfo = null; domainInfo = adws.DomainInfo; if (adws.useLdap) { Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("Performance warning: using LDAP instead of ADWS"); Console.ResetColor(); } // adding the domain sid string[] properties = new string[] { "objectSid", }; WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { domainInfo.DomainSid = aditem.ObjectSid; }; adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=domain)(distinguishedName=" + domainInfo.DefaultNamingContext + "))", properties, callback); // adding the domain Netbios name string[] propertiesNetbios = new string[] { "nETBIOSName" }; adws.Enumerate("CN=Partitions," + domainInfo.ConfigurationNamingContext, "(&(objectCategory=crossRef)(systemFlags:1.2.840.113556.1.4.803:=3)(nETBIOSName=*)(nCName=" + domainInfo.DefaultNamingContext + "))", propertiesNetbios, (ADItem aditem) => { domainInfo.NetBIOSName = aditem.NetBIOSName; } , "OneLevel"); return(domainInfo); }
int AnalyzeMissingObjets(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, LiveDataStorage Storage) { int num = 0; while (true) { List <string> cns = Storage.GetCNToInvestigate(); if (cns.Count > 0) { num += cns.Count; ExportCNData(adws, domainInfo, relationFactory, cns); } List <string> sids = Storage.GetSIDToInvestigate(); if (sids.Count > 0) { num += sids.Count; ExportSIDData(adws, domainInfo, relationFactory, sids); } List <int> primaryGroupId = Storage.GetPrimaryGroupIDToInvestigate(); if (primaryGroupId.Count > 0) { num += primaryGroupId.Count; ExportPrimaryGroupData(adws, domainInfo, relationFactory, primaryGroupId); } if (cns.Count == 0 && sids.Count == 0 && primaryGroupId.Count == 0) { return(num); } } }
private void BuildUserList(ADWebService adws, ADDomainInfo domainInfo) { UsersToMatch = new List <KeyValuePair <SecurityIdentifier, string> >(); if (UserList.Count == 0) { UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(new SecurityIdentifier("S-1-1-0"), "Everyone")); UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(new SecurityIdentifier("S-1-5-11"), "Authenticated Users")); UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(new SecurityIdentifier(domainInfo.DomainSid.Value + "-513"), "Domain Users")); UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(new SecurityIdentifier(domainInfo.DomainSid.Value + "-515"), "Domain Computers")); return; } foreach (var user in UserList) { var aditem = Search(adws, domainInfo, user); if (aditem == null) { DisplayAdvancement(user + " was not found"); continue; } if (aditem.ObjectSid == null) { DisplayAdvancement(user + " has been found but it is not an object with a SID and thus cannot be searched for"); continue; } UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(aditem.ObjectSid, user)); } if (UsersToMatch.Count == 0) { throw new PingCastleException("The scanner has not ACL to search for"); } }
public ExportDataFromActiveDirectoryLive(ADDomainInfo domainInfo, ADWebService adws, NetworkCredential credential) { this.domainInfo = domainInfo; this.adws = adws; Credential = credential; Storage = new LiveDataStorage(); }
public void Export(string filename) { ADDomainInfo domainInfo = null; using (ADWebService adws = new ADWebService(Server, Port, Credential)) { domainInfo = adws.DomainInfo; DisplayAdvancement("Iterating through user objects (all except disabled ones)"); string[] properties = new string[] { "DistinguishedName", "sAMAccountName", "userAccountControl", "whenCreated", "lastLogonTimestamp", }; using (var sw = File.CreateText(filename)) { sw.WriteLine("SAMAccountName\tDN\tWhen Created\tLast Logon Timestamp"); WorkOnReturnedObjectByADWS callback = (ADItem x) => { sw.WriteLine(x.SAMAccountName + "\t" + x.DistinguishedName + "\t" + x.WhenCreated.ToString("u") + "\t" + x.LastLogonTimestamp.ToString("u") + "\t" + x.PwdLastSet.ToString("u")); }; adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(sAMAccountName=krbtgt)))", properties, callback); } DisplayAdvancement("Done"); } }
void CheckFilePermissionWithPath(ADDomainInfo domainInfo, StreamWriter sw, string path) { if (!Directory.Exists(path)) { return; } var dirs = new List <string>(Directory.GetDirectories(path, "*", SearchOption.AllDirectories)); dirs.Insert(0, path); foreach (var dirname in dirs) { try { AnalyzeAccessControl(sw, Directory.GetAccessControl(dirname), dirname, (path == dirname)); } catch (Exception) { } } foreach (var filename in Directory.GetFiles(path, "*.*", SearchOption.AllDirectories)) { try { AnalyzeAccessControl(sw, File.GetAccessControl(filename), filename, false); } catch (Exception) { } } }
List <string> GetListOfComputerToExplore() { ADDomainInfo domainInfo = null; List <string> computers = new List <string>(); using (ADWebService adws = new ADWebService(Server, Port, Credential)) { domainInfo = adws.DomainInfo; string[] properties = new string[] { "dNSHostName", "primaryGroupID" }; WorkOnReturnedObjectByADWS callback = (ADItem x) => { computers.Add(x.DNSHostName); }; string filterClause = null; switch (ScanningMode) { case 3: filterClause = "(!(operatingSystem=*server*))"; break; case 4: filterClause = "(operatingSystem=*server*)"; break; } adws.Enumerate(domainInfo.DefaultNamingContext, "(&(ObjectCategory=computer)" + filterClause + "(!userAccountControl:1.2.840.113556.1.4.803:=2)(lastLogonTimeStamp>=" + DateTime.Now.AddDays(-60).ToFileTimeUtc() + "))", properties, callback); } return(computers); }
public void Initialize(ADDomainInfo domainInfo) { databaseInformation["EngineVersion"] = Assembly.GetExecutingAssembly().GetName().Version.ToString(); databaseInformation["Date"] = DateTime.Now.ToUniversalTime().ToString("yyyy-MM-dd HH:mm:ss"); databaseInformation["DomainName"] = domainInfo.DomainName; databaseInformation["DefaultNamingContext"] = domainInfo.DefaultNamingContext; databaseInformation["DomainSid"] = domainInfo.DomainSid.Value; }
private void ExportReportData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> UsersToInvestigate) { List <string> sids = new List <string> { "S-1-5-32-548", "S-1-5-32-544", domainInfo.DomainSid.Value + "-512", domainInfo.DomainSid.Value + "-519", domainInfo.DomainSid.Value + "-518", domainInfo.DomainSid.Value + "-500", "S-1-5-32-551", domainInfo.DomainSid.Value + "-517", "S-1-5-32-569", domainInfo.DomainSid.Value + "-516", domainInfo.DomainSid.Value + "-498", domainInfo.DomainSid.Value + "-520", "S-1-5-32-557", domainInfo.DomainSid.Value + "-502", "S-1-5-32-556", "S-1-5-32-554", "S-1-5-32-550", domainInfo.DomainSid.Value, domainInfo.DomainSid.Value + "-521", "S-1-5-32-549", }; ADItem aditem = null; foreach (string sid in sids) { aditem = Search(adws, domainInfo, sid); if (aditem != null) { relationFactory.AnalyzeADObject(aditem); } else { Trace.WriteLine("Unable to find the user: "******"Unable to find the user: " + user); } } AnalyzeMissingObjets(adws, domainInfo, relationFactory); relationFactory.InsertFiles(); AnalyzeMissingObjets(adws, domainInfo, relationFactory); }
private ADItem Search(ADWebService adws, ADDomainInfo domainInfo, string userName) { ADItem output = null; WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { output = aditem; }; if (userName.StartsWith("S-1-5")) { adws.Enumerate(domainInfo.DefaultNamingContext, "(objectSid=" + ADConnection.EncodeSidToString(userName) + ")", properties, callback); if (output != null) { return(output); } } if (userName.StartsWith("CN=") && userName.EndsWith(domainInfo.DefaultNamingContext)) { adws.Enumerate(domainInfo.DefaultNamingContext, "(distinguishedName=" + ADConnection.EscapeLDAP(userName) + ")", properties, callback); if (output != null) { return(output); } } if (userName.Length <= 20) { adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + ADConnection.EscapeLDAP(userName) + "))", properties, callback); if (output != null) { return(output); } } adws.Enumerate(domainInfo.DefaultNamingContext, "(cn=" + ADConnection.EscapeLDAP(userName) + ")", properties, callback); if (output != null) { return(output); } adws.Enumerate(domainInfo.DefaultNamingContext, "(displayName=" + ADConnection.EscapeLDAP(userName) + ")", properties, callback); if (output != null) { return(output); } return(output); }
private void EnrichDomainInfo(ADWebService adws, ADDomainInfo domainInfo) { // adding the domain sid string[] properties = new string[] { "objectSid", }; WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { domainInfo.DomainSid = aditem.ObjectSid; }; adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=domain)(distinguishedName=" + domainInfo.DefaultNamingContext + "))", properties, callback); }
public GraphObjectReference(ADDomainInfo data) { Objects = new Dictionary <CompromiseGraphDataTypology, List <GraphSingleObject> >() { { CompromiseGraphDataTypology.PrivilegedAccount, new List <GraphSingleObject>() { new GraphSingleObject("S-1-5-32-544", "Administrators", CompromiseGraphDataObjectRisk.Critical), new GraphSingleObject("S-1-5-32-548", "Account Operators", CompromiseGraphDataObjectRisk.High), new GraphSingleObject("S-1-5-32-549", "Server Operators", CompromiseGraphDataObjectRisk.High), new GraphSingleObject("S-1-5-32-550", "Print Operators", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject("S-1-5-32-551", "Backup Operators", CompromiseGraphDataObjectRisk.High), new GraphSingleObject("S-1-5-32-569", "Certificate Operators", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject("S-1-5-32-552", "Replicator", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject(data.DomainSid.Value + "-500", "Administrator", CompromiseGraphDataObjectRisk.Critical), new GraphSingleObject(data.DomainSid.Value + "-512", "Domain Administrators", CompromiseGraphDataObjectRisk.Critical), new GraphSingleObject(data.DomainSid.Value + "-517", "Certificate Publishers"), new GraphSingleObject(data.DomainSid.Value + "-518", "Schema Administrators", CompromiseGraphDataObjectRisk.Critical), new GraphSingleObject(data.DomainSid.Value + "-519", "Enterprise Administrators", CompromiseGraphDataObjectRisk.Critical), new GraphSingleObject(data.DomainSid.Value + "-526", "Key Administrators", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject(data.DomainSid.Value + "-527", "Enterprise Key Administrators", CompromiseGraphDataObjectRisk.Medium), } }, { CompromiseGraphDataTypology.Infrastructure, new List <GraphSingleObject>() { new GraphSingleObject(data.DomainSid.Value, "Domain Root", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject(data.DomainSid.Value + "-498", "Enterprise Read Only Domain Controllers"), new GraphSingleObject(data.DomainSid.Value + "-502", "Krbtgt account", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject(data.DomainSid.Value + "-516", "Domain Controllers", CompromiseGraphDataObjectRisk.Critical), new GraphSingleObject(data.DomainSid.Value + "-520", "Group Policy Creator Owners", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject(data.DomainSid.Value + "-521", "Read Only Domain Controllers", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject("CN=Builtin," + data.DefaultNamingContext, "Builtin OU", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject("CN=Users," + data.DefaultNamingContext, "Users container", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject("CN=Computers," + data.DefaultNamingContext, "Computers container", CompromiseGraphDataObjectRisk.Medium), new GraphSingleObject("CN=NTAuthCertificates,CN=Public Key Services,CN=Services," + data.ConfigurationNamingContext, "Certificate store", CompromiseGraphDataObjectRisk.Medium), } }, { CompromiseGraphDataTypology.UserDefined, new List <GraphSingleObject>() { } }, }; foreach (var typology in Objects.Keys) { Objects[typology].Sort((GraphSingleObject a, GraphSingleObject b) => { return(String.Compare(a.Description, b.Description)); }); } TechnicalObjects = new List <string>(); TechnicalObjects.Add(data.DomainSid.Value + "-525"); }
private void ExportSIDData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> sids) { WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { relationFactory.AnalyzeADObject(aditem); }; foreach (string sid in sids) { adws.Enumerate(domainInfo.DefaultNamingContext, "(objectSid=" + ADConnection.EncodeSidToString(sid) + ")", properties, callback); } }
private void ExportCNData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> cns) { WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { relationFactory.AnalyzeADObject(aditem); }; foreach (string cn in cns) { adws.Enumerate(domainInfo.DefaultNamingContext, "(distinguishedName=" + ADConnection.EscapeLDAP(cn) + ")", properties, callback); } }
private void ExportPrimaryGroupData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <int> primaryGroupIDs) { WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { relationFactory.AnalyzeADObject(aditem); }; foreach (int id in primaryGroupIDs) { adws.Enumerate(domainInfo.DefaultNamingContext, "(primaryGroupID=" + id + ")", properties, callback); } }
private void ExportReportData(ADWebService adws, ADDomainInfo domainInfo, IRelationFactory relationFactory, IDataStorage storage, GraphObjectReference objectReference, List <string> UsersToInvestigate) { ADItem aditem = null; foreach (var typology in objectReference.Objects.Keys) { var toDelete = new List <GraphSingleObject>(); foreach (var obj in objectReference.Objects[typology]) { DisplayAdvancement("Working on " + obj.Description); aditem = Search(adws, domainInfo, obj.Name); if (aditem != null) { relationFactory.AnalyzeADObject(aditem); } else { Trace.WriteLine("Unable to find the user: "******"Working on " + user); aditem = Search(adws, domainInfo, user); if (aditem != null) { string userKey = user; if (aditem.ObjectSid != null) { userKey = aditem.ObjectSid.Value; } objectReference.Objects[Data.CompromiseGraphDataTypology.UserDefined].Add(new GraphSingleObject(userKey, user)); relationFactory.AnalyzeADObject(aditem); } else { Trace.WriteLine("Unable to find the user: " + user); } } AnalyzeMissingObjets(adws, domainInfo, relationFactory, storage); }
private void ExportFilesData(ADWebService adws, ADDomainInfo domainInfo, IRelationFactory relationFactory, List <string> files) { if (Credential != null) { using (WindowsIdentity identity = NativeMethods.GetWindowsIdentityForUser(Credential, domainInfo.DnsHostName)) using (var context = identity.Impersonate()) { ExportFilesDataWithImpersonation(adws, domainInfo, relationFactory, files); context.Undo(); } } else { ExportFilesDataWithImpersonation(adws, domainInfo, relationFactory, files); } }
void PrepareDetailledData(ADDomainInfo domainInfo, HealthcheckData data, GraphObjectReference ObjectReference) { foreach (var typology in ObjectReference.Objects.Keys) { foreach (var obj in ObjectReference.Objects[typology]) { Trace.WriteLine("Analyzing " + obj.Description); ProduceReportFile(domainInfo, data, typology, obj.Risk, obj.Description, obj.Name); } } data.ControlPaths.Data.Sort( (SingleCompromiseGraphData a, SingleCompromiseGraphData b) => { return(string.Compare(a.Description, b.Description)); }); }
private ADItem Search(ADWebService adws, ADDomainInfo domainInfo, string userName) { ADItem output = null; string[] properties = new string[] { "distinguishedName", "displayName", "name", "objectSid", }; WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { output = aditem; }; if (userName.StartsWith("S-1-5")) { adws.Enumerate(domainInfo.DefaultNamingContext, "(objectSid=" + ADConnection.EncodeSidToString(userName) + ")", properties, callback); } adws.Enumerate(domainInfo.DefaultNamingContext, "(sAMAccountName=" + ADConnection.EscapeLDAP(userName) + ")", properties, callback); if (output != null) { return(output); } adws.Enumerate(domainInfo.DefaultNamingContext, "(cn=" + ADConnection.EscapeLDAP(userName) + ")", properties, callback); if (output != null) { return(output); } adws.Enumerate(domainInfo.DefaultNamingContext, "(displayName=" + ADConnection.EscapeLDAP(userName) + ")", properties, callback); if (output != null) { return(output); } return(output); }
public void Export(string filename) { ADDomainInfo domainInfo = null; DisplayAdvancement("Starting"); ADWebService.ConnectionType = ADConnectionType.LDAPOnly; using (ADWebService adws = new ADWebService(Server, Port, Credential)) { DisplayAdvancement("Connected"); domainInfo = adws.DomainInfo; DisplayAdvancement("Building a list of all OU"); var exploration = adws.BuildOUExplorationList(domainInfo.DefaultNamingContext, 10); int currentOU = 1; int error = 0; using (StreamWriter sw = File.CreateText(filename)) { sw.WriteLine("OU\tstatus"); foreach (var ou in exploration) { DisplayAdvancement(" * Exporting OU=" + ou.OU + "(" + currentOU++ + "/" + exploration.Count + ") Type:" + ou.Scope); try { adws.Enumerate(ou.OU, "(objectClass=*)", new string[] { "distinguishedName" }, (ADItem x) => { }, ou.Scope); sw.WriteLine(ou.OU + "\tOK"); } catch (DirectoryServicesCOMException ex) { if (ex.ExtendedError == 234) { error++; Console.ForegroundColor = ConsoleColor.Red; DisplayAdvancement("The OU " + ou.OU + " has a problem"); Console.ResetColor(); sw.WriteLine(ou.OU + "\tNot OK"); } } catch (Exception) { } } } DisplayAdvancement(error + " error(s) found"); } }
private void BuildDeletedObjects(ADDomainInfo domainInfo, CompromiseGraphData data, SingleCompromiseGraphData singleCompromiseData, Dictionary <int, Node> chartNodes) { singleCompromiseData.DeletedObjects = new List <SingleCompromiseGraphDeletedData>(); foreach (var node in chartNodes.Values) { if (String.Equals(node.Type, "foreignsecurityprincipal", StringComparison.InvariantCultureIgnoreCase)) { // ignore everything but deleted accounts if (node.Sid.StartsWith(domainInfo.DomainSid.Value + "-")) { singleCompromiseData.DeletedObjects.Add(new SingleCompromiseGraphDeletedData() { Sid = node.Sid, } ); } } } singleCompromiseData.NumberOfDeletedObjects = singleCompromiseData.DeletedObjects.Count; }
private void BuildPrivilegeData(ADDomainInfo domainInfo, HealthcheckData hcdata, SingleCompromiseGraphData singleCompromiseData, List <int> directNodes1, List <int> directNodes2) { var items = new List <ADItem>(); foreach (var id in directNodes1) { var node = storage.RetrieveNode(id); var item = node.ADItem; items.Add(item); } foreach (var id in directNodes2) { var node = storage.RetrieveNode(id); var item = node.ADItem; items.Add(item); } var groupData = AnalyzeGroupData(domainInfo.DnsHostName, singleCompromiseData.Description, items); hcdata.PrivilegedGroups.Add(groupData); }
public void PerformAnalyze(HealthcheckData data, ADDomainInfo domainInfo, ADWebService adws, PingCastleAnalyzerParameters parameters) { ExportDataFromActiveDirectoryLive export = new ExportDataFromActiveDirectoryLive(domainInfo, adws, parameters.Credential); var ObjectReference = export.ExportData(parameters.AdditionalNamesForDelegationAnalysis); storage = export.Storage; data.ControlPaths = new CompromiseGraphData(); data.ControlPaths.Data = new List <SingleCompromiseGraphData>(); data.PrivilegedGroups = new List <HealthCheckGroupData>(); data.AllPrivilegedMembers = new List <HealthCheckGroupMemberData>(); PrepareStopNodes(ObjectReference, domainInfo.DomainSid.Value); PrepareDetailledData(domainInfo, data, ObjectReference); PrepareDependancyGlobalData(data.ControlPaths); PrepareAnomalyAnalysisData(data.ControlPaths); PrepareAllPrivilegedMembers(data); }
public void ExportData(List <string> UsersToInvestigate) { ADDomainInfo domainInfo = null; RelationFactory relationFactory = null; DisplayAdvancement("Getting domain informations"); using (ADWebService adws = new ADWebService(Server, Port, Credential)) { domainInfo = GetDomainInformation(adws); Storage.Initialize(domainInfo); Trace.WriteLine("Creating new relation factory"); relationFactory = new RelationFactory(Storage, domainInfo, Credential); DisplayAdvancement("Exporting objects from Active Directory"); ExportReportData(adws, domainInfo, relationFactory, UsersToInvestigate); } DisplayAdvancement("Inserting relations between nodes in the database"); Trace.WriteLine("Inserting relations on hold"); Storage.InsertRelationOnHold(domainInfo.DnsHostName); Trace.WriteLine("Done"); DisplayAdvancement("Export completed"); }
List<string> GetListOfComputerToExplore() { ADDomainInfo domainInfo = null; List<string> computers = new List<string>(); using (ADWebService adws = new ADWebService(Server, Port, Credential)) { domainInfo = adws.DomainInfo; string[] properties = new string[] { "dNSHostName", "primaryGroupID" }; WorkOnReturnedObjectByADWS callback = (ADItem x) => { computers.Add(x.DNSHostName); }; adws.Enumerate(domainInfo.DefaultNamingContext, "(&(ObjectCategory=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2)(lastLogonTimeStamp>=" + DateTime.Now.AddDays(-40).ToFileTimeUtc() + "))", properties, callback); } return computers; }
private ADDomainInfo GetDomainInformation(ADWebService adws) { ADDomainInfo domainInfo = null; domainInfo = adws.DomainInfo; if (adws.useLdap) { Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("Performance warning: using LDAP instead of ADWS"); Console.ResetColor(); } // adding the domain sid string[] properties = new string[] { "objectSid", }; WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { domainInfo.DomainSid = aditem.ObjectSid; }; adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=domain)(distinguishedName=" + domainInfo.DefaultNamingContext + "))", properties, callback); return(domainInfo); }
public RelationFactory(IDataStorage storage, ADDomainInfo domainInfo) { Storage = storage; DomainInfo = domainInfo; }
public RelationFactory(IDataStorage storage, ADDomainInfo domainInfo, NetworkCredential credential) { Storage = storage; DomainInfo = domainInfo; Credential = credential; }
public override void Export(string filename) { ADDomainInfo domainInfo = null; using (ADWebService adws = new ADWebService(Server, Port, Credential)) { domainInfo = adws.DomainInfo; int export = 0; using (StreamWriter sw = File.CreateText(filename)) { var header = new List <string>(); var hcprop = AddData.GetProperties(); header.Add("DistinguishedName"); header.Add("sAMAccountName"); header.Add("scriptPath"); header.Add("primaryGroupID"); header.Add("lastLogonTimestamp"); header.Add("pwdLastSet"); header.Add("whenCreated"); header.Add("objectClass"); header.Add("userAccountControl"); header.AddRange(hcprop); sw.WriteLine(string.Join("\t", header.ToArray())); WorkOnReturnedObjectByADWS callback = (ADItem x) => { var d = new AddData(); HealthcheckAnalyzer.ProcessAccountData(d, x, false); if ((++export % 500) == 0) { DisplayAdvancement("Exported: " + export); } var data = new List <string>(); data.Add(x.DistinguishedName); data.Add(x.SAMAccountName); data.Add(x.ScriptPath); data.Add(x.PrimaryGroupID.ToString()); data.Add(x.LastLogonTimestamp.ToString("u")); data.Add(x.PwdLastSet.ToString("u")); data.Add(x.WhenCreated.ToString("u")); data.Add(x.Class); data.Add(x.UserAccountControl.ToString()); foreach (var p in hcprop) { data.Add(d.PropertiesSet.Contains(p).ToString()); } sw.WriteLine(string.Join("\t", data.ToArray())); }; DisplayAdvancement("Starting"); adws.Enumerate(domainInfo.DefaultNamingContext, HealthcheckAnalyzer.userFilter, HealthcheckAnalyzer.userProperties, callback, "SubTree"); DisplayAdvancement("Done"); } } }