public GraphObjectReference ExportData(List <string> UsersToInvestigate)
{
ADDomainInfo domainInfo = null;
RelationFactory relationFactory = null;
GraphObjectReference objectReference = null;
DisplayAdvancement("Getting domain information (" + Server + ")");
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = GetDomainInformation(adws);
Storage.Initialize(domainInfo);
Trace.WriteLine("Creating new relation factory");
relationFactory = new RelationFactory(Storage, domainInfo, Credential);
DisplayAdvancement("Exporting objects from Active Directory");
objectReference = new GraphObjectReference(domainInfo);
ExportReportData(adws, domainInfo, relationFactory, Storage, objectReference, UsersToInvestigate);
}
DisplayAdvancement("Inserting relations between nodes in the database");
Trace.WriteLine("Inserting relations on hold");
Storage.InsertRelationOnHold();
Trace.WriteLine("Add trusted domains");
AddTrustedDomains(Storage);
Trace.WriteLine("Done");
DisplayAdvancement("Export completed");
DisplayAdvancement("Doing the analysis");
return(objectReference);
}
private ADDomainInfo GetDomainInformation(ADWebService adws)
{
ADDomainInfo domainInfo = null;
domainInfo = adws.DomainInfo;
if (adws.useLdap)
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("Performance warning: using LDAP instead of ADWS");
Console.ResetColor();
}
// adding the domain sid
string[] properties = new string[] { "objectSid", };
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
domainInfo.DomainSid = aditem.ObjectSid;
};
adws.Enumerate(domainInfo.DefaultNamingContext,
"(&(objectClass=domain)(distinguishedName=" + domainInfo.DefaultNamingContext + "))",
properties, callback);
// adding the domain Netbios name
string[] propertiesNetbios = new string[] { "nETBIOSName" };
adws.Enumerate("CN=Partitions," + domainInfo.ConfigurationNamingContext,
"(&(objectCategory=crossRef)(systemFlags:1.2.840.113556.1.4.803:=3)(nETBIOSName=*)(nCName=" + domainInfo.DefaultNamingContext + "))",
propertiesNetbios,
(ADItem aditem) =>
{
domainInfo.NetBIOSName = aditem.NetBIOSName;
}
, "OneLevel");
return(domainInfo);
}
int AnalyzeMissingObjets(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, LiveDataStorage Storage)
{
int num = 0;
while (true)
{
List <string> cns = Storage.GetCNToInvestigate();
if (cns.Count > 0)
{
num += cns.Count;
ExportCNData(adws, domainInfo, relationFactory, cns);
}
List <string> sids = Storage.GetSIDToInvestigate();
if (sids.Count > 0)
{
num += sids.Count;
ExportSIDData(adws, domainInfo, relationFactory, sids);
}
List <int> primaryGroupId = Storage.GetPrimaryGroupIDToInvestigate();
if (primaryGroupId.Count > 0)
{
num += primaryGroupId.Count;
ExportPrimaryGroupData(adws, domainInfo, relationFactory, primaryGroupId);
}
if (cns.Count == 0 && sids.Count == 0 && primaryGroupId.Count == 0)
{
return(num);
}
}
}
private void BuildUserList(ADWebService adws, ADDomainInfo domainInfo)
{
UsersToMatch = new List <KeyValuePair <SecurityIdentifier, string> >();
if (UserList.Count == 0)
{
UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(new SecurityIdentifier("S-1-1-0"), "Everyone"));
UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(new SecurityIdentifier("S-1-5-11"), "Authenticated Users"));
UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(new SecurityIdentifier(domainInfo.DomainSid.Value + "-513"), "Domain Users"));
UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(new SecurityIdentifier(domainInfo.DomainSid.Value + "-515"), "Domain Computers"));
return;
}
foreach (var user in UserList)
{
var aditem = Search(adws, domainInfo, user);
if (aditem == null)
{
DisplayAdvancement(user + " was not found");
continue;
}
if (aditem.ObjectSid == null)
{
DisplayAdvancement(user + " has been found but it is not an object with a SID and thus cannot be searched for");
continue;
}
UsersToMatch.Add(new KeyValuePair <SecurityIdentifier, string>(aditem.ObjectSid, user));
}
if (UsersToMatch.Count == 0)
{
throw new PingCastleException("The scanner has not ACL to search for");
}
}
public ExportDataFromActiveDirectoryLive(ADDomainInfo domainInfo, ADWebService adws, NetworkCredential credential)
{
this.domainInfo = domainInfo;
this.adws = adws;
Credential = credential;
Storage = new LiveDataStorage();
}
public void Export(string filename)
{
ADDomainInfo domainInfo = null;
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = adws.DomainInfo;
DisplayAdvancement("Iterating through user objects (all except disabled ones)");
string[] properties = new string[] { "DistinguishedName", "sAMAccountName", "userAccountControl", "whenCreated", "lastLogonTimestamp", };
using (var sw = File.CreateText(filename))
{
sw.WriteLine("SAMAccountName\tDN\tWhen Created\tLast Logon Timestamp");
WorkOnReturnedObjectByADWS callback =
(ADItem x) =>
{
sw.WriteLine(x.SAMAccountName + "\t" + x.DistinguishedName + "\t" + x.WhenCreated.ToString("u") + "\t" + x.LastLogonTimestamp.ToString("u") + "\t" + x.PwdLastSet.ToString("u"));
};
adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(sAMAccountName=krbtgt)))", properties, callback);
}
DisplayAdvancement("Done");
}
}
void CheckFilePermissionWithPath(ADDomainInfo domainInfo, StreamWriter sw, string path)
{
if (!Directory.Exists(path))
{
return;
}
var dirs = new List <string>(Directory.GetDirectories(path, "*", SearchOption.AllDirectories));
dirs.Insert(0, path);
foreach (var dirname in dirs)
{
try
{
AnalyzeAccessControl(sw, Directory.GetAccessControl(dirname), dirname, (path == dirname));
}
catch (Exception)
{
}
}
foreach (var filename in Directory.GetFiles(path, "*.*", SearchOption.AllDirectories))
{
try
{
AnalyzeAccessControl(sw, File.GetAccessControl(filename), filename, false);
}
catch (Exception)
{
}
}
}
List <string> GetListOfComputerToExplore()
{
ADDomainInfo domainInfo = null;
List <string> computers = new List <string>();
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = adws.DomainInfo;
string[] properties = new string[] { "dNSHostName", "primaryGroupID" };
WorkOnReturnedObjectByADWS callback =
(ADItem x) =>
{
computers.Add(x.DNSHostName);
};
string filterClause = null;
switch (ScanningMode)
{
case 3:
filterClause = "(!(operatingSystem=*server*))";
break;
case 4:
filterClause = "(operatingSystem=*server*)";
break;
}
adws.Enumerate(domainInfo.DefaultNamingContext, "(&(ObjectCategory=computer)" + filterClause + "(!userAccountControl:1.2.840.113556.1.4.803:=2)(lastLogonTimeStamp>=" + DateTime.Now.AddDays(-60).ToFileTimeUtc() + "))", properties, callback);
}
return(computers);
}
public void Initialize(ADDomainInfo domainInfo)
{
databaseInformation["EngineVersion"] = Assembly.GetExecutingAssembly().GetName().Version.ToString();
databaseInformation["Date"] = DateTime.Now.ToUniversalTime().ToString("yyyy-MM-dd HH:mm:ss");
databaseInformation["DomainName"] = domainInfo.DomainName;
databaseInformation["DefaultNamingContext"] = domainInfo.DefaultNamingContext;
databaseInformation["DomainSid"] = domainInfo.DomainSid.Value;
}
private void ExportReportData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> UsersToInvestigate)
{
List <string> sids = new List <string> {
"S-1-5-32-548",
"S-1-5-32-544",
domainInfo.DomainSid.Value + "-512",
domainInfo.DomainSid.Value + "-519",
domainInfo.DomainSid.Value + "-518",
domainInfo.DomainSid.Value + "-500",
"S-1-5-32-551",
domainInfo.DomainSid.Value + "-517",
"S-1-5-32-569",
domainInfo.DomainSid.Value + "-516",
domainInfo.DomainSid.Value + "-498",
domainInfo.DomainSid.Value + "-520",
"S-1-5-32-557",
domainInfo.DomainSid.Value + "-502",
"S-1-5-32-556",
"S-1-5-32-554",
"S-1-5-32-550",
domainInfo.DomainSid.Value,
domainInfo.DomainSid.Value + "-521",
"S-1-5-32-549",
};
ADItem aditem = null;
foreach (string sid in sids)
{
aditem = Search(adws, domainInfo, sid);
if (aditem != null)
{
relationFactory.AnalyzeADObject(aditem);
}
else
{
Trace.WriteLine("Unable to find the user: "******"Unable to find the user: " + user);
}
}
AnalyzeMissingObjets(adws, domainInfo, relationFactory);
relationFactory.InsertFiles();
AnalyzeMissingObjets(adws, domainInfo, relationFactory);
}
private ADItem Search(ADWebService adws, ADDomainInfo domainInfo, string userName)
{
ADItem output = null;
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
output = aditem;
};
if (userName.StartsWith("S-1-5"))
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(objectSid=" + ADConnection.EncodeSidToString(userName) + ")",
properties, callback);
if (output != null)
{
return(output);
}
}
if (userName.StartsWith("CN=") && userName.EndsWith(domainInfo.DefaultNamingContext))
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(distinguishedName=" + ADConnection.EscapeLDAP(userName) + ")",
properties, callback);
if (output != null)
{
return(output);
}
}
if (userName.Length <= 20)
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + ADConnection.EscapeLDAP(userName) + "))",
properties, callback);
if (output != null)
{
return(output);
}
}
adws.Enumerate(domainInfo.DefaultNamingContext,
"(cn=" + ADConnection.EscapeLDAP(userName) + ")",
properties, callback);
if (output != null)
{
return(output);
}
adws.Enumerate(domainInfo.DefaultNamingContext,
"(displayName=" + ADConnection.EscapeLDAP(userName) + ")",
properties, callback);
if (output != null)
{
return(output);
}
return(output);
}
private void EnrichDomainInfo(ADWebService adws, ADDomainInfo domainInfo)
{
// adding the domain sid
string[] properties = new string[] { "objectSid", };
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
domainInfo.DomainSid = aditem.ObjectSid;
};
adws.Enumerate(domainInfo.DefaultNamingContext,
"(&(objectClass=domain)(distinguishedName=" + domainInfo.DefaultNamingContext + "))",
properties, callback);
}
public GraphObjectReference(ADDomainInfo data)
{
Objects = new Dictionary <CompromiseGraphDataTypology, List <GraphSingleObject> >()
{
{ CompromiseGraphDataTypology.PrivilegedAccount, new List <GraphSingleObject>()
{
new GraphSingleObject("S-1-5-32-544", "Administrators", CompromiseGraphDataObjectRisk.Critical),
new GraphSingleObject("S-1-5-32-548", "Account Operators", CompromiseGraphDataObjectRisk.High),
new GraphSingleObject("S-1-5-32-549", "Server Operators", CompromiseGraphDataObjectRisk.High),
new GraphSingleObject("S-1-5-32-550", "Print Operators", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject("S-1-5-32-551", "Backup Operators", CompromiseGraphDataObjectRisk.High),
new GraphSingleObject("S-1-5-32-569", "Certificate Operators", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject("S-1-5-32-552", "Replicator", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject(data.DomainSid.Value + "-500", "Administrator", CompromiseGraphDataObjectRisk.Critical),
new GraphSingleObject(data.DomainSid.Value + "-512", "Domain Administrators", CompromiseGraphDataObjectRisk.Critical),
new GraphSingleObject(data.DomainSid.Value + "-517", "Certificate Publishers"),
new GraphSingleObject(data.DomainSid.Value + "-518", "Schema Administrators", CompromiseGraphDataObjectRisk.Critical),
new GraphSingleObject(data.DomainSid.Value + "-519", "Enterprise Administrators", CompromiseGraphDataObjectRisk.Critical),
new GraphSingleObject(data.DomainSid.Value + "-526", "Key Administrators", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject(data.DomainSid.Value + "-527", "Enterprise Key Administrators", CompromiseGraphDataObjectRisk.Medium),
} },
{ CompromiseGraphDataTypology.Infrastructure, new List <GraphSingleObject>()
{
new GraphSingleObject(data.DomainSid.Value, "Domain Root", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject(data.DomainSid.Value + "-498", "Enterprise Read Only Domain Controllers"),
new GraphSingleObject(data.DomainSid.Value + "-502", "Krbtgt account", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject(data.DomainSid.Value + "-516", "Domain Controllers", CompromiseGraphDataObjectRisk.Critical),
new GraphSingleObject(data.DomainSid.Value + "-520", "Group Policy Creator Owners", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject(data.DomainSid.Value + "-521", "Read Only Domain Controllers", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject("CN=Builtin," + data.DefaultNamingContext, "Builtin OU", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject("CN=Users," + data.DefaultNamingContext, "Users container", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject("CN=Computers," + data.DefaultNamingContext, "Computers container", CompromiseGraphDataObjectRisk.Medium),
new GraphSingleObject("CN=NTAuthCertificates,CN=Public Key Services,CN=Services," + data.ConfigurationNamingContext, "Certificate store", CompromiseGraphDataObjectRisk.Medium),
} },
{ CompromiseGraphDataTypology.UserDefined, new List <GraphSingleObject>()
{
} },
};
foreach (var typology in Objects.Keys)
{
Objects[typology].Sort((GraphSingleObject a, GraphSingleObject b)
=>
{
return(String.Compare(a.Description, b.Description));
});
}
TechnicalObjects = new List <string>();
TechnicalObjects.Add(data.DomainSid.Value + "-525");
}
private void ExportSIDData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> sids)
{
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
relationFactory.AnalyzeADObject(aditem);
};
foreach (string sid in sids)
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(objectSid=" + ADConnection.EncodeSidToString(sid) + ")",
properties, callback);
}
}
private void ExportCNData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> cns)
{
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
relationFactory.AnalyzeADObject(aditem);
};
foreach (string cn in cns)
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(distinguishedName=" + ADConnection.EscapeLDAP(cn) + ")",
properties, callback);
}
}
private void ExportPrimaryGroupData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <int> primaryGroupIDs)
{
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
relationFactory.AnalyzeADObject(aditem);
};
foreach (int id in primaryGroupIDs)
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(primaryGroupID=" + id + ")",
properties, callback);
}
}
private void ExportReportData(ADWebService adws, ADDomainInfo domainInfo, IRelationFactory relationFactory, IDataStorage storage, GraphObjectReference objectReference, List <string> UsersToInvestigate)
{
ADItem aditem = null;
foreach (var typology in objectReference.Objects.Keys)
{
var toDelete = new List <GraphSingleObject>();
foreach (var obj in objectReference.Objects[typology])
{
DisplayAdvancement("Working on " + obj.Description);
aditem = Search(adws, domainInfo, obj.Name);
if (aditem != null)
{
relationFactory.AnalyzeADObject(aditem);
}
else
{
Trace.WriteLine("Unable to find the user: "******"Working on " + user);
aditem = Search(adws, domainInfo, user);
if (aditem != null)
{
string userKey = user;
if (aditem.ObjectSid != null)
{
userKey = aditem.ObjectSid.Value;
}
objectReference.Objects[Data.CompromiseGraphDataTypology.UserDefined].Add(new GraphSingleObject(userKey, user));
relationFactory.AnalyzeADObject(aditem);
}
else
{
Trace.WriteLine("Unable to find the user: " + user);
}
}
AnalyzeMissingObjets(adws, domainInfo, relationFactory, storage);
}
private void ExportFilesData(ADWebService adws, ADDomainInfo domainInfo, IRelationFactory relationFactory, List <string> files)
{
if (Credential != null)
{
using (WindowsIdentity identity = NativeMethods.GetWindowsIdentityForUser(Credential, domainInfo.DnsHostName))
using (var context = identity.Impersonate())
{
ExportFilesDataWithImpersonation(adws, domainInfo, relationFactory, files);
context.Undo();
}
}
else
{
ExportFilesDataWithImpersonation(adws, domainInfo, relationFactory, files);
}
}
void PrepareDetailledData(ADDomainInfo domainInfo, HealthcheckData data, GraphObjectReference ObjectReference)
{
foreach (var typology in ObjectReference.Objects.Keys)
{
foreach (var obj in ObjectReference.Objects[typology])
{
Trace.WriteLine("Analyzing " + obj.Description);
ProduceReportFile(domainInfo, data, typology, obj.Risk, obj.Description, obj.Name);
}
}
data.ControlPaths.Data.Sort(
(SingleCompromiseGraphData a, SingleCompromiseGraphData b)
=>
{
return(string.Compare(a.Description, b.Description));
});
}
private ADItem Search(ADWebService adws, ADDomainInfo domainInfo, string userName)
{
ADItem output = null;
string[] properties = new string[] {
"distinguishedName",
"displayName",
"name",
"objectSid",
};
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
output = aditem;
};
if (userName.StartsWith("S-1-5"))
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(objectSid=" + ADConnection.EncodeSidToString(userName) + ")",
properties, callback);
}
adws.Enumerate(domainInfo.DefaultNamingContext,
"(sAMAccountName=" + ADConnection.EscapeLDAP(userName) + ")",
properties, callback);
if (output != null)
{
return(output);
}
adws.Enumerate(domainInfo.DefaultNamingContext,
"(cn=" + ADConnection.EscapeLDAP(userName) + ")",
properties, callback);
if (output != null)
{
return(output);
}
adws.Enumerate(domainInfo.DefaultNamingContext,
"(displayName=" + ADConnection.EscapeLDAP(userName) + ")",
properties, callback);
if (output != null)
{
return(output);
}
return(output);
}
public void Export(string filename)
{
ADDomainInfo domainInfo = null;
DisplayAdvancement("Starting");
ADWebService.ConnectionType = ADConnectionType.LDAPOnly;
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
DisplayAdvancement("Connected");
domainInfo = adws.DomainInfo;
DisplayAdvancement("Building a list of all OU");
var exploration = adws.BuildOUExplorationList(domainInfo.DefaultNamingContext, 10);
int currentOU = 1;
int error = 0;
using (StreamWriter sw = File.CreateText(filename))
{
sw.WriteLine("OU\tstatus");
foreach (var ou in exploration)
{
DisplayAdvancement(" * Exporting OU=" + ou.OU + "(" + currentOU++ + "/" + exploration.Count + ") Type:" + ou.Scope);
try
{
adws.Enumerate(ou.OU, "(objectClass=*)", new string[] { "distinguishedName" }, (ADItem x) => { }, ou.Scope);
sw.WriteLine(ou.OU + "\tOK");
}
catch (DirectoryServicesCOMException ex)
{
if (ex.ExtendedError == 234)
{
error++;
Console.ForegroundColor = ConsoleColor.Red;
DisplayAdvancement("The OU " + ou.OU + " has a problem");
Console.ResetColor();
sw.WriteLine(ou.OU + "\tNot OK");
}
}
catch (Exception)
{
}
}
}
DisplayAdvancement(error + " error(s) found");
}
}
private void BuildDeletedObjects(ADDomainInfo domainInfo, CompromiseGraphData data, SingleCompromiseGraphData singleCompromiseData, Dictionary <int, Node> chartNodes)
{
singleCompromiseData.DeletedObjects = new List <SingleCompromiseGraphDeletedData>();
foreach (var node in chartNodes.Values)
{
if (String.Equals(node.Type, "foreignsecurityprincipal", StringComparison.InvariantCultureIgnoreCase))
{
// ignore everything but deleted accounts
if (node.Sid.StartsWith(domainInfo.DomainSid.Value + "-"))
{
singleCompromiseData.DeletedObjects.Add(new SingleCompromiseGraphDeletedData()
{
Sid = node.Sid,
}
);
}
}
}
singleCompromiseData.NumberOfDeletedObjects = singleCompromiseData.DeletedObjects.Count;
}
private void BuildPrivilegeData(ADDomainInfo domainInfo, HealthcheckData hcdata, SingleCompromiseGraphData singleCompromiseData, List <int> directNodes1, List <int> directNodes2)
{
var items = new List <ADItem>();
foreach (var id in directNodes1)
{
var node = storage.RetrieveNode(id);
var item = node.ADItem;
items.Add(item);
}
foreach (var id in directNodes2)
{
var node = storage.RetrieveNode(id);
var item = node.ADItem;
items.Add(item);
}
var groupData = AnalyzeGroupData(domainInfo.DnsHostName, singleCompromiseData.Description, items);
hcdata.PrivilegedGroups.Add(groupData);
}
public void PerformAnalyze(HealthcheckData data, ADDomainInfo domainInfo, ADWebService adws, PingCastleAnalyzerParameters parameters)
{
ExportDataFromActiveDirectoryLive export = new ExportDataFromActiveDirectoryLive(domainInfo, adws, parameters.Credential);
var ObjectReference = export.ExportData(parameters.AdditionalNamesForDelegationAnalysis);
storage = export.Storage;
data.ControlPaths = new CompromiseGraphData();
data.ControlPaths.Data = new List <SingleCompromiseGraphData>();
data.PrivilegedGroups = new List <HealthCheckGroupData>();
data.AllPrivilegedMembers = new List <HealthCheckGroupMemberData>();
PrepareStopNodes(ObjectReference, domainInfo.DomainSid.Value);
PrepareDetailledData(domainInfo, data, ObjectReference);
PrepareDependancyGlobalData(data.ControlPaths);
PrepareAnomalyAnalysisData(data.ControlPaths);
PrepareAllPrivilegedMembers(data);
}
public void ExportData(List <string> UsersToInvestigate)
{
ADDomainInfo domainInfo = null;
RelationFactory relationFactory = null;
DisplayAdvancement("Getting domain informations");
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = GetDomainInformation(adws);
Storage.Initialize(domainInfo);
Trace.WriteLine("Creating new relation factory");
relationFactory = new RelationFactory(Storage, domainInfo, Credential);
DisplayAdvancement("Exporting objects from Active Directory");
ExportReportData(adws, domainInfo, relationFactory, UsersToInvestigate);
}
DisplayAdvancement("Inserting relations between nodes in the database");
Trace.WriteLine("Inserting relations on hold");
Storage.InsertRelationOnHold(domainInfo.DnsHostName);
Trace.WriteLine("Done");
DisplayAdvancement("Export completed");
}
List<string> GetListOfComputerToExplore()
{
ADDomainInfo domainInfo = null;
List<string> computers = new List<string>();
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = adws.DomainInfo;
string[] properties = new string[] { "dNSHostName", "primaryGroupID" };
WorkOnReturnedObjectByADWS callback =
(ADItem x) =>
{
computers.Add(x.DNSHostName);
};
adws.Enumerate(domainInfo.DefaultNamingContext, "(&(ObjectCategory=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2)(lastLogonTimeStamp>=" + DateTime.Now.AddDays(-40).ToFileTimeUtc() + "))", properties, callback);
}
return computers;
}
private ADDomainInfo GetDomainInformation(ADWebService adws)
{
ADDomainInfo domainInfo = null;
domainInfo = adws.DomainInfo;
if (adws.useLdap)
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("Performance warning: using LDAP instead of ADWS");
Console.ResetColor();
}
// adding the domain sid
string[] properties = new string[] { "objectSid", };
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
domainInfo.DomainSid = aditem.ObjectSid;
};
adws.Enumerate(domainInfo.DefaultNamingContext,
"(&(objectClass=domain)(distinguishedName=" + domainInfo.DefaultNamingContext + "))",
properties, callback);
return(domainInfo);
}
public RelationFactory(IDataStorage storage, ADDomainInfo domainInfo)
{
Storage = storage;
DomainInfo = domainInfo;
}
public RelationFactory(IDataStorage storage, ADDomainInfo domainInfo, NetworkCredential credential)
{
Storage = storage;
DomainInfo = domainInfo;
Credential = credential;
}
public override void Export(string filename)
{
ADDomainInfo domainInfo = null;
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = adws.DomainInfo;
int export = 0;
using (StreamWriter sw = File.CreateText(filename))
{
var header = new List <string>();
var hcprop = AddData.GetProperties();
header.Add("DistinguishedName");
header.Add("sAMAccountName");
header.Add("scriptPath");
header.Add("primaryGroupID");
header.Add("lastLogonTimestamp");
header.Add("pwdLastSet");
header.Add("whenCreated");
header.Add("objectClass");
header.Add("userAccountControl");
header.AddRange(hcprop);
sw.WriteLine(string.Join("\t", header.ToArray()));
WorkOnReturnedObjectByADWS callback =
(ADItem x) =>
{
var d = new AddData();
HealthcheckAnalyzer.ProcessAccountData(d, x, false);
if ((++export % 500) == 0)
{
DisplayAdvancement("Exported: " + export);
}
var data = new List <string>();
data.Add(x.DistinguishedName);
data.Add(x.SAMAccountName);
data.Add(x.ScriptPath);
data.Add(x.PrimaryGroupID.ToString());
data.Add(x.LastLogonTimestamp.ToString("u"));
data.Add(x.PwdLastSet.ToString("u"));
data.Add(x.WhenCreated.ToString("u"));
data.Add(x.Class);
data.Add(x.UserAccountControl.ToString());
foreach (var p in hcprop)
{
data.Add(d.PropertiesSet.Contains(p).ToString());
}
sw.WriteLine(string.Join("\t", data.ToArray()));
};
DisplayAdvancement("Starting");
adws.Enumerate(domainInfo.DefaultNamingContext, HealthcheckAnalyzer.userFilter, HealthcheckAnalyzer.userProperties, callback, "SubTree");
DisplayAdvancement("Done");
}
}
}
