public static IEnumerable <PropertyOutlier> Find_DomainObjectPropertyOutlier(Args_Find_DomainObjectPropertyOutlier args = null)
{
if (args == null)
{
args = new Args_Find_DomainObjectPropertyOutlier();
}
var UserReferencePropertySet = new[] { "admincount", "accountexpires", "badpasswordtime", "badpwdcount", "cn", "codepage", "countrycode", "description", "displayname", "distinguishedname", "dscorepropagationdata", "givenname", "instancetype", "iscriticalsystemobject", "lastlogoff", "lastlogon", "lastlogontimestamp", "lockouttime", "logoncount", "memberof", "msds-supportedencryptiontypes", "name", "objectcategory", "objectclass", "objectguid", "objectsid", "primarygroupid", "pwdlastset", "samaccountname", "samaccounttype", "sn", "useraccountcontrol", "userprincipalname", "usnchanged", "usncreated", "whenchanged", "whencreated" };
var GroupReferencePropertySet = new[] { "admincount", "cn", "description", "distinguishedname", "dscorepropagationdata", "grouptype", "instancetype", "iscriticalsystemobject", "member", "memberof", "name", "objectcategory", "objectclass", "objectguid", "objectsid", "samaccountname", "samaccounttype", "systemflags", "usnchanged", "usncreated", "whenchanged", "whencreated" };
var ComputerReferencePropertySet = new[] { "accountexpires", "badpasswordtime", "badpwdcount", "cn", "codepage", "countrycode", "distinguishedname", "dnshostname", "dscorepropagationdata", "instancetype", "iscriticalsystemobject", "lastlogoff", "lastlogon", "lastlogontimestamp", "localpolicyflags", "logoncount", "msds-supportedencryptiontypes", "name", "objectcategory", "objectclass", "objectguid", "objectsid", "operatingsystem", "operatingsystemservicepack", "operatingsystemversion", "primarygroupid", "pwdlastset", "samaccountname", "samaccounttype", "serviceprincipalname", "useraccountcontrol", "usnchanged", "usncreated", "whenchanged", "whencreated" };
var SearcherArgumentsForUser = new Args_Get_DomainUser
{
Domain = args.Domain,
LDAPFilter = args.LDAPFilter,
SearchBase = args.SearchBase,
Server = args.Server,
SearchScope = args.SearchScope,
ResultPageSize = args.ResultPageSize,
ServerTimeLimit = args.ServerTimeLimit,
Tombstone = args.Tombstone,
Credential = args.Credential
};
var SearcherArgumentsForGroup = new Args_Get_DomainGroup
{
Domain = args.Domain,
LDAPFilter = args.LDAPFilter,
SearchBase = args.SearchBase,
Server = args.Server,
SearchScope = args.SearchScope,
ResultPageSize = args.ResultPageSize,
ServerTimeLimit = args.ServerTimeLimit,
Tombstone = args.Tombstone,
Credential = args.Credential
};
var SearcherArgumentsForComputer = new Args_Get_DomainComputer
{
Domain = args.Domain,
LDAPFilter = args.LDAPFilter,
SearchBase = args.SearchBase,
Server = args.Server,
SearchScope = args.SearchScope,
ResultPageSize = args.ResultPageSize,
ServerTimeLimit = args.ServerTimeLimit,
Tombstone = args.Tombstone,
Credential = args.Credential
};
// Domain / Credential
var TargetForest = string.Empty;
if (!args.Domain.IsNullOrEmpty())
{
if (args.Credential != null)
{
TargetForest = GetDomain.Get_Domain(new Args_Get_Domain {
Domain = args.Domain
}).Forest.Name;
}
else
{
TargetForest = GetDomain.Get_Domain(new Args_Get_Domain {
Domain = args.Domain, Credential = args.Credential
}).Forest.Name;
}
Logger.Write_Verbose($@"[Find-DomainObjectPropertyOutlier] Enumerated forest '{TargetForest}' for target domain '{args.Domain}'");
}
var SchemaArguments = new
{
Credential = args.Credential,
Forest = TargetForest
};
string[] ReferenceObjectProperties = null;
ClassType?ReferenceObjectClass = null;
if (args.ReferencePropertySet != null)
{
Logger.Write_Verbose(@"[Find-DomainObjectPropertyOutlier] Using specified -ReferencePropertySet");
ReferenceObjectProperties = args.ReferencePropertySet;
}
else if (args.ReferenceObject != null)
{
Logger.Write_Verbose(@"[Find-DomainObjectPropertyOutlier] Extracting property names from -ReferenceObject to use as the reference property set");
ReferenceObjectProperties = args.ReferenceObject.GetType().GetProperties().Select(x => x.Name).ToArray();
ReferenceObjectClass = args.ReferenceObject.GetPropValue <ClassType>("objectclass");
Logger.Write_Verbose($@"[Find-DomainObjectPropertyOutlier] Calculated ReferenceObjectClass : {ReferenceObjectClass}");
}
else
{
Logger.Write_Verbose($@"[Find-DomainObjectPropertyOutlier] Using the default reference property set for the object class '{args.ClassName}'");
}
IEnumerable <object> Objects;
if ((args.ClassName == ClassType.User) || (ReferenceObjectClass == ClassType.User))
{
Objects = GetDomainUser.Get_DomainUser(SearcherArgumentsForUser);
if (ReferenceObjectProperties == null)
{
ReferenceObjectProperties = UserReferencePropertySet;
}
}
else if ((args.ClassName == ClassType.Group) || (ReferenceObjectClass == ClassType.Group))
{
Objects = GetDomainGroup.Get_DomainGroup(SearcherArgumentsForGroup);
if (ReferenceObjectProperties == null)
{
ReferenceObjectProperties = GroupReferencePropertySet;
}
}
else if ((args.ClassName == ClassType.Computer) || (ReferenceObjectClass == ClassType.Computer))
{
Objects = GetDomainComputer.Get_DomainComputer(SearcherArgumentsForComputer);
if (ReferenceObjectProperties == null)
{
ReferenceObjectProperties = ComputerReferencePropertySet;
}
}
else
{
throw new Exception($@"[Find-DomainObjectPropertyOutlier] Invalid class: {args.ClassName}");
}
var PropertyOutliers = new List <PropertyOutlier>();
foreach (LDAPProperty Object in Objects)
{
var ObjectProperties = Object.GetType().GetProperties().Select(x => x.Name).ToArray();
foreach (var ObjectProperty in ObjectProperties)
{
var val = Object.GetPropValue <object>(ObjectProperty);
if (val is Dictionary <string, object> )
{
var dic = val as Dictionary <string, object>;
foreach (var ObjectProperty1 in dic.Keys)
{
if (!ReferenceObjectProperties.ContainsNoCase(ObjectProperty1))
{
var Out = new PropertyOutlier
{
SamAccountName = Object.samaccountname,
Property = ObjectProperty1,
Value = dic[ObjectProperty1]
};
PropertyOutliers.Add(Out);
}
}
}
else if (val != null && !ReferenceObjectProperties.ContainsNoCase(ObjectProperty))
{
var Out = new PropertyOutlier
{
SamAccountName = Object.samaccountname,
Property = ObjectProperty,
Value = Object.GetPropValue <object>(ObjectProperty)
};
PropertyOutliers.Add(Out);
}
}
}
return(PropertyOutliers);
}
public static IEnumerable <PropertyOutlier> Find_DomainObjectPropertyOutlier(Args_Find_DomainObjectPropertyOutlier args = null)
{
return(FindDomainObjectPropertyOutlier.Find_DomainObjectPropertyOutlier(args));
}
