public static IEnumerable <object> Find_DomainUserEvent(Args_Find_DomainUserEvent args = null) { if (args == null) { args = new Args_Find_DomainUserEvent(); } var UserSearcherArguments = new Args_Get_DomainUser { Properties = new[] { "samaccountname" }, Identity = args.UserIdentity, Domain = args.UserDomain, LDAPFilter = args.UserLDAPFilter, SearchBase = args.UserSearchBase, AdminCount = args.UserAdminCount, Server = args.Server, SearchScope = args.SearchScope, ResultPageSize = args.ResultPageSize, ServerTimeLimit = args.ServerTimeLimit, Tombstone = args.Tombstone, Credential = args.Credential }; string[] TargetUsers = null; if (args.UserIdentity != null || !string.IsNullOrEmpty(args.UserLDAPFilter) || !string.IsNullOrEmpty(args.UserSearchBase) || args.UserAdminCount) { TargetUsers = GetDomainUser.Get_DomainUser(UserSearcherArguments).Select(x => (x as LDAPProperty).samaccountname).ToArray(); } else if (args.UserGroupIdentity != null || (args.Filter == null)) { // otherwise we're querying a specific group var GroupSearcherArguments = new Args_Get_DomainGroupMember { Identity = args.UserGroupIdentity, Recurse = true, Domain = args.UserDomain, SearchBase = args.UserSearchBase, Server = args.Server, SearchScope = args.SearchScope, ResultPageSize = args.ResultPageSize, ServerTimeLimit = args.ServerTimeLimit, Tombstone = args.Tombstone, Credential = args.Credential }; Logger.Write_Verbose($@"UserGroupIdentity: {args.UserGroupIdentity.ToJoinedString()}"); TargetUsers = GetDomainGroupMember.Get_DomainGroupMember(GroupSearcherArguments).Select(x => x.MemberName).ToArray(); } // build the set of computers to enumerate string[] TargetComputers = null; if (args.ComputerName != null) { TargetComputers = args.ComputerName; } else { // if not -ComputerName is passed, query the current (or target) domain for domain controllers var DCSearcherArguments = new Args_Get_DomainController { LDAP = true, Domain = args.Domain, Server = args.Server, Credential = args.Credential }; Logger.Write_Verbose($@"[Find-DomainUserEvent] Querying for domain controllers in domain: {args.Domain}"); TargetComputers = GetDomainController.Get_DomainController(DCSearcherArguments).Select(x => (x as LDAPProperty).dnshostname).ToArray(); } Logger.Write_Verbose($@"[Find-DomainUserEvent] TargetComputers length: {TargetComputers.Count()}"); Logger.Write_Verbose($@"[Find-DomainUserEvent] TargetComputers {TargetComputers.ToJoinedString()}"); if (TargetComputers == null || TargetComputers.Length == 0) { throw new Exception("[Find-DomainUserEvent] No hosts found to enumerate"); } var rets = new List <IWinEvent>(); // only ignore threading if -Delay is passed if (args.Delay != 0 || args.StopOnSuccess) { Logger.Write_Verbose($@"[Find-DomainUserEvent] TargetComputers length: {TargetComputers.Length}"); Logger.Write_Verbose($@"[Find-DomainUserEvent] Delay: {args.Delay}, Jitter: {args.Jitter}"); var Counter = 0; var RandNo = new System.Random(); foreach (var TargetComputer in TargetComputers) { Counter = Counter + 1; // sleep for our semi-randomized interval System.Threading.Thread.Sleep(RandNo.Next((int)((1 - args.Jitter) * args.Delay), (int)((1 + args.Jitter) * args.Delay)) * 1000); Logger.Write_Verbose($@"[Find-DomainUserEvent] Enumerating server {TargetComputer} ({Counter} of {TargetComputers.Count()})"); var Result = _Find_DomainUserEvent(new[] { TargetComputer }, args.StartTime, args.EndTime, args.MaxEvents, TargetUsers, args.Filter, args.Credential); if (Result != null) { rets.AddRange(Result); } if (Result != null && args.StopOnSuccess) { Logger.Write_Verbose("[Find-DomainUserEvent] Target user found, returning early"); return(rets); } } } else { Logger.Write_Verbose($@"[Find-DomainUserEvent] Using threading with threads: {args.Threads}"); // if we're using threading, kick off the script block with New-ThreadedFunction // if we're using threading, kick off the script block with New-ThreadedFunction using the $HostEnumBlock + params System.Threading.Tasks.Parallel.ForEach( TargetComputers, TargetComputer => { var Result = _Find_DomainUserEvent(new[] { TargetComputer }, args.StartTime, args.EndTime, args.MaxEvents, TargetUsers, args.Filter, args.Credential); lock (rets) { if (Result != null) { rets.AddRange(Result); } } }); } return(rets); }
public static IEnumerable <object> Find_DomainUserEvent(Args_Find_DomainUserEvent args = null) { return(FindDomainUserEvent.Find_DomainUserEvent(args)); }