/// <summary> /// Grab properties from User objects /// </summary> /// <param name="wrapper"></param> /// <returns></returns> private static async Task ParseUserProperties(User wrapper) { var result = wrapper.SearchResult; // Start with UAC properties var userAccountControl = result.GetProperty("useraccountcontrol"); var enabled = true; var trustedToAuth = false; var sensitive = false; var dontReqPreAuth = false; var passwdNotReq = false; var unconstrained = false; var pwdNeverExires = false; if (int.TryParse(userAccountControl, out var baseFlags)) { var uacFlags = (UacFlags)baseFlags; enabled = (uacFlags & UacFlags.AccountDisable) == 0; trustedToAuth = (uacFlags & UacFlags.TrustedToAuthForDelegation) != 0; sensitive = (uacFlags & UacFlags.NotDelegated) != 0; dontReqPreAuth = (uacFlags & UacFlags.DontReqPreauth) != 0; passwdNotReq = (uacFlags & UacFlags.PasswordNotRequired) != 0; unconstrained = (uacFlags & UacFlags.TrustedForDelegation) != 0; pwdNeverExires = (uacFlags & UacFlags.DontExpirePassword) != 0; } wrapper.Properties.Add("dontreqpreauth", dontReqPreAuth); wrapper.Properties.Add("passwordnotreqd", passwdNotReq); wrapper.Properties.Add("unconstraineddelegation", unconstrained); wrapper.Properties.Add("sensitive", sensitive); wrapper.Properties.Add("enabled", enabled); wrapper.Properties.Add("pwdneverexpires", pwdNeverExires); var trustedToAuthComputers = new List <string>(); // Parse Allowed To Delegate if (trustedToAuth) { var delegates = result.GetPropertyAsArray("msds-AllowedToDelegateTo"); wrapper.Properties.Add("allowedtodelegate", delegates); //Try to resolve each computer to a SID foreach (var computerName in delegates) { var resolvedHost = await ResolutionHelpers.ResolveHostToSid(computerName, wrapper.Domain); trustedToAuthComputers.Add(resolvedHost); } } wrapper.AllowedToDelegate = trustedToAuthComputers.Distinct().ToArray(); //Grab time based properties wrapper.Properties.Add("lastlogon", ConvertToUnixEpoch(result.GetProperty("lastlogon"))); wrapper.Properties.Add("lastlogontimestamp", ConvertToUnixEpoch(result.GetProperty("lastlogontimestamp"))); wrapper.Properties.Add("pwdlastset", ConvertToUnixEpoch(result.GetProperty("pwdlastset"))); var servicePrincipalNames = result.GetPropertyAsArray("serviceprincipalname"); wrapper.Properties.Add("serviceprincipalnames", servicePrincipalNames); wrapper.Properties.Add("hasspn", servicePrincipalNames.Length > 0); wrapper.Properties.Add("displayname", result.GetProperty("displayname")); wrapper.Properties.Add("email", result.GetProperty("mail")); wrapper.Properties.Add("title", result.GetProperty("title")); wrapper.Properties.Add("homedirectory", result.GetProperty("homedirectory")); wrapper.Properties.Add("userpassword", result.GetProperty("userpassword")); var adminCount = result.GetProperty("admincount"); if (adminCount != null) { var a = int.Parse(adminCount); wrapper.Properties.Add("admincount", a != 0); } else { wrapper.Properties.Add("admincount", false); } var sidHistory = result.GetPropertyAsArrayOfBytes("sidhistory"); var sidHistoryList = new List <string>(); var sidHistoryPrincipals = new List <GenericMember>(); foreach (var sid in sidHistory) { var s = Helpers.CreateSecurityIdentifier(sid)?.Value; if (s != null) { sidHistoryList.Add(s); var sidType = await ResolutionHelpers.LookupSidType(s, wrapper.Domain); if (sidType != LdapTypeEnum.Unknown) { sidHistoryPrincipals.Add(new GenericMember { MemberId = s, MemberType = sidType }); } } } wrapper.HasSIDHistory = sidHistoryPrincipals.ToArray(); wrapper.Properties.Add("sidhistory", sidHistoryList.ToArray()); }
/// <summary> /// Grabs properties from Computer objects /// </summary> /// <param name="wrapper"></param> /// <returns></returns> private static async Task ParseComputerProperties(Computer wrapper) { var result = wrapper.SearchResult; var userAccountControl = result.GetProperty("useraccountcontrol"); var enabled = true; var trustedToAuth = false; var unconstrained = false; if (int.TryParse(userAccountControl, out var baseFlags)) { var uacFlags = (UacFlags)baseFlags; enabled = (uacFlags & UacFlags.AccountDisable) == 0; trustedToAuth = (uacFlags & UacFlags.TrustedToAuthForDelegation) != 0; unconstrained = (uacFlags & UacFlags.TrustedForDelegation) != 0; } wrapper.Properties.Add("enabled", enabled); wrapper.Properties.Add("unconstraineddelegation", unconstrained); var trustedToAuthComputers = new List <string>(); // Parse Allowed To Delegate if (trustedToAuth) { var delegates = result.GetPropertyAsArray("msds-AllowedToDelegateTo"); wrapper.Properties.Add("allowedtodelegate", delegates); // For each computer thats in this array, try and turn it into a SID foreach (var computerName in delegates) { var resolvedHost = await ResolutionHelpers.ResolveHostToSid(computerName, wrapper.Domain); trustedToAuthComputers.Add(resolvedHost); } } wrapper.AllowedToDelegate = trustedToAuthComputers.Distinct().ToArray(); var allowedToAct = result.GetPropertyAsBytes("msDS-AllowedToActOnBehalfOfOtherIdentity"); var allowedToActPrincipals = new List <GenericMember>(); if (allowedToAct != null) { var securityDescriptor = new ActiveDirectorySecurity(); securityDescriptor.SetSecurityDescriptorBinaryForm(allowedToAct); foreach (ActiveDirectoryAccessRule ace in securityDescriptor.GetAccessRules(true, true, typeof(SecurityIdentifier))) { var sid = ace.IdentityReference.Value; LdapTypeEnum type; if (CommonPrincipal.GetCommonSid(sid, out var principal)) { type = principal.Type; sid = Helpers.ConvertCommonSid(sid, wrapper.Domain); } else { type = await ResolutionHelpers.LookupSidType(sid, wrapper.Domain); } allowedToActPrincipals.Add(new GenericMember { MemberType = type, MemberId = sid }); } } wrapper.AllowedToAct = allowedToActPrincipals.Distinct().ToArray(); wrapper.Properties.Add("serviceprincipalnames", result.GetPropertyAsArray("serviceprincipalname")); wrapper.Properties.Add("lastlogontimestamp", ConvertToUnixEpoch(result.GetProperty("lastlogontimestamp"))); wrapper.Properties.Add("pwdlastset", ConvertToUnixEpoch(result.GetProperty("pwdlastset"))); var os = result.GetProperty("operatingsystem"); var sp = result.GetProperty("operatingsystemservicepack"); if (sp != null) { os = $"{os} {sp}"; } wrapper.Properties.Add("operatingsystem", os); }