/// <summary>
/// Grab properties from User objects
/// </summary>
/// <param name="wrapper"></param>
/// <returns></returns>
private static async Task ParseUserProperties(User wrapper)
{
var result = wrapper.SearchResult;
// Start with UAC properties
var userAccountControl = result.GetProperty("useraccountcontrol");
var enabled = true;
var trustedToAuth = false;
var sensitive = false;
var dontReqPreAuth = false;
var passwdNotReq = false;
var unconstrained = false;
var pwdNeverExires = false;
if (int.TryParse(userAccountControl, out var baseFlags))
{
var uacFlags = (UacFlags)baseFlags;
enabled = (uacFlags & UacFlags.AccountDisable) == 0;
trustedToAuth = (uacFlags & UacFlags.TrustedToAuthForDelegation) != 0;
sensitive = (uacFlags & UacFlags.NotDelegated) != 0;
dontReqPreAuth = (uacFlags & UacFlags.DontReqPreauth) != 0;
passwdNotReq = (uacFlags & UacFlags.PasswordNotRequired) != 0;
unconstrained = (uacFlags & UacFlags.TrustedForDelegation) != 0;
pwdNeverExires = (uacFlags & UacFlags.DontExpirePassword) != 0;
}
wrapper.Properties.Add("dontreqpreauth", dontReqPreAuth);
wrapper.Properties.Add("passwordnotreqd", passwdNotReq);
wrapper.Properties.Add("unconstraineddelegation", unconstrained);
wrapper.Properties.Add("sensitive", sensitive);
wrapper.Properties.Add("enabled", enabled);
wrapper.Properties.Add("pwdneverexpires", pwdNeverExires);
var trustedToAuthComputers = new List <string>();
// Parse Allowed To Delegate
if (trustedToAuth)
{
var delegates = result.GetPropertyAsArray("msds-AllowedToDelegateTo");
wrapper.Properties.Add("allowedtodelegate", delegates);
//Try to resolve each computer to a SID
foreach (var computerName in delegates)
{
var resolvedHost = await ResolutionHelpers.ResolveHostToSid(computerName, wrapper.Domain);
trustedToAuthComputers.Add(resolvedHost);
}
}
wrapper.AllowedToDelegate = trustedToAuthComputers.Distinct().ToArray();
//Grab time based properties
wrapper.Properties.Add("lastlogon", ConvertToUnixEpoch(result.GetProperty("lastlogon")));
wrapper.Properties.Add("lastlogontimestamp", ConvertToUnixEpoch(result.GetProperty("lastlogontimestamp")));
wrapper.Properties.Add("pwdlastset", ConvertToUnixEpoch(result.GetProperty("pwdlastset")));
var servicePrincipalNames = result.GetPropertyAsArray("serviceprincipalname");
wrapper.Properties.Add("serviceprincipalnames", servicePrincipalNames);
wrapper.Properties.Add("hasspn", servicePrincipalNames.Length > 0);
wrapper.Properties.Add("displayname", result.GetProperty("displayname"));
wrapper.Properties.Add("email", result.GetProperty("mail"));
wrapper.Properties.Add("title", result.GetProperty("title"));
wrapper.Properties.Add("homedirectory", result.GetProperty("homedirectory"));
wrapper.Properties.Add("userpassword", result.GetProperty("userpassword"));
var adminCount = result.GetProperty("admincount");
if (adminCount != null)
{
var a = int.Parse(adminCount);
wrapper.Properties.Add("admincount", a != 0);
}
else
{
wrapper.Properties.Add("admincount", false);
}
var sidHistory = result.GetPropertyAsArrayOfBytes("sidhistory");
var sidHistoryList = new List <string>();
var sidHistoryPrincipals = new List <GenericMember>();
foreach (var sid in sidHistory)
{
var s = Helpers.CreateSecurityIdentifier(sid)?.Value;
if (s != null)
{
sidHistoryList.Add(s);
var sidType = await ResolutionHelpers.LookupSidType(s, wrapper.Domain);
if (sidType != LdapTypeEnum.Unknown)
{
sidHistoryPrincipals.Add(new GenericMember
{
MemberId = s,
MemberType = sidType
});
}
}
}
wrapper.HasSIDHistory = sidHistoryPrincipals.ToArray();
wrapper.Properties.Add("sidhistory", sidHistoryList.ToArray());
}
/// <summary>
/// Grabs properties from Computer objects
/// </summary>
/// <param name="wrapper"></param>
/// <returns></returns>
private static async Task ParseComputerProperties(Computer wrapper)
{
var result = wrapper.SearchResult;
var userAccountControl = result.GetProperty("useraccountcontrol");
var enabled = true;
var trustedToAuth = false;
var unconstrained = false;
if (int.TryParse(userAccountControl, out var baseFlags))
{
var uacFlags = (UacFlags)baseFlags;
enabled = (uacFlags & UacFlags.AccountDisable) == 0;
trustedToAuth = (uacFlags & UacFlags.TrustedToAuthForDelegation) != 0;
unconstrained = (uacFlags & UacFlags.TrustedForDelegation) != 0;
}
wrapper.Properties.Add("enabled", enabled);
wrapper.Properties.Add("unconstraineddelegation", unconstrained);
var trustedToAuthComputers = new List <string>();
// Parse Allowed To Delegate
if (trustedToAuth)
{
var delegates = result.GetPropertyAsArray("msds-AllowedToDelegateTo");
wrapper.Properties.Add("allowedtodelegate", delegates);
// For each computer thats in this array, try and turn it into a SID
foreach (var computerName in delegates)
{
var resolvedHost = await ResolutionHelpers.ResolveHostToSid(computerName, wrapper.Domain);
trustedToAuthComputers.Add(resolvedHost);
}
}
wrapper.AllowedToDelegate = trustedToAuthComputers.Distinct().ToArray();
var allowedToAct = result.GetPropertyAsBytes("msDS-AllowedToActOnBehalfOfOtherIdentity");
var allowedToActPrincipals = new List <GenericMember>();
if (allowedToAct != null)
{
var securityDescriptor = new ActiveDirectorySecurity();
securityDescriptor.SetSecurityDescriptorBinaryForm(allowedToAct);
foreach (ActiveDirectoryAccessRule ace in securityDescriptor.GetAccessRules(true, true,
typeof(SecurityIdentifier)))
{
var sid = ace.IdentityReference.Value;
LdapTypeEnum type;
if (CommonPrincipal.GetCommonSid(sid, out var principal))
{
type = principal.Type;
sid = Helpers.ConvertCommonSid(sid, wrapper.Domain);
}
else
{
type = await ResolutionHelpers.LookupSidType(sid, wrapper.Domain);
}
allowedToActPrincipals.Add(new GenericMember
{
MemberType = type,
MemberId = sid
});
}
}
wrapper.AllowedToAct = allowedToActPrincipals.Distinct().ToArray();
wrapper.Properties.Add("serviceprincipalnames", result.GetPropertyAsArray("serviceprincipalname"));
wrapper.Properties.Add("lastlogontimestamp", ConvertToUnixEpoch(result.GetProperty("lastlogontimestamp")));
wrapper.Properties.Add("pwdlastset", ConvertToUnixEpoch(result.GetProperty("pwdlastset")));
var os = result.GetProperty("operatingsystem");
var sp = result.GetProperty("operatingsystemservicepack");
if (sp != null)
{
os = $"{os} {sp}";
}
wrapper.Properties.Add("operatingsystem", os);
}
