protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
HealthCheckGroupData domainadmins = null;
foreach (HealthCheckGroupData group in healthcheckData.PrivilegedGroups)
{
if (group.GroupName == "Domain Admins")
{
domainadmins = group;
break;
}
}
if (domainadmins == null)
{
Trace.WriteLine("Group domain admins not found");
return(0);
}
if (domainadmins.Members != null)
{
return(domainadmins.NumberOfMemberPwdNeverExpires);
}
int countnok = 0;
int countexception = 0;
foreach (var member in domainadmins.Members)
{
if (member.DoesPwdNeverExpires)
{
if (member.PwdLastSet > DateTime.Now.AddDays(-30))
{
Trace.WriteLine("Rule for pwd last set disable because password changed recently for " + member.Name);
countexception++;
}
else
{
countnok++;
}
}
}
return(countnok);
}
private HealthCheckGroupData AnalyzeGroupData(string resolveSidServer, string groupName, IEnumerable <ADItem> members)
{
HealthCheckGroupData data = new HealthCheckGroupData();
data.GroupName = groupName;
data.Members = new List <HealthCheckGroupMemberData>();
foreach (ADItem x in members)
{
// avoid computer included in the "cert publisher" group
if (x.Class == "computer")
{
continue;
}
data.NumberOfMember++;
HealthCheckGroupMemberData member = new HealthCheckGroupMemberData();
data.Members.Add(member);
member.DistinguishedName = x.DistinguishedName;
// special case for foreignsecurityprincipals
if (x.Class != "user")
{
data.NumberOfExternalMember++;
member.IsExternal = true;
member.Name = x.Name;
if (x.Name.StartsWith("S-1-", StringComparison.InvariantCultureIgnoreCase))
{
// try to solve the SID
member.Name = NativeMethods.ConvertSIDToName(x.Name, resolveSidServer);
}
}
else
{
// analyse useraccountcontrol
member.Name = x.SAMAccountName;
member.PwdLastSet = x.PwdLastSet;
member.LastLogonTimestamp = x.LastLogonTimestamp;
if ((x.UserAccountControl & 0x00000002) != 0)
{
data.NumberOfMemberDisabled++;
}
else
{
data.NumberOfMemberEnabled++;
member.IsEnabled = true;
// last login since 6 months
if (x.LastLogonTimestamp.AddDays(6 * 31) > DateTime.Now)
{
data.NumberOfMemberActive++;
member.IsActive = true;
}
else
{
data.NumberOfMemberInactive++;
}
if (x.ServicePrincipalName != null && x.ServicePrincipalName.Length > 0)
{
member.IsService = true;
data.NumberOfServiceAccount++;
}
if ((x.UserAccountControl & 0x00000010) != 0)
{
member.IsLocked = true;
data.NumberOfMemberLocked++;
}
if ((x.UserAccountControl & 0x00010000) != 0)
{
data.NumberOfMemberPwdNeverExpires++;
member.DoesPwdNeverExpires = true;
}
if ((x.UserAccountControl & 0x00000020) != 0)
{
data.NumberOfMemberPwdNotRequired++;
}
// this account is sensitive and cannot be delegated
if ((x.UserAccountControl & 0x100000) == 0)
{
data.NumberOfMemberCanBeDelegated++;
member.CanBeDelegated = true;
}
if ((x.UserAccountControl & 0x40000) != 0)
{
data.NumberOfSmartCardRequired++;
member.SmartCardRequired = true;
}
}
}
}
return(data);
}
