/// <summary> /// Helper function to use commonlib types for IsComputerAvailable /// </summary> /// <param name="result"></param> /// <param name="entry"></param> /// <returns></returns> public Task <ComputerStatus> IsComputerAvailable(ResolvedSearchResult result, ISearchResultEntry entry) { var name = result.DisplayName; var os = entry.GetProperty(LDAPProperties.OperatingSystem); var pwdlastset = entry.GetProperty(LDAPProperties.PasswordLastSet); return(IsComputerAvailable(name, os, pwdlastset)); }
private static Dictionary <string, object> GetCommonProps(ISearchResultEntry entry) { return(new Dictionary <string, object> { { "description", entry.GetProperty(LDAPProperties.Description) }, { "whencreated", Helpers.ConvertTimestampToUnixEpoch(entry.GetProperty(LDAPProperties.WhenCreated)) } }); }
/// <summary> /// Reads specific LDAP properties related to GPOs /// </summary> /// <param name="entry"></param> /// <returns></returns> public static Dictionary <string, object> ReadGPOProperties(ISearchResultEntry entry) { var props = GetCommonProps(entry); props.Add("gpcpath", entry.GetProperty(LDAPProperties.GPCFileSYSPath)?.ToUpper()); return(props); }
/// <summary> /// Attempts to parse all LDAP attributes outside of the ones already collected and converts them to a human readable /// format using a best guess /// </summary> /// <param name="entry"></param> private static Dictionary <string, object> ParseAllProperties(ISearchResultEntry entry) { var flag = IsTextUnicodeFlags.IS_TEXT_UNICODE_STATISTICS; var props = new Dictionary <string, object>(); foreach (var property in entry.PropertyNames()) { if (ReservedAttributes.Contains(property)) { continue; } var collCount = entry.PropCount(property); if (collCount == 0) { continue; } if (collCount == 1) { var testBytes = entry.GetByteProperty(property); if (testBytes == null || testBytes.Length == 0 || !IsTextUnicode(testBytes, testBytes.Length, ref flag)) { continue; } var testString = entry.GetProperty(property); if (!string.IsNullOrEmpty(testString)) { if (property == "badpasswordtime") { props.Add(property, Helpers.ConvertFileTimeToUnixEpoch(testString)); } else { props.Add(property, BestGuessConvert(testString)); } } } else { var arrBytes = entry.GetByteArrayProperty(property); if (arrBytes.Length == 0 || !IsTextUnicode(arrBytes[0], arrBytes[0].Length, ref flag)) { continue; } var arr = entry.GetArrayProperty(property); if (arr.Length > 0) { props.Add(property, arr.Select(BestGuessConvert).ToArray()); } } } return(props); }
private async Task <OU> ProcessOUObject(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult) { var ret = new OU { ObjectIdentifier = resolvedSearchResult.ObjectId }; ret.Properties.Add("domain", resolvedSearchResult.Domain); ret.Properties.Add("name", resolvedSearchResult.DisplayName); ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper()); ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid); ret.Properties.Add("highvalue", false); if ((_methods & ResolvedCollectionMethod.ACL) != 0) { ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray(); ret.IsACLProtected = _aclProcessor.IsACLProtected(entry); } if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0) { ret.Properties = ContextUtils.Merge(ret.Properties, LDAPPropertyProcessor.ReadOUProperties(entry)); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); } } if ((_methods & ResolvedCollectionMethod.Container) != 0) { ret.ChildObjects = _containerProcessor.GetContainerChildObjects(resolvedSearchResult, entry).ToArray(); ret.Properties.Add("blocksinheritance", ContainerProcessor.ReadBlocksInheritance(entry.GetProperty("gpoptions"))); ret.Links = _containerProcessor.ReadContainerGPLinks(resolvedSearchResult, entry).ToArray(); } if ((_methods & ResolvedCollectionMethod.GPOLocalGroup) != 0) { var gplink = entry.GetProperty(LDAPProperties.GPLink); ret.GPOChanges = await _gpoLocalGroupProcessor.ReadGPOLocalGroups(gplink, entry.DistinguishedName); } return(ret); }
public static string GetDNSName(this ISearchResultEntry entry, string overrideDNSName) { var shortName = entry.GetProperty("samaccountname")?.TrimEnd('$'); var dns = entry.GetProperty("dnshostname"); var cn = entry.GetProperty("cn"); if (dns != null) { return(dns); } if (shortName == null && cn == null) { return($"UNKNOWN.{overrideDNSName}"); } if (shortName != null) { return($"{shortName}.{overrideDNSName}"); } return($"{cn}.{overrideDNSName}"); }
private async Task <User> ProcessUserObject(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult) { var ret = new User { ObjectIdentifier = resolvedSearchResult.ObjectId }; ret.Properties.Add("domain", resolvedSearchResult.Domain); ret.Properties.Add("name", resolvedSearchResult.DisplayName); ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper()); ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid); if ((_methods & ResolvedCollectionMethod.ACL) != 0) { var aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry); var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership); ret.Aces = aces.Concat(_aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)).ToArray(); ret.IsACLProtected = _aclProcessor.IsACLProtected(entry); } if ((_methods & ResolvedCollectionMethod.Group) != 0) { var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID); ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId); } if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0) { var userProps = await _ldapPropertyProcessor.ReadUserProperties(entry); ret.Properties = ContextUtils.Merge(ret.Properties, userProps.Props); ret.HasSIDHistory = userProps.SidHistory; ret.AllowedToDelegate = userProps.AllowedToDelegate; } if ((_methods & ResolvedCollectionMethod.SPNTargets) != 0) { var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames); var targets = new List <SPNPrivilege>(); var enumerator = _spnProcessor.ReadSPNTargets(spn, entry.DistinguishedName) .GetAsyncEnumerator(_cancellationToken); while (await enumerator.MoveNextAsync()) { targets.Add(enumerator.Current); } ret.SPNTargets = targets.ToArray(); } return(ret); }
/// <summary> /// Reads specific LDAP properties related to Domains /// </summary> /// <param name="entry"></param> /// <returns></returns> public static Dictionary <string, object> ReadDomainProperties(ISearchResultEntry entry) { var props = GetCommonProps(entry); if (!int.TryParse(entry.GetProperty(LDAPProperties.DomainFunctionalLevel), out var level)) { level = -1; } props.Add("functionallevel", FunctionalLevelToString(level)); return(props); }
/// <summary> /// Reads specific LDAP properties related to Groups /// </summary> /// <param name="entry"></param> /// <returns></returns> public static Dictionary <string, object> ReadGroupProperties(ISearchResultEntry entry) { var props = GetCommonProps(entry); var ac = entry.GetProperty(LDAPProperties.AdminCount); if (ac != null) { var a = int.Parse(ac); props.Add("admincount", a != 0); } else { props.Add("admincount", false); } return(props); }
private async Task <Domain> ProcessDomainObject(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult) { var ret = new Domain { ObjectIdentifier = resolvedSearchResult.ObjectId }; ret.Properties.Add("domain", resolvedSearchResult.Domain); ret.Properties.Add("name", resolvedSearchResult.DisplayName); ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper()); ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid); if ((_methods & ResolvedCollectionMethod.ACL) != 0) { ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray(); ret.IsACLProtected = _aclProcessor.IsACLProtected(entry); } if ((_methods & ResolvedCollectionMethod.Trusts) != 0) { ret.Trusts = _domainTrustProcessor.EnumerateDomainTrusts(resolvedSearchResult.Domain).ToArray(); } if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0) { ret.Properties = ContextUtils.Merge(ret.Properties, LDAPPropertyProcessor.ReadDomainProperties(entry)); } if ((_methods & ResolvedCollectionMethod.Container) != 0) { ret.ChildObjects = _containerProcessor.GetContainerChildObjects(resolvedSearchResult, entry).ToArray(); ret.Links = _containerProcessor.ReadContainerGPLinks(resolvedSearchResult, entry).ToArray(); } if ((_methods & ResolvedCollectionMethod.GPOLocalGroup) != 0) { var gplink = entry.GetProperty(LDAPProperties.GPLink); ret.GPOChanges = await _gpoLocalGroupProcessor.ReadGPOLocalGroups(gplink, entry.DistinguishedName); } return(ret); }
private Group ProcessGroupObject(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult) { var ret = new Group { ObjectIdentifier = resolvedSearchResult.ObjectId }; ret.Properties.Add("domain", resolvedSearchResult.Domain); ret.Properties.Add("name", resolvedSearchResult.DisplayName); ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper()); ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid); ret.Properties.Add("highvalue", IsHighValueGroup(resolvedSearchResult.ObjectId)); ret.Properties.Add("samaccountname", entry.GetProperty(LDAPProperties.SAMAccountName)); if ((_methods & ResolvedCollectionMethod.ACL) != 0) { ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray(); ret.IsACLProtected = _aclProcessor.IsACLProtected(entry); } if ((_methods & ResolvedCollectionMethod.Group) != 0) { ret.Members = _groupProcessor .ReadGroupMembers(resolvedSearchResult, entry) .ToArray(); } if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0) { var groupProps = LDAPPropertyProcessor.ReadGroupProperties(entry); ret.Properties = ContextUtils.Merge(ret.Properties, groupProps); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); } } return(ret); }
/// <summary> /// Reads specific LDAP properties related to Computers /// </summary> /// <param name="entry"></param> /// <returns></returns> public async Task <ComputerProperties> ReadComputerProperties(ISearchResultEntry entry) { var compProps = new ComputerProperties(); var props = GetCommonProps(entry); var uac = entry.GetProperty(LDAPProperties.UserAccountControl); bool enabled, unconstrained, trustedToAuth; if (int.TryParse(uac, out var flag)) { var flags = (UacFlags)flag; enabled = (flags & UacFlags.AccountDisable) == 0; unconstrained = (flags & UacFlags.TrustedForDelegation) == UacFlags.TrustedForDelegation; trustedToAuth = (flags & UacFlags.TrustedToAuthForDelegation) != 0; } else { unconstrained = false; enabled = true; trustedToAuth = false; } var domain = Helpers.DistinguishedNameToDomain(entry.DistinguishedName); var comps = new List <TypedPrincipal>(); if (trustedToAuth) { var delegates = entry.GetArrayProperty(LDAPProperties.AllowedToDelegateTo); props.Add("allowedtodelegate", delegates); foreach (var d in delegates) { var hname = d.Contains("/") ? d.Split('/')[1] : d; hname = hname.Split(':')[0]; var resolvedHost = await _utils.ResolveHostToSid(hname, domain); if (resolvedHost != null && (resolvedHost.Contains(".") || resolvedHost.Contains("S-1"))) { comps.Add(new TypedPrincipal { ObjectIdentifier = resolvedHost, ObjectType = Label.Computer }); } } } compProps.AllowedToDelegate = comps.Distinct().ToArray(); var allowedToActPrincipals = new List <TypedPrincipal>(); var rawAllowedToAct = entry.GetByteProperty(LDAPProperties.AllowedToActOnBehalfOfOtherIdentity); if (rawAllowedToAct != null) { var sd = _utils.MakeSecurityDescriptor(); sd.SetSecurityDescriptorBinaryForm(rawAllowedToAct, AccessControlSections.Access); foreach (var rule in sd.GetAccessRules(true, true, typeof(SecurityIdentifier))) { var res = _utils.ResolveIDAndType(rule.IdentityReference(), domain); allowedToActPrincipals.Add(res); } } compProps.AllowedToAct = allowedToActPrincipals.ToArray(); props.Add("enabled", enabled); props.Add("unconstraineddelegation", unconstrained); props.Add("trustedtoauth", trustedToAuth); props.Add("lastlogon", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogon))); props.Add("lastlogontimestamp", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogonTimestamp))); props.Add("pwdlastset", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.PasswordLastSet))); props.Add("serviceprincipalnames", entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames)); var os = entry.GetProperty(LDAPProperties.OperatingSystem); var sp = entry.GetProperty(LDAPProperties.ServicePack); if (sp != null) { os = $"{os} {sp}"; } props.Add("operatingsystem", os); var sh = entry.GetByteArrayProperty(LDAPProperties.SIDHistory); var sidHistoryList = new List <string>(); var sidHistoryPrincipals = new List <TypedPrincipal>(); foreach (var sid in sh) { string sSid; try { sSid = new SecurityIdentifier(sid, 0).Value; } catch { continue; } sidHistoryList.Add(sSid); var res = _utils.ResolveIDAndType(sSid, domain); sidHistoryPrincipals.Add(res); } compProps.SidHistory = sidHistoryPrincipals.ToArray(); props.Add("sidhistory", sidHistoryList.ToArray()); compProps.Props = props; return(compProps); }
/// <summary> /// Reads specific LDAP properties related to Users /// </summary> /// <param name="entry"></param> /// <returns></returns> public async Task <UserProperties> ReadUserProperties(ISearchResultEntry entry) { var userProps = new UserProperties(); var props = GetCommonProps(entry); var uac = entry.GetProperty(LDAPProperties.UserAccountControl); bool enabled, trustedToAuth, sensitive, dontReqPreAuth, passwdNotReq, unconstrained, pwdNeverExpires; if (int.TryParse(uac, out var flag)) { var flags = (UacFlags)flag; enabled = (flags & UacFlags.AccountDisable) == 0; trustedToAuth = (flags & UacFlags.TrustedToAuthForDelegation) != 0; sensitive = (flags & UacFlags.NotDelegated) != 0; dontReqPreAuth = (flags & UacFlags.DontReqPreauth) != 0; passwdNotReq = (flags & UacFlags.PasswordNotRequired) != 0; unconstrained = (flags & UacFlags.TrustedForDelegation) != 0; pwdNeverExpires = (flags & UacFlags.DontExpirePassword) != 0; } else { trustedToAuth = false; enabled = true; sensitive = false; dontReqPreAuth = false; passwdNotReq = false; unconstrained = false; pwdNeverExpires = false; } props.Add("sensitive", sensitive); props.Add("dontreqpreauth", dontReqPreAuth); props.Add("passwordnotreqd", passwdNotReq); props.Add("unconstraineddelegation", unconstrained); props.Add("pwdneverexpires", pwdNeverExpires); props.Add("enabled", enabled); props.Add("trustedtoauth", trustedToAuth); var domain = Helpers.DistinguishedNameToDomain(entry.DistinguishedName); var comps = new List <TypedPrincipal>(); if (trustedToAuth) { var delegates = entry.GetArrayProperty(LDAPProperties.AllowedToDelegateTo); props.Add("allowedtodelegate", delegates); foreach (var d in delegates) { if (d == null) { continue; } var resolvedHost = await _utils.ResolveHostToSid(d, domain); if (resolvedHost != null && (resolvedHost.Contains(".") || resolvedHost.Contains("S-1"))) { comps.Add(new TypedPrincipal { ObjectIdentifier = resolvedHost, ObjectType = Label.Computer }); } } } userProps.AllowedToDelegate = comps.Distinct().ToArray(); props.Add("lastlogon", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogon))); props.Add("lastlogontimestamp", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.LastLogonTimestamp))); props.Add("pwdlastset", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty(LDAPProperties.PasswordLastSet))); var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames); props.Add("serviceprincipalnames", spn); props.Add("hasspn", spn.Length > 0); props.Add("displayname", entry.GetProperty(LDAPProperties.DisplayName)); props.Add("email", entry.GetProperty(LDAPProperties.Email)); props.Add("title", entry.GetProperty(LDAPProperties.Title)); props.Add("homedirectory", entry.GetProperty(LDAPProperties.HomeDirectory)); props.Add("userpassword", entry.GetProperty(LDAPProperties.UserPassword)); props.Add("unixpassword", entry.GetProperty(LDAPProperties.UnixUserPassword)); props.Add("unicodepassword", entry.GetProperty(LDAPProperties.UnicodePassword)); props.Add("sfupassword", entry.GetProperty(LDAPProperties.MsSFU30Password)); var ac = entry.GetProperty(LDAPProperties.AdminCount); if (ac != null) { if (int.TryParse(ac, out var parsed)) { props.Add("admincount", parsed != 0); } else { props.Add("admincount", false); } } else { props.Add("admincount", false); } var sh = entry.GetByteArrayProperty(LDAPProperties.SIDHistory); var sidHistoryList = new List <string>(); var sidHistoryPrincipals = new List <TypedPrincipal>(); foreach (var sid in sh) { string sSid; try { sSid = new SecurityIdentifier(sid, 0).Value; } catch { continue; } sidHistoryList.Add(sSid); var res = _utils.ResolveIDAndType(sSid, domain); sidHistoryPrincipals.Add(res); } userProps.SidHistory = sidHistoryPrincipals.Distinct().ToArray(); props.Add("sidhistory", sidHistoryList.ToArray()); userProps.Props = props; return(userProps); }
private async Task <Computer> ProcessComputerObject(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult, Channel <CSVComputerStatus> compStatusChannel) { var ret = new Computer { ObjectIdentifier = resolvedSearchResult.ObjectId }; ret.Properties.Add("domain", resolvedSearchResult.Domain); ret.Properties.Add("name", resolvedSearchResult.DisplayName); ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper()); ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid); ret.Properties.Add("highvalue", false); ret.Properties.Add("samaccountname", entry.GetProperty(LDAPProperties.SAMAccountName)); var hasLaps = entry.HasLAPS(); ret.Properties.Add("haslaps", hasLaps); if ((_methods & ResolvedCollectionMethod.ACL) != 0) { ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray(); ret.IsACLProtected = _aclProcessor.IsACLProtected(entry); } if ((_methods & ResolvedCollectionMethod.Group) != 0) { var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID); ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId); } if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0) { var computerProps = await _ldapPropertyProcessor.ReadComputerProperties(entry); ret.Properties = ContextUtils.Merge(ret.Properties, computerProps.Props); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); } ret.AllowedToDelegate = computerProps.AllowedToDelegate; ret.AllowedToAct = computerProps.AllowedToAct; ret.HasSIDHistory = computerProps.SidHistory; } if (!_methods.IsComputerCollectionSet()) { return(ret); } var apiName = _context.RealDNSName != null ? entry.GetDNSName(_context.RealDNSName) : resolvedSearchResult.DisplayName; var availability = await _computerAvailability.IsComputerAvailable(resolvedSearchResult, entry); if (!availability.Connectable) { await compStatusChannel.Writer.WriteAsync(availability.GetCSVStatus(resolvedSearchResult.DisplayName), _cancellationToken); return(ret); } var samAccountName = entry.GetProperty(LDAPProperties.SAMAccountName)?.TrimEnd('$'); if ((_methods & ResolvedCollectionMethod.Session) != 0) { var sessionResult = await _computerSessionProcessor.ReadUserSessions(apiName, resolvedSearchResult.ObjectId, resolvedSearchResult.Domain); ret.Sessions = sessionResult; if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = sessionResult.Collected ? StatusSuccess : sessionResult.FailureReason, Task = "NetSessionEnum", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if ((_methods & ResolvedCollectionMethod.LoggedOn) != 0) { var privSessionResult = _computerSessionProcessor.ReadUserSessionsPrivileged(apiName, samAccountName, resolvedSearchResult.ObjectId); ret.PrivilegedSessions = privSessionResult; if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = privSessionResult.Collected ? StatusSuccess : privSessionResult.FailureReason, Task = "NetWkstaUserEnum", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } var registrySessionResult = _computerSessionProcessor.ReadUserSessionsRegistry(apiName, resolvedSearchResult.Domain, resolvedSearchResult.ObjectId); ret.RegistrySessions = registrySessionResult; if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = privSessionResult.Collected ? StatusSuccess : privSessionResult.FailureReason, Task = "RegistrySessions", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if (!_methods.IsLocalGroupCollectionSet()) { return(ret); } try { using var server = new SAMRPCServer(resolvedSearchResult.DisplayName, samAccountName, resolvedSearchResult.ObjectId, resolvedSearchResult.Domain); if ((_methods & ResolvedCollectionMethod.LocalAdmin) != 0) { ret.LocalAdmins = server.GetLocalGroupMembers((int)LocalGroupRids.Administrators); if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = ret.LocalAdmins.Collected ? StatusSuccess : ret.LocalAdmins.FailureReason, Task = "AdminLocalGroup", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if ((_methods & ResolvedCollectionMethod.DCOM) != 0) { ret.DcomUsers = server.GetLocalGroupMembers((int)LocalGroupRids.DcomUsers); if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = ret.DcomUsers.Collected ? StatusSuccess : ret.DcomUsers.FailureReason, Task = "DCOMLocalGroup", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if ((_methods & ResolvedCollectionMethod.PSRemote) != 0) { ret.PSRemoteUsers = server.GetLocalGroupMembers((int)LocalGroupRids.PSRemote); if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = ret.PSRemoteUsers.Collected ? StatusSuccess : ret.PSRemoteUsers.FailureReason, Task = "PSRemoteLocalGroup", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if ((_methods & ResolvedCollectionMethod.RDP) != 0) { ret.RemoteDesktopUsers = server.GetLocalGroupMembers((int)LocalGroupRids.RemoteDesktopUsers); if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = ret.RemoteDesktopUsers.Collected ? StatusSuccess : ret.RemoteDesktopUsers.FailureReason, Task = "RDPLocalGroup", ComputerName = resolvedSearchResult.DisplayName }); } } } catch (Exception e) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = e.ToString(), ComputerName = resolvedSearchResult.DisplayName, Task = "SAMRPCServerInit" }, _cancellationToken); ret.DcomUsers = new LocalGroupAPIResult { Collected = false, FailureReason = "SAMRPCServerInit Failed" }; ret.PSRemoteUsers = new LocalGroupAPIResult { Collected = false, FailureReason = "SAMRPCServerInit Failed" }; ret.LocalAdmins = new LocalGroupAPIResult { Collected = false, FailureReason = "SAMRPCServerInit Failed" }; ret.RemoteDesktopUsers = new LocalGroupAPIResult { Collected = false, FailureReason = "SAMRPCServerInit Failed" }; } return(ret); }
public IEnumerable <GPLink> ReadContainerGPLinks(ResolvedSearchResult result, ISearchResultEntry entry) { var links = entry.GetProperty(LDAPProperties.GPLink); return(ReadContainerGPLinks(links)); }