private async Task <Computer> ProcessComputerObject(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult, Channel <CSVComputerStatus> compStatusChannel) { var ret = new Computer { ObjectIdentifier = resolvedSearchResult.ObjectId }; ret.Properties.Add("domain", resolvedSearchResult.Domain); ret.Properties.Add("name", resolvedSearchResult.DisplayName); ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper()); ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid); ret.Properties.Add("highvalue", false); ret.Properties.Add("samaccountname", entry.GetProperty(LDAPProperties.SAMAccountName)); var hasLaps = entry.HasLAPS(); ret.Properties.Add("haslaps", hasLaps); if ((_methods & ResolvedCollectionMethod.ACL) != 0) { ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray(); ret.IsACLProtected = _aclProcessor.IsACLProtected(entry); } if ((_methods & ResolvedCollectionMethod.Group) != 0) { var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID); ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId); } if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0) { var computerProps = await _ldapPropertyProcessor.ReadComputerProperties(entry); ret.Properties = ContextUtils.Merge(ret.Properties, computerProps.Props); if (_context.Flags.CollectAllProperties) { ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry), ret.Properties); } ret.AllowedToDelegate = computerProps.AllowedToDelegate; ret.AllowedToAct = computerProps.AllowedToAct; ret.HasSIDHistory = computerProps.SidHistory; } if (!_methods.IsComputerCollectionSet()) { return(ret); } var apiName = _context.RealDNSName != null ? entry.GetDNSName(_context.RealDNSName) : resolvedSearchResult.DisplayName; var availability = await _computerAvailability.IsComputerAvailable(resolvedSearchResult, entry); if (!availability.Connectable) { await compStatusChannel.Writer.WriteAsync(availability.GetCSVStatus(resolvedSearchResult.DisplayName), _cancellationToken); return(ret); } var samAccountName = entry.GetProperty(LDAPProperties.SAMAccountName)?.TrimEnd('$'); if ((_methods & ResolvedCollectionMethod.Session) != 0) { var sessionResult = await _computerSessionProcessor.ReadUserSessions(apiName, resolvedSearchResult.ObjectId, resolvedSearchResult.Domain); ret.Sessions = sessionResult; if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = sessionResult.Collected ? StatusSuccess : sessionResult.FailureReason, Task = "NetSessionEnum", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if ((_methods & ResolvedCollectionMethod.LoggedOn) != 0) { var privSessionResult = _computerSessionProcessor.ReadUserSessionsPrivileged(apiName, samAccountName, resolvedSearchResult.ObjectId); ret.PrivilegedSessions = privSessionResult; if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = privSessionResult.Collected ? StatusSuccess : privSessionResult.FailureReason, Task = "NetWkstaUserEnum", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } var registrySessionResult = _computerSessionProcessor.ReadUserSessionsRegistry(apiName, resolvedSearchResult.Domain, resolvedSearchResult.ObjectId); ret.RegistrySessions = registrySessionResult; if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = privSessionResult.Collected ? StatusSuccess : privSessionResult.FailureReason, Task = "RegistrySessions", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if (!_methods.IsLocalGroupCollectionSet()) { return(ret); } try { using var server = new SAMRPCServer(resolvedSearchResult.DisplayName, samAccountName, resolvedSearchResult.ObjectId, resolvedSearchResult.Domain); if ((_methods & ResolvedCollectionMethod.LocalAdmin) != 0) { ret.LocalAdmins = server.GetLocalGroupMembers((int)LocalGroupRids.Administrators); if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = ret.LocalAdmins.Collected ? StatusSuccess : ret.LocalAdmins.FailureReason, Task = "AdminLocalGroup", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if ((_methods & ResolvedCollectionMethod.DCOM) != 0) { ret.DcomUsers = server.GetLocalGroupMembers((int)LocalGroupRids.DcomUsers); if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = ret.DcomUsers.Collected ? StatusSuccess : ret.DcomUsers.FailureReason, Task = "DCOMLocalGroup", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if ((_methods & ResolvedCollectionMethod.PSRemote) != 0) { ret.PSRemoteUsers = server.GetLocalGroupMembers((int)LocalGroupRids.PSRemote); if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = ret.PSRemoteUsers.Collected ? StatusSuccess : ret.PSRemoteUsers.FailureReason, Task = "PSRemoteLocalGroup", ComputerName = resolvedSearchResult.DisplayName }, _cancellationToken); } } if ((_methods & ResolvedCollectionMethod.RDP) != 0) { ret.RemoteDesktopUsers = server.GetLocalGroupMembers((int)LocalGroupRids.RemoteDesktopUsers); if (_context.Flags.DumpComputerStatus) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = ret.RemoteDesktopUsers.Collected ? StatusSuccess : ret.RemoteDesktopUsers.FailureReason, Task = "RDPLocalGroup", ComputerName = resolvedSearchResult.DisplayName }); } } } catch (Exception e) { await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus { Status = e.ToString(), ComputerName = resolvedSearchResult.DisplayName, Task = "SAMRPCServerInit" }, _cancellationToken); ret.DcomUsers = new LocalGroupAPIResult { Collected = false, FailureReason = "SAMRPCServerInit Failed" }; ret.PSRemoteUsers = new LocalGroupAPIResult { Collected = false, FailureReason = "SAMRPCServerInit Failed" }; ret.LocalAdmins = new LocalGroupAPIResult { Collected = false, FailureReason = "SAMRPCServerInit Failed" }; ret.RemoteDesktopUsers = new LocalGroupAPIResult { Collected = false, FailureReason = "SAMRPCServerInit Failed" }; } return(ret); }