SharpHound slow and cannot collect all AD objects

[ville87]

Hello there,

I have a situation that sharphound does collect data very slowly (~0.25 objects per second) and then once done, it only contains a users.json and groups.json. I've tried with the exe and the ps1 version. Params used are --CollectionMethod All,GPOLocalGroup --statusinterval 10000 --Domain <domain>

When i use the same creds to connect to the ad using e.g. adexplorer from sysinternals, i can browse around in different OUs etc. and I can also see computers. Also, manual ADSI exploring with PowerShell (via adsisearcher) seems to be no problem.

Is it possible that some IDS / IPS system or similar in the network could somehow recognizes the scans and then blocks or drops a lot of requests? Is there maybe a manual PowerShell query I could try out to do some more debugging?

Thanks for any help!

[ville87]

I'll close the issue because during the same evening it suddenly started collecting with normal speed... (also i just realized I opened an issue in the old sharphound repo, sorry for that 😑)