ResolveHostToSid resolves to a SID when a SID can be resolved, and falls back to a hostname from DNS when a SID cannot be resolved. This produces unwanted behavior when a SID is expected but a hostname is returned, so we split the method in two - one that returns null where no SID can be resolved and another that falls back onto the hostname.
Bug in SHS when an AD object is deleted but remains on DNS. Such objects currently are collected and recorded into our BloodHound graphs as empty domain CAs.
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
[ ] Chore (a change that does not modify the application functionality)
[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[x] Breaking change (fix or feature that would cause existing functionality to change)
Checklist:
[ ] Documentation updates are needed, and have been made accordingly.
[ ] I have added and/or updated tests to cover my changes.
Description
ResolveHostToSid resolves to a SID when a SID can be resolved, and falls back to a hostname from DNS when a SID cannot be resolved. This produces unwanted behavior when a SID is expected but a hostname is returned, so we split the method in two - one that returns null where no SID can be resolved and another that falls back onto the hostname.
Motivation and Context
https://specterops.atlassian.net/browse/BP-508
Bug in SHS when an AD object is deleted but remains on DNS. Such objects currently are collected and recorded into our BloodHound graphs as empty domain CAs.
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: