Split ResolveHostToSid

[definitelynotagoblin]

Description

ResolveHostToSid resolves to a SID when a SID can be resolved, and falls back to a hostname from DNS when a SID cannot be resolved. This produces unwanted behavior when a SID is expected but a hostname is returned, so we split the method in two - one that returns null where no SID can be resolved and another that falls back onto the hostname.

Motivation and Context

https://specterops.atlassian.net/browse/BP-508

Bug in SHS when an AD object is deleted but remains on DNS. Such objects currently are collected and recorded into our BloodHound graphs as empty domain CAs.

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

• [ ] Chore (a change that does not modify the application functionality)
• [ ] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [x] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• [ ] Documentation updates are needed, and have been made accordingly.
• [ ] I have added and/or updated tests to cover my changes.
• [ ] All new and existing tests passed.
• [ ] My changes include a database migration.

[definitelynotagoblin]

This will need to be merged with appropriate changes to SharpHound, SHS, and any other project that uses ResolveHostToSid from this library.