CravateRouge
commented
1 year ago Hi @jsdhasfedssad, as usual thank you for the interest you have for the tool and to raise me issues when you see something wrong.
I choose to filter by objectClass attribute and it can contain several class per object. In AD, computers do have a "user" objectClass, manged service accounts do have a "computer" objectClass. This is not precise enough and I will think about a better way to filter it.
I don't understand why you don't have users outputed when you filter with "user", it's like they don't have the "user" objectClass.
- Could you show me a "get object SOME_USER --attr objectClass" and "get object SOME_USER --attr objectCategory"?
- Same for your child domain? (i'm very surprised it has a sAMAccountName btw)
- And finally "get object DC=adlab,DC=local --attr msDS-Behavior-Version"
jsdhasfedssad
Hi,
I am trying out version 1.0.0 and I think I have found an issue. Filtering
get childrenonuserdoes not work. Other types are still outputted.While computers, for example
test3andRODC1, should not be shown using this filter I am not sure what is correct for the three other marked examples.CHILD2$is the sAMAccountName of a child domain (this is not shown when filtering oncomputer)smsa1is a standalone managed service account (this is also shown when filtering oncomputer)gmsa1is a group managed service account (this is also shown when filtering oncomputer)Thanks!