Closed jsdhasfedssad closed 6 months ago
Hi @jsdhasfedssad, as usual thank you for the interest you have for the tool and to raise me issues when you see something wrong.
I choose to filter by objectClass attribute and it can contain several class per object. In AD, computers do have a "user" objectClass, manged service accounts do have a "computer" objectClass. This is not precise enough and I will think about a better way to filter it.
I don't understand why you don't have users outputed when you filter with "user", it's like they don't have the "user" objectClass.
The command I used above does actually identify users as well. In the above screenshot branchuser1, rodc_admin1, fTYYlViSVK, krbtgt_13330 and delegation1
are regular user accounts (if krbtgt accounts are counted as that).
To my knowledge, forests and domains having accounts in the AD is as it should be. All my forests and domains have one. These accounts can for example be abused to get trust keys.
Here is the output from your commands:
I just noticed, this also affects the get writable
command when the filter --otype
is used.
I will think about a better way to filter but unfortunately it risks to not be as straightforward. I let this open until I fix it.
@jsdhasfedssad can you confirm children --otype useronly
fix your issue?
Hi,
I am trying out version 1.0.0 and I think I have found an issue. Filtering
get children
onuser
does not work. Other types are still outputted.While computers, for example
test3
andRODC1
, should not be shown using this filter I am not sure what is correct for the three other marked examples.CHILD2$
is the sAMAccountName of a child domain (this is not shown when filtering oncomputer
)smsa1
is a standalone managed service account (this is also shown when filtering oncomputer
)gmsa1
is a group managed service account (this is also shown when filtering oncomputer
)Thanks!