GPOLocalGroup data is currently not ingested

[nurfed1]

Description:

Sharphound GPOLocalGroup collector data is not being ingested by Bloodhound.

Component(s) Affected:

• [ ] UI
• [ ] API
• [ ] Neo4j
• [ ] PostgreSQL
• [ ] Data Collector (SharpHound, AzureHound)
• [x] Other (tooling, documentation, etc.)

Steps to Reproduce:

1. Collect GPOLocalGroup data
2. Upload data
3. AdminTo/CanRDP/ExecuteDCOM/CanPSRemote relationships to computer objects are missing.

Expected Behavior:

Bloodhound ingests collected GPOLocalGroup data.

Actual Behavior:

Bloodhound does not ingest collected GPOLocalGroup data.

Environment Information:

BloodHound: Latest commit

Collector: SharpHound 2.3.0 (Latest commit)

Contributor Checklist:

• [x] I have searched the issue tracker to ensure this bug hasn't been reported before or is not already being addressed.
• [x] I have provided clear steps to reproduce the issue.
• [x] I have included relevant environment information details.
• [x] I have attached necessary supporting documents.
• [x] I have checked that any JSON files I am attempting to upload to BloodHound are valid.

[JonasBK]

Confirmed with SharpHound v2.3.0 and BloodHound v5.3.1. The data is collected by SharpHound as expected:

  "GPOChanges": {
      "LocalAdmins": [
          {
              "ObjectIdentifier": "S-1-5-21-2697957641-2271029196-387917394-2173",
              "ObjectType": "User"
          }
      ],
      "RemoteDesktopUsers": [],
      "DcomUsers": [],
      "PSRemoteUsers": [],
      "AffectedComputers": [
          {
              "ObjectIdentifier": "S-1-5-21-2697957641-2271029196-387917394-2174",
              "ObjectType": "Computer"
          }
      ]
  },

The above example is from the attached example which should generate an AdminTo edge from the user ALICE@DUMPSTER.FIRE to computer ALICE-LAPTOP.DUMPSTER.FIRE, but that doesn't happen. 20231228025130_BloodHound.zip