test for temporary canary object always evaluates to true when running in mode 2 - Githubissues

microsoftarchive / New-KrbtgtKeys.ps1

This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.

MIT License

402 stars 89 forks source link

test for temporary canary object always evaluates to true when running in mode 2 #13

Open 2a-h opened 2 years ago

2a-h commented 2 years ago

when running the script in mode 2, the statement on line 785 will always evaluate to $true because both $objectOnTargetDCPwdLastSet and $objectOnSourceOrgRWDCPwdLastSet are uninitialized in this mode and are therefore both equal to $null https://github.com/microsoft/New-KrbtgtKeys.ps1/blob/aaa1b322f3dd4478f733a01b37dd221c8ff1f8c0/New-KrbtgtKeys.ps1#L785

the statement should evaluate to $false when $targetObjectToCheck is $null because it would mean that, for example, Get-ADObject on lines 755 or 758 failed for some reason https://github.com/microsoft/New-KrbtgtKeys.ps1/blob/aaa1b322f3dd4478f733a01b37dd221c8ff1f8c0/New-KrbtgtKeys.ps1#L755