search

sense-of-security / ADRecon

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
https://senseofsecurity.com.au/
GNU Affero General Public License v3.0
1.7k stars 279 forks source link

Additional Attributes #12

Closed AleAltube closed 5 years ago

AleAltube commented 5 years ago

Hi, first, thanks so much for making this code available!

Secondly, I’ve been struggling to add other attributes like user accounts’ “info”, the pivot tables don’t seem to like that... would it be possible to understand which lines would have to be modified to include other attributes for computer, group, and user objects without affecting any other part of the script?

Thanks again!

prashant3535 commented 5 years ago

Hi,

Could you please share the attributes you are trying to add or the provide more information about the pivot table issue? I can easily add those attributes and push a commit to the repo.

If the problem is only with the pivot table, then the Get-ADRExcelPivotTable function (https://github.com/sense-of-security/ADRecon/blob/master/ADRecon.ps1#L3886) is where the issue might be. For the User and Computer Stats sheet in the excel, the Get-ADRExcelAttributeStats function (https://github.com/sense-of-security/ADRecon/blob/master/ADRecon.ps1#L4030).

AleAltube commented 5 years ago

Hey Prashant, is it feasible to have the mentioned attributes added? Can I help in any way?

prashant3535 commented 5 years ago

Hi AleAltube,

It is feasible to add the attributes. Some attributes are already present as renamed as you already know. I'm working on something else at the moment and should be able to get to it over the weekend.

Thanks for your patience.

prashant3535 commented 5 years ago

Hi AleAltude,

I've added the attributes as described below:

User Attributes: [C] - Added as renamed field "Country" [cn] - Already present as renamed field "Name" [company] - Added [givenName] - Added as renamed field "First Name" [info] - Added [sn] - Added as renamed field "Last Name" [UserAccountControl] - Added [sAMAccountName] - Already present as renamed field "UserName"

Added other attributes such as Department, Title, Manager, Mobile, etc.

TODO [adDomain] -> This would have to be customized since it's not a native attribute (Optional) [adForest] -> This would have to be customized since it's not a native attribute (Optional)

Computer Attributes: [operatingSystemServicePack] - Already present as an Concatenated field "Operating System" [operatingSystemType] - Already present as an Concatenated field "Operating System" [operatingSystemVersion] - Already present as an Concatenated field "Operating System" [sAMAccountName] (I think there is already a renamed attribute containing this value, but if possible it would be great if it can be added with its original attribute name as well) - Already present as renamed field "UserName" [userAccountControl] - Added TODO [accountExpires] [canonicalName] [displayName] [adDomain] -> This would have to be customized since it's not a native attribute (Optional) [adForest] -> This would have to be customized since it's not a native attribute (Optional)

Group Attributes: [samaccountname] (I think there is already a renamed attribute containing this value, but if possible it would be great if it can be added with its original attribute name as well) - Already present as renamed field "Name" TODO [adForest] -> This would have to be customized since it's not a native attribute (Optional) [adDomain] -> This would have to be customized since it's not a native attribute (Optional)

AleAltube commented 5 years ago

Thanks so much for this, I’ll test it out tomorrow!

On 1 Dec 2018, at 23:03, prashant3535 notifications@github.com<mailto:notifications@github.com> wrote:

Hi AleAltude,

I've added the attributes as described below:

User Attributes: [C] - Added as renamed field "Country" [cn] - Already present as renamed field "Name" [company] - Added [givenName] - Added as renamed field "First Name" [info] - Added [sn] - Added as renamed field "Last Name" [UserAccountControl] - Added [sAMAccountName] - Already present as renamed field "UserName" TODO [adDomain] -> This would have to be customized since it's not a native attribute (Optional) [adForest] -> This would have to be customized since it's not a native attribute (Optional)

Computer Attributes: [operatingSystemServicePack] - Already present as an Concatenated field "Operating System" [operatingSystemType] - Already present as an Concatenated field "Operating System" [operatingSystemVersion] - Already present as an Concatenated field "Operating System" [sAMAccountName] (I think there is already a renamed attribute containing this value, but if possible it would be great if it can be added with its original attribute name as well) - Already present as renamed field "UserName" [userAccountControl] - Added TODO [accountExpires] [canonicalName] [displayName] [adDomain] -> This would have to be customized since it's not a native attribute (Optional) [adForest] -> This would have to be customized since it's not a native attribute (Optional)

Group Attributes: [samaccountname] (I think there is already a renamed attribute containing this value, but if possible it would be great if it can be added with its original attribute name as well) - Already present as renamed field "UserName" TODO [adForest] -> This would have to be customized since it's not a native attribute (Optional) [adDomain] -> This would have to be customized since it's not a native attribute (Optional)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sense-of-security/ADRecon/issues/12#issuecomment-443474343, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ArBVkR80L2A3Sow5Cc3z2TRzXYTu8Q56ks5u0zUCgaJpZM4YnN2O.

AleAltube commented 5 years ago

Hi Prashant,

I just tested the new version and it seems user attribute "Info" is not actually bringing the attribute's contents. Using PowerShell cmdlet I have validated there is content in this field for some users in the domain where I ran the script, but the CSV and Excel files show the entire Info column blank for all users.

Do you know what may be occurring?

Thanks again for the support!!!

From: prashant3535 notifications@github.com Sent: Saturday, December 1, 2018 11:03 PM To: sense-of-security/ADRecon Cc: AleAltube; Author Subject: Re: [sense-of-security/ADRecon] Additional Attributes (#12)

Hi AleAltude,

I've added the attributes as described below:

User Attributes: [C] - Added as renamed field "Country" [cn] - Already present as renamed field "Name" [company] - Added [givenName] - Added as renamed field "First Name" [info] - Added [sn] - Added as renamed field "Last Name" [UserAccountControl] - Added [sAMAccountName] - Already present as renamed field "UserName" TODO [adDomain] -> This would have to be customized since it's not a native attribute (Optional) [adForest] -> This would have to be customized since it's not a native attribute (Optional)

Computer Attributes: [operatingSystemServicePack] - Already present as an Concatenated field "Operating System" [operatingSystemType] - Already present as an Concatenated field "Operating System" [operatingSystemVersion] - Already present as an Concatenated field "Operating System" [sAMAccountName] (I think there is already a renamed attribute containing this value, but if possible it would be great if it can be added with its original attribute name as well) - Already present as renamed field "UserName" [userAccountControl] - Added TODO [accountExpires] [canonicalName] [displayName] [adDomain] -> This would have to be customized since it's not a native attribute (Optional) [adForest] -> This would have to be customized since it's not a native attribute (Optional)

Group Attributes: [samaccountname] (I think there is already a renamed attribute containing this value, but if possible it would be great if it can be added with its original attribute name as well) - Already present as renamed field "UserName" TODO [adForest] -> This would have to be customized since it's not a native attribute (Optional) [adDomain] -> This would have to be customized since it's not a native attribute (Optional)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sense-of-security/ADRecon/issues/12#issuecomment-443474343, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ArBVkR80L2A3Sow5Cc3z2TRzXYTu8Q56ks5u0zUCgaJpZM4YnN2O.

prashant3535 commented 5 years ago

Hi AleAltube,

Could you please try now ? Also, could you test it with -Protocol LDAP ? Thanks

prashant3535 commented 5 years ago

Lemme see if I can replicate it. Which version of powershell and office are you using ?

prashant3535 commented 5 years ago

Do you have any entry in the ComputerSPNs.csv file with a very long value in the Host column ?

AleAltube commented 5 years ago

Im just running -collect users, no spns csv is generated, could the issue be long values within the info user field?

Thanks!

On 3 Dec 2018, at 21:37, prashant3535 notifications@github.com<mailto:notifications@github.com> wrote:

Do you have any entry in the ComputerSPNs.csv file with a very long value in the Host column ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sense-of-security/ADRecon/issues/12#issuecomment-443924786, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ArBVkTOxm9W38zmZzCWsEv6VkoOgYfiuks5u1cOugaJpZM4YnN2O.

prashant3535 commented 5 years ago

Yes, that is the issue (too long info field). Let me see how I can solve it.

AleAltube commented 5 years ago

U da man 😁

On 4 Dec 2018, at 09:04, prashant3535 notifications@github.com<mailto:notifications@github.com> wrote:

Yes, that is the issue (too long info field). Let me see how I can solve it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sense-of-security/ADRecon/issues/12#issuecomment-444077136, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ArBVkYjGnuTxFv1r3H3BfcItedrklIGuks5u1mTogaJpZM4YnN2O.

AleAltube commented 5 years ago

Hey Prashant,

Any luck with this issue?

On 4 Dec 2018, at 09:04, prashant3535 notifications@github.com<mailto:notifications@github.com> wrote:

Yes, that is the issue (too long info field). Let me see how I can solve it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sense-of-security/ADRecon/issues/12#issuecomment-444077136, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ArBVkYjGnuTxFv1r3H3BfcItedrklIGuks5u1mTogaJpZM4YnN2O.

prashant3535 commented 5 years ago

Hey AleAltube,

I pushed a potential bug fix for it last week. Are you still having the same issue ?

AleAltube commented 5 years ago

I did not see the update, my bad. Will check early on tomorrow!

Thanks!

On 11 Dec 2018, at 22:45, prashant3535 notifications@github.com<mailto:notifications@github.com> wrote:

Hey AleAltube,

I pushed a potential bug fix for it last week. Are you still having the same issue ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sense-of-security/ADRecon/issues/12#issuecomment-446430248, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ArBVkVXx--EB-oJJdu1cI1_kxWI3nMZAks5u4F-dgaJpZM4YnN2O.