@@ -3401,36 +3401,38 @@ System.DirectoryServices.DirectorySearcher
34013401 PROCESS {
34023402 if ($PSBoundParameters['Domain']) {
34033403 $TargetDomain = $Domain
3404- }
3405- else {
3406- # if not -Domain is specified, retrieve the current domain name
3407- if ($PSBoundParameters['Credential']) {
3408- $DomainObject = Get-Domain -Credential $Credential
3409- }
3410- else {
3411- $DomainObject = Get-Domain
3412- }
3413- $TargetDomain = $DomainObject.Name
3414- }
34153404
3416- if (-not $PSBoundParameters['Server']) {
3417- # if there's not a specified server to bind to, try to pull the current domain PDC
3418- try {
3419- if ($DomainObject) {
3420- $BindServer = $DomainObject.PdcRoleOwner.Name
3421- }
3422- elseif ($PSBoundParameters['Credential']) {
3423- $BindServer = ((Get-Domain -Credential $Credential).PdcRoleOwner).Name
3424- }
3425- else {
3426- $BindServer = ((Get-Domain).PdcRoleOwner).Name
3405+ if ($ENV:USERDNSDOMAIN -and ($ENV:USERDNSDOMAIN.Trim() -ne '')) {
3406+ # see if we can grab the user DNS logon domain from environment variables
3407+ $UserDomain = $ENV:USERDNSDOMAIN
3408+ if ($ENV:LOGONSERVER -and ($ENV:LOGONSERVER.Trim() -ne '') -and $UserDomain) {
3409+ $BindServer = "$($ENV:LOGONSERVER -replace '\\','').$UserDomain"
34273410 }
34283411 }
3429- catch {
3430- throw "[Get-DomainSearcher] Error in retrieving PDC for current domain: $_"
3412+ }
3413+ elseif ($PSBoundParameters['Credential']) {
3414+ # if not -Domain is specified, but -Credential is, try to retrieve the current domain name with Get-Domain
3415+ $DomainObject = Get-Domain -Credential $Credential
3416+ $BindServer = ($DomainObject.PdcRoleOwner).Name
3417+ $TargetDomain = $DomainObject.Name
3418+ }
3419+ elseif ($ENV:USERDNSDOMAIN -and ($ENV:USERDNSDOMAIN.Trim() -ne '')) {
3420+ # see if we can grab the user DNS logon domain from environment variables
3421+ $TargetDomain = $ENV:USERDNSDOMAIN
3422+ if ($ENV:LOGONSERVER -and ($ENV:LOGONSERVER.Trim() -ne '') -and $TargetDomain) {
3423+ $BindServer = "$($ENV:LOGONSERVER -replace '\\','').$TargetDomain"
34313424 }
34323425 }
34333426 else {
3427+ # otherwise, resort to Get-Domain to retrieve the current domain object
3428+ write-verbose "get-domain"
3429+ $DomainObject = Get-Domain
3430+ $BindServer = ($DomainObject.PdcRoleOwner).Name
3431+ $TargetDomain = $DomainObject.Name
3432+ }
3433+
3434+ if ($PSBoundParameters['Server']) {
3435+ # if there's not a specified server to bind to, try to pull a logon server from ENV variables
34343436 $BindServer = $Server
34353437 }
34363438
@@ -3476,7 +3478,7 @@ System.DirectoryServices.DirectorySearcher
34763478 }
34773479
34783480 $SearchString += $DN
3479- Write-Verbose "[Get-DomainSearcher] search string : $SearchString"
3481+ Write-Verbose "[Get-DomainSearcher] search base : $SearchString"
34803482
34813483 if ($Credential -ne [Management.Automation.PSCredential]::Empty) {
34823484 Write-Verbose "[Get-DomainSearcher] Using alternate credentials for LDAP connection"
@@ -19627,6 +19629,7 @@ Custom PSObject with translated domain API trust result fields.
1962719629 }
1962819630
1962919631 $LdapSearcherArguments = @{}
19632+ if ($PSBoundParameters['Domain']) { $LdapSearcherArguments['Domain'] = $Domain }
1963019633 if ($PSBoundParameters['LDAPFilter']) { $LdapSearcherArguments['LDAPFilter'] = $LDAPFilter }
1963119634 if ($PSBoundParameters['Properties']) { $LdapSearcherArguments['Properties'] = $Properties }
1963219635 if ($PSBoundParameters['SearchBase']) { $LdapSearcherArguments['SearchBase'] = $SearchBase }
@@ -19652,11 +19655,8 @@ Custom PSObject with translated domain API trust result fields.
1965219655 $SourceDomain = (Get-Domain).Name
1965319656 }
1965419657 }
19655-
19656- $NetSearcherArguments['Domain'] = $SourceDomain
19657- if ($PSBoundParameters['Credential']) { $NetSearcherArguments['Credential'] = $Credential }
1965819658 }
19659- else {
19659+ elseif ($PsCmdlet.ParameterSetName -ne 'NET') {
1966019660 if ($Domain -and $Domain.Trim() -ne '') {
1966119661 $SourceDomain = $Domain
1966219662 }
@@ -19696,13 +19696,28 @@ Custom PSObject with translated domain API trust result fields.
1969619696 3 { 'MIT' }
1969719697 }
1969819698
19699+ $Distinguishedname = $Props.distinguishedname[0]
19700+ $SourceNameIndex = $Distinguishedname.IndexOf('DC=')
19701+ if ($SourceNameIndex) {
19702+ $SourceDomain = $($Distinguishedname.SubString($SourceNameIndex)) -replace 'DC=','' -replace ',','.'
19703+ }
19704+ else {
19705+ $SourceDomain = ""
19706+ }
19707+
19708+ $TargetNameIndex = $Distinguishedname.IndexOf(',CN=System')
19709+ if ($SourceNameIndex) {
19710+ $TargetDomain = $Distinguishedname.SubString(3, $TargetNameIndex-3)
19711+ }
19712+ else {
19713+ $TargetDomain = ""
19714+ }
19715+
1969919716 $ObjectGuid = New-Object Guid @(,$Props.objectguid[0])
1970019717 $TargetSID = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value
1970119718
1970219719 $DomainTrust | Add-Member Noteproperty 'SourceName' $SourceDomain
19703- $DomainTrust | Add-Member Noteproperty 'SourceSID' $SourceSID
1970419720 $DomainTrust | Add-Member Noteproperty 'TargetName' $Props.name[0]
19705- $DomainTrust | Add-Member Noteproperty 'TargetSID' $TargetSID
1970619721 # $DomainTrust | Add-Member Noteproperty 'TargetGuid' "{$ObjectGuid}"
1970719722 $DomainTrust | Add-Member Noteproperty 'TrustType' $TrustType
1970819723 $DomainTrust | Add-Member Noteproperty 'TrustAttributes' $($TrustAttrib -join ',')
@@ -20053,32 +20068,21 @@ Custom PSObject with translated user property fields.
2005320068 }
2005420069
2005520070 PROCESS {
20056- if ($PSBoundParameters['Domain']) {
20057- $SearcherArguments['Domain'] = $Domain
20058- $TargetDomain = $Domain
20059- }
20060- elseif ($PSBoundParameters['Credential']) {
20061- $TargetDomain = Get-Domain -Credential $Credential | Select-Object -ExpandProperty name
20062- }
20063- elseif ($Env:USERDNSDOMAIN) {
20064- $TargetDomain = $Env:USERDNSDOMAIN
20065- }
20066- else {
20067- throw "[Get-DomainForeignUser] No domain found to enumerate!"
20068- }
20069-
2007020071 Get-DomainUser @SearcherArguments | ForEach-Object {
2007120072 ForEach ($Membership in $_.memberof) {
2007220073 $Index = $Membership.IndexOf('DC=')
2007320074 if ($Index) {
2007420075
2007520076 $GroupDomain = $($Membership.SubString($Index)) -replace 'DC=','' -replace ',','.'
20077+ $UserDistinguishedName = $_.distinguishedname
20078+ $UserIndex = $UserDistinguishedName.IndexOf('DC=')
20079+ $UserDomain = $($_.distinguishedname.SubString($UserIndex)) -replace 'DC=','' -replace ',','.'
2007620080
20077- if ($GroupDomain -ne $TargetDomain ) {
20081+ if ($GroupDomain -ne $UserDomain ) {
2007820082 # if the group domain doesn't match the user domain, display it
2007920083 $GroupName = $Membership.Split(',')[0].split('=')[1]
2008020084 $ForeignUser = New-Object PSObject
20081- $ForeignUser | Add-Member Noteproperty 'UserDomain' $TargetDomain
20085+ $ForeignUser | Add-Member Noteproperty 'UserDomain' $UserDomain
2008220086 $ForeignUser | Add-Member Noteproperty 'UserName' $_.samaccountname
2008320087 $ForeignUser | Add-Member Noteproperty 'UserDistinguishedName' $_.distinguishedname
2008420088 $ForeignUser | Add-Member Noteproperty 'GroupDomain' $GroupDomain
@@ -20256,39 +20260,24 @@ Custom PSObject with translated group member property fields.
2025620260 }
2025720261
2025820262 PROCESS {
20259- if ($PSBoundParameters['Domain']) {
20260- $SearcherArguments['Domain'] = $Domain
20261- $TargetDomain = $Domain
20262- }
20263- elseif ($PSBoundParameters['Credential']) {
20264- $TargetDomain = Get-Domain -Credential $Credential | Select-Object -ExpandProperty name
20265- }
20266- elseif ($Env:USERDNSDOMAIN) {
20267- $TargetDomain = $Env:USERDNSDOMAIN
20268- }
20269- else {
20270- throw "[Get-DomainForeignGroupMember] No domain found to enumerate!"
20271- }
20272-
2027320263 # standard group names to ignore
2027420264 $ExcludeGroups = @('Users', 'Domain Users', 'Guests')
20275- $DomainDN = "DC=$($TargetDomain.Replace('.', ',DC='))"
2027620265
20277- Get-DomainGroup @SearcherArguments | Where-Object {$ExcludeGroups -notcontains $_.samaccountname} | ForEach-Object {
20266+ Get-DomainGroup @SearcherArguments | Where-Object { $ExcludeGroups -notcontains $_.samaccountname } | ForEach-Object {
2027820267 $GroupName = $_.samAccountName
2027920268 $GroupDistinguishedName = $_.distinguishedname
20269+ $GroupDomain = $GroupDistinguishedName.SubString($GroupDistinguishedName.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
2028020270
2028120271 $_.member | ForEach-Object {
2028220272 # filter for foreign SIDs in the cn field for users in another domain,
2028320273 # or if the DN doesn't end with the proper DN for the queried domain
20284- if (($_ -match 'CN=S-1-5-21.*-.*') -or ($DomainDN -ne ($ _.SubString($_.IndexOf('DC='))))) {
20285-
20274+ $MemberDomain = $ _.SubString($_.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
20275+ if (($_ -match 'CN=S-1-5-21.*-.*') -or ($GroupDomain -ne $MemberDomain)) {
2028620276 $MemberDistinguishedName = $_
20287- $MemberDomain = $_.SubString($_.IndexOf('DC=')) -replace 'DC=','' -replace ',','.'
2028820277 $MemberName = $_.Split(',')[0].split('=')[1]
2028920278
2029020279 $ForeignGroupMember = New-Object PSObject
20291- $ForeignGroupMember | Add-Member Noteproperty 'GroupDomain' $TargetDomain
20280+ $ForeignGroupMember | Add-Member Noteproperty 'GroupDomain' $GroupDomain
2029220281 $ForeignGroupMember | Add-Member Noteproperty 'GroupName' $GroupName
2029320282 $ForeignGroupMember | Add-Member Noteproperty 'GroupDistinguishedName' $GroupDistinguishedName
2029420283 $ForeignGroupMember | Add-Member Noteproperty 'MemberDomain' $MemberDomain
0 commit comments