From 81da708c744af9b8698d122a5c19117b55dac272 Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Thu, 11 Aug 2016 13:34:46 -0400 Subject: [PATCH] Attempted fix for issue #15 --- PowerShell/BloodHound.ps1 | 50 ++++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/PowerShell/BloodHound.ps1 b/PowerShell/BloodHound.ps1 index a1fe5345d..f38d119a0 100644 --- a/PowerShell/BloodHound.ps1 +++ b/PowerShell/BloodHound.ps1 @@ -13679,36 +13679,38 @@ function Get-GlobalCatalogUserMapping { $UserName = $User.Properties['samaccountname'][0].ToUpper() $UserDN = $User.Properties['distinguishedname'][0] - if (($UserDN -match 'ForeignSecurityPrincipals') -and ($UserDN -match 'S-1-5-21')) { - try { - if(-not $MemberSID) { - $MemberSID = $User.Properties['cn'][0] - } - $UserSid = (New-Object System.Security.Principal.SecurityIdentifier($User.Properties['objectsid'][0],0)).Value - $MemberSimpleName = Convert-SidToName -SID $UserSid | Convert-ADName -InputType 'NT4' -OutputType 'Canonical' - if($MemberSimpleName) { - $UserDomain = $MemberSimpleName.Split('/')[0] + if($UserDN -and ($UserDN -ne '')) { + if (($UserDN -match 'ForeignSecurityPrincipals') -and ($UserDN -match 'S-1-5-21')) { + try { + if(-not $MemberSID) { + $MemberSID = $User.Properties['cn'][0] + } + $UserSid = (New-Object System.Security.Principal.SecurityIdentifier($User.Properties['objectsid'][0],0)).Value + $MemberSimpleName = Convert-SidToName -SID $UserSid | Convert-ADName -InputType 'NT4' -OutputType 'Canonical' + if($MemberSimpleName) { + $UserDomain = $MemberSimpleName.Split('/')[0] + } + else { + Write-Verbose "Error converting $UserDN" + $UserDomain = $Null + } } - else { + catch { Write-Verbose "Error converting $UserDN" $UserDomain = $Null } } - catch { - Write-Verbose "Error converting $UserDN" - $UserDomain = $Null - } - } - else { - # extract the FQDN from the Distinguished Name - $UserDomain = ($UserDN.subString($UserDN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.').ToUpper() - } - if($UserDomain) { - if(-not $UserDomainMappings[$UserName]) { - $UserDomainMappings[$UserName] = @($UserDomain) + else { + # extract the FQDN from the Distinguished Name + $UserDomain = ($UserDN.subString($UserDN.IndexOf('DC=')) -replace 'DC=','' -replace ',','.').ToUpper() } - elseif($UserDomainMappings[$UserName] -notcontains $UserDomain) { - $UserDomainMappings[$UserName] += $UserDomain + if($UserDomain) { + if(-not $UserDomainMappings[$UserName]) { + $UserDomainMappings[$UserName] = @($UserDomain) + } + elseif($UserDomainMappings[$UserName] -notcontains $UserDomain) { + $UserDomainMappings[$UserName] += $UserDomain + } } } }