Fixed some Invoke-MapDomainTrust and Get-NetDomainTrust logic

Changed domain/forest Write-Warning's to Write-Verbose
master
Harmj0y 2016-06-12 20:54:53 -04:00
parent e7ac71a0ad
commit 59d5e293c2
1 changed files with 55 additions and 44 deletions

View File

@ -2188,7 +2188,7 @@ filter Get-NetDomain {
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext) [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
} }
catch { catch {
Write-Warning "The specified domain does '$Domain' not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid." Write-Verbose "The specified domain does '$Domain' not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
$Null $Null
} }
} }
@ -2198,7 +2198,7 @@ filter Get-NetDomain {
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext) [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
} }
catch { catch {
Write-Warning "The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust." Write-Verbose "The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust."
$Null $Null
} }
} }
@ -2257,7 +2257,7 @@ filter Get-NetForest {
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext) $ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
} }
catch { catch {
Write-Warning "The specified forest '$Forest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid." Write-Verbose "The specified forest '$Forest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
$Null $Null
} }
} }
@ -2267,7 +2267,7 @@ filter Get-NetForest {
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext) $ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
} }
catch { catch {
Write-Warning "The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust." Write-Verbose "The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust."
return $Null return $Null
} }
} }
@ -12515,6 +12515,22 @@ function Get-NetDomainTrust {
$Credential $Credential
) )
begin {
$TrustAttributes = @{
[uint32]'0x00000001' = 'non_transitive'
[uint32]'0x00000002' = 'uplevel_only'
[uint32]'0x00000004' = 'quarantined_domain'
[uint32]'0x00000008' = 'forest_transitive'
[uint32]'0x00000010' = 'cross_organization'
[uint32]'0x00000020' = 'within_forest'
[uint32]'0x00000040' = 'treat_as_external'
[uint32]'0x00000080' = 'trust_uses_rc4_encryption'
[uint32]'0x00000100' = 'trust_uses_aes_keys'
[uint32]'0x00000200' = 'cross_organization_no_tgt_delegation'
[uint32]'0x00000400' = 'pim_trust'
}
}
process { process {
if(-not $Domain) { if(-not $Domain) {
@ -12533,33 +12549,21 @@ function Get-NetDomainTrust {
if($TrustSearcher) { if($TrustSearcher) {
$TrustSearcher.filter = '(&(objectClass=trustedDomain))' $TrustSearcher.Filter = '(objectClass=trustedDomain)'
$Results = $TrustSearcher.FindAll() $Results = $TrustSearcher.FindAll()
$Results | Where-Object {$_} | ForEach-Object { $Results | Where-Object {$_} | ForEach-Object {
$Props = $_.Properties $Props = $_.Properties
$DomainTrust = New-Object PSObject $DomainTrust = New-Object PSObject
$TrustAttrib = Switch ($Props.trustattributes)
{ $TrustAttrib = @()
0x001 { "non_transitive" } $TrustAttrib += $TrustAttributes.Keys | Where-Object { $Props.trustattributes[0] -band $_ } | ForEach-Object { $TrustAttributes[$_] }
0x002 { "uplevel_only" }
0x004 { "quarantined_domain" }
0x008 { "forest_transitive" }
0x010 { "cross_organization" }
0x020 { "within_forest" }
0x040 { "treat_as_external" }
0x080 { "trust_uses_rc4_encryption" }
0x100 { "trust_uses_aes_keys" }
Default {
Write-Warning "Unknown trust attribute: $($Props.trustattributes)";
"$($Props.trustattributes)";
}
}
$Direction = Switch ($Props.trustdirection) { $Direction = Switch ($Props.trustdirection) {
0 { "Disabled" } 0 { 'Disabled' }
1 { "Inbound" } 1 { 'Inbound' }
2 { "Outbound" } 2 { 'Outbound' }
3 { "Bidirectional" } 3 { 'Bidirectional' }
} }
$ObjectGuid = New-Object Guid @(,$Props.objectguid[0]) $ObjectGuid = New-Object Guid @(,$Props.objectguid[0])
$TargetSID = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value $TargetSID = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value
@ -12568,7 +12572,7 @@ function Get-NetDomainTrust {
$DomainTrust | Add-Member Noteproperty 'TargetName' $Props.name[0] $DomainTrust | Add-Member Noteproperty 'TargetName' $Props.name[0]
$DomainTrust | Add-Member Noteproperty 'TargetSID' $TargetSID $DomainTrust | Add-Member Noteproperty 'TargetSID' $TargetSID
$DomainTrust | Add-Member Noteproperty 'ObjectGuid' "{$ObjectGuid}" $DomainTrust | Add-Member Noteproperty 'ObjectGuid' "{$ObjectGuid}"
$DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustAttrib" $DomainTrust | Add-Member Noteproperty 'TrustType' $($TrustAttrib -join ',')
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction" $DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction"
$DomainTrust $DomainTrust
} }
@ -12640,7 +12644,7 @@ function Get-NetDomainTrust {
} }
} }
else { else {
Write-Error "Could not retrieve domain controller for $Domain" Write-Verbose "Could not retrieve domain controller for $Domain"
} }
} }
else { else {
@ -13125,12 +13129,18 @@ function Invoke-MapDomainTrust {
} }
# get any forest trusts, if they exist # get any forest trusts, if they exist
if(-not ($LDAP -or $DomainController) ) {
$Trusts += Get-NetForestTrust -Forest $Domain -Credential $Credential $Trusts += Get-NetForestTrust -Forest $Domain -Credential $Credential
}
if ($Trusts) { if ($Trusts) {
if($Trusts -isnot [System.Array]) {
$Trusts = @($Trusts)
}
# enumerate each trust found # enumerate each trust found
ForEach ($Trust in $Trusts) { ForEach ($Trust in $Trusts) {
if($Trust.SourceName -and $Trust.TargetName) {
$SourceDomain = $Trust.SourceName $SourceDomain = $Trust.SourceName
$TargetDomain = $Trust.TargetName $TargetDomain = $Trust.TargetName
$TrustType = $Trust.TrustType $TrustType = $Trust.TrustType
@ -13151,8 +13161,9 @@ function Invoke-MapDomainTrust {
} }
} }
} }
}
catch { catch {
Write-Warning "[!] Error: $_" Write-Verbose "[!] Error: $_"
} }
} }
} }