Fixed some Invoke-MapDomainTrust and Get-NetDomainTrust logic
Changed domain/forest Write-Warning's to Write-Verbosemaster
parent
e7ac71a0ad
commit
59d5e293c2
|
@ -2188,7 +2188,7 @@ filter Get-NetDomain {
|
||||||
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
|
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Warning "The specified domain does '$Domain' not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
|
Write-Verbose "The specified domain does '$Domain' not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
|
||||||
$Null
|
$Null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2198,7 +2198,7 @@ filter Get-NetDomain {
|
||||||
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
|
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Warning "The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust."
|
Write-Verbose "The specified domain '$Domain' does not exist, could not be contacted, or there isn't an existing trust."
|
||||||
$Null
|
$Null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2257,7 +2257,7 @@ filter Get-NetForest {
|
||||||
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
|
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Warning "The specified forest '$Forest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
|
Write-Verbose "The specified forest '$Forest' does not exist, could not be contacted, there isn't an existing trust, or the specified credentials are invalid."
|
||||||
$Null
|
$Null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2267,7 +2267,7 @@ filter Get-NetForest {
|
||||||
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
|
$ForestObject = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ForestContext)
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Warning "The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust."
|
Write-Verbose "The specified forest '$Forest' does not exist, could not be contacted, or there isn't an existing trust."
|
||||||
return $Null
|
return $Null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -12515,6 +12515,22 @@ function Get-NetDomainTrust {
|
||||||
$Credential
|
$Credential
|
||||||
)
|
)
|
||||||
|
|
||||||
|
begin {
|
||||||
|
$TrustAttributes = @{
|
||||||
|
[uint32]'0x00000001' = 'non_transitive'
|
||||||
|
[uint32]'0x00000002' = 'uplevel_only'
|
||||||
|
[uint32]'0x00000004' = 'quarantined_domain'
|
||||||
|
[uint32]'0x00000008' = 'forest_transitive'
|
||||||
|
[uint32]'0x00000010' = 'cross_organization'
|
||||||
|
[uint32]'0x00000020' = 'within_forest'
|
||||||
|
[uint32]'0x00000040' = 'treat_as_external'
|
||||||
|
[uint32]'0x00000080' = 'trust_uses_rc4_encryption'
|
||||||
|
[uint32]'0x00000100' = 'trust_uses_aes_keys'
|
||||||
|
[uint32]'0x00000200' = 'cross_organization_no_tgt_delegation'
|
||||||
|
[uint32]'0x00000400' = 'pim_trust'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
|
|
||||||
if(-not $Domain) {
|
if(-not $Domain) {
|
||||||
|
@ -12533,33 +12549,21 @@ function Get-NetDomainTrust {
|
||||||
|
|
||||||
if($TrustSearcher) {
|
if($TrustSearcher) {
|
||||||
|
|
||||||
$TrustSearcher.filter = '(&(objectClass=trustedDomain))'
|
$TrustSearcher.Filter = '(objectClass=trustedDomain)'
|
||||||
|
|
||||||
$Results = $TrustSearcher.FindAll()
|
$Results = $TrustSearcher.FindAll()
|
||||||
$Results | Where-Object {$_} | ForEach-Object {
|
$Results | Where-Object {$_} | ForEach-Object {
|
||||||
$Props = $_.Properties
|
$Props = $_.Properties
|
||||||
$DomainTrust = New-Object PSObject
|
$DomainTrust = New-Object PSObject
|
||||||
$TrustAttrib = Switch ($Props.trustattributes)
|
|
||||||
{
|
$TrustAttrib = @()
|
||||||
0x001 { "non_transitive" }
|
$TrustAttrib += $TrustAttributes.Keys | Where-Object { $Props.trustattributes[0] -band $_ } | ForEach-Object { $TrustAttributes[$_] }
|
||||||
0x002 { "uplevel_only" }
|
|
||||||
0x004 { "quarantined_domain" }
|
|
||||||
0x008 { "forest_transitive" }
|
|
||||||
0x010 { "cross_organization" }
|
|
||||||
0x020 { "within_forest" }
|
|
||||||
0x040 { "treat_as_external" }
|
|
||||||
0x080 { "trust_uses_rc4_encryption" }
|
|
||||||
0x100 { "trust_uses_aes_keys" }
|
|
||||||
Default {
|
|
||||||
Write-Warning "Unknown trust attribute: $($Props.trustattributes)";
|
|
||||||
"$($Props.trustattributes)";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$Direction = Switch ($Props.trustdirection) {
|
$Direction = Switch ($Props.trustdirection) {
|
||||||
0 { "Disabled" }
|
0 { 'Disabled' }
|
||||||
1 { "Inbound" }
|
1 { 'Inbound' }
|
||||||
2 { "Outbound" }
|
2 { 'Outbound' }
|
||||||
3 { "Bidirectional" }
|
3 { 'Bidirectional' }
|
||||||
}
|
}
|
||||||
$ObjectGuid = New-Object Guid @(,$Props.objectguid[0])
|
$ObjectGuid = New-Object Guid @(,$Props.objectguid[0])
|
||||||
$TargetSID = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value
|
$TargetSID = (New-Object System.Security.Principal.SecurityIdentifier($Props.securityidentifier[0],0)).Value
|
||||||
|
@ -12568,7 +12572,7 @@ function Get-NetDomainTrust {
|
||||||
$DomainTrust | Add-Member Noteproperty 'TargetName' $Props.name[0]
|
$DomainTrust | Add-Member Noteproperty 'TargetName' $Props.name[0]
|
||||||
$DomainTrust | Add-Member Noteproperty 'TargetSID' $TargetSID
|
$DomainTrust | Add-Member Noteproperty 'TargetSID' $TargetSID
|
||||||
$DomainTrust | Add-Member Noteproperty 'ObjectGuid' "{$ObjectGuid}"
|
$DomainTrust | Add-Member Noteproperty 'ObjectGuid' "{$ObjectGuid}"
|
||||||
$DomainTrust | Add-Member Noteproperty 'TrustType' "$TrustAttrib"
|
$DomainTrust | Add-Member Noteproperty 'TrustType' $($TrustAttrib -join ',')
|
||||||
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction"
|
$DomainTrust | Add-Member Noteproperty 'TrustDirection' "$Direction"
|
||||||
$DomainTrust
|
$DomainTrust
|
||||||
}
|
}
|
||||||
|
@ -12640,7 +12644,7 @@ function Get-NetDomainTrust {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Write-Error "Could not retrieve domain controller for $Domain"
|
Write-Verbose "Could not retrieve domain controller for $Domain"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
@ -13125,12 +13129,18 @@ function Invoke-MapDomainTrust {
|
||||||
}
|
}
|
||||||
|
|
||||||
# get any forest trusts, if they exist
|
# get any forest trusts, if they exist
|
||||||
|
if(-not ($LDAP -or $DomainController) ) {
|
||||||
$Trusts += Get-NetForestTrust -Forest $Domain -Credential $Credential
|
$Trusts += Get-NetForestTrust -Forest $Domain -Credential $Credential
|
||||||
|
}
|
||||||
|
|
||||||
if ($Trusts) {
|
if ($Trusts) {
|
||||||
|
if($Trusts -isnot [System.Array]) {
|
||||||
|
$Trusts = @($Trusts)
|
||||||
|
}
|
||||||
|
|
||||||
# enumerate each trust found
|
# enumerate each trust found
|
||||||
ForEach ($Trust in $Trusts) {
|
ForEach ($Trust in $Trusts) {
|
||||||
|
if($Trust.SourceName -and $Trust.TargetName) {
|
||||||
$SourceDomain = $Trust.SourceName
|
$SourceDomain = $Trust.SourceName
|
||||||
$TargetDomain = $Trust.TargetName
|
$TargetDomain = $Trust.TargetName
|
||||||
$TrustType = $Trust.TrustType
|
$TrustType = $Trust.TrustType
|
||||||
|
@ -13151,8 +13161,9 @@ function Invoke-MapDomainTrust {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Warning "[!] Error: $_"
|
Write-Verbose "[!] Error: $_"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue