Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-DomainUser Not Filtering on "Name" Argument #3

Open
andrewchiles opened this issue Mar 16, 2020 · 1 comment
Open

Get-DomainUser Not Filtering on "Name" Argument #3

andrewchiles opened this issue Mar 16, 2020 · 1 comment

Comments

@andrewchiles
Copy link

Running Get-DomainUser with the following syntax fails to properly filter on the specified username and instead returns all users in the domain. The result was the same despite specifying -name domadmin, -identity domadmin, or simply Get-DomainUser domadmin

[*] Tasked beacon to run .NET program: SharpView_4.5.exe Get-DomainUser -name "domadmin"
[+] host called home, sent: 840809 bytes
[+] received output:
get-domain
[Get-DomainSearcher] search base: LDAP://DC01.lab.local/DC=lab,DC=local
[Get-DomainUser] filter string: (&(samAccountType=805306368))
objectsid                      : {S-1-5-21-.....-500}
samaccounttype                 : USER_OBJECT
objectguid                     : 019324d8-f17b-45c3-b9a9-adc7e0d3b9b3
useraccountcontrol             : NORMAL_ACCOUNT
accountexpires                 : 12/31/1600 7:00:00 PM
lastlogon                      : 11/21/2014 6:42:49 AM
lastlogontimestamp             : 3/13/2020 10:40:02 AM
pwdlastset                     : 8/15/2019 10:30:55 AM
lastlogoff                     : 12/31/1600 7:00:00 PM
badPasswordTime                : 12/31/1600 7:00:00 PM
name                           : Administrator
distinguishedname              : CN=Administrator,CN=Users,DC=lab,DC=local
whencreated                    : 8/15/2019 2:32:06 PM
whenchanged                    : 3/13/2020 2:40:02 PM
samaccountname                 : Administrator
memberof                       : {CN=Group Policy Creator Owners,CN=Users,DC=lab,DC=local, CN=Domain Admins,CN=Users,DC=lab,DC=local, CN=Enterprise Admins,CN=Users,DC=lab,DC=local, CN=Schema Admins,CN=Users,DC=lab,DC=local, CN=Administrators,CN=Builtin,DC=lab,DC=local}
cn                             : {Administrator}
objectclass                    : {top, person, organizationalPerson, user}
logoncount                     : 3
codepage                       : 0
objectcategory                 : CN=Person,CN=Schema,CN=Configuration,DC=lab,DC=local
description                    : Built-in account for administering the computer/domain
usnchanged                     : 22265
instancetype                   : 4
badpwdcount                    : 0
usncreated                     : 8196
countrycode                    : 0
primarygroupid                 : 513
dscorepropagationdata          : {8/15/2019 2:47:54 PM, 8/15/2019 2:47:54 PM, 8/15/2019 2:32:44 PM, 1/1/1601 6:12:16 PM}
logonhours                     : {255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255}
admincount                     : 1
iscriticalsystemobject         : True

objectsid                      : {S-1-5-21-....-502}
samaccounttype                 : USER_OBJECT
objectguid                     : af1a1a57-681f-4d3c-8775-3b922ba9613d
useraccountcontrol             : ACCOUNTDISABLE, NORMAL_ACCOUNT
accountexpires                 : NEVER
lastlogon                      : 12/31/1600 7:00:00 PM
pwdlastset                     : 8/15/2019 10:32:44 AM
lastlogoff                     : 12/31/1600 7:00:00 PM
badPasswordTime                : 12/31/1600 7:00:00 PM
**name                           : krbtgt**
distinguishedname              : CN=krbtgt,CN=Users,DC=lab,DC=local
whencreated                    : 8/15/2019 2:32:44 PM
whenchanged                    : 8/15/2019 2:47:54 PM
samaccountname                 : krbtgt
memberof                       : {CN=Denied RODC Password Replication Group,CN=Users,DC=lab,DC=local}
cn                             : {krbtgt}
objectclass                    : {top, person, organizationalPerson, user}
ServicePrincipalName           : kadmin/changepw
logoncount                     : 0
codepage                       : 0
objectcategory                 : CN=Person,CN=Schema,CN=Configuration,DC=lab,DC=local
description                    : Key Distribution Center Service Account
usnchanged                     : 12731
instancetype                   : 4
showinadvancedviewonly         : True
badpwdcount                    : 0
usncreated                     : 12324
countrycode                    : 0
primarygroupid                 : 513
dscorepropagationdata          : {8/15/2019 2:47:54 PM, 8/15/2019 2:32:44 PM, 1/1/1601 12:04:16 AM}
msds-supportedencryptiontypes  : 0
admincount                     : 1
iscriticalsystemobject         : True

<snip - Remaining domain users were displayed>
@coffeegist
Copy link

@andrewchiles the arguments in this version are case sensitive unfortunately :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coffeegist @andrewchiles