Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

From non-domain joined machine perspective #11

Open
0xJs opened this issue Dec 29, 2022 · 3 comments
Open

From non-domain joined machine perspective #11

0xJs opened this issue Dec 29, 2022 · 3 comments

Comments

@0xJs
Copy link

0xJs commented Dec 29, 2022

Not possible to request a the records from a non-domain joined machine even though the -domain -credential -domaincontroller parameters are supplied. Please close if this is expected behaviour.

Get-ADIDNSNodeAttribute -Node * -Attribute DNSRecord -DomainController $Server -Domain $Domain -Credential $Creds -Verbose
[-] Exception calling "GetCurrentDomain" with "0" argument(s): "Current security context is not associated with an Active Directory domain or forest."
Exception calling "GetCurrentDomain" with "0" argument(s): "Current security context is not associated with an Active Directory domain or forest."
At C:\Tools\AD\Powermad\Powermad.ps1:1755 char:13
+             $current_domain = [System.DirectoryServices.ActiveDirecto ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : ActiveDirectoryOperationException
@0xe7
Copy link
Contributor

0xe7 commented Jan 9, 2023

This is a similar issue to the one fixed in PR #12 , it does seem however that Get-ADIDNSNodeAttribute has a -Zone argument but it seems to me unneeded to GetCurrentDomain() if -Domain has been passed

@Kevin-Robertson
Copy link
Owner

I think I just went with needing to set everything manually for non-domain systems. I likely put the zone parameter there to deal with additional zones stored in AD such as reverse lookup or custom zones.

@0xe7
Copy link
Contributor

0xe7 commented Jan 11, 2023
edited
Loading

Agreed, the -Zone parameter is required, what I'd probably do here is only check for $Domain, if it exists essentially run GetDomain($Domain) instead, then check for the remaining parameters, ie:

if ($PSBoundParameters['Domain'])
{
    $DomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain)
    if ($PSBoundParameters['Credential'])
    {
        $DomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain, $Credential.UserName, $Credential.GetNetworkCredential().Password)
    }
    try
    {
        $current_domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($DomainContext)
    }
    catch
    {
        Write-Output "[-] $($_.Exception.Message)"
        throw
    }
}
else
{
    try
    {
        $current_domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    }
    catch
    {
        Write-Output "[-] $($_.Exception.Message)"
        throw
    }
}

Then check $Zone and $DomainController afterwards.

I can do a PR if you want?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Kevin-Robertson @0xe7 @0xJs