Skip to content

Commit

Permalink
Merge pull request #30 from PluginsOCSInventory-NG/fix_azureAD
Browse files Browse the repository at this point in the history 
Fix azureAD user retrieval
  • Loading branch information
@gillesdubois
gillesdubois authored Jul 7, 2022
2 parents d25ca5d + 4d8a6a5 commit f8edf13
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 33 deletions.
67 changes: 52 additions & 15 deletions agent/winusers.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Function to get Admin user status
function Get-AdminUser {
param([string] $username)
$admingroup = Get-LocalGroupMember -SID "S-1-5-32-544"
$admingroup = Get-LocalGroupMember -SID "S-1-5-32-544" -ErrorAction SilentlyContinue
$userType = "Local"

foreach ($admin in $admingroup) {
Expand All @@ -13,6 +14,7 @@ function Get-AdminUser {
return $userType
}

# Function to get user folder size
function Get-Size
{
param([string]$pth)
Expand All @@ -23,24 +25,40 @@ function Get-Size
}
}

# Function to check if is an AD user
function Check-AdUser($username) {
$ad_User = $null
$ad_User = Get-ADUser -Identity $username
if($ad_User -ne $null) {
return "Domain user"
} else {
return "Local user"
}
try {
$ad_User = Get-ADUser -Identity $username
return "Domain"
} catch {
return "Unknown"
}
}

# Function to retrieve user AD SID
function Get-AdSid
{
param([string]$pth, [array]$profileList)
foreach($sid in $profileList) {
if($pth -eq $sid.ProfileImagePath) {
return $sid.PSChildName
}
}

return ""
}

#################################
# Local User #
#################################
$users = Get-LocalUser | Select *
$pathUsers = "C:\Users"
$allUsers = @()

$startTime = (get-date).AddDays(-15)
$logEvents = Get-Eventlog -LogName Security -after $startTime | where {$_.eventID -eq 4624}


foreach ($user in $users) {
if($user.Name -ne $null){

Expand Down Expand Up @@ -68,7 +86,6 @@ foreach ($user in $users) {
}
}


$xml += "<WINUSERS>`n"
$xml += "<NAME>"+ $user.Name +"</NAME>`n"
$xml += "<TYPE>"+ $userType +"</TYPE>`n"
Expand All @@ -88,6 +105,15 @@ foreach ($user in $users) {
}
}

#################################
# AD User #
#################################
# Get computer account type connection
$Dsregcmd = New-Object PSObject ; Dsregcmd /status | Where {$_ -match ' : '} | ForEach { $Item = $_.Trim() -split '\s:\s'; $Dsregcmd | Add-Member -MemberType NoteProperty -Name $($Item[0] -replace '[:\s]','') -Value $Item[1] -EA SilentlyContinue }

$profileListPath = @("Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*")
$profileList = Get-ItemProperty -Path $profileListPath -ErrorAction Ignore | Select ProfileImagePath, PSChildName

$tmp = Get-ChildItem -Path $pathUsers | Select "Name"
[System.Collections.ArrayList]$usersFolder = $tmp.Name

Expand All @@ -99,18 +125,29 @@ $usersAd = $usersFolder | Where-Object {$allUsers -notcontains $_}

foreach ($userAd in $usersAd) {
$path = "C:\Users\"+ $userAd
if (Get-Command Get-ADUser -errorAction SilentlyContinue) {
$type = Check-AdUser -username $userAd
$folderSize ='0'
} else {
$folderSize = Get-Size
$type = "Domain"

$sid = Get-AdSid $path $profileList

if($Dsregcmd.AzureAdJoined -eq "YES") {
$folderSize = Get-Size $path
$type = "AzureAD"
}

if($Dsregcmd.DomainJoined -eq "YES") {
if (Get-Command Get-ADUser -errorAction SilentlyContinue) {
$type = Check-AdUser -username $userAd
$folderSize = Get-Size $path
} else {
$type = "Domain"
$folderSize = Get-Size $path
}
}

$xml += "<WINUSERS>`n"
$xml += "<NAME>"+ $userAd +"</NAME>`n"
$xml += "<TYPE>"+ $type +"</TYPE>`n"
$xml += "<SIZE>"+ $folderSize +"</SIZE>`n"
$xml += "<SID>"+ $sid +"</SID>`n"
$xml += "</WINUSERS>`n"
}

Expand Down
2 changes: 1 addition & 1 deletion infos.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"author" : ["J.C.BELLAMY"],
"contributor" : ["Guillaume PRIOU", "Gilles DUBOIS", "Rudy LAURENT", "Charlene AUGER"],
"supportedAgent" : ["Windows"],
"version" : "3.2",
"version" : "4.0",
"licence" : "GPLv2",
"description" : {
"fr" : "Remonte les utilisateurs Windows",
Expand Down
36 changes: 19 additions & 17 deletions install.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,23 +10,25 @@ function extension_install_winusers()
// Drop table first
$commonObject -> sqlQuery("DROP TABLE `winusers`;");

$commonObject -> sqlQuery("CREATE TABLE `winusers` (
`ID` INT(11) NOT NULL AUTO_INCREMENT,
`HARDWARE_ID` INT(11) NOT NULL,
`NAME` VARCHAR(255) DEFAULT NULL,
`TYPE` VARCHAR(255) DEFAULT NULL,
`SIZE` VARCHAR(255) DEFAULT NULL,
`LASTLOGON` VARCHAR(255) DEFAULT NULL,
`DESCRIPTION` VARCHAR(255) DEFAULT NULL,
`STATUS` VARCHAR(255) DEFAULT NULL,
`USERMAYCHANGEPWD` VARCHAR(255) DEFAULT NULL,
`PASSWORDEXPIRES` VARCHAR(255) DEFAULT NULL,
`SID` VARCHAR(255) DEFAULT NULL,
`USERCONNECTION` VARCHAR(255) DEFAULT NULL,
`NUMBERREMOTECONNECTION` VARCHAR(255) DEFAULT NULL,
`IPREMOTE` VARCHAR(255) DEFAULT NULL,
PRIMARY KEY (`ID`,`HARDWARE_ID`)
) ENGINE=InnoDB ;");
$commonObject -> sqlQuery(
"CREATE TABLE `winusers` (
`ID` INT(11) NOT NULL AUTO_INCREMENT,
`HARDWARE_ID` INT(11) NOT NULL,
`NAME` VARCHAR(255) DEFAULT NULL,
`TYPE` VARCHAR(255) DEFAULT NULL,
`SIZE` VARCHAR(255) DEFAULT '0',
`LASTLOGON` VARCHAR(255) DEFAULT NULL,
`DESCRIPTION` VARCHAR(255) DEFAULT NULL,
`STATUS` VARCHAR(255) DEFAULT NULL,
`USERMAYCHANGEPWD` VARCHAR(255) DEFAULT NULL,
`PASSWORDEXPIRES` VARCHAR(255) DEFAULT NULL,
`SID` VARCHAR(255) DEFAULT NULL,
`USERCONNECTION` VARCHAR(255) DEFAULT NULL,
`NUMBERREMOTECONNECTION` VARCHAR(255) DEFAULT NULL,
`IPREMOTE` VARCHAR(255) DEFAULT NULL,
PRIMARY KEY (`ID`,`HARDWARE_ID`)
) ENGINE=InnoDB ;"
);
}

/**
Expand Down

0 comments on commit f8edf13

Please sign in to comment.