3

我已经为此苦苦挣扎了一段时间,我正在尝试使用 PHP 从 AD 中找到 BitLocker 恢复密钥,这是跟踪工具的一部分。

我可以访问计算机元素,并且可以访问密钥,但是当我检查时,objectClass=msFVE-RecoveryInformation我没有得到任何数据。

我正在访问这样的计算机元素:

$adServer = "ADSERVER";
$ldap = ldap_connect( $adServer );
$usernamead = "user";
$password = "pass";

$ldaprdn = 'domina' . "\\" . $usernamead;

ldap_set_option( $ldap, LDAP_OPT_PROTOCOL_VERSION, 3 );
ldap_set_option( $ldap, LDAP_OPT_REFERRALS, 0 );

$bind = @ldap_bind( $ldap, $ldaprdn, $password );
$username = $_COOKIE['deviceusername'];

if ( $bind ) {
    $filter="(&(Name=computername)(objectClass=computer))";
    $result = ldap_search( $ldap, "dc=domain,dc=ads", $filter );
    ldap_sort( $ldap, $result, "sn" );
    $info = ldap_get_entries( $ldap, $result );
    for ( $i=0; $i<$info["count"]; $i++ ) {
        if ( $info['count'] > 1 )
            break;
        print_r($info);
    };
}
4

1 回答 1

1

这是我在内部 IT 支持网页中使用的代码部分。可能不漂亮,但它有效。

function listKeys($querie_string){
  //Allow either the first 8 chars like in the AD Users and Computers or the whole KeyID
  $KeyID_regex = "/^(?:[A-F0-9]{8})(?:-(?:[A-F0-9]{4}-){3}[A-F0-9]{12})?$/";
  $querie_key = FALSE;
  if (preg_match($KeyID_regex,$querie_string,$rgx_result)){
    $querie_key = TRUE;
  }
  //dont forget to define them somewhere!!!
  global $host_search_ldap_base_dn, $ldap_host, $ldap_usr_dom, $ldap_search_user, $ldap_search_user_password;

  $ldap = ldap_connect($ldap_host);
  if($bind = @ldap_bind($ldap, $ldap_search_user.$ldap_usr_dom, $ldap_search_user_password)) {
    if ($querie_key == FALSE){
      $filter = sprintf("(&(cn=%s)(objectClass=computer))",$querie_string);

      $attr = array("dn");
      $result = ldap_search($ldap, $host_search_ldap_base_dn, $filter, $attr) or exit("Unable to search host dn on LDAP server");
      $entries = ldap_get_entries($ldap, $result);

      if ($entries["count"] != 1){
        ldap_unbind($ldap);
        return sprintf("invalid amount of results %d for querie %s",$entries["count"],$querie_string);
      }
    }

    if ($querie_key == TRUE){
      $filter = sprintf("(&(name=*{%s*})(objectClass=msFVE-RecoveryInformation))",$querie_string);
      $ldap_dn = $host_search_ldap_base_dn;
    } else {
      $filter = sprintf("(objectClass=msFVE-RecoveryInformation)",$querie_string);
      $ldap_dn = $entries[0]["dn"];
    }

    $attr = array("msFVE-RecoveryPassword", "name", "distinguishedName");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search for keys on LDAP server");
    $entries = ldap_get_entries($ldap, $result);
    ldap_unbind($ldap);

    $key_list = array();
    for ($i = 0;$i<$entries["count"];$i++){
      //extract date, time and keyID
      $regex = "/(?<date>[0-9]{4}-[0-9]{2}-[0-9]{2})T(?<time>[0-9]{2}:[0-9]{2}:[0-9]{2})(.+)\{(?<keyID>[A-Z0-9\-]+)\}/";
      preg_match($regex,$entries[$i]["name"][0],$matches);

      //extract computername
      $hostname_regex = "/\},CN=(?<computer>.+?),/";
      preg_match($hostname_regex,$entries[$i]["distinguishedname"][0],$hostname_matches);

      //Create array
      $tmp = array();
      $tmp["computer"] = $hostname_matches["computer"];
      $tmp["date"] = date("Y-m-d H:i:s",strtotime($matches["date"]." ".$matches["time"]));
      $tmp["keyID"] = $matches["keyID"];
      $tmp["dn"] = $entries[$i]["distinguishedname"][0];
      $tmp["name"] = $entries[$i]["name"][0];
      $tmp["recoverypassword"] = $entries[$i]["msfve-recoverypassword"][0];
      array_push($key_list,$tmp);
    }
    //TODO Sort by date!!!
    return $key_list;
  }

}

最后,如果它是一个数组,则只需迭代结果:

$keys = listKeys("myhostname");
if (is_array($keys)){
  foreach ($keys as $keyentrie) {
    //code goes here
  }
}

希望对某人有所帮助。这种方法的缺点是,如果您搜索 KeyID,搜索大约需要 2-5 秒才能获得结果。(我们的环境在定义的 LDAP 搜索库下有大约 10000 个计算机对象)

PS不要忘记输入卫生!

于 2018-06-13T09:03:15.263 回答