Locksmith icon indicating copy to clipboard operation
Locksmith copied to clipboard
verified publisher icon TrimarcJake

If an Unresolved SID is identified in ESC1/4, Skip Questionnaire

Open jakehildreth opened this issue 11 months ago • 1 comments

Is your feature request related to a problem? Please describe it: Unresolved SIDs don't present a name, so it's hard to answer questions about them.

Describe the solution or enhancement you would like: When an unresolved SID is the principal called out in an issue, Locksmith should skip the questionnaire. The ACE related to that principal should be removed. Stretch goal: check if the SID is associated with a trusted forest. If it is, Locksmith should tell the user it's from a remote forest and ask whether or not to remove it.

Describe alternatives you've considered: Status quo.

Additional context: I'm submitting this on behalf of @xoke

jakehildreth avatar Jan 09 '25 21:01 jakehildreth

Makes sense!

Here's a tip for implementing the stretch goal without depending on the ActiveDirectory module: https://day3bits.com/2024-11-20-how-to-get-active-directory-trust-details-in-powershell/.

SamErde avatar Jan 09 '25 22:01 SamErde