From 2eeabd855812d72b361ad31ff28e47ab817eadc0 Mon Sep 17 00:00:00 2001
From: MichaelGrafnetter <michael.grafnetter@outlook.com>
Date: Sat, 2 Apr 2016 10:57:37 +0200
Subject: [PATCH] Added AdminCount support

---
 Changelog.txt                                  |  4 ++++
 .../Data/Principals/DSAccount.cs               | 18 ++++++++++++++++++
 .../Data/Schema/BasicSchemaFactory.cs          |  1 +
 .../Data/Schema/CommonDirectoryAttributes.cs   |  2 ++
 .../DSInternals.format.ps1xml                  |  5 +++++
 5 files changed, 30 insertions(+)

diff --git a/Changelog.txt b/Changelog.txt
index 89b7b8a..c14ea52 100644
--- a/Changelog.txt
+++ b/Changelog.txt
@@ -1,3 +1,7 @@
+Version 2.14
+- Added support for reading security descriptors (ACLs) from both ntds.dit files and DRS-R.
+- Added support for the AdminCount attribute.
+
 Version 2.13.1
 - Fixed a bug regarding incorrect OS version detection.
 
diff --git a/Src/DSInternals.Common/Data/Principals/DSAccount.cs b/Src/DSInternals.Common/Data/Principals/DSAccount.cs
index 2352002..b1efdbd 100644
--- a/Src/DSInternals.Common/Data/Principals/DSAccount.cs
+++ b/Src/DSInternals.Common/Data/Principals/DSAccount.cs
@@ -14,6 +14,7 @@ using System.Security.Principal;
         private string samAccountName;
         private string upn;
         private bool isDeleted;
+        private bool adminCount;
         private SecurityIdentifier[] sidHistory;
         private RawSecurityDescriptor securityDescriptor;
         private DateTime? lastLogon;
@@ -55,6 +56,9 @@ using System.Security.Principal;
             // Security Descriptor:
             dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out this.securityDescriptor);
 
+            // AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
+            dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out this.adminCount);
+
             // Enabled:
             // TODO: Move to DirectoryObject?
             int? numericUac;
@@ -293,6 +297,20 @@ using System.Security.Principal;
             get;
             private set;
         }
+
+        /// <summary>
+        /// Indicates that a given object has had its ACLs changed to a more secure value
+        /// by the system because it was a member of one of the administrative groups
+        /// (directly or transitively).
+        /// </summary>
+        public bool AdminCount
+        {
+            get
+            {
+                return this.adminCount;
+            }
+        }
+
         /// <summary>
         /// Gets the account's password in Windows NT operating system one-way format (OWF).
         /// </summary>
diff --git a/Src/DSInternals.Common/Data/Schema/BasicSchemaFactory.cs b/Src/DSInternals.Common/Data/Schema/BasicSchemaFactory.cs
index 2b532f5..542c225 100644
--- a/Src/DSInternals.Common/Data/Schema/BasicSchemaFactory.cs
+++ b/Src/DSInternals.Common/Data/Schema/BasicSchemaFactory.cs
@@ -27,6 +27,7 @@
             attributes.Add((ISchemaAttribute)new BasicSchemaAttribute(CommonDirectoryAttributes.PrimaryGroupIdId, CommonDirectoryAttributes.PrimaryGroupId, AttributeSyntax.Int));
             attributes.Add((ISchemaAttribute)new BasicSchemaAttribute(CommonDirectoryAttributes.CurrentValueId, CommonDirectoryAttributes.CurrentValue, AttributeSyntax.OctetString));
             attributes.Add((ISchemaAttribute)new BasicSchemaAttribute(CommonDirectoryAttributes.SecurityDescriptorId, CommonDirectoryAttributes.SecurityDescriptor, AttributeSyntax.SecurityDescriptor));
+            attributes.Add((ISchemaAttribute)new BasicSchemaAttribute(CommonDirectoryAttributes.AdminCountId, CommonDirectoryAttributes.AdminCount, AttributeSyntax.Int));
             
             return new BasicSchema(attributes);
         }
diff --git a/Src/DSInternals.Common/Data/Schema/CommonDirectoryAttributes.cs b/Src/DSInternals.Common/Data/Schema/CommonDirectoryAttributes.cs
index 0c41a30..322c5a0 100644
--- a/Src/DSInternals.Common/Data/Schema/CommonDirectoryAttributes.cs
+++ b/Src/DSInternals.Common/Data/Schema/CommonDirectoryAttributes.cs
@@ -2,6 +2,8 @@
 {
     public static class CommonDirectoryAttributes
     {
+        public const string AdminCount = "adminCount";
+        public const int AdminCountId = 589974;
         public const string AttributeId = "attributeID";
         public const int AttributeIdId = 131102;
         public const string AttributeOmSyntax = "oMSyntax";
diff --git a/Src/DSInternals.PowerShell/DSInternals.format.ps1xml b/Src/DSInternals.PowerShell/DSInternals.format.ps1xml
index ef5b8fc..a7f2696 100644
--- a/Src/DSInternals.PowerShell/DSInternals.format.ps1xml
+++ b/Src/DSInternals.PowerShell/DSInternals.format.ps1xml
@@ -409,6 +409,11 @@
                 <PropertyName>Enabled</PropertyName>
               </ExpressionBinding>
               <NewLine />
+              <Text>AdminCount: </Text>
+              <ExpressionBinding>
+                <PropertyName>AdminCount</PropertyName>
+              </ExpressionBinding>
+              <NewLine />
               <Text>Deleted: </Text>
               <ExpressionBinding>
                 <PropertyName>Deleted</PropertyName>