diff --git a/Src/DSInternals.Common.Test/SupplementalCredentialsTester.cs b/Src/DSInternals.Common.Test/SupplementalCredentialsTester.cs
index 88dae29..a3bd27e 100644
--- a/Src/DSInternals.Common.Test/SupplementalCredentialsTester.cs
+++ b/Src/DSInternals.Common.Test/SupplementalCredentialsTester.cs
@@ -125,7 +125,16 @@ namespace DSInternals.Common.Test
// Test integrity
Assert.AreEqual(credentials2.ClearText, credentials.ClearText);
Assert.AreEqual(credentials2.NTLMStrongHash.Length, credentials.NTLMStrongHash.Length);
+
+ // Test WDigest
Assert.AreEqual(credentials2.WDigest.Length, credentials.WDigest.Length);
+ Assert.AreEqual(credentials2.WDigest[0].ToHex(), credentials.WDigest[0].ToHex());
+
+ // Test Kerberos
+ Assert.AreEqual(credentials2.Kerberos.DefaultSalt, credentials.Kerberos.DefaultSalt);
+ Assert.AreEqual(credentials2.Kerberos.Credentials[0].KeyType, credentials.Kerberos.Credentials[0].KeyType);
+
+ // Test key serialization
Assert.AreEqual(credentials2.Kerberos.ToByteArray().ToHex(), credentials.Kerberos.ToByteArray().ToHex());
Assert.AreEqual(credentials2.KerberosNew.ToByteArray().ToHex(), credentials.KerberosNew.ToByteArray().ToHex());
}
diff --git a/Src/DSInternals.Common/DSInternals.Common.nuspec b/Src/DSInternals.Common/DSInternals.Common.nuspec
index cb1e076..25b3da8 100644
--- a/Src/DSInternals.Common/DSInternals.Common.nuspec
+++ b/Src/DSInternals.Common/DSInternals.Common.nuspec
@@ -14,8 +14,7 @@
This package is shared between all other DSInternals packages. Its main features are Azure AD Graph API and ADSI clients for for retrieval of cryptographic material. It contains implementations of common hash functions used by Windows, including NT hash, LM hash and OrgId hash. It also contains methods for SysKey/BootKey retrieval.
This package is shared between all other DSInternals packages.
-- Implemented managed password calculation.
-- Fixed Kerberos PBKDF2 salt derivation for service accounts.
+- Added support for parsing AES SHA2 Kerbers keys.
Copyright (c) 2015-2023 Michael Grafnetter. All rights reserved.
ActiveDirectory Security AD AAD Identity Active Directory
diff --git a/Src/DSInternals.Common/Data/Principals/KerberosCredential.cs b/Src/DSInternals.Common/Data/Principals/KerberosCredential.cs
index b3bbfaa..9954bd0 100644
--- a/Src/DSInternals.Common/Data/Principals/KerberosCredential.cs
+++ b/Src/DSInternals.Common/Data/Principals/KerberosCredential.cs
@@ -32,7 +32,11 @@
byte[] desKey = KerberosKeyDerivation.DeriveKey(KerberosKeyType.DES_CBC_MD5, password, this.DefaultSalt);
var desKeyData = new KerberosKeyData(KerberosKeyType.DES_CBC_MD5, desKey);
- this.Credentials = new KerberosKeyData[] { desKeyData };
+ // TODO: Generate RC4 key
+ // byte[] rc4Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.RC4_HMAC_NT, password, this.DefaultSalt);
+ // var rc4KeyData = new KerberosKeyData(KerberosKeyType.RC4_HMAC_NT, rc4Key);
+
+ this.Credentials = new KerberosKeyData[] { desKeyData /*, rc4KeyData */ };
}
public short Flags
@@ -232,4 +236,4 @@
writer.Write(keyValueOffset);
}
}
-}
\ No newline at end of file
+}
diff --git a/Src/DSInternals.Common/Data/Principals/KerberosCredentialNew.cs b/Src/DSInternals.Common/Data/Principals/KerberosCredentialNew.cs
index ebfee3f..3ef3505 100644
--- a/Src/DSInternals.Common/Data/Principals/KerberosCredentialNew.cs
+++ b/Src/DSInternals.Common/Data/Principals/KerberosCredentialNew.cs
@@ -35,25 +35,36 @@
this.DefaultSalt = salt;
this.DefaultIterationCount = KerberosKeyDerivation.DefaultIterationCount;
- // Generate AES keys
- byte[] aes128Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, password, this.DefaultSalt);
- var aes128KeyData = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, aes128Key, this.DefaultIterationCount);
+ // Generate AES SHA1 keys
+ byte[] aes128sha1Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, password, this.DefaultSalt);
+ var aes128sha1KeyData = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, aes128sha1Key, this.DefaultIterationCount);
- byte[] aes256Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, password, this.DefaultSalt);
- var aes256KeyData = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, aes256Key, this.DefaultIterationCount);
+ byte[] aes256sha1Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, password, this.DefaultSalt);
+ var aes256sha1KeyData = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, aes256sha1Key, this.DefaultIterationCount);
- if(includeDES)
+ // TODO: Generate AES SHA2 keys (Windows Server 2025)
+ // byte[] aes128sha2Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES128_CTS_HMAC_SHA256_128, password, this.DefaultSalt);
+ // var aes128sha2KeyData = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA256_128, aes128sha2Key, this.DefaultIterationCount);
+
+ // byte[] aes256sha2Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES256_CTS_HMAC_SHA384_192, password, this.DefaultSalt);
+ // var aes256sha2KeyData = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA384_192, aes256sha2Key, this.DefaultIterationCount);
+
+ // TODO: Generate RC4 key
+ // byte[] rc4Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.RC4_HMAC_NT, password, this.DefaultSalt);
+ // var rc4KeyData = new KerberosKeyDataNew(KerberosKeyType.RC4_HMAC_NT, rc4Key, this.DefaultIterationCount);
+
+ if (includeDES)
{
// Generate DES key
byte[] desKey = KerberosKeyDerivation.DeriveKey(KerberosKeyType.DES_CBC_MD5, password, this.DefaultSalt);
var desKeyData = new KerberosKeyDataNew(KerberosKeyType.DES_CBC_MD5, desKey, this.DefaultIterationCount);
- this.Credentials = new KerberosKeyDataNew[] { aes256KeyData, aes128KeyData, desKeyData };
+ this.Credentials = new KerberosKeyDataNew[] { /* aes256sha2KeyData, aes128sha2KeyData, */ aes256sha1KeyData, aes128sha1KeyData, desKeyData /*, rc4KeyData */ };
}
else
{
// AES keys only
- this.Credentials = new KerberosKeyDataNew[] { aes256KeyData, aes128KeyData };
+ this.Credentials = new KerberosKeyDataNew[] { /* aes256sha2KeyData, aes128sha2KeyData */ aes256sha1KeyData, aes128sha1KeyData /*, rc4KeyData*/ };
}
}
diff --git a/Src/DSInternals.Common/Data/Principals/KerberosKeyType.cs b/Src/DSInternals.Common/Data/Principals/KerberosKeyType.cs
index 9e366f4..589bcbb 100644
--- a/Src/DSInternals.Common/Data/Principals/KerberosKeyType.cs
+++ b/Src/DSInternals.Common/Data/Principals/KerberosKeyType.cs
@@ -10,11 +10,19 @@ namespace DSInternals.Common.Data
DES_CBC_CRC = 1,
DES_CBC_MD4 = 2,
DES_CBC_MD5 = 3,
+ DES3_CBC_MD5 = 5,
+ OLD_DES3_CBC_SHA1 = 7,
+ SIGN_DSA_GENERATE = 8,
+ ENCRYPT_RSA_PRIV = 9,
+ ENCRYPT_RSA_PUB = 10,
+ DES3_CBC_SHA1 = 16,
AES128_CTS_HMAC_SHA1_96 = 17,
AES256_CTS_HMAC_SHA1_96 = 18,
- DES_CBC_MD5_NT = 20,
+ AES128_CTS_HMAC_SHA256_128 = 19,
+ AES256_CTS_HMAC_SHA384_192 = 20,
RC4_HMAC_NT = 23,
RC4_HMAC_NT_EXP = 24,
+ PK_CROSS = 48,
RC4_MD4 = -128,
RC4_PLAIN2 = -129,
RC4_LM = -130,
diff --git a/Src/DSInternals.Common/Data/Principals/SupportedEncryptionTypes.cs b/Src/DSInternals.Common/Data/Principals/SupportedEncryptionTypes.cs
index f9e611c..0263ded 100644
--- a/Src/DSInternals.Common/Data/Principals/SupportedEncryptionTypes.cs
+++ b/Src/DSInternals.Common/Data/Principals/SupportedEncryptionTypes.cs
@@ -36,6 +36,16 @@ namespace DSInternals.Common.Data
///
AES256_CTS_HMAC_SHA1_96 = 16,
+ ///
+ /// Advanced Encryption Standard in 128-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (2)
+ ///
+ AES128_CTS_HMAC_SHA256_128 = 32,
+
+ ///
+ /// Advanced Encryption Standard in 256-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (2)
+ ///
+ AES256_CTS_HMAC_SHA384_192 = 64,
+
///
/// Flexible Authentication Secure Tunneling (FAST) supported
///
diff --git a/Src/DSInternals.Common/Properties/AssemblyInfo.cs b/Src/DSInternals.Common/Properties/AssemblyInfo.cs
index ad285e8..3cc27c1 100644
--- a/Src/DSInternals.Common/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.Common/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals Common Library")]
-[assembly: AssemblyVersion("4.11")]
-[assembly: AssemblyFileVersion("4.11")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.DataStore/ADConstants.cs b/Src/DSInternals.DataStore/ADConstants.cs
index 6def02a..53071c0 100644
--- a/Src/DSInternals.DataStore/ADConstants.cs
+++ b/Src/DSInternals.DataStore/ADConstants.cs
@@ -12,7 +12,6 @@ namespace DSInternals.DataStore
public const string SecurityDescriptorTableName = "sd_table";
public const string EseBaseName = "edb";
public const string EseTempDatabaseName = "temp.edb";
- public const int PageSize = 8192; // 8k
public const int EseLogFileSize = 10240; // 10M
public const int EseIndexDefaultLocale = 1033; // = DS_DEFAULT_LOCALE = EN-US | SORT_DEFAULT
public const int EseIndexDefaultCompareOptions = 0x00000001 | 0x00000002 | 0x00010000 | 0x00020000 | 0x00001000; // = DS_DEFAULT_LOCALE_COMPARE_FLAGS | LCMAP_SORTKEY = NORM_IGNORECASE | NORM_IGNOREKANATYPE | NORM_IGNORENONSPACE | NORM_IGNOREWIDTH | SORT_STRINGSORT
diff --git a/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec b/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
index ce3f725..948d6f5 100644
--- a/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
+++ b/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
@@ -14,8 +14,7 @@
DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation. It can be used to extract password hashes from Active Directory backups or to modify the sIDHistory and primaryGroupId attributes.
DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation.
-- Added the capability to retrieve information about group managed service accounts (gMSAs) from database files and to calculate their current passwords.
-- Implemented the offline account unlock feature.
+- Support for Windows Server 2025 Insider Preview.
Copyright (c) 2015-2023 Michael Grafnetter. All rights reserved.
ActiveDirectory Security NTDS AD Identity Active Directory
diff --git a/Src/DSInternals.DataStore/DirectoryContext.cs b/Src/DSInternals.DataStore/DirectoryContext.cs
index 0ef13cf..66a8565 100644
--- a/Src/DSInternals.DataStore/DirectoryContext.cs
+++ b/Src/DSInternals.DataStore/DirectoryContext.cs
@@ -27,7 +27,18 @@
}
this.DSADatabaseFile = dbFilePath;
- ValidateDatabaseState(this.DSADatabaseFile);
+
+ // Retrieve info about the DB (Win Version, Page Size, State,...)
+ JET_DBINFOMISC dbInfo;
+ Api.JetGetDatabaseFileInfo(dbFilePath, out dbInfo, JET_DbInfo.Misc);
+
+ if (dbInfo.dbstate != JET_dbstate.CleanShutdown)
+ {
+ // Database might be inconsistent
+ throw new InvalidDatabaseStateException("The database is not in a clean state. Try to recover it first by running the 'esentutl /r edb /d' command.", dbFilePath);
+ }
+
+ this.PageSize = dbInfo.cbPageSize;
this.DSAWorkingDirectory = Path.GetDirectoryName(this.DSADatabaseFile);
string checkpointDirectoryPath = this.DSAWorkingDirectory;
@@ -51,7 +62,7 @@
string jetInstanceName = String.Format(JetInstanceNameFormat, Guid.NewGuid());
// Note: IsamInstance constructor throws AccessDenied Exception when the path does not end with a backslash.
- this.instance = new IsamInstance(AddPathSeparator(checkpointDirectoryPath), AddPathSeparator(this.DatabaseLogFilesPath), tempDatabasePath, ADConstants.EseBaseName, jetInstanceName, readOnly, ADConstants.PageSize);
+ this.instance = new IsamInstance(AddPathSeparator(checkpointDirectoryPath), AddPathSeparator(this.DatabaseLogFilesPath), tempDatabasePath, ADConstants.EseBaseName, jetInstanceName, readOnly, this.PageSize);
try
{
@@ -151,6 +162,12 @@
}
}
+ public int PageSize
+ {
+ get;
+ private set;
+ }
+
public string DSAWorkingDirectory
{
get;
@@ -294,18 +311,5 @@
return path + Path.DirectorySeparatorChar;
}
}
-
- public static void ValidateDatabaseState(string dbFilePath)
- {
- // Retrieve info about the DB (Win Version, Page Size, State,...)
- JET_DBINFOMISC dbInfo;
- Api.JetGetDatabaseFileInfo(dbFilePath, out dbInfo, JET_DbInfo.Misc);
-
- if (dbInfo.dbstate != JET_dbstate.CleanShutdown)
- {
- // Database might be inconsistent
- throw new InvalidDatabaseStateException("The database is not in a clean state. Try to recover it first by running the 'esentutl /r edb /d' command.", dbFilePath);
- }
- }
}
}
diff --git a/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs b/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
index 851c01a..419a233 100644
--- a/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals DataStore Library")]
-[assembly: AssemblyVersion("4.11")]
-[assembly: AssemblyFileVersion("4.11")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
index 76288bb..e7c99ab 100644
--- a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
+++ b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
@@ -3,7 +3,7 @@
DSInternals-PSModule
- 4.11
+ 4.12
https://github.com/MichaelGrafnetter/DSInternals/tree/master/Src/DSInternals.PowerShell/Chocolatey
MichaelGrafnetter
DSInternals PowerShell Module
@@ -37,9 +37,8 @@ The DSInternals PowerShell Module has these main features:
## Disclaimer
Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.
-* Added the Get-ADDBServiceAccount cmdlet for offline managed password derivation.
-* Implemented the Unlock-ADDBAccount cmdlet that can perform offline account unlock.
-* Fixed Kerberos PBKDF2 salt derivation for service accounts in the ConvertTo-KerberosKey cmdlet.
+* Support for Windows Server 2025 Insider Preview.
+* Improved KDS Root Key selection algorithm.
diff --git a/Src/DSInternals.PowerShell/Commands/Hash/ConvertToKerberosKeyCommand.cs b/Src/DSInternals.PowerShell/Commands/Hash/ConvertToKerberosKeyCommand.cs
index e10bca7..28f1e17 100644
--- a/Src/DSInternals.PowerShell/Commands/Hash/ConvertToKerberosKeyCommand.cs
+++ b/Src/DSInternals.PowerShell/Commands/Hash/ConvertToKerberosKeyCommand.cs
@@ -63,15 +63,27 @@
{
this.WriteVerbose("Calculating Kerberos keys.");
- var aes256 = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, this.Password, this.Salt, this.Iterations);
- this.WriteObject(aes256);
+ // TODO: AES SHA2 ETypes are not yet supported by the crypto library
+ /*
+ var aes256sha2 = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA384_192, this.Password, this.Salt, this.Iterations);
+ this.WriteObject(aes256sha2);
- var aes128 = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, this.Password, this.Salt, this.Iterations);
- this.WriteObject(aes128);
+ var aes128sha2 = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA256_128, this.Password, this.Salt, this.Iterations);
+ this.WriteObject(aes128sha2);
+ */
+
+ var aes256sha1 = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, this.Password, this.Salt, this.Iterations);
+ this.WriteObject(aes256sha1);
+
+ var aes128sha1 = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, this.Password, this.Salt, this.Iterations);
+ this.WriteObject(aes128sha1);
var des = new KerberosKeyDataNew(KerberosKeyType.DES_CBC_MD5, this.Password, this.Salt, this.Iterations);
this.WriteObject(des);
+
+ var rc4 = new KerberosKeyDataNew(KerberosKeyType.RC4_HMAC_NT, this.Password, this.Salt, this.Iterations);
+ this.WriteObject(rc4);
}
#endregion Cmdlet Overrides
}
-}
\ No newline at end of file
+}
diff --git a/Src/DSInternals.PowerShell/DSInternals.psd1 b/Src/DSInternals.PowerShell/DSInternals.psd1
index 817521f..3f7b7bf 100644
--- a/Src/DSInternals.PowerShell/DSInternals.psd1
+++ b/Src/DSInternals.PowerShell/DSInternals.psd1
@@ -8,7 +8,7 @@
RootModule = 'DSInternals.Bootstrap.psm1'
# Version number of this module.
-ModuleVersion = '4.11'
+ModuleVersion = '4.12'
# Supported PSEditions
# CompatiblePSEditions = 'Desktop'
@@ -143,9 +143,8 @@ PrivateData = @{
# ReleaseNotes of this module
ReleaseNotes = @"
-- Added the Get-ADDBServiceAccount cmdlet for offline managed password derivation.
-- Implemented the Unlock-ADDBAccount cmdlet that can perform offline account unlock.
-- Fixed Kerberos PBKDF2 salt derivation for service accounts in the ConvertTo-KerberosKey cmdlet.
+- Support for Windows Server 2025 Insider Preview.
+- Improved KDS Root Key selection algorithm.
"@
} # End of PSData hashtable
diff --git a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
index 9e9327d..10d7033 100644
--- a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals PowerShell Commands")]
-[assembly: AssemblyVersion("4.11")]
-[assembly: AssemblyFileVersion("4.11")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp b/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp
index 7ebfd55..6dfe003 100644
--- a/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp
+++ b/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp
@@ -14,7 +14,7 @@ using namespace System::Security::Permissions;
//
[assembly:AssemblyTitleAttribute(L"DSInternals Replication Interop Library")];
// Note: Do not forget to change the version in version.rc files.
-[assembly:AssemblyVersionAttribute("4.10")];
+[assembly:AssemblyVersionAttribute("4.12")];
[assembly:AssemblyDescriptionAttribute(L"")];
[assembly:AssemblyConfigurationAttribute(L"")];
[assembly:AssemblyCompanyAttribute(L"")];
diff --git a/Src/DSInternals.Replication.Interop/DrsConnection.cpp b/Src/DSInternals.Replication.Interop/DrsConnection.cpp
index 97b78e5..e1ac149 100644
--- a/Src/DSInternals.Replication.Interop/DrsConnection.cpp
+++ b/Src/DSInternals.Replication.Interop/DrsConnection.cpp
@@ -98,8 +98,8 @@ namespace DSInternals
{
auto clientInfo = make_midl_ptr();
clientInfo->dwFlags = DRS_EXT::ALL_EXT;
- clientInfo->dwFlagsExt = DRS_EXT2::DRS_EXT_LH_BETA2 | DRS_EXT2::DRS_EXT_RECYCLE_BIN | DRS_EXT2::DRS_EXT_PAM;
- clientInfo->dwExtCaps = DRS_EXT2::DRS_EXT_LH_BETA2 | DRS_EXT2::DRS_EXT_RECYCLE_BIN | DRS_EXT2::DRS_EXT_PAM;
+ clientInfo->dwFlagsExt = DRS_EXT2::DRS_EXT_LH_BETA2 | DRS_EXT2::DRS_EXT_RECYCLE_BIN | DRS_EXT2::DRS_EXT_PAM | DRS_EXT2::DRS_EXT_32K_PAGES;
+ clientInfo->dwExtCaps = DRS_EXT2::DRS_EXT_LH_BETA2 | DRS_EXT2::DRS_EXT_RECYCLE_BIN | DRS_EXT2::DRS_EXT_PAM | DRS_EXT2::DRS_EXT_32K_PAGES;
clientInfo->dwReplEpoch = this->_serverReplEpoch;
return clientInfo;
}
diff --git a/Src/DSInternals.Replication.Interop/drsr_addons.h b/Src/DSInternals.Replication.Interop/drsr_addons.h
index 7720f74..26ef45b 100644
--- a/Src/DSInternals.Replication.Interop/drsr_addons.h
+++ b/Src/DSInternals.Replication.Interop/drsr_addons.h
@@ -207,7 +207,11 @@ enum DRS_EXT2 : DWORD
///
/// If present, signifies that the DC has enabled the Privileged Access Management optional feature.
///
- DRS_EXT_PAM = 0x00000200
+ DRS_EXT_PAM = 0x00000200,
+ ///
+ /// If present, signifies that the DC has enabled the Database 32k Pages optional feature.
+ ///
+ DRS_EXT_32K_PAGES = 0x00001000
};
DEFINE_ENUM_FLAG_OPERATORS(DRS_EXT2)
diff --git a/Src/DSInternals.Replication.Interop/version.rc b/Src/DSInternals.Replication.Interop/version.rc
index 5836b70..1fb4768 100644
--- a/Src/DSInternals.Replication.Interop/version.rc
+++ b/Src/DSInternals.Replication.Interop/version.rc
@@ -39,8 +39,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 4,10,0,0
- PRODUCTVERSION 4,10,0,0
+ FILEVERSION 4,12,0,0
+ PRODUCTVERSION 4,12,0,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -57,12 +57,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "Michael Grafnetter"
VALUE "FileDescription", "DSInternals Replication Interop Library"
- VALUE "FileVersion", "4.10.0.0"
+ VALUE "FileVersion", "4.12.0.0"
VALUE "InternalName", "DSInternals.Replication.Interop"
VALUE "LegalCopyright", "Copyright © 2015-2023 Michael Grafnetter"
VALUE "OriginalFilename", "DSInternals.Replication.Interop.dll"
VALUE "ProductName", "DSInternals PowerShell Module"
- VALUE "ProductVersion", "4.10.0.0"
+ VALUE "ProductVersion", "4.12.0.0"
END
END
BLOCK "VarFileInfo"
diff --git a/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs b/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs
index af6a978..ba3553c 100644
--- a/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals Replication Data Model")]
-[assembly: AssemblyVersion("4.8")]
-[assembly: AssemblyFileVersion("4.8")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.Replication/DSInternals.Replication.nuspec b/Src/DSInternals.Replication/DSInternals.Replication.nuspec
index fb04d66..1f63c6d 100644
--- a/Src/DSInternals.Replication/DSInternals.Replication.nuspec
+++ b/Src/DSInternals.Replication/DSInternals.Replication.nuspec
@@ -14,7 +14,7 @@
DSInternals Replication implements a client for the Active Directory Replication Service Remote Protocol (DRS-R). It can be used to remotely extract password hashes from domain controllers.
DSInternals Replication implements a client for the Active Directory Replication Service Remote Protocol (DRS-R).
-- Added ARM64 support.
+- Support for Windows Server 2025 Insider Preview.
Copyright (c) 2015-2023 Michael Grafnetter. All rights reserved.
ActiveDirectory Security RPC DRSR
diff --git a/Src/DSInternals.Replication/Properties/AssemblyInfo.cs b/Src/DSInternals.Replication/Properties/AssemblyInfo.cs
index 189ca05..8daa432 100644
--- a/Src/DSInternals.Replication/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.Replication/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals Replication Library")]
-[assembly: AssemblyVersion("4.10")]
-[assembly: AssemblyFileVersion("4.10")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
diff --git a/Src/DSInternals.SAM/Properties/AssemblyInfo.cs b/Src/DSInternals.SAM/Properties/AssemblyInfo.cs
index 64db2d2..45a269d 100644
--- a/Src/DSInternals.SAM/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.SAM/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("DSInternals SAM Library")]
-[assembly: AssemblyVersion("4.8")]
-[assembly: AssemblyFileVersion("4.8")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]