diff --git a/Bump-Version.ps1 b/Bump-Version.ps1 index 4aab065..1c68173 100644 --- a/Bump-Version.ps1 +++ b/Bump-Version.ps1 @@ -8,7 +8,7 @@ ################################################## ## Project: Elysium ## ## File: Bump-Version.ps1 ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ################################################## diff --git a/CHANGELOG.md b/CHANGELOG.md index ae79df7..3549934 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,14 @@ Starting with **v2.2.0**, Elysium uses a **unified project version**. All script --- +## [2.4.3] — 2026-06-09 + +### Fixed +- Replaced the `DirectoryEntry` + `RefreshCache` tokenGroups retrieval in `Test-ReplicationPermissions` with `Get-ADUser -Properties tokenGroups`. The previous `DirectoryEntry` approach was broken by the v2.4.1 URI-escaping "fix" (`EscapeDataString` produces percent-encoded paths that ADSI `DirectoryEntry` cannot parse, causing "invalid dn syntax" errors). +- Removed `EscapeDataString` from the ACL-reading `DirectoryEntry` path in `Test-ReplicationPermissions` as well, since `DirectoryEntry` expects raw LDAP path syntax, not URI encoding. + +--- + ## [2.4.2] — 2026-06-09 ### Fixed diff --git a/Elysium.Common.ps1 b/Elysium.Common.ps1 index bd69249..5f2210b 100644 --- a/Elysium.Common.ps1 +++ b/Elysium.Common.ps1 @@ -1,4 +1,4 @@ -$script:ElysiumVersion = '2.4.2' +$script:ElysiumVersion = '2.4.3' function Invoke-RestartWithExecutable { param( @@ -343,14 +343,10 @@ function Test-ReplicationPermissions { # tokenGroups is a constructed attribute containing all SIDs in the user's token, # including nested group memberships - more reliable than walking MemberOf recursively - $userDe = New-Object System.DirectoryServices.DirectoryEntry( - "LDAP://$Server/$([System.Uri]::EscapeDataString($adUser.DistinguishedName))", - $Credential.UserName, - $Credential.GetNetworkCredential().Password - ) - $userDe.RefreshCache(@('tokenGroups')) - foreach ($sidBytes in $userDe.Properties['tokenGroups']) { - $sid = New-Object System.Security.Principal.SecurityIdentifier($sidBytes, 0) + $adUserWithTokenGroups = Get-ADUser -Identity $samName -Server $Server -Credential $Credential ` + -Properties tokenGroups -ErrorAction Stop + foreach ($sidBytes in $adUserWithTokenGroups.tokenGroups) { + $sid = New-Object System.Security.Principal.SecurityIdentifier(@([byte[]]$sidBytes), 0) [void]$callerSids.Add($sid.Value) } @@ -374,7 +370,7 @@ function Test-ReplicationPermissions { $acl = $null try { $de = New-Object System.DirectoryServices.DirectoryEntry( - "LDAP://$Server/$([System.Uri]::EscapeDataString($DomainDN))", + "LDAP://$Server/$DomainDN", $Credential.UserName, $Credential.GetNetworkCredential().Password ) diff --git a/Elysium.ps1 b/Elysium.ps1 index 7b7c565..10afbe8 100644 --- a/Elysium.ps1 +++ b/Elysium.ps1 @@ -7,7 +7,7 @@ ################################################## ## Project: Elysium ## ## File: Elysium.ps1 ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ################################################## diff --git a/ElysiumSettings.txt.sample b/ElysiumSettings.txt.sample index 7f43455..4342843 100644 --- a/ElysiumSettings.txt.sample +++ b/ElysiumSettings.txt.sample @@ -8,7 +8,7 @@ ################################################## ## Project: Elysium ## ## File: ElysiumSettings.txt ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ################################################## diff --git a/Extract-NTHashes.ps1 b/Extract-NTHashes.ps1 index 77af921..4ab2303 100644 --- a/Extract-NTHashes.ps1 +++ b/Extract-NTHashes.ps1 @@ -7,7 +7,7 @@ ################################################## ## Project: Elysium ## ## File: Extract-NTHashes.ps1 ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ################################################## diff --git a/Prepare-KHDBStorage.ps1 b/Prepare-KHDBStorage.ps1 index 35a55fd..329481d 100644 --- a/Prepare-KHDBStorage.ps1 +++ b/Prepare-KHDBStorage.ps1 @@ -7,7 +7,7 @@ ################################################## ## Project: Elysium ## ## File: Prepare-KHDBStorage.ps1 ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ################################################## diff --git a/Test-WeakADPasswords.ps1 b/Test-WeakADPasswords.ps1 index 4118617..6a25844 100644 --- a/Test-WeakADPasswords.ps1 +++ b/Test-WeakADPasswords.ps1 @@ -8,7 +8,7 @@ ################################################## ## Project: Elysium ## ## File: Test-WeakADPasswords.ps1 ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ################################################## diff --git a/Uninstall.ps1 b/Uninstall.ps1 index 11a9b3b..de86755 100644 --- a/Uninstall.ps1 +++ b/Uninstall.ps1 @@ -7,7 +7,7 @@ ################################################## ## Project: Elysium ## ## File: Uninstall.ps1 ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ################################################## diff --git a/Update-KHDB.ps1 b/Update-KHDB.ps1 index 8ca8ba4..d7bf33a 100644 --- a/Update-KHDB.ps1 +++ b/Update-KHDB.ps1 @@ -7,7 +7,7 @@ ################################################## ## Project: Elysium ## ## File: Update-KHDB.ps1 ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ################################################## diff --git a/Update-LithnetStore.ps1 b/Update-LithnetStore.ps1 index df3132f..cbf7636 100644 --- a/Update-LithnetStore.ps1 +++ b/Update-LithnetStore.ps1 @@ -7,7 +7,7 @@ ################################################## ## Project: Elysium ## ## File: Update-LithnetStore.ps1 ## -## Version: 2.4.2 ## +## Version: 2.4.3 ## ## Support: support@cqre.net ## ##################################################