Test-ReplicationPermissions:
- Skip InheritOnly ACEs since they do not apply to the domain root
object itself, only to child objects.
Test-WeakADPasswords:
- Detect Windows Zone.Identifier blocks on DSInternals DLLs and
emit a clear error with the exact Unblock-File remediation
command instead of a vague warning.
All versions bumped to unified v2.2.4.
Test-ReplicationPermissions now recognizes:
- GenericAll as satisfying replication rights
- Blanket ExtendedRight (empty ObjectType) ACEs
Also adds diagnostic hints distinguishing between
'missing ACE entirely' and 'ACE exists but not for you'.
All versions bumped to unified v2.2.3.
Test-ReplicationPermissions now uses the tokenGroups constructed
attribute to resolve all effective SIDs in the caller's Kerberos
token, including nested group memberships. This replaces the
previous MemberOf walk which missed indirect entitlement and
could produce false-positive missing-permission errors.
All versions bumped to unified v2.2.2.
- Add to Elysium.Common.ps1 as the single
runtime source of truth for version strings.
- Update Update-KHDB.ps1 User-Agent to reference .
- Update Test-WeakADPasswords.ps1 usage beacon payload to reference
.
- Add Bump-Version.ps1 release helper that updates the centralized
variable, ASCII headers across .ps1/.py files, runtime references,
and prints a CHANGELOG stub.
tomas.kracmar