## Version 4.0 Update - New MS AD Objects Lookups ## ## -- KVSTore -- ## ## MS AD Objects - KV Store Lookups ## ## Configuration State - Lookup ## [AD_Obj_Config_State] external_type = kvstore collection = AD_Obj_Config_State_kv fields_list = _key,state,version,last_run case_sensitive_match = false ## Getting Started Configuration Wizard - Environment Scope [ms_ad_obj_cfg_gs] batch_index_query = 0 case_sensitive_match = 1 filename = ms_ad_obj_cfg_gs.csv ## Matching Pre-Version 4.x Name: AD_Obj_Domain_Selector ## [AD_Obj_Domain] external_type = kvstore collection = AD_Obj_Domain_kv fields_list = _key,domain,host,DomainNetBIOSName,DomainDNSName,ForestName,Site,time,multi_lkps_enabled,kv_suffix,dc_val,user_lookup,group_lookup,computer_lookup case_sensitive_match = false ## Matching Pre-Version 4.x Name: AD_Obj_User_LDAP_list ## [AD_Obj_User] external_type = kvstore collection = AD_Obj_User_LDAP_list_kv fields_list = _key,accountExpires,adminCount,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dSCorePropagationData,dcName,deletedDate,department,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,givenName,guid_lookup,initials,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,location,lockoutTime,logonCount,logonHours,lookup_usr,managedBy,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,physicalDeliveryOfficeName,postalCode,primaryGroupID,pwdLastSet,sAMAccountName,sAMAccountType,servicePrincipalName,showInAdvancedViewOnly,sid_lookup,sn,st,streetAddress,title,uac_details,uac_bin_map,uSNChanged,uSNCreated,userAccountControl,userPrincipalName,userWorkstations,whenChanged,whenCreated,user_type,time case_sensitive_match = false ## Matching Pre-Version 4.x Name: AD_Obj_Computer_LDAP_list ## [AD_Obj_Computer] external_type = kvstore collection = AD_Obj_Computer_LDAP_list_kv fields_list = _key,accountExpires,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dNSHostName,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,localPolicyFlags,logonCount,lookup_cmp,managedBy,msDFSR-ComputerReferenceBL,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,operatingSystem,operatingSystemServicePack,operatingSystemVersion,orig_evt_dn,OU,primaryGroupID,pwdLastSet,rIDSetReferences,sAMAccountName,sAMAccountType,serverReferenceBL,servicePrincipalName,sid_lookup,src_nt_domain,st,uSNChanged,uSNCreated,userAccountControl,whenChanged,whenCreated,time case_sensitive_match = false ## Matching Pre-Version 4.x Name: AD_Obj_Group_LDAP_list ## [AD_Obj_Group] external_type = kvstore collection = AD_Obj_Group_LDAP_list_kv fields_list = _key,adminCount,c,cn,orig_cn,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,groupType,groupType_Name,guid_lookup,instanceType,isCriticalSystemObject,isDeleted,isDistributionList,isRecycled,l,lastKnownParent,last_evt_flg,lookup_grp,managedBy,member,membercount,MSADGroupType,MSADGroupClass,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,primaryGroupToken,sAMAccountName,sAMAccountType,showInAdvancedViewOnly,sid_lookup,src_nt_domain,st,systemFlags,uSNChanged,uSNCreated,whenChanged,whenCreated,time case_sensitive_match = false ## Matching Pre-Vers` ion 4.x Name: AD_Obj_GPO_LDAP_list ## [AD_Obj_GPO] external_type = kvstore collection = AD_Obj_GPO_LDAP_list_kv fields_list = _key,cn,deletedDate,displayName,distinguishedName,dn,dn_hist,domain,DomainDNSName,dSCorePropagationData,flags,gpo_link,gPCFileSysPath,gPCFunctionalityVersion,gPCMachineExtensionNames,instanceType,isCriticalSystemObject,isRecycled,isDeleted,lastKnownParent,lc,last_evt_flg,name,objectCategory,objectClass,objectGUID,orig_cn,showInAdvancedViewOnly,systemFlags,uSNChanged,uSNCreated,versionNumber,whenChanged,whenCreated,time case_sensitive_match = false ## Matching Pre-Version 4.x Name: AD_Obj_OU_LDAP_list ## [AD_Obj_OU] external_type = kvstore collection = AD_Obj_OU_LDAP_list_kv fields_list = _key,c,cn,deletedDate,description,displayName,distinguishedName,dn,dn_hist,domain,DomainDNSName,dSCorePropagationData,gPLink,gpo_link,guid_lookup,host,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,last_evt_flg,Linked_GPO,lookup_ou,managedBy,name,objectCategory,objectClass,objectGUID,orig_cn,orig_evt_dn,OU,q,revision,showInAdvancedViewOnly,st,systemFlags,uSNChanged,uSNCreated,versionNumber,whenChanged,whenCreated,time case_sensitive_match = false ## Matching Pre-Version 4.x Name: AD_Obj_Admin_Audit_list ## [AD_Obj_Admin_Audit] external_type = kvstore collection = AD_Obj_Admin_Audit_list_kv fields_list = _key,admin_user,admin_domain,last_time_string,last_time_utc case_sensitive_match = false ## Removed for MULTI-DOMAIN KV Split Support ## ##fields_list = admin_dn,admin_dn_hist,admin_dn_path,admin_cn,admin_objectGUID,admin_userPrincipalName ## Matching Pre-Version 4.x Name: AD_UAC_Details ## [AD_Obj_UAC] external_type = kvstore collection = AD_Obj_UAC_kv fields_list = _key,uac_bin_map,uac_details,userAccountControl case_sensitive_match = false ## Removed - [AD_Objects_Queue] - Not Needed with KVStore ## Removed - [AD_Obj_Group_DL] AD_Obj_Group_DL_LDAP_list ## ## -- csv File -- ## ## Future Use for Wizards [ms_ad_obj_cfg_wiz_nav] batch_index_query = 0 case_sensitive_match = false filename = ms_ad_obj_cfg_wiz_nav.csv ## Static and Manual Update Lookup [AD_Audit_Sensitive_Groups] filename = AD.Audit.Sensitive.Groups.csv case_sensitive_match = false ## Static Lookup [AD_Audit_Group_Type] filename = ms_ad_obj_group_types.csv case_sensitive_match = false [AD_Audit_Group_Details] filename = ms_ad_obj_group_details.csv case_sensitive_match = false [AD_Audit_Error_Codes] filename = ms_ad_obj_error_codes.csv case_sensitive_match = false [AD_Audit_Logon_Types] filename = ms_ad_obj_logon_types.csv case_sensitive_match = false [ms_ad_obj_app_eventcodes] filename = ms_ad_obj_app_eventcodes.csv case_sensitive_match = false [AD_Audit_Change_EventCodes] batch_index_query = 0 filename = ms_ad_obj_change_eventcodes.csv case_sensitive_match = false [AD_Audit_Change_EventCodes_Std] batch_index_query = 0 case_sensitive_match = 1 filename = ms_ad_obj_change_eventcodes_std.csv [AD_Audit_Change_EventCodes_Adv] filename = ms_ad_obj_change_eventcodes_adv.csv case_sensitive_match = false [AD_Audit_Default_Critical_Objects] filename = ms_ad_obj_default_critical_objects.csv case_sensitive_match = false [AD_Audit_Logon_Events] batch_index_query = 0 case_sensitive_match = 0 filename = ms_ad_obj_evt_code_logons.csv ## Extract Information Lookups ## [field_info_AD_Obj_User] batch_index_query = 0 case_sensitive_match = false filename = ms_ad_obj_field_AD_Obj_User.csv [field_info_AD_Obj_Computer] batch_index_query = 0 case_sensitive_match = false filename = ms_ad_obj_field_AD_Obj_Computer.csv [field_info_AD_Obj_Group] batch_index_query = 0 case_sensitive_match = false filename = ms_ad_obj_field_AD_Obj_Group.csv [ms_ad_obj_user_rights_map] batch_index_query = 0 case_sensitive_match = false filename = ms_ad_obj_user_rights_map.csv [ms_ad_obj_uac_temp] batch_index_query = 0 filename = ms_ad_obj_uac_temp.csv case_sensitive_match = false [ms_ad_obj_field_list] batch_index_query = 0 case_sensitive_match = false filename = ms_ad_obj_lookup_field_lists.csv [ms_ad_obj_evt_code_desc] batch_index_query = 0 filename = ms_ad_obj_evt_code_desc.csv case_sensitive_match = false [ms_ad_obj_status_icons] batch_index_query = 0 filename = ms_ad_obj_status_icons.csv case_sensitive_match = false ## Temp Holder for Multi-Domain Configuration Settings: [tmp_ms_obj_md_cfg] batch_index_query = 0 filename = tmp_ms_obj_md_cfg.csv case_sensitive_match = false ## Initially Manually Build and then Dynamically Updated Lookups [AD_Computer_LDAP_list] filename = AD.Computer.LDAP.list.csv case_sensitive_match = false [AD_User_LDAP_list] filename = AD.Users.LDAP.list.csv case_sensitive_match = false [AD_Groups_LDAP_list] filename = AD.Groups.LDAP.list.csv case_sensitive_match = false [AD_GroupPolicies_LDAP_list] filename = AD.GroupPolicies.LDAP.list.csv case_sensitive_match = false [AD_OU_LDAP_list] filename = AD.OU.LDAP.list.csv case_sensitive_match = false [AD_Distribution_List_LDAP_list] filename = AD.Distribution.Lists.LDAP.list.csv case_sensitive_match = false [AD_Domain_Selector] filename = AD.Domain.Selector.list.csv case_sensitive_match = false [AD_Audit_Admin_list] filename = AD.Audit.Admin.list.csv case_sensitive_match = false ## AD admon Update Queues [AD_Objects_Queue_Main] filename = AD_Objects_Queue_Main.csv case_sensitive_match = false [AD_UAC_Details] filename = AD_UAC_Details.csv case_sensitive_match = false [ms_ad_obj_inputs] batch_index_query = 0 filename = ms_ad_obj_inputs_vals.csv case_sensitive_match = false ## Added to extract the Domain DNS Name for ActiveDirectory Data - Required for building lookups and potential use of Multi-Domain Lookup Splitting.## [ms_ad_obj_admon_dc_suffix] REGEX = (?msi)(?:dcName\=(LDAP\:\/\/|)[a-zA-Z0-9_\-]+)\.([^(\r|\n|\/)]+) FORMAT = dc_ldap::$1 dc_suffix::$2 [ms_ad_obj_admon_dc_val] REGEX = (?msi)(?:objectCategory\=.*)(?:\,CN\=(Configuration|Deleted\sObjects)\,DC\=)([^(\r|\n|\|)]+) FORMAT = dc_category::$1 dc_val::$2 [ms_ad_obj_cs_changed_attributes_values] REGEX = (?msi)(?:Additional Details:|Changed Attributes|Attribute:)(?:\s|\n|\r)+([^$]+) FORMAT = MSADChangedAttributes::"$1" MV_ADD = true ##---------------------------------------------------## ## Domain: jpit - Lookup Definition ##---------------------------------------------------## ## Domain - jpit - User Definition ## [AD_Obj_User_jpit] external_type = kvstore collection = AD_Obj_User_jpit_kv fields_list = _key,accountExpires,adminCount,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dSCorePropagationData,dcName,deletedDate,department,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,givenName,guid_lookup,initials,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,location,lockoutTime,logonCount,logonHours,lookup_usr,managedBy,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,physicalDeliveryOfficeName,postalCode,primaryGroupID,pwdLastSet,sAMAccountName,sAMAccountType,servicePrincipalName,showInAdvancedViewOnly,sid_lookup,sn,st,streetAddress,title,uac_details,uac_bin_map,uSNChanged,uSNCreated,userAccountControl,userPrincipalName,userWorkstations,whenChanged,whenCreated,user_type,time case_sensitive_match = false ## Domain - jpit - Group Definition ## [AD_Obj_Group_jpit] external_type = kvstore collection = AD_Obj_Group_jpit_kv fields_list = _key,adminCount,c,cn,orig_cn,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,groupType,groupType_Name,guid_lookup,instanceType,isCriticalSystemObject,isDeleted,isDistributionList,isRecycled,l,lastKnownParent,last_evt_flg,lookup_grp,managedBy,member,membercount,MSADGroupType,MSADGroupClass,name,objectCategory,objectClass,objectGUID,objectSid,orig_evt_dn,OU,primaryGroupToken,sAMAccountName,sAMAccountType,showInAdvancedViewOnly,sid_lookup,src_nt_domain,st,systemFlags,uSNChanged,uSNCreated,whenChanged,whenCreated,time case_sensitive_match = false ## Domain - jpit - Computer Definition ## [AD_Obj_Computer_jpit] external_type = kvstore collection = AD_Obj_Computer_jpit_kv fields_list = _key,accountExpires,badPasswordTime,badPwdCount,c,cn,orig_cn,codePage,countryCode,dNSHostName,dSCorePropagationData,dcName,deletedDate,description,displayName,distinguishedName,dn,dn_hist,dn_path,domain,DomainDNSName,instanceType,isCriticalSystemObject,isDeleted,isRecycled,l,lastKnownParent,lastLogon,lastLogonTimestamp,last_evt_flg,localPolicyFlags,logonCount,lookup_cmp,managedBy,msDFSR-ComputerReferenceBL,msDS-SupportedEncryptionTypes,name,objectCategory,objectClass,objectGUID,objectSid,operatingSystem,operatingSystemServicePack,operatingSystemVersion,orig_evt_dn,OU,primaryGroupID,pwdLastSet,rIDSetReferences,sAMAccountName,sAMAccountType,serverReferenceBL,servicePrincipalName,sid_lookup,src_nt_domain,st,uSNChanged,uSNCreated,userAccountControl,whenChanged,whenCreated,time case_sensitive_match = false