:py:mod:`dissect.target.plugins.os.windows.ad.ntds`
===================================================

.. py:module:: dissect.target.plugins.os.windows.ad.ntds




Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.ad.ntds.NtdsPlugin



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.target.plugins.os.windows.ad.ntds.extract_user_info



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.ad.ntds.GENERIC_FIELDS
   dissect.target.plugins.os.windows.ad.ntds.NtdsUserRecord
   dissect.target.plugins.os.windows.ad.ntds.NtdsComputerRecord
   dissect.target.plugins.os.windows.ad.ntds.NtdsGPORecord
   dissect.target.plugins.os.windows.ad.ntds.NTDS_PARAMETERS_REGISTRY_PATH
   dissect.target.plugins.os.windows.ad.ntds.NTDS_PARAMETERS_DB_VALUE
   dissect.target.plugins.os.windows.ad.ntds.DEFAULT_LM_HASH
   dissect.target.plugins.os.windows.ad.ntds.DEFAULT_NT_HASH


.. py:data:: GENERIC_FIELDS
   :value: [('string', 'cn'), ('string', 'upn'), ('string', 'sam_name'), ('string', 'sam_type'), ('string',...


.. py:data:: NtdsUserRecord

.. py:data:: NtdsComputerRecord

.. py:data:: NtdsGPORecord

.. py:data:: NTDS_PARAMETERS_REGISTRY_PATH
   :value: 'HKLM\\SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters'


.. py:data:: NTDS_PARAMETERS_DB_VALUE
   :value: 'DSA Database file'


.. py:data:: DEFAULT_LM_HASH
   :value: 'aad3b435b51404eeaad3b435b51404ee'


.. py:data:: DEFAULT_NT_HASH
   :value: '31d6cfe0d16ae931b73c59d7e0c089c0'


.. py:class:: NtdsPlugin(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugin.Plugin`


   Plugin to parse NTDS.dit Active Directory database and extract user credentials.

   This plugin extracts user password hashes, password history, Kerberos keys, and other authentication data
   from the NTDS.dit database found on Windows Domain Controllers.


   .. py:attribute:: __namespace__
      :value: 'ad'


      Defines the plugin namespace.


   .. py:attribute:: path


   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with the current target (``self.target``).
      For example, check if a certain file exists. Otherwise it should raise an
      :class:`UnsupportedPluginError`.

      :raises UnsupportedPluginError: If the plugin could not be loaded.



   .. py:property:: ntds
      :type: dissect.database.ese.ntds.NTDS



   .. py:method:: users() -> collections.abc.Iterator[NtdsUserRecord]

      Extract all user accounts from the NTDS.dit database.



   .. py:method:: computers() -> collections.abc.Iterator[NtdsComputerRecord]

      Extract all computer accounts from the NTDS.dit database.



   .. py:method:: group_policies() -> collections.abc.Iterator[NtdsGPORecord]

      Extract all group policy objects (GPO) NTDS.dit database.



.. py:function:: extract_user_info(user: dissect.database.ese.ntds.objects.User | dissect.database.ese.ntds.objects.Computer, target: dissect.target.target.Target) -> dict[str, Any]

   Extract generic information from a User or Computer account.