`dissect.database.ese.ntds.database`¶

Module Contents¶

Classes¶

`Database`	Interact with an NTDS.dit Active Directory Domain Services (AD DS) database.
`DataTable`	Represents the `datatable` in the NTDS database.
`LinkTable`	Represents the `link_table` in the NTDS database.
`SecurityDescriptorTable`	Represents the `sd_table` in the NTDS database.

class dissect.database.ese.ntds.database.Database(fh: BinaryIO)¶

Interact with an NTDS.dit Active Directory Domain Services (AD DS) database.

The main purpose of this class is to group interaction with the various tables and remove some clutter from the NTDS class.

ese¶

data¶

link¶

sd¶

class dissect.database.ese.ntds.database.DataTable(db: Database)¶

Represents the datatable in the NTDS database.

db¶

table¶

hiddentable¶

hiddeninfo¶

schema¶

get¶

dsa() → dissect.database.ese.ntds.objects.NTDSDSA¶: Return the Directory System Agent (DSA) object.

dmd() → dissect.database.ese.ntds.objects.DMD¶: Return the Directory Management Domain (DMD) object, a.k.a. the schema container.

root() → dissect.database.ese.ntds.objects.Top¶: Return the top-level object in the NTDS database.

root_domain() → dissect.database.ese.ntds.objects.DomainDNS | None¶: Return the root domain object in the NTDS database. For AD LDS, this will return None.

property pek: dissect.database.ese.ntds.pek.PEK | None¶: Return the PEK.

walk() → collections.abc.Iterator[dissect.database.ese.ntds.objects.Object]¶: Walk through all objects in the NTDS database.

iter() → collections.abc.Iterator[dissect.database.ese.ntds.objects.Object]¶: Iterate over all objects in the NTDS database.

lookup(**kwargs) → dissect.database.ese.ntds.objects.Object¶

Retrieve an object by a single indexed attribute.

Parameters:: **kwargs – Single keyword argument specifying the attribute and value.

query(query: str, *, optimize: bool = True) → collections.abc.Iterator[dissect.database.ese.ntds.objects.Object]¶

Execute an LDAP query against the NTDS database.

Parameters:

query – The LDAP query string to execute.
optimize – Whether to optimize the query, default is True.

Yields:

Object instances matching the query. Objects are cast to more specific types when possible.

search(**kwargs: str) → collections.abc.Iterator[dissect.database.ese.ntds.objects.Object]¶

Perform an attribute-value query. If multiple attributes are provided, it will be treated as an “AND” query.

Parameters:: **kwargs – Keyword arguments specifying the attributes and values.
Yields:: Object instances matching the attribute-value pair.

child_of(dnt: int, name: str) → dissect.database.ese.ntds.objects.Object | None¶

Get a specific child object by name for a given Directory Number Tag (DNT).

Parameters:

dnt – The DNT to retrieve the child object for.
name – The name of the child object to retrieve.

children_of(dnt: int) → collections.abc.Iterator[dissect.database.ese.ntds.objects.Object]¶

Get all child objects of a given Directory Number Tag (DNT).

Parameters:: dnt – The DNT to retrieve child objects for.

class dissect.database.ese.ntds.database.LinkTable(db: Database)¶

Represents the link_table in the NTDS database.

This table contains link records representing relationships between directory objects.

db¶

table¶

links(dnt: int, name: str | None = None) → collections.abc.Iterator[dissect.database.ese.ntds.objects.Object]¶

Get all linked objects for a given Directory Number Tag (DNT).

Parameters:

dnt – The DNT to retrieve linked objects for.
name – An optional link name to filter the linked objects.

all_links(dnt: int) → collections.abc.Iterator[tuple[str, dissect.database.ese.ntds.objects.Object]]¶

Get all linked objects along with their link names for a given Directory Number Tag (DNT).

Parameters:: dnt – The DNT to retrieve linked objects for.

backlinks(dnt: int, name: str | None = None) → collections.abc.Iterator[dissect.database.ese.ntds.objects.Object]¶

Get all backlink objects for a given Directory Number Tag (DNT).

Parameters:

dnt – The DNT to retrieve backlink objects for.
name – An optional link name to filter the backlink objects.

all_backlinks(dnt: int) → collections.abc.Iterator[tuple[str, dissect.database.ese.ntds.objects.Object]]¶

Get all backlink objects along with their link names for a given Directory Number Tag (DNT).

Parameters:: dnt – The DNT to retrieve backlink objects for.

has_link(link_dnt: int, name: str, backlink_dnt: int) → bool¶

Check if a specific link exists between two DNTs and a given link name.

Parameters:

link_dnt – The DNT of the link object.
name – The link name to check against.
backlink_dnt – The DNT of the backlink object.

has_backlink(backlink_dnt: int, name: str, link_dnt: int) → bool¶

Check if a specific backlink exists between two DNTs and a given link name.

Parameters:

backlink_dnt – The DNT of the backlink object.
name – The link name to check against.
link_dnt – The DNT of the link object.

class dissect.database.ese.ntds.database.SecurityDescriptorTable(db: Database)¶

Represents the sd_table in the NTDS database.

This table contains security descriptors associated with directory objects.

db¶

table¶

sd(id: int) → dissect.database.ese.ntds.sd.SecurityDescriptor | None¶

Get the Discretionary Access Control List (DACL), if available.

Parameters:: id – The ID of the security descriptor.

dissect.database.ese.ntds.database¶

Module Contents¶

Classes¶

`dissect.database.ese.ntds.database`¶