Merge pull request #14 from PSSecTools/development

FriedrichWeinmann · web-flow · commit 285a2e66d72d · 2025-01-23T09:35:07.000+01:00
Added support for deleted objects
diff --git a/ADSec/ADSec.psd1 b/ADSec/ADSec.psd1
@@ -3,7 +3,7 @@
 	RootModule = 'ADSec.psm1'
 	
 	# Version number of this module.
-	ModuleVersion = '1.0.1'
+	ModuleVersion = '1.0.4'
 	
 	# ID used to uniquely identify this module
 	GUID = '1cfaca0a-3c7d-47dd-bb9f-9711310a0b9d'
@@ -26,7 +26,7 @@
 	# Modules that must be imported into the global environment prior to importing
 	# this module
 	RequiredModules = @(
-		@{ ModuleName='PSFramework'; ModuleVersion='1.0.35' }
+		@{ ModuleName='PSFramework'; ModuleVersion='1.12.346' }
 	)
 	
 	# Assemblies that must be loaded prior to importing this module
diff --git a/ADSec/changelog.md b/ADSec/changelog.md
@@ -1,5 +1,11 @@
 ﻿# Changelog
 
+## 1.0.4 (2025-01-22)
+
+- Upd: Raised PSFramework Dependency Version to 1.12.346
+- Upd: Get-AdsAcl - Enabled retrieving ACL from deleted objects
+- Upd: Get-AdsAcl - Detect insufficient access rights to retrieve security information
+
 ## 1.0.1 (2022-04-04)
 
 - New: Configuration setting to disable connection verification
diff --git a/ADSec/en-us/strings.psd1 b/ADSec/en-us/strings.psd1
@@ -13,6 +13,7 @@
 	'Enable-AdsInheritance.Processing'         = 'Starting process to enable inheritance on {0}' # $pathItem
 	'Enable-AdsInheritance.ReadAcl.Failed'     = 'Failed to access acl on {0}' # $pathItem
 	'Enable-AdsInheritance.Updating.Acl'       = 'Enabling inheritance' # 
+	'Get-AdsAcl.NoSecurityProperty'            = 'No security information found on {0}. Ensure you have sufficient access.' # $pathItem
 	'Get-AdsAcl.ObjectError'                   = 'Error accessing item: {0}' # $pathItem
 	'Get-AdsAcl.Processing'                    = 'Retrieving Acl from {0}' # $pathItem
 	'Get-AdsOrphanAce.Read.Failed'             = 'Failed to access {0}' # $pathItem
diff --git a/ADSec/functions/acl/Get-AdsAcl.ps1 b/ADSec/functions/acl/Get-AdsAcl.ps1
@@ -1,6 +1,5 @@
-﻿function Get-AdsAcl
-{
-<#
+﻿function Get-AdsAcl {
+	<#
 	.SYNOPSIS
 		Reads the ACL from an AD object.
 	
@@ -44,23 +43,24 @@
 		$EnableException
 	)
 	
-	begin
-	{
+	begin {
 		$adParameters = $PSBoundParameters | ConvertTo-PSFHashtable -Include Server, Credential
 		Assert-ADConnection @adParameters -Cmdlet $PSCmdlet
 	}
-	process
-	{
+	process {
 		if (Test-PSFFunctionInterrupt) { return }
 		
-		foreach ($pathItem in $Path)
-		{
+		foreach ($pathItem in $Path) {
 			if (-not $pathItem) { continue }
 			Write-PSFMessage -String 'Get-AdsAcl.Processing' -StringValues $pathItem
 			
-			try { $adObject = Get-ADObject @adParameters -Identity $pathItem -Properties ntSecurityDescriptor }
+			try { $adObject = Get-ADObject @adParameters -Identity $pathItem -Properties ntSecurityDescriptor -IncludeDeletedObjects }
 			catch { Stop-PSFFunction -String 'Get-AdsAcl.ObjectError' -StringValues $pathItem -Target $pathItem -EnableException $EnableException -Cmdlet $PSCmdlet -ErrorRecord $_ -Continue }
 			$aclObject = $adObject.ntSecurityDescriptor
+			if (-not $aclObject) {
+				Stop-PSFFunction -String 'Get-AdsAcl.NoSecurityProperty' -StringValues $pathItem -Target $pathItem -EnableException $EnableException -Cmdlet $PSCmdlet -Category PermissionDenied -Continue
+			}
+
 			Add-Member -InputObject $aclObject -MemberType NoteProperty -Name DistinguishedName -Value $adObject.DistinguishedName -Force
 			$aclObject
 		}
