From 81cbdfd1c185aceb1844fb3c0ed1166248bf5e91 Mon Sep 17 00:00:00 2001
From: Matthijs Vos <matthijs.vos@northwave.nl>
Date: Thu, 19 Feb 2026 14:17:17 +0100
Subject: [PATCH 1/3] Add method for Group Policies

---
 dissect/database/ese/ntds/ntds.py |  6 +++++-
 tests/ese/ntds/test_ntds.py       | 17 +++++++++++++++--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/dissect/database/ese/ntds/ntds.py b/dissect/database/ese/ntds/ntds.py
index 1dd4047..e6f9a1d 100644
--- a/dissect/database/ese/ntds/ntds.py
+++ b/dissect/database/ese/ntds/ntds.py
@@ -7,7 +7,7 @@
 if TYPE_CHECKING:
     from collections.abc import Iterator
 
-    from dissect.database.ese.ntds.objects import Computer, DomainDNS, Group, Object, Server, User
+    from dissect.database.ese.ntds.objects import Computer, DomainDNS, Group, GroupPolicyContainer, Object, Server, User
     from dissect.database.ese.ntds.objects.trusteddomain import TrustedDomain
     from dissect.database.ese.ntds.pek import PEK
 
@@ -89,3 +89,7 @@ def computers(self) -> Iterator[Computer]:
     def trusts(self) -> Iterator[TrustedDomain]:
         """Get all trust objects from the database."""
         yield from self.search(objectClass="trustedDomain")
+
+    def group_policies(self) -> Iterator[GroupPolicyContainer]:
+        """Get all group policy objects (GPO) objects from the database."""
+        yield from self.search(objectClass="groupPolicyContainer")
diff --git a/tests/ese/ntds/test_ntds.py b/tests/ese/ntds/test_ntds.py
index 6c18e3e..25dd8d9 100644
--- a/tests/ese/ntds/test_ntds.py
+++ b/tests/ese/ntds/test_ntds.py
@@ -4,7 +4,7 @@
 
 import pytest
 
-from dissect.database.ese.ntds.objects import Computer, Group, Server, SubSchema, User
+from dissect.database.ese.ntds.objects import Computer, Group, GroupPolicyContainer, Server, SubSchema, User
 from dissect.database.ese.ntds.util import SAMAccountType
 
 if TYPE_CHECKING:
@@ -253,7 +253,7 @@ def test_object_repr(goad: NTDS) -> None:
     assert isinstance(object, User)
     assert (
         repr(object)
-        == "<User name='robert.baratheon\\nDEL:dbe3c0f1-88dc-4355-b2b0-78499dbd4522' sam_account_name='robert.baratheon' is_machine_account=False (deleted)>"  # noqa: E501
+        == "<User name='robert.baratheon\\nDEL:dbe3c0f1-88dc-4355-b2b0-78499dbd4522' sam_account_name='robert.baratheon' is_machine_account=False (deleted)>"
     )
 
 
@@ -262,3 +262,16 @@ def test_all_memberships(large: NTDS) -> None:
     for user in large.users():
         # Just iterate all memberships to see if any errors occur
         list(user.groups())
+
+
+def test_group_policies(goad: NTDS) -> None:
+    gpos: list[GroupPolicyContainer] = sorted(goad.group_policies(), key=lambda x: x.distinguished_name)
+    assert len(gpos) == 5
+    assert isinstance(gpos[0], GroupPolicyContainer)
+    assert [x.distinguished_name for x in gpos] == [
+        "CN={117DC7AC-6832-4B21-ABFD-C56679BC3626},CN=POLICIES,CN=SYSTEM,DC=NORTH,DC=SEVENKINGDOMS,DC=LOCAL",
+        "CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=NORTH,DC=SEVENKINGDOMS,DC=LOCAL",
+        "CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=SEVENKINGDOMS,DC=LOCAL",
+        "CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=NORTH,DC=SEVENKINGDOMS,DC=LOCAL",
+        "CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=SEVENKINGDOMS,DC=LOCAL",
+    ]

From a75f4317a946bc63ea480f27c3b95b5197132929 Mon Sep 17 00:00:00 2001
From: Matthijs Vos <matthijs.vos@northwave.nl>
Date: Thu, 19 Feb 2026 14:19:14 +0100
Subject: [PATCH 2/3] Rollback noqa

---
 tests/ese/ntds/test_ntds.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/ese/ntds/test_ntds.py b/tests/ese/ntds/test_ntds.py
index 25dd8d9..fa6d26f 100644
--- a/tests/ese/ntds/test_ntds.py
+++ b/tests/ese/ntds/test_ntds.py
@@ -229,7 +229,7 @@ def test_object_repr(goad: NTDS) -> None:
     """Test the ``__repr__`` methods of User, Computer, Object and Group classes."""
     object = next(goad.search(sAMAccountName="Administrator"))
     assert isinstance(object, User)
-    assert repr(object) == "<User name='Administrator' sam_account_name='Administrator' is_machine_account=False>"
+    assert repr(object) == "<User name='Administrator' sam_account_name='Administrator' is_machine_account=False>" # noqa: E501
 
     object = next(goad.search(sAMAccountName="KINGSL*"))
     assert isinstance(object, Computer)

From dcf88236fac6fb464628ea0174834e686d20c9cb Mon Sep 17 00:00:00 2001
From: Matthijs Vos <matthijs.vos@northwave.nl>
Date: Thu, 19 Feb 2026 14:33:02 +0100
Subject: [PATCH 3/3] Fix ruff

---
 tests/ese/ntds/test_ntds.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/ese/ntds/test_ntds.py b/tests/ese/ntds/test_ntds.py
index fa6d26f..e50c1e3 100644
--- a/tests/ese/ntds/test_ntds.py
+++ b/tests/ese/ntds/test_ntds.py
@@ -229,7 +229,7 @@ def test_object_repr(goad: NTDS) -> None:
     """Test the ``__repr__`` methods of User, Computer, Object and Group classes."""
     object = next(goad.search(sAMAccountName="Administrator"))
     assert isinstance(object, User)
-    assert repr(object) == "<User name='Administrator' sam_account_name='Administrator' is_machine_account=False>" # noqa: E501
+    assert repr(object) == "<User name='Administrator' sam_account_name='Administrator' is_machine_account=False>"
 
     object = next(goad.search(sAMAccountName="KINGSL*"))
     assert isinstance(object, Computer)
@@ -253,7 +253,7 @@ def test_object_repr(goad: NTDS) -> None:
     assert isinstance(object, User)
     assert (
         repr(object)
-        == "<User name='robert.baratheon\\nDEL:dbe3c0f1-88dc-4355-b2b0-78499dbd4522' sam_account_name='robert.baratheon' is_machine_account=False (deleted)>"
+        == "<User name='robert.baratheon\\nDEL:dbe3c0f1-88dc-4355-b2b0-78499dbd4522' sam_account_name='robert.baratheon' is_machine_account=False (deleted)>"  # noqa: E501
     )