Skip to content

Add NTDS Group Policy records#1559

Merged
Schamper merged 6 commits intofox-it:mainfrom
Matthijsy:ntds-group-policies
Feb 23, 2026
Merged

Add NTDS Group Policy records#1559
Schamper merged 6 commits intofox-it:mainfrom
Matthijsy:ntds-group-policies

Conversation

@Matthijsy
Copy link
Contributor

@Matthijsy Matthijsy commented Feb 19, 2026
edited
Loading

This PR adds a method that exports all Group Policies which can be fetched from the NTDS.

We might have to consider how this relates to adpolicy plugin. They are kinda related, but depend on completly different artifacts.

Depends on fox-it/dissect.database#38
Depends on: fox-it/dissect.database#41

Schamper
Schamper requested changes Feb 20, 2026
View reviewed changes
dissect/target/plugins/os/windows/ad/ntds.py Outdated
for gpo in self.ntds.group_policies():
yield NtdsGPORecord(
cn=gpo.cn,
distinguished_name=gpo.distinguishedName,
Copy link
Member

@Schamper Schamper Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you use either the "typed"/"defined" properties for these attributes on the objects' class, or the .get method for the attributes that don't yet have a property defined on their Python classes?

Copy link
Contributor Author

@Matthijsy Matthijsy Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you mean defining them as property in dissect.database or using .get. Currently there are no properties defined, but we could add them. I can do both, what would be the prefered method, as I see computer/user is using a mix of those two options.

Copy link
Member

@Schamper Schamper Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of these exist in the base Object class already:

https://github.com/fox-it/dissect.database/blob/357f64263d1733330bb250fb50bdd019ad438e52/dissect/database/ese/ntds/objects/object.py#L198

The intention is to have most of the attributes added as Python properties over time in their classes, but for some it's fine to just use .get() for now. If you're willing to add the proper attributes to the proper classes, that's of course appreciated!

My point is more, while "magic attributes" exist on these objects (e.g. doing .whenCreated works), I'd prefer to use properly typed/available properties and methods in library code, such as .when_created or .get("whenCreated"). The magic attributes are more nice for interactive use.

Copy link
Contributor Author

@Matthijsy Matthijsy Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay that makes sense. I created a PR to add 2 more fields within dissect.database, than all needed attributes of GPO are actually there.

@codecov
Copy link

codecov bot commented Feb 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.00%. Comparing base (7dfd85f) to head (3d9e7bf).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1559   +/-   ##
=======================================
  Coverage   80.99%   81.00%           
=======================================
  Files         399      399           
  Lines       34848    34853    +5     
=======================================
+ Hits        28226    28231    +5     
  Misses       6622     6622
Flag Coverage Δ
unittests 81.00% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@codspeed-hq
Copy link

codspeed-hq bot commented Feb 23, 2026

Merging this PR will not alter performance

✅ 12 untouched benchmarks
⏩ 1 skipped benchmark1

Comparing Matthijsy:ntds-group-policies (3d9e7bf) with main (7dfd85f)

Open in CodSpeed

Footnotes

  1. 1 benchmark was skipped, so the baseline result was used instead. If it was deleted from the codebase, click here and archive it to remove it from the performance reports.

@Schamper Schamper merged commit 18caf97 into fox-it:main Feb 23, 2026
20 of 24 checks passed
Matthijsy added a commit to Matthijsy/dissect.target that referenced this pull request Mar 2, 2026
@Matthijsy @Schamper
Add NTDS Group Policy records (fox-it#1559)
b2e1ecd 
Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Schamper Schamper Schamper approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Matthijsy @Schamper