Resolved #127: Added Windows Server 2022 compatibility

MichaelGrafnetter · Oct 19, 2021 · 22c0c62 · 22c0c62
1 parent f277c7b
commit 22c0c62
Show file tree

Hide file tree

Showing 14 changed files with 276 additions and 82 deletions.
diff --git a/.github/README.md b/.github/README.md
@@ -4,7 +4,7 @@
 
 [![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](../LICENSE.md)
 [![PowerShell 3 | 4 | 5](https://img.shields.io/badge/PowerShell-3%20|%204%20|%205-0000FF.svg?logo=PowerShell)](#)
-[![Windows Server 2008 R2 | 2012 R2 | 2016 | 2019](https://img.shields.io/badge/Windows%20Server-2008%20R2%20|%202012%20R2%20|%202016%20|%202019-007bb8.svg?logo=Windows)](#)
+[![Windows Server 2008 R2 | 2012 R2 | 2016 | 2019 | 2022](https://img.shields.io/badge/Windows%20Server-2008%20R2%20|%202012%20R2%20|%202016%20|%202019%20|%202022-007bb8.svg?logo=Windows)](#)
 [![.NET Framework 4.7.2+](https://img.shields.io/badge/.NET%20Framework-4.7.2%2B-007FFF.svg)](#)
 
 ## Introduction

diff --git a/Documentation/CHANGELOG.md b/Documentation/CHANGELOG.md
@@ -9,6 +9,20 @@ All notable changes to this project will be documented in this file. The format
 
 - The PowerShell module now advertizes `Desktop` as the required edition. Note that *PowerShell Core* is not supported because of heavy dependency on Win32 API.
 
+## [4.6] - 2021-10-19
+
+### Added
+
+- Windows Server 2022 ntds.dit file modification is now supported.
+
+### Changed
+
+- Updated ManagedEsent to 1.9.4.1 and extracted customizations to partial classes.
+
+### Fixed
+
+- ESE parameter set now better mimics the one used in AD.
+
 ## [4.5] - 2021-10-14
 
 ### Fixed
@@ -410,7 +424,8 @@ This is a [Chocolatey](https://chocolatey.org/packages/dsinternals-psmodule)-onl
 ## 1.0 - 2015-01-20
 Initial release!
 
-[Unreleased]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.5...HEAD
+[Unreleased]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.6...HEAD
+[4.6]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.5...v4.6
 [4.5]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.4.1...v4.5
 [4.4.1]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.4...v4.4.1
 [4.4]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.3...v4.4

diff --git a/Src/DSInternals.DataStore/ADConstants.cs b/Src/DSInternals.DataStore/ADConstants.cs
@@ -1,4 +1,7 @@
 
+using System.Globalization;
+using Microsoft.Isam.Esent.Interop.Vista;
+
 namespace DSInternals.DataStore
 {
     internal static class ADConstants
@@ -9,8 +12,13 @@ internal static class ADConstants
         public const string SecurityDescriptorTableName = "sd_table";
         public const int GeneralizedTimeCoefficient = 10000000;
         public const string EseBaseName = "edb";
+        public const string EseTempDatabaseName = "temp.edb";
         public const int PageSize = 8192; // 8k
         public const int EseLogFileSize = 10240; // 10M
+        public const int EseIndexDefaultLocale = 1033; // = DS_DEFAULT_LOCALE = EN-US | SORT_DEFAULT
+        public const int EseIndexDefaultCompareOptions = 0x00000001 | 0x00000002 | 0x00010000 | 0x00020000 | 0x00001000; // = DS_DEFAULT_LOCALE_COMPARE_FLAGS | LCMAP_SORTKEY = NORM_IGNORECASE | NORM_IGNOREKANATYPE | NORM_IGNORENONSPACE | NORM_IGNOREWIDTH | SORT_STRINGSORT
+        public const LegacyFileNames EseLegacyFileNames = LegacyFileNames.EightDotThreeSoftCompat | LegacyFileNames.ESE98FileNames;
+        public const int EseMaxOpenTables = 1000;
         public const int NotAnObjectDNTag = 1;
         public const int RootDNTag = 2;
         public const int RootSecurityDescriptorId = 1;

diff --git a/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec b/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
@@ -14,9 +14,7 @@
     <description>DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation. It can be used to extract password hashes from Active Directory backups or to modify the sIDHistory and primaryGroupId attributes.</description>
     <summary>DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation.</summary>
     <releaseNotes>
-- Added support for ntds.dit files with conflicting defunct attributes.
-- Improved parsing of roaming CNG private keys.
-- Updated the target .NET Framework to 4.7.2.
+- Added Windows Server 2022 support.
     </releaseNotes>
     <copyright>Copyright (c) 2015-2021 Michael Grafnetter. All rights reserved.</copyright>
     <tags>ActiveDirectory Security NTDS AD Identity Active Directory</tags>

diff --git a/Src/DSInternals.DataStore/DirectoryContext.cs b/Src/DSInternals.DataStore/DirectoryContext.cs
@@ -23,46 +23,60 @@ public DirectoryContext(string dbFilePath, bool readOnly, string logDirectoryPat
         {
             if (!File.Exists(dbFilePath))
             {
-                // TODO: Extract as resource
-                throw new FileNotFoundException("The specified database file does not exist.", dbFilePath);
+                 throw new FileNotFoundException("The specified database file does not exist.", dbFilePath);
             }
 
             this.DSADatabaseFile = dbFilePath;
             ValidateDatabaseState(this.DSADatabaseFile);
 
             this.DSAWorkingDirectory = Path.GetDirectoryName(this.DSADatabaseFile);
             string checkpointDirectoryPath = this.DSAWorkingDirectory;
-            string tempDirectoryPath = this.DSAWorkingDirectory;
+            string tempDatabasePath = Path.Combine(this.DSAWorkingDirectory, ADConstants.EseTempDatabaseName);
 
             this.DatabaseLogFilesPath = logDirectoryPath;
             if (this.DatabaseLogFilesPath != null)
             {
                 if (!Directory.Exists(this.DatabaseLogFilesPath))
                 {
-                    // TODO: Extract as resource
                     throw new FileNotFoundException("The specified log directory does not exist.", this.DatabaseLogFilesPath);
                 }
             }
             else
             {
+                // Use the default location if an alternate log directory is not provided.
                 this.DatabaseLogFilesPath = this.DSAWorkingDirectory;
             }
 
             // TODO: Exception handling?
-            // HACK: IsamInstance constructor throws AccessDenied Exception when the path does not end with a backslash.
-            this.instance = new IsamInstance(AddPathSeparator(checkpointDirectoryPath), AddPathSeparator(this.DatabaseLogFilesPath), AddPathSeparator(tempDirectoryPath), ADConstants.EseBaseName, JetInstanceName, readOnly, ADConstants.PageSize);
+            // Note: IsamInstance constructor throws AccessDenied Exception when the path does not end with a backslash.
+            this.instance = new IsamInstance(AddPathSeparator(checkpointDirectoryPath), AddPathSeparator(this.DatabaseLogFilesPath), tempDatabasePath, ADConstants.EseBaseName, JetInstanceName, readOnly, ADConstants.PageSize);
             try
             {
                 var isamParameters = this.instance.IsamSystemParameters;
 
+                if(EsentVersion.SupportsWindows10Features)
+                {
+                    try
+                    {
+                        // Required for Windows Server 2022 compatibility, as it limits the transaction log file format to 8920.
+                        // Note: Usage of JET_efvUsePersistedFormat still causes minor DB format upgrade.
+                        isamParameters.EngineFormatVersion = 0x40000002; // JET_efvUsePersistedFormat: Instructs the engine to use the minimal Engine Format Version of all loaded log and DB files.
+                    }
+                    catch (EsentInvalidParameterException)
+                    {
+                        // JET_efvUsePersistedFormat should be supported since Windows Server 2016.
+                        // Just continue even if it is not supported on the current Windows build.
+                    }
+                }
+
                 // Set the size of the transaction log files to AD defaults.
                 isamParameters.LogFileSize = ADConstants.EseLogFileSize;
 
                 // Delete the log files that are not matching (generation wise) during soft recovery.
                 isamParameters.DeleteOutOfRangeLogs = true;
 
                 // Check the database for indexes over Unicode key columns that were built using an older version of the NLS library.
-                isamParameters.EnableIndexChecking = true;
+                isamParameters.EnableIndexChecking2 = true;
 
                 // Automatically clean up indexes over Unicode key columns as necessary to avoid database format changes caused by changes to the NLS library.
                 isamParameters.EnableIndexCleanup = true;
@@ -73,8 +87,27 @@ public DirectoryContext(string dbFilePath, bool readOnly, string logDirectoryPat
                 // Disable all database engine callbacks to application provided functions. This enables us to open Win2016 DBs on non-DC systems.
                 isamParameters.DisableCallbacks = true;
 
-                // TODO: Configure additional ISAM parameters
-                // this.instance.IsamSystemParameters.EnableOnlineDefrag = false;
+                // Increase the limit of maximum open tables.
+                isamParameters.MaxOpenTables = ADConstants.EseMaxOpenTables;
+
+                // Enable backwards compatibility with the file naming conventions of earlier releases of the database engine.
+                isamParameters.LegacyFileNames = ADConstants.EseLegacyFileNames;
+
+                // Set EN-US to be used by any index over a Unicode key column.
+                isamParameters.UnicodeIndexDefault = new JET_UNICODEINDEX()
+                {
+                    lcid = ADConstants.EseIndexDefaultLocale,
+                    dwMapFlags = ADConstants.EseIndexDefaultCompareOptions
+                };
+
+                // Force crash recovery to look for the database referenced in the transaction log in the specified folder.
+                isamParameters.AlternateDatabaseRecoveryPath = this.DSAWorkingDirectory;
+
+                if (!readOnly)
+                {
+                    // Delete obsolete log files.
+                    isamParameters.DeleteOldLogs = true;
+                }
 
                 this.session = this.instance.CreateSession();
                 this.session.AttachDatabase(this.DSADatabaseFile);
@@ -234,7 +267,6 @@ protected virtual void Dispose(bool disposing)
 
         private static string AddPathSeparator(string path)
         {
-            // TODO: Newer version of ISAM should implemet this
             if (string.IsNullOrEmpty(path) || path.EndsWith(Path.DirectorySeparatorChar.ToString()))
             {
                 // No need to add path separator
@@ -246,7 +278,7 @@ private static string AddPathSeparator(string path)
             }
         }
 
-        private static void ValidateDatabaseState(string dbFilePath)
+        public static void ValidateDatabaseState(string dbFilePath)
         {
             // Retrieve info about the DB (Win Version, Page Size, State,...)
             JET_DBINFOMISC dbInfo;
@@ -255,7 +287,6 @@ private static void ValidateDatabaseState(string dbFilePath)
             if (dbInfo.dbstate != JET_dbstate.CleanShutdown)
             {
                 // Database might be inconsistent
-                // TODO: Extract message as a recource
                 throw new InvalidDatabaseStateException("The database is not in a clean state. Try to recover it first by running the 'esentutl /r edb /d' command.", dbFilePath);
             }
         }

diff --git a/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs b/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals DataStore Library")]
-[assembly: AssemblyVersion("4.5")]
-[assembly: AssemblyFileVersion("4.5")]
+[assembly: AssemblyVersion("4.6")]
+[assembly: AssemblyFileVersion("4.6")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]

diff --git a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
@@ -3,7 +3,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>DSInternals-PSModule</id>
-    <version>4.5</version>
+    <version>4.6</version>
     <packageSourceUrl>https://github.com/MichaelGrafnetter/DSInternals/tree/master/Src/DSInternals.PowerShell/Chocolatey</packageSourceUrl>
     <owners>MichaelGrafnetter</owners>
     <title>DSInternals PowerShell Module</title>
@@ -37,18 +37,15 @@
 ## Disclaimer
 Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.</description>
     <releaseNotes>
-* Added support for ntds.dit files with conflicting defunct attributes.
-* Fixed the detection of default computer passwords.
-* Improved parsing of roaming CNG private keys.
-* Updated the target .NET Framework to 4.7.2.
+* Added Windows Server 2022 support.
     </releaseNotes>
     <dependencies>
       <!-- Windows Management Framework 3+. For OS prior to Windows 8 and Windows Server 2012. -->
       <dependency id="powershell" version="3.0.20121027" />
       <!-- Universal C Runtime. For RTM OS prior to Windows 10 and Windows Server 2016. -->
       <dependency id="kb2999226" version="1.0.20181019" />
-      <!-- .NET Framework 4.7+. For RTM OS prior to Windows 10 1703 and Windows Server 1709. -->
-      <dependency id="dotnetfx" version="4.7.0.0"  />
+      <!-- .NET Framework 4.7.2+. For RTM OS prior to Windows 10 1703 and Windows Server 1709. -->
+      <dependency id="dotnetfx" version="4.7.2.0"  />
     </dependencies>
   </metadata>
   <files>

diff --git a/Src/DSInternals.PowerShell/DSInternals.psd1 b/Src/DSInternals.PowerShell/DSInternals.psd1
@@ -8,7 +8,7 @@
 RootModule = 'DSInternals.Bootstrap.psm1'
 
 # Version number of this module.
-ModuleVersion = '4.5'
+ModuleVersion = '4.6'
 
 # Supported PSEditions
 # CompatiblePSEditions = 'Desktop'
@@ -36,7 +36,7 @@ DISCLAIMER: Features exposed through this module are not supported by Microsoft
 PowerShellVersion = '3.0'
 
 # Minimum version of Microsoft .NET Framework required by this module
-DotNetFrameworkVersion = '4.7' # This requirement is not enforced by older versions of PS.
+DotNetFrameworkVersion = '4.7.2' # This requirement is not enforced by older versions of PS.
 
 # Minimum version of the common language runtime (CLR) required by this module
 CLRVersion = '4.0.30319.42000' # Corresponds to .NET Framework 4.6 and later
@@ -141,10 +141,7 @@ PrivateData = @{
 
         # ReleaseNotes of this module
         ReleaseNotes = @"
-- Added support for ntds.dit files with conflicting defunct attributes.
-- Fixed the detection of default computer passwords.
-- Improved parsing of roaming CNG private keys.
-- Updated the target .NET Framework to 4.7.2.
+- Added Windows Server 2022 support.
 "@
     } # End of PSData hashtable
 

diff --git a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals PowerShell Commands")]
-[assembly: AssemblyVersion("4.5")]
-[assembly: AssemblyFileVersion("4.5")]
+[assembly: AssemblyVersion("4.6")]
+[assembly: AssemblyFileVersion("4.6")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]