Invoke-FindUserTrustGroups fails and lists ALL users

[Meatballs1]

The following logic in this method appears to be incorrect:

    if($GroupDN -ne $DistinguishedDomainName){
                    $GroupDomain = $($membership.substring($index)) -replace 'DC=','' -replace ',','.'
                    $GroupName = $membership.split(",")[0].split("=")[1]
                }

A number of issues are here:

• $GroupDN is not set. The GroupDN output further down is set via $membership. $GroupDN is always $null. Therefore this comparison is always true and all users are listed.
• If comparing against the $DistinguishedDomain the $GroupDN needs to be stripped down to the domain.

I fixed it with the following route:

• $GroupDomain needs to be moved above the if statement
• if $GroupDomain.CompareTo($Domain)

Sorry cant submit a PR at the moment.

[HarmJ0y]

Thanks! Just noticed this on an engagement actually. The fix should be pushed to https://github.com/Veil-Framework/PowerTools/tree/powerview_group_recurse , will test tomorrow and then merge into master. FYI Get-NetGroup now has a -Recurse flag that resolves any returned members that are groups as well.