8000
Performance degradation when SharpHound attempts to resolve unresolvable SIDs · Issue #203 · SpecterOps/SharpHoundCommon · GitHub
More Web Proxy on the site http://driver.im/
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running SharpHound from a non-domain-joined Windows machine using supplied credentials, if target objects in the domain contain unresolvable SIDs (e.g., due to stale entries from broken two-way trusts), the tool repeatedly attempts to resolve them.
The machine executing SharpHound is not joined to the domain
Some AD objects contain SIDs from a previously trusted domain (e.g., due to removed two-way trust)
unresolvable SID (from a previously trusted domain) was present on many AD objects.
Total object count is large (e.g., 500,000+ objects)
Screenshot
non-domain-joined
domain-joined
Observed Behavior
SharpHound attempts to resolve unknown or external SIDs via DirectoryContext using GetDomain(...)
Each failed resolution logs: System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Current security context is not associated with an Active Directory domain or forest.
Comparison Results
Scenario
Cache
Execution Time
Domain-joined host
❌ / ✅
13 mins
Non-domain host, same creds
✅
30 mins
Non-domain host, same creds
❌
90 mins
Is it possible to add unresolvable SID cache to avoid repeated requests or disable try get unresolvable SID?
The text was updated successfully, but these errors were encountered:
Uh oh!
There was an error while loading. Please reload this page.
When running SharpHound from a non-domain-joined Windows machine using supplied credentials, if target objects in the domain contain unresolvable SIDs (e.g., due to stale entries from broken two-way trusts), the tool repeatedly attempts to resolve them.
non-domain-joined
domain-joined
System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Current security context is not associated with an Active Directory domain or forest.Is it possible to add unresolvable SID cache to avoid repeated requests or disable try get unresolvable SID?
The text was updated successfully, but these errors were encountered: