fix: account for weird DNs in deleted objects when getting domain info

src/CommonLib/Helpers.cs

@@ -107,8 +107,17 @@ public static string ConvertGuidToHexGuid(string guid)
         /// <returns>String representing the domain name of this object</returns>
         public static string DistinguishedNameToDomain(string distinguishedName)
         {
-            var idx = distinguishedName.IndexOf("DC=",
-                StringComparison.CurrentCultureIgnoreCase);
+            int idx;
+            if (distinguishedName.ToUpper().Contains("DELETED OBJECTS"))
+            {
+                idx = distinguishedName.IndexOf("DC=", 3, StringComparison.Ordinal);
+            }
+            else
+            {
+                idx = distinguishedName.IndexOf("DC=",
+                    StringComparison.CurrentCultureIgnoreCase);    
+            }
+
             if (idx < 0)
                 return null;
 

test/unit/LDAPUtilsTest.cs

@@ -108,6 +108,25 @@ public void GetWellKnownPrincipal_WithDomain_ConvertsSID()
             Assert.Equal(Label.Group, typedPrincipal.ObjectType);
             Assert.Equal($"{_testDomainName}-S-1-5-32-544", typedPrincipal.ObjectIdentifier);
         }
+
+        [Fact]
+        public void DistinguishedNameToDomain_RegularObject_CorrectDomain()
+        {
+            var result = SharpHoundCommonLib.Helpers.DistinguishedNameToDomain(
+                "CN=Account Operators,CN=Builtin,DC=testlab,DC=local");
+            Assert.Equal("TESTLAB.LOCAL", result);
+
+            result = SharpHoundCommonLib.Helpers.DistinguishedNameToDomain("DC=testlab,DC=local");
+            Assert.Equal("TESTLAB.LOCAL", result);
+        }
+
+        [Fact]
+        public void DistinguishedNameToDomain_DeletedObjects_CorrectDomain()
+        {
+            var result = SharpHoundCommonLib.Helpers.DistinguishedNameToDomain(
+                @"DC=..Deleted-_msdcs.testlab.local\0ADEL:af1f072f-28d7-4b86-9b87-a408bfc9cb0d,CN=Deleted Objects,DC=testlab,DC=local");
+            Assert.Equal("TESTLAB.LOCAL", result);
+        }
 
         [Fact]
         public void QueryLDAP_With_Exception()