GPOLocalGroup data is currently not ingested

[nurfed1]

Description:

Sharphound GPOLocalGroup collector data is not being ingested by Bloodhound.

Component(s) Affected:

• UI
• API
• Neo4j
• PostgreSQL
• Data Collector (SharpHound, AzureHound)
• Other (tooling, documentation, etc.)

Steps to Reproduce:

1. Collect GPOLocalGroup data
2. Upload data
3. AdminTo/CanRDP/ExecuteDCOM/CanPSRemote relationships to computer objects are missing.

Expected Behavior:

Bloodhound ingests collected GPOLocalGroup data.

Actual Behavior:

Bloodhound does not ingest collected GPOLocalGroup data.

Environment Information:

BloodHound: Latest commit

Collector: SharpHound 2.3.0 (Latest commit)

Contributor Checklist:

• I have searched the issue tracker to ensure this bug hasn't been reported before or is not already being addressed.
• I have provided clear steps to reproduce the issue.
• I have included relevant environment information details.
• I have attached necessary supporting documents.
• I have checked that any JSON files I am attempting to upload to BloodHound are valid.

[JonasBK]

Confirmed with SharpHound v2.3.0 and BloodHound v5.3.1.
The data is collected by SharpHound as expected:

  "GPOChanges": {
      "LocalAdmins": [
          {
              "ObjectIdentifier": "S-1-5-21-2697957641-2271029196-387917394-2173",
              "ObjectType": "User"
          }
      ],
      "RemoteDesktopUsers": [],
      "DcomUsers": [],
      "PSRemoteUsers": [],
      "AffectedComputers": [
          {
              "ObjectIdentifier": "S-1-5-21-2697957641-2271029196-387917394-2174",
              "ObjectType": "Computer"
          }
      ]
  },

The above example is from the attached example which should generate an AdminTo edge from the user [email protected] to computer ALICE-LAPTOP.DUMPSTER.FIRE, but that doesn't happen.
20231228025130_BloodHound.zip