Bug: AZAddOwner Relationships not Being Created

[cntC0d3]

Description:

the Azure relationship AZAddOwner is not being created as described in documentation. After further investigation it appears this feature was never implemented in BHCE.

Are you intending to fix this bug?

yes.

Component(s) Affected:

• API

Steps to Reproduce:

1. Run Azurehound against a tenant that contains a user given one of the four roles specified in documentation:
   • Hybrid Identity Administrator
   • Partner Tier1 Support
   • Partner Tier2 Support
   • Directory Synchronization Accounts
2. Upload collected data into bloodhound and wait for ingestion to complete.
3. query bh data for AZAddOwner relationships:

MATCH p=()-[r:AZAddOwner]->() RETURN p LIMIT 25

5. Query will return 0 results

Expected Behavior:

AZAddOwner relationship edges should be present between any user with the aformentioned roles and all AZApps and AZServicePrincipals within the same azure tenant.

Actual Behavior:

Relationships are not being created.

Screenshots/Code Snippets/Sample Files:

NSTR

Environment Information:

BloodHound: v5.12.0-rc1

Collector: Azurehound v2.1.9

OS: macOS 14.5
Go (if API related): go1.22.5 darwin/amd64

Docker (if using Docker): 25.0.3

Additional Information:

Potential Solution (optional):

add functionality to analysis/azure/post::UserRoleAssignments.

Related Issues:

If you've found related issues in the project's issue tracker, mention them here.

Contributor Checklist:

• [ x] I have searched the issue tracker to ensure this bug hasn't been reported before or is not already being addressed.
• [x ] I have provided clear steps to reproduce the issue.
• [x ] I have included relevant environment information details.
• [ x] I have attached necessary supporting documents.
• [x ] I have checked that any JSON files I am attempting to upload to BloodHound are valid.