BED-3671 -- add group shortcutting to SyncLAPSPassword Postprocessing #649
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Previously the logic for creating
SyncLAPSPassword
edges needed to query for group membership for all groups that had one of the two permissions. This change takes advantage of the group expansion we are already doing in a separate postprocessing step to avoid unnecessary db queries.Additionally, the
SyncLAPSPassword
edge should no longer be created for members of groups that already have that edge, which should also reduce unnecessary noise in the graph; this difference is accounted for in the accompanying test harness.Once this is merged, I can get another PR up to make the same change for
DCSync
.Motivation and Context
SyncLAPSPassword
edges in the graphHow Has This Been Tested?
I've added a new integration test + harness to ensure these changes are doing what we expect
Screenshots (if appropriate):
Types of changes
Checklist: