get site-info

Overview

Retrieve information about SCCM sites by querying Active Directory via LDAP. This command identifies potential site servers by examining permissions on the System Management container.

Syntax

SharpSCCM get site-info [options]

Parameters

domain

string

Target Active Directory domain FQDN

Examples

# Discover site servers in current domain
SharpSCCM get site-info

Required Permissions

Domain\Authenticated Users - Standard LDAP read access to Active Directory

Technical Details

Detection Method

This command queries LDAP for computer accounts with GenericAll (Full Control) permissions on the System Management container in Active Directory. Systems with this permission are typically SCCM site servers, as they need these rights to manage the container.

Detection Points

Security teams can monitor for:

LDAP queries to domain controllers
Enumeration of System Management container permissions
Computer account privilege analysis
Queries for CN=System Management,CN=System,DC=domain,DC=com

Output Format

The command identifies computer accounts with elevated permissions:

[!] Found 2 computer account(s) with GenericAll permission on the System Management container:

      CORP\SCCM01$
      CORP\CAS01$

[+] These systems are likely to be ConfigMgr site servers

Analysis and Next Steps

Site Server Identification

Computer accounts with GenericAll permissions are strong indicators of:

Primary site servers hosting SMS Provider role
Central Administration Sites (CAS) in hierarchies
Secondary site servers in some configurations

Infrastructure Mapping

Use the identified servers for:

SMS Provider connections for WMI operations
Management point identification
Site hierarchy mapping
Network topology understanding

Common Use Cases

Initial Reconnaissance

First command to run when discovering SCCM infrastructure in a domain - provides entry points for further enumeration.

Site Hierarchy Discovery

In multi-site environments, identify all site servers and understand the organizational structure.

Attack Surface Analysis

Discover SCCM infrastructure components for security assessment and penetration testing.

Integration with Other Commands

Use discovered site servers with other SharpSCCM commands:

# Use discovered site server as SMS Provider
SharpSCCM get collections -sms SCCM01.corp.local -sc PS1

local site-info - Get local client site configuration
get site-push-settings - Analyze client push configuration
get admins - Enumerate SCCM administrators

Getting Started

Information Gathering

Credential Extraction

Lateral Movement

Local Operations

Infrastructure Management

Advanced Operations

Overview

Syntax

Parameters

Examples

Required Permissions

Technical Details

Output Format

Analysis and Next Steps

Common Use Cases

Integration with Other Commands

Getting Started

Information Gathering

Credential Extraction

Lateral Movement

Local Operations

Infrastructure Management

Advanced Operations

​Overview

​Syntax

​Parameters

​Examples

​Required Permissions

​Technical Details

​Output Format

​Analysis and Next Steps

​Common Use Cases

​Integration with Other Commands

​Related Commands

Overview

Syntax

Parameters

Examples

Required Permissions

Technical Details

Output Format

Analysis and Next Steps

Common Use Cases

Integration with Other Commands

Related Commands