The inventory-gathering capabilities of the FlexNet Inventory Agent are extended using InventorySettings.xml, which includes PowerShell scripts to collect data from the following sources:

• Windows Server user access logging
• CAL/SharePoint Server
• Exchange Server
• Lync Server

The Exchange-related script in InventorySettings.xml is written in VBScript and contains embedded PowerShell. This PowerShell script is dynamically constructed using data pulled from Active Directory to determine the Exchange server edition. The data retrieved from Active Directory is returned in encrypted form and stored in a PowerShell variable called $string.

The entire script is passed to PowerShell via the command line. Since the encrypted byte array includes non-character data, the output may appear as a sequence of unusual or unreadable characters. This behavior can trigger alerts in security software, even though it is expected and harmless.

To interpret this data, the script uses the Exchange Edition Decode Algorithm—a decryption method derived from Microsoft’s documentation on Exchange Server Active Directory schema changes. Details on this method are available in Exchange Server 2003 to Exchange Server 2010 Active Directory Schema Changes Reference.doc.

Exchange edition decode algorithm

Using the type attribute of the msExchExchangeServer object, the following steps decode the encrypted Unicode string.

1.  Establish constants for encoding

 Two constants establish the encoding seed and magic numbers used by the algorithm.

C#

const byte Seed = 0x49;

const byte Magic = 0x43;

2. Convert the Unicode string to a little-endian byte array

C#

byte[] decodeBuf = Encoding.Unicode.GetBytes((string)value);

3. Decode the byte array

Start from the end of the buffer and decode each byte [n-1] by XORing it with the result of XOR between the seed and byte [n-2]. This decodes all bytes except the first one. Each decoded byte will be an ASCII printable character.

C#

for (int i = decodeBuf.Length; i > 1; i--)

{

  decodeBuf[i - 1] ^= (byte)(decodeBuf[i - 2] ^ Seed);

}

4. Decode the first byte

Use XOR with the bitwise OR of the seed and magic number:

C#

decodeBuf[0] ^= Seed | Magic;

5. Convert the byte array back to a Unicode string

The byte array now has a little-endian array of Unicode bytes that can be converted back to a Unicode string.

C#

string decodedType = Encoding.Unicode.GetString(decodeBuf);

6. Interpret the converted string

The converted string has the following format: {ServerType};{EncodeDate};{SetupType}

Each field is a hexadecimal string of the format 0xhhhhhhhh. For example: 0x00000001;0x32984c50;0x00000001.

The MAP Toolkit is concerned only with the ServerType and SetupType fields, each of which shares the same enumeration values, as shown in the following table.