Windows Server 2025 database and replication support

MichaelGrafnetter · Oct 6, 2023 · 9bf3800 · 9bf3800
1 parent f6deab9
commit 9bf3800
Show file tree

Hide file tree

Showing 23 changed files with 122 additions and 65 deletions.
diff --git a/Src/DSInternals.Common.Test/SupplementalCredentialsTester.cs b/Src/DSInternals.Common.Test/SupplementalCredentialsTester.cs
@@ -125,7 +125,16 @@ public void SupplementalCredentials_Generate1()
             // Test integrity
             Assert.AreEqual(credentials2.ClearText, credentials.ClearText);
             Assert.AreEqual(credentials2.NTLMStrongHash.Length, credentials.NTLMStrongHash.Length);
+
+            // Test WDigest
             Assert.AreEqual(credentials2.WDigest.Length, credentials.WDigest.Length);
+            Assert.AreEqual(credentials2.WDigest[0].ToHex(), credentials.WDigest[0].ToHex());
+
+            // Test Kerberos
+            Assert.AreEqual(credentials2.Kerberos.DefaultSalt, credentials.Kerberos.DefaultSalt);
+            Assert.AreEqual(credentials2.Kerberos.Credentials[0].KeyType, credentials.Kerberos.Credentials[0].KeyType);
+
+            // Test key serialization
             Assert.AreEqual(credentials2.Kerberos.ToByteArray().ToHex(), credentials.Kerberos.ToByteArray().ToHex());
             Assert.AreEqual(credentials2.KerberosNew.ToByteArray().ToHex(), credentials.KerberosNew.ToByteArray().ToHex());
         }

diff --git a/Src/DSInternals.Common/DSInternals.Common.nuspec b/Src/DSInternals.Common/DSInternals.Common.nuspec
@@ -14,8 +14,7 @@
     <description>This package is shared between all other DSInternals packages. Its main features are Azure AD Graph API and ADSI clients for for retrieval of cryptographic material. It contains implementations of common hash functions used by Windows, including NT hash, LM hash and OrgId hash. It also contains methods for SysKey/BootKey retrieval.</description>
     <summary>This package is shared between all other DSInternals packages.</summary>
     <releaseNotes>
-- Implemented managed password calculation.
-- Fixed Kerberos PBKDF2 salt derivation for service accounts.
+- Added support for parsing AES SHA2 Kerbers keys.
     </releaseNotes>
     <copyright>Copyright (c) 2015-2023 Michael Grafnetter. All rights reserved.</copyright>
     <tags>ActiveDirectory Security AD AAD Identity Active Directory</tags>

diff --git a/Src/DSInternals.Common/Data/Principals/KerberosCredential.cs b/Src/DSInternals.Common/Data/Principals/KerberosCredential.cs
@@ -32,7 +32,11 @@ public KerberosCredential(SecureString password, string principal, string realm)
             byte[] desKey = KerberosKeyDerivation.DeriveKey(KerberosKeyType.DES_CBC_MD5, password, this.DefaultSalt);
             var desKeyData = new KerberosKeyData(KerberosKeyType.DES_CBC_MD5, desKey);
 
-            this.Credentials = new KerberosKeyData[] { desKeyData };
+            // TODO: Generate RC4 key
+            // byte[] rc4Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.RC4_HMAC_NT, password, this.DefaultSalt);
+            // var rc4KeyData = new KerberosKeyData(KerberosKeyType.RC4_HMAC_NT, rc4Key);
+
+            this.Credentials = new KerberosKeyData[] { desKeyData /*, rc4KeyData */ };
         }
 
         public short Flags
@@ -232,4 +236,4 @@ private static void WriteCredential(BinaryWriter writer, KerberosKeyData credent
             writer.Write(keyValueOffset);
         }
     }
-}
+}
diff --git a/Src/DSInternals.Common/Data/Principals/KerberosCredentialNew.cs b/Src/DSInternals.Common/Data/Principals/KerberosCredentialNew.cs
@@ -35,25 +35,36 @@ public KerberosCredentialNew(SecureString password, string salt, bool includeDES
             this.DefaultSalt = salt;
             this.DefaultIterationCount = KerberosKeyDerivation.DefaultIterationCount;
 
-            // Generate AES keys
-            byte[] aes128Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, password, this.DefaultSalt);
-            var aes128KeyData = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, aes128Key, this.DefaultIterationCount);
+            // Generate AES SHA1 keys
+            byte[] aes128sha1Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, password, this.DefaultSalt);
+            var aes128sha1KeyData = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, aes128sha1Key, this.DefaultIterationCount);
 
-            byte[] aes256Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, password, this.DefaultSalt);
-            var aes256KeyData = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, aes256Key, this.DefaultIterationCount);
+            byte[] aes256sha1Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, password, this.DefaultSalt);
+            var aes256sha1KeyData = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, aes256sha1Key, this.DefaultIterationCount);
 
-            if(includeDES)
+            // TODO: Generate AES SHA2 keys (Windows Server 2025)
+            // byte[] aes128sha2Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES128_CTS_HMAC_SHA256_128, password, this.DefaultSalt);
+            // var aes128sha2KeyData = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA256_128, aes128sha2Key, this.DefaultIterationCount);
+
+            // byte[] aes256sha2Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.AES256_CTS_HMAC_SHA384_192, password, this.DefaultSalt);
+            // var aes256sha2KeyData = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA384_192, aes256sha2Key, this.DefaultIterationCount);
+
+            // TODO: Generate RC4 key
+            // byte[] rc4Key = KerberosKeyDerivation.DeriveKey(KerberosKeyType.RC4_HMAC_NT, password, this.DefaultSalt);
+            // var rc4KeyData = new KerberosKeyDataNew(KerberosKeyType.RC4_HMAC_NT, rc4Key, this.DefaultIterationCount);
+
+            if (includeDES)
             {
                 // Generate DES key
                 byte[] desKey = KerberosKeyDerivation.DeriveKey(KerberosKeyType.DES_CBC_MD5, password, this.DefaultSalt);
                 var desKeyData = new KerberosKeyDataNew(KerberosKeyType.DES_CBC_MD5, desKey, this.DefaultIterationCount);
 
-                this.Credentials = new KerberosKeyDataNew[] { aes256KeyData, aes128KeyData, desKeyData };
+                this.Credentials = new KerberosKeyDataNew[] { /* aes256sha2KeyData, aes128sha2KeyData, */ aes256sha1KeyData, aes128sha1KeyData, desKeyData /*, rc4KeyData */ };
             }
             else
             {
                 // AES keys only
-                this.Credentials = new KerberosKeyDataNew[] { aes256KeyData, aes128KeyData };
+                this.Credentials = new KerberosKeyDataNew[] { /* aes256sha2KeyData, aes128sha2KeyData */ aes256sha1KeyData, aes128sha1KeyData /*, rc4KeyData*/ };
             }
         }
 

diff --git a/Src/DSInternals.Common/Data/Principals/KerberosKeyType.cs b/Src/DSInternals.Common/Data/Principals/KerberosKeyType.cs
@@ -10,11 +10,19 @@ public enum KerberosKeyType : int
         DES_CBC_CRC =                      1,
         DES_CBC_MD4 =                      2,
         DES_CBC_MD5 =                      3,
+        DES3_CBC_MD5 =                     5,
+        OLD_DES3_CBC_SHA1 =                7,
+        SIGN_DSA_GENERATE =                8,
+        ENCRYPT_RSA_PRIV =                 9,
+        ENCRYPT_RSA_PUB =                 10,
+        DES3_CBC_SHA1 =                   16,
         AES128_CTS_HMAC_SHA1_96 =         17,
         AES256_CTS_HMAC_SHA1_96 =         18,
-        DES_CBC_MD5_NT =                  20,
+        AES128_CTS_HMAC_SHA256_128 =      19,
+        AES256_CTS_HMAC_SHA384_192 =      20,
         RC4_HMAC_NT =                     23,
         RC4_HMAC_NT_EXP =                 24,
+        PK_CROSS =                        48,
         RC4_MD4 =                       -128,
         RC4_PLAIN2 =                    -129,
         RC4_LM =                        -130,

diff --git a/Src/DSInternals.Common/Data/Principals/SupportedEncryptionTypes.cs b/Src/DSInternals.Common/Data/Principals/SupportedEncryptionTypes.cs
@@ -36,6 +36,16 @@ public enum SupportedEncryptionTypes : uint
         /// </summary>
         AES256_CTS_HMAC_SHA1_96 = 16,
 
+        /// <summary>
+        /// Advanced Encryption Standard in 128-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (2)
+        /// </summary>
+        AES128_CTS_HMAC_SHA256_128 = 32,
+
+        /// <summary>
+        /// Advanced Encryption Standard in 256-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (2)
+        /// </summary>
+        AES256_CTS_HMAC_SHA384_192 = 64,
+
         /// <summary>
         /// Flexible Authentication Secure Tunneling (FAST) supported
         /// </summary>

diff --git a/Src/DSInternals.Common/Properties/AssemblyInfo.cs b/Src/DSInternals.Common/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals Common Library")]
-[assembly: AssemblyVersion("4.11")]
-[assembly: AssemblyFileVersion("4.11")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]

diff --git a/Src/DSInternals.DataStore/ADConstants.cs b/Src/DSInternals.DataStore/ADConstants.cs
@@ -12,7 +12,6 @@ internal static class ADConstants
         public const string SecurityDescriptorTableName = "sd_table";
         public const string EseBaseName = "edb";
         public const string EseTempDatabaseName = "temp.edb";
-        public const int PageSize = 8192; // 8k
         public const int EseLogFileSize = 10240; // 10M
         public const int EseIndexDefaultLocale = 1033; // = DS_DEFAULT_LOCALE = EN-US | SORT_DEFAULT
         public const int EseIndexDefaultCompareOptions = 0x00000001 | 0x00000002 | 0x00010000 | 0x00020000 | 0x00001000; // = DS_DEFAULT_LOCALE_COMPARE_FLAGS | LCMAP_SORTKEY = NORM_IGNORECASE | NORM_IGNOREKANATYPE | NORM_IGNORENONSPACE | NORM_IGNOREWIDTH | SORT_STRINGSORT

diff --git a/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec b/Src/DSInternals.DataStore/DSInternals.DataStore.nuspec
@@ -14,8 +14,7 @@
     <description>DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation. It can be used to extract password hashes from Active Directory backups or to modify the sIDHistory and primaryGroupId attributes.</description>
     <summary>DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation.</summary>
     <releaseNotes>
-- Added the capability to retrieve information about group managed service accounts (gMSAs) from database files and to calculate their current passwords.
-- Implemented the offline account unlock feature.
+- Support for Windows Server 2025 Insider Preview.
     </releaseNotes>
     <copyright>Copyright (c) 2015-2023 Michael Grafnetter. All rights reserved.</copyright>
     <tags>ActiveDirectory Security NTDS AD Identity Active Directory</tags>

diff --git a/Src/DSInternals.DataStore/DirectoryContext.cs b/Src/DSInternals.DataStore/DirectoryContext.cs
@@ -27,7 +27,18 @@ public DirectoryContext(string dbFilePath, bool readOnly, string logDirectoryPat
             }
 
             this.DSADatabaseFile = dbFilePath;
-            ValidateDatabaseState(this.DSADatabaseFile);
+
+            // Retrieve info about the DB (Win Version, Page Size, State,...)
+            JET_DBINFOMISC dbInfo;
+            Api.JetGetDatabaseFileInfo(dbFilePath, out dbInfo, JET_DbInfo.Misc);
+
+            if (dbInfo.dbstate != JET_dbstate.CleanShutdown)
+            {
+                // Database might be inconsistent
+                throw new InvalidDatabaseStateException("The database is not in a clean state. Try to recover it first by running the 'esentutl /r edb /d' command.", dbFilePath);
+            }
+
+            this.PageSize = dbInfo.cbPageSize;
 
             this.DSAWorkingDirectory = Path.GetDirectoryName(this.DSADatabaseFile);
             string checkpointDirectoryPath = this.DSAWorkingDirectory;
@@ -51,7 +62,7 @@ public DirectoryContext(string dbFilePath, bool readOnly, string logDirectoryPat
             string jetInstanceName = String.Format(JetInstanceNameFormat, Guid.NewGuid());
 
             // Note: IsamInstance constructor throws AccessDenied Exception when the path does not end with a backslash.
-            this.instance = new IsamInstance(AddPathSeparator(checkpointDirectoryPath), AddPathSeparator(this.DatabaseLogFilesPath), tempDatabasePath, ADConstants.EseBaseName, jetInstanceName, readOnly, ADConstants.PageSize);
+            this.instance = new IsamInstance(AddPathSeparator(checkpointDirectoryPath), AddPathSeparator(this.DatabaseLogFilesPath), tempDatabasePath, ADConstants.EseBaseName, jetInstanceName, readOnly, this.PageSize);
 
             try
             {
@@ -151,6 +162,12 @@ public DirectoryContext(string dbFilePath, bool readOnly, string logDirectoryPat
             }
         }
 
+        public int PageSize
+        {
+            get;
+            private set;
+        }
+
         public string DSAWorkingDirectory
         {
             get;
@@ -294,18 +311,5 @@ private static string AddPathSeparator(string path)
                 return path + Path.DirectorySeparatorChar;
             }
         }
-
-        public static void ValidateDatabaseState(string dbFilePath)
-        {
-            // Retrieve info about the DB (Win Version, Page Size, State,...)
-            JET_DBINFOMISC dbInfo;
-            Api.JetGetDatabaseFileInfo(dbFilePath, out dbInfo, JET_DbInfo.Misc);
-
-            if (dbInfo.dbstate != JET_dbstate.CleanShutdown)
-            {
-                // Database might be inconsistent
-                throw new InvalidDatabaseStateException("The database is not in a clean state. Try to recover it first by running the 'esentutl /r edb /d' command.", dbFilePath);
-            }
-        }
     }
 }
diff --git a/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs b/Src/DSInternals.DataStore/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals DataStore Library")]
-[assembly: AssemblyVersion("4.11")]
-[assembly: AssemblyFileVersion("4.11")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]

diff --git a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
@@ -3,7 +3,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>DSInternals-PSModule</id>
-    <version>4.11</version>
+    <version>4.12</version>
     <packageSourceUrl>https://github.com/MichaelGrafnetter/DSInternals/tree/master/Src/DSInternals.PowerShell/Chocolatey</packageSourceUrl>
     <owners>MichaelGrafnetter</owners>
     <title>DSInternals PowerShell Module</title>
@@ -37,9 +37,8 @@ The DSInternals PowerShell Module has these main features:
 ## Disclaimer
 Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.</description>
     <releaseNotes>
-* Added the Get-ADDBServiceAccount cmdlet for offline managed password derivation.
-* Implemented the Unlock-ADDBAccount cmdlet that can perform offline account unlock.
-* Fixed Kerberos PBKDF2 salt derivation for service accounts in the ConvertTo-KerberosKey cmdlet.
+* Support for Windows Server 2025 Insider Preview.
+* Improved KDS Root Key selection algorithm.
     </releaseNotes>
     <dependencies>
       <!-- Windows Management Framework 3+. For OS prior to Windows 8 and Windows Server 2012. -->

diff --git a/Src/DSInternals.PowerShell/Commands/Hash/ConvertToKerberosKeyCommand.cs b/Src/DSInternals.PowerShell/Commands/Hash/ConvertToKerberosKeyCommand.cs
@@ -63,15 +63,27 @@ protected override void ProcessRecord()
         {
             this.WriteVerbose("Calculating Kerberos keys.");
 
-            var aes256 = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, this.Password, this.Salt, this.Iterations);
-            this.WriteObject(aes256);
+            // TODO: AES SHA2 ETypes are not yet supported by the crypto library
+            /*
+            var aes256sha2 = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA384_192, this.Password, this.Salt, this.Iterations);
+            this.WriteObject(aes256sha2);
 
-            var aes128 = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, this.Password, this.Salt, this.Iterations);
-            this.WriteObject(aes128);
+            var aes128sha2 = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA256_128, this.Password, this.Salt, this.Iterations);
+            this.WriteObject(aes128sha2);
+            */
+
+            var aes256sha1 = new KerberosKeyDataNew(KerberosKeyType.AES256_CTS_HMAC_SHA1_96, this.Password, this.Salt, this.Iterations);
+            this.WriteObject(aes256sha1);
+
+            var aes128sha1 = new KerberosKeyDataNew(KerberosKeyType.AES128_CTS_HMAC_SHA1_96, this.Password, this.Salt, this.Iterations);
+            this.WriteObject(aes128sha1);
 
             var des = new KerberosKeyDataNew(KerberosKeyType.DES_CBC_MD5, this.Password, this.Salt, this.Iterations);
             this.WriteObject(des);
+
+            var rc4 = new KerberosKeyDataNew(KerberosKeyType.RC4_HMAC_NT, this.Password, this.Salt, this.Iterations);
+            this.WriteObject(rc4);
         }
         #endregion Cmdlet Overrides
     }
-}
+}
diff --git a/Src/DSInternals.PowerShell/DSInternals.psd1 b/Src/DSInternals.PowerShell/DSInternals.psd1
@@ -8,7 +8,7 @@
 RootModule = 'DSInternals.Bootstrap.psm1'
 
 # Version number of this module.
-ModuleVersion = '4.11'
+ModuleVersion = '4.12'
 
 # Supported PSEditions
 # CompatiblePSEditions = 'Desktop'
@@ -143,9 +143,8 @@ PrivateData = @{
 
         # ReleaseNotes of this module
         ReleaseNotes = @"
-- Added the Get-ADDBServiceAccount cmdlet for offline managed password derivation.
-- Implemented the Unlock-ADDBAccount cmdlet that can perform offline account unlock.
-- Fixed Kerberos PBKDF2 salt derivation for service accounts in the ConvertTo-KerberosKey cmdlet.
+- Support for Windows Server 2025 Insider Preview.
+- Improved KDS Root Key selection algorithm.
 "@
     } # End of PSData hashtable
 

diff --git a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals PowerShell Commands")]
-[assembly: AssemblyVersion("4.11")]
-[assembly: AssemblyFileVersion("4.11")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]

diff --git a/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp b/Src/DSInternals.Replication.Interop/AssemblyInfo.cpp
@@ -14,7 +14,7 @@ using namespace System::Security::Permissions;
 //
 [assembly:AssemblyTitleAttribute(L"DSInternals Replication Interop Library")];
 // Note: Do not forget to change the version in version.rc files.
-[assembly:AssemblyVersionAttribute("4.10")];
+[assembly:AssemblyVersionAttribute("4.12")];
 [assembly:AssemblyDescriptionAttribute(L"")];
 [assembly:AssemblyConfigurationAttribute(L"")];
 [assembly:AssemblyCompanyAttribute(L"")];

diff --git a/Src/DSInternals.Replication.Interop/DrsConnection.cpp b/Src/DSInternals.Replication.Interop/DrsConnection.cpp
@@ -98,8 +98,8 @@ namespace DSInternals
 			{
 				auto clientInfo = make_midl_ptr<DRS_EXTENSIONS_INT>();
 				clientInfo->dwFlags = DRS_EXT::ALL_EXT;
-				clientInfo->dwFlagsExt = DRS_EXT2::DRS_EXT_LH_BETA2 | DRS_EXT2::DRS_EXT_RECYCLE_BIN | DRS_EXT2::DRS_EXT_PAM;
-				clientInfo->dwExtCaps = DRS_EXT2::DRS_EXT_LH_BETA2 | DRS_EXT2::DRS_EXT_RECYCLE_BIN | DRS_EXT2::DRS_EXT_PAM;
+				clientInfo->dwFlagsExt = DRS_EXT2::DRS_EXT_LH_BETA2 | DRS_EXT2::DRS_EXT_RECYCLE_BIN | DRS_EXT2::DRS_EXT_PAM | DRS_EXT2::DRS_EXT_32K_PAGES;
+				clientInfo->dwExtCaps = DRS_EXT2::DRS_EXT_LH_BETA2 | DRS_EXT2::DRS_EXT_RECYCLE_BIN | DRS_EXT2::DRS_EXT_PAM | DRS_EXT2::DRS_EXT_32K_PAGES;
 				clientInfo->dwReplEpoch = this->_serverReplEpoch;
 				return clientInfo;
 			}

diff --git a/Src/DSInternals.Replication.Interop/drsr_addons.h b/Src/DSInternals.Replication.Interop/drsr_addons.h
@@ -207,7 +207,11 @@ enum DRS_EXT2 : DWORD
 	/// <summary>
 	/// If present, signifies that the DC has enabled the Privileged Access Management optional feature.
 	/// </summary>
-	DRS_EXT_PAM = 0x00000200
+	DRS_EXT_PAM = 0x00000200,
+	/// <summary>
+	/// If present, signifies that the DC has enabled the Database 32k Pages optional feature.
+	/// </summary>
+	DRS_EXT_32K_PAGES = 0x00001000
 };
 
 DEFINE_ENUM_FLAG_OPERATORS(DRS_EXT2)

diff --git a/Src/DSInternals.Replication.Interop/version.rc b/Src/DSInternals.Replication.Interop/version.rc
@@ -39,8 +39,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 4,10,0,0
- PRODUCTVERSION 4,10,0,0
+ FILEVERSION 4,12,0,0
+ PRODUCTVERSION 4,12,0,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -57,12 +57,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "Michael Grafnetter"
             VALUE "FileDescription", "DSInternals Replication Interop Library"
-            VALUE "FileVersion", "4.10.0.0"
+            VALUE "FileVersion", "4.12.0.0"
             VALUE "InternalName", "DSInternals.Replication.Interop"
             VALUE "LegalCopyright", "Copyright � 2015-2023 Michael Grafnetter"
             VALUE "OriginalFilename", "DSInternals.Replication.Interop.dll"
             VALUE "ProductName", "DSInternals PowerShell Module"
-            VALUE "ProductVersion", "4.10.0.0"
+            VALUE "ProductVersion", "4.12.0.0"
         END
     END
     BLOCK "VarFileInfo"

diff --git a/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs b/Src/DSInternals.Replication.Model/Properties/AssemblyInfo.cs
@@ -5,8 +5,8 @@
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals Replication Data Model")]
-[assembly: AssemblyVersion("4.8")]
-[assembly: AssemblyFileVersion("4.8")]
+[assembly: AssemblyVersion("4.12")]
+[assembly: AssemblyFileVersion("4.12")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]