Add Deleted Objects Collection

[sttlr]

As it turns out, SharpHound does not collect CN=Deleted Objects.

Manually, it can be viewed using ldapsearch:

ldapsearch -H ldap://<DC_IP> \
  -x -D "user@domain.local" -w '<PASSWORD>' \
  -b "CN=Deleted Objects,DC=domain,DC=local" \
  -E 1.2.840.113556.1.4.417 \
  "(sAMAccountName=*)" '*'

NOTE: LDAP_SERVER_SHOW_DELETED OID - 1.2.840.113556.1.4.417 is required.

Ref: https://learn.microsoft.com/en-gb/previous-versions/windows/desktop/ldap/ldap-server-show-deleted-oid