List of Cmdlets in the DSInternals Module

September 29, 2015 | Michael Grafnetter | 18 Comments on List of Cmdlets in the DSInternals Module

Here is the list of cmdlets currently contained in the DSInternals PowerShell module:

Online operations with the Active Directory database

Offline operations with the Active Directory database

  • Get-ADDBAccount – Reads one or more accounts from a ntds.dit file, including the secret attributes.
  • Get-BootKey – Reads the BootKey (aka SysKey) from an online or offline SYSTEM registry hive.
  • Set-ADDBBootKey – Re-encrypts a ntds.dit with a new BootKey. Highly experimental!
  • Get-ADDBBackupKey – Reads the DPAPI backup keys from a ntds.dit file.
  • Add-ADDBSidHistory – Adds one or more values to the sIDHistory attribute of an object in a ntds.dit file.
  • Set-ADDBPrimaryGroup – Modifies the primaryGroupId attribute of an object in a ntds.dit file.
  • Get-ADDBDomainController – Reads information about the originating DC from a ntds.dit file, including domain name, domain SID, DC name and DC site.
  • Set-ADDBDomainController – Writes information about the DC to a ntds.dit file, including the highest commited USN and database epoch.
  • Get-ADDBSchemaAttribute – Reads AD schema from a ntds.dit file, including datatable column names.
  • Remove-ADDBObject – Physically removes specified object from a ntds.dit file, making it semantically inconsistent. Highly experimental!


The output of the Get-ADDBAccount and Get-ADReplAccount cmdlets can be formatted using these additional Views:

  • HashcatNT – NT hashes in Hashcat‘s format.
  • HashcatLM – LM hashes in Hashcat’s format.
  • JohnNT – NT hashes in the format supported by John the Ripper.
  • JohnLM – LM hashes in the format supported by John the Ripper.
  • Ophcrack – NT and LM hashes in Ophcrack‘s format.

Password hash calculation

Password decryption


  • Test-PasswordQuality – Performs AD audit, including checks for weak, duplicate, default and empty passwords.
  • Save-DPAPIBlob – Saves the output of the Get-ADReplBackupKey and Get-ADDBBackupKey cmdlets to a file.
  • ConvertTo-Hex – Helper cmdlet that converts binary input to the hexadecimal string format.

I promise to publish more information about my cmdlets in the near future.

Tags: , , , , ,