There is a new tool available for auditing Active Directory passwords, the Get-bADPasswords cmdlet. It has been created by Jakob Heidelberg and it is built upon the features of the DSInternals module.
Tags: Active Directory, PowerShell, Security
Archives: Active Directory
List of Cmdlets in the DSInternals Module
September 29, 2015 | Michael Grafnetter | 14 Comments on List of Cmdlets in the DSInternals ModuleHere is the list of cmdlets currently contained in the DSInternals PowerShell module: Online operations with the Active Directory database Get-ADReplAccount – Reads one or more accounts through the DRSR protocol, including secret attributes. Set-SamAccountPasswordHash – Sets NT and LM hashes of an account through the SAMR protocol. Get-ADReplBackupKey – Reads the DPAPI backup keys through the DRSR protocol. Offline operations with the Active Directory database Get-ADDBAccount – • Read More »
Tags: Active Directory, DPAPI, Microsoft Azure, Office 365, PowerShell, Security
Peeking into the Active Directory Database
September 28, 2015 | Michael Grafnetter | No Comments on Peeking into the Active Directory DatabaseDuring my recent talk about inner workings of Active Directory, I showcased the Esent Workbench tool, which can be used to look inside a ntds.dit file. But one must really have stomach for it.
Tags: Active Directory
New version of the DSInternals module released
September 5, 2015 | Michael Grafnetter | No Comments on New version of the DSInternals module releasedI have released a new version of the DSInternals PowerShell module. This is mainly a bugfix release. You can grab it from the Downloads section. Or, if you have PowerShell 5, you can install the module from the PowerShell Gallery by running this command:
|
1 |
Install-Module -Name DSInternals |
Tags: Active Directory, Microsoft Azure, PowerShell, Security
Retrieving Active Directory Passwords Remotely
August 4, 2015 | Michael Grafnetter | 98 Comments on Retrieving Active Directory Passwords RemotelyI have finally finished work on the Get-ADReplAccount cmdlet, the newest addition to my DSInternals PowerShell Module, that can retrieve reversibly encrypted plaintext passwords, password hashes and Kerberos keys of all user accounts from remote domain controllers. This is achieved by simulating the behavior of the dcromo tool and creating a replica of Active Directory database through the MS-DRSR protocol. Furthermore, it has these properties: It does not even need the Domain Admins group membership. • Read More »
Tags: Active Directory, PowerShell, Security
The DSInternals PowerShell Module has been released
February 28, 2015 | Michael Grafnetter | 2 Comments on The DSInternals PowerShell Module has been releasedI have decided to publish the DSInternals PowerShell Module, which contains a few cmdlets I use during my lectures about Active Directory security. You can find it in the Downloads section. It currently lacks any documentation, so Get-Help won’t give you nice results, but I am working on that. Examples
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
Import-Module DSInternals $pwd = ConvertTo-SecureString 'Pa$$W0rd' -AsPlainText -Force # Calculate the NT and LM hashes ConvertTo-NTHash $pwd # Output: 92937945b518814341de3f726500d4ff ConvertTo-LMHash $pwd # Output: 727e3576618fa1754a3b108f3fa6cb6d # Set AD account password hash using the SAMR protocol Set-SamAccountPasswordHash -SamAccountName john -Domain ADATUM -NTHash '92937945b518814341de3f726500d4ff' -Server dc1.adatum.com # Calculate the OrgId hash, that is sent to Azure Active Directory by DirSync ConvertTo-OrgIdHash -NTHash '92937945b518814341de3f726500d4ff' # Output: v1;PPH1_MD4,f76bc776428002f87f4b,100,0ab46c4a6351db87cc13323bb01eea073c90a52e376fffca559e57fbb19a441a; # Decrypt a password from Group Policy Preferences ConvertFrom-GPPrefPassword 'v9NWtCCOKEUHkZBxakMd6HLzo4+DzuizXP83EaImqF8' # Output: Pa$$w0rd # Decrypt a password from an unattend.xml file ConvertFrom-UnattendXmlPassword 'UABhACQAJAB3ADAAcgBkAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==' # Output: Pa$$w0rd |
Error reporting If you find an error in the DSInternals Powershell Module, I would be glad if you sent me an e-mail. Planned • Read More »