Archives: Active Directory

Dumping the contents of ntds.dit files using PowerShell

October 20, 2015 | Michael Grafnetter | 69 Comments on Dumping the contents of ntds.dit files using PowerShell

Although there exist several tools for dumping password hashes from the Active Directory database files, including the open-source NTDSXtract from Csaba Bárta whose great research started it all, they have these limitations: They do not support the built-in indices, so searching for a single object is slow when dealing with large databases. Most of the tools are either Linux-only or running them on Windows is not simple enough. Almost none of these tools can • Read More »

Tags: , ,

How Azure Active Directory Connect Syncs Passwords

October 18, 2015 | Michael Grafnetter | 11 Comments on How Azure Active Directory Connect Syncs Passwords

Many people have asked me about the security implications of synchronizing passwords from Active Directory to Azure Active Directory using the Azure AD Connect tool. Although there is an article on Technet that claims that the passwords are synced in a very secure hashed form that cannot be misused for authentication against the on-premise Active Directory, it lacks any detail about the exact information being sent to Microsoft’s servers. A post at • Read More »

Tags: , , , ,

List of Cmdlets in the DSInternals Module

September 29, 2015 | Michael Grafnetter | 14 Comments on List of Cmdlets in the DSInternals Module

Here is the list of cmdlets currently contained in the DSInternals PowerShell module: Online operations with the Active Directory database Get-ADReplAccount – Reads one or more accounts through the DRSR protocol, including secret attributes. Set-SamAccountPasswordHash – Sets NT and LM hashes of an account through the SAMR protocol. Get-ADReplBackupKey – Reads the DPAPI backup keys through the DRSR protocol. Offline operations with the Active Directory database Get-ADDBAccount – • Read More »

Tags: , , , , ,

New version of the DSInternals module released

September 5, 2015 | Michael Grafnetter | No Comments on New version of the DSInternals module released

I have released a new version of the DSInternals PowerShell module. This is mainly a bugfix release. You can grab it from the Downloads section. Or, if you have PowerShell 5, you can install the module from the PowerShell Gallery by running this command:

Tags: , , ,

Retrieving Active Directory Passwords Remotely

August 4, 2015 | Michael Grafnetter | 104 Comments on Retrieving Active Directory Passwords Remotely

I have finally finished work on the Get-ADReplAccount cmdlet, the newest addition to my DSInternals PowerShell Module, that can retrieve reversibly encrypted plaintext passwords, password hashes and Kerberos keys of all user accounts from remote domain controllers. This is achieved by simulating the behavior of the dcromo tool and creating a replica of Active Directory database through the MS-DRSR protocol. Furthermore, it has these properties: It does not even need the Domain Admins group membership. • Read More »

Tags: , ,

The DSInternals PowerShell Module has been released

February 28, 2015 | Michael Grafnetter | 2 Comments on The DSInternals PowerShell Module has been released

I have decided to publish the DSInternals PowerShell Module, which contains a few cmdlets I use during my lectures about Active Directory security. You can find it in the Downloads section. It currently lacks any documentation, so Get-Help won’t give you nice results, but I am working on that. Examples

Error reporting If you find an error in the DSInternals Powershell Module, I would be glad if you sent me an e-mail. Planned • Read More »

Tags: , ,