Archives: DPAPI

Dumping and Modifying Active Directory Database Using a Bootable Flash Drive

July 19, 2016 | Michael Grafnetter | No Comments

Since version 2.15, the DSInternals PowerShell Module fully supports Windows PE, the free minimalistic edition of Windows. This means that all the nasty Active Directory database stuff can now be performed from a bootable flash drive or an ISO image, including: Dumping NT hashes, kerberos keys and cleartext passwords from ntds.dit files. Modifying the SID History of user accounts and groups. Modifying the Primary Group ID of user accounts. Extracting the DPAPI domain • Read More »

Tags: Active Directory, DPAPI, PowerShell, Security

Retrieving DPAPI Backup Keys from Active Directory

October 26, 2015 | Michael Grafnetter | 3 Comments

Introduction The Data Protection API (DPAPI) is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user’s master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset • Read More »

Tags: Active Directory, DPAPI, PowerShell, Security

List of Cmdlets in the DSInternals Module

September 29, 2015 | Michael Grafnetter | 8 Comments

Here is the list of cmdlets currently contained in the DSInternals PowerShell module: Online operations with the Active Directory database Get-ADReplAccount – Reads one or more accounts through the DRSR protocol, including secret attributes. Set-SamAccountPasswordHash – Sets NT and LM hashes of an account through the SAMR protocol. Get-ADReplBackupKey – Reads the DPAPI backup keys through the DRSR protocol. Offline operations with the Active Directory database Get-ADDBAccount – • Read More »

Tags: Active Directory, DPAPI, Microsoft Azure, Office 365, PowerShell, Security