Archives: LDAP

How the Active Directory Expiring Links Feature Really Works

April 3, 2016 | Michael Grafnetter | 5 Comments on How the Active Directory Expiring Links Feature Really Works

One of the new features in Windows Server 2016 will be the Active Directory Expiring Links feature, which enables time-bound group membership, expressed by a time-to-live (TTL) value. Here is how it works: Enabling the Expiring Links Feature The Expiring Links feature had been a standalone feature in early Windows Server 2016 builds, but as of TP4, it is a part of the broader Privileged Access Management (PAM) feature. It • Read More »

Tags: , , ,

Retrieving Cleartext GMSA Passwords from Active Directory

December 28, 2015 | Michael Grafnetter | 4 Comments on Retrieving Cleartext GMSA Passwords from Active Directory

Have you ever wondered how the automatically generated passwords of Group Managed Service Accounts (GMSA)¬†look like? Well, you can fetch them from Active Directory in the same way as Windows Servers do and see yourself. Here is how: Creating a GMSA To start experimenting, we need to have a GMSA first, so we create one:

We can check the result in the Active Directory Users and Computers console: Unfortunately, the built-in GUI • Read More »

Tags: , , ,