Tags: Active Directory, PowerShell, Security, SID History, Video
Archives: Security
Impersonating Office 365 Users With Mimikatz
January 15, 2017 | Michael Grafnetter | 1 Comment on Impersonating Office 365 Users With MimikatzIntroduction Last month, Microsoft has introduced a new feature of Azure AD Connect called Single Sign On. It allows companies to configure SSO between AD and AAD without the need to deploy ADFS, which makes it an ideal solution for SMEs. Here is a high-level diagram of this functionality: As we can see from the diagram above, Azure AD exposes a publicly available endpoint that accepts Kerberos tickets and translates them • Read More »
Tags: Active Directory, Microsoft Azure, Mimikatz, Office 365, Security
Auditing Active Directory Password Quality
August 7, 2016 | Michael Grafnetter | 19 Comments on Auditing Active Directory Password QualityOverview The latest version of the DSInternals PowerShell Module contains a new cmdlet called Test-PasswordQuality, which is a powerful yet easy to use tool for Active Directory password auditing. It can detect weak, duplicate, default, non-expiring or empty passwords and find accounts that are violating security best practices. All domain administrators can now audit Active Directory passwords on a regular basis, without any special knowledge. Usage The Test-PasswordQuality cmdlet • Read More »
Tags: Active Directory, PowerShell, Security
Dumping and Modifying Active Directory Database Using a Bootable Flash Drive
July 19, 2016 | Michael Grafnetter | No Comments on Dumping and Modifying Active Directory Database Using a Bootable Flash DriveSince version 2.15, the DSInternals PowerShell Module fully supports Windows PE, the free minimalistic edition of Windows. This means that all the nasty Active Directory database stuff can now be performed from a bootable flash drive or an ISO image, including: Dumping NT hashes, kerberos keys and cleartext passwords from ntds.dit files. Modifying the SID History of user accounts and groups. Modifying the Primary Group ID of user accounts. Extracting the DPAPI domain • Read More »
Tags: Active Directory, DPAPI, PowerShell, Security
How the Active Directory Expiring Links Feature Really Works
April 3, 2016 | Michael Grafnetter | 5 Comments on How the Active Directory Expiring Links Feature Really WorksOne of the new features in Windows Server 2016 will be the Active Directory Expiring Links feature, which enables time-bound group membership, expressed by a time-to-live (TTL) value. Here is how it works: Enabling the Expiring Links Feature The Expiring Links feature had been a standalone feature in early Windows Server 2016 builds, but as of TP4, it is a part of the broader Privileged Access Management (PAM) feature. It • Read More »
Tags: Active Directory, LDAP, PowerShell, Security
New Version Released
February 3, 2016 | Michael Grafnetter | 9 Comments on New Version ReleasedI am happy to announce that a new version of the DSInternals PowerShell Module has been released, now with Windows Server 2003 support.
Tags: Active Directory, PowerShell, Security
Retrieving Cleartext GMSA Passwords from Active Directory
December 28, 2015 | Michael Grafnetter | 8 Comments on Retrieving Cleartext GMSA Passwords from Active DirectoryHave you ever wondered how the automatically generated passwords of Group Managed Service Accounts (GMSA) look like? Well, you can fetch them from Active Directory in the same way as Windows Servers do and see yourself. Here is how: Creating a GMSA To start experimenting, we need to have a GMSA first, so we create one:
|
1 2 3 4 5 6 7 |
# Create a new KDS Root Key that will be used by DC to generate managed passwords Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10) # Create a new GMSA New-ADServiceAccount ` -Name 'SQL_HQ_Primary' ` -DNSHostName 'sql1.adatum.com' |
We can check the result in the Active Directory Users and Computers console: Unfortunately, the built-in GUI • Read More »
Tags: Active Directory, LDAP, PowerShell, Security
Retrieving DPAPI Backup Keys from Active Directory
October 26, 2015 | Michael Grafnetter | 3 Comments on Retrieving DPAPI Backup Keys from Active DirectoryIntroduction The Data Protection API (DPAPI) is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user’s master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset • Read More »
Tags: Active Directory, DPAPI, PowerShell, Security
Dumping the contents of ntds.dit files using PowerShell
October 20, 2015 | Michael Grafnetter | 67 Comments on Dumping the contents of ntds.dit files using PowerShellAlthough there exist several tools for dumping password hashes from the Active Directory database files, including the open-source NTDSXtract from Csaba Bárta whose great research started it all, they have these limitations: They do not support the built-in indices, so searching for a single object is slow when dealing with large databases. Most of the tools are either Linux-only or running them on Windows is not simple enough. Almost none of these tools can • Read More »
Tags: Active Directory, PowerShell, Security
How Azure Active Directory Connect Syncs Passwords
October 18, 2015 | Michael Grafnetter | 11 Comments on How Azure Active Directory Connect Syncs PasswordsMany people have asked me about the security implications of synchronizing passwords from Active Directory to Azure Active Directory using the Azure AD Connect tool. Although there is an article on Technet that claims that the passwords are synced in a very secure hashed form that cannot be misused for authentication against the on-premise Active Directory, it lacks any detail about the exact information being sent to Microsoft’s servers. A post at • Read More »
Tags: Active Directory, Microsoft Azure, Office 365, PowerShell, Security