From WikiWiki
Jump to navigation Jump to search

CMD stuff related to Active Directory

repadmin.exe /showObjMeta domaincontroller cn


run as any domainuser

  • runas /netonly /u:domain\user cmd

in elevated cmd!

  • runas /env /netonly /u:domain\user "mmc dsa.msc /server=domain.lcl"


Error creating thumbnail: File missing

check audit policies

auditpol /get /category:*

  • for file sacl modifications

gpedit.msc => Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access

runas /netonly /u:domain\user cmd 
nltest /dsgetdc:domain.lcl

dsacls "cn=users,dc=corp,dc=contoso,dc=com"
dsacls "\\domaincontroller.domain.lcl\DC=domain,DC=lcl"

#in powershell
Import-Module activedirectory
set-location ad:
(Get-Acl 'cn=users,dc=corp,dc=contoso,dc=com').access | ft identityreference, accesscontroltype -AutoSize
(Get-Acl 'cn=users,dc=corp,dc=contoso,dc=com').access | select identityreference, accesscontroltype | out-gridview

#to find everything that ever was admin -
dsquery * -filter "(admincount=1)"
Get-ADuser -LDAPFilter "(admincount=1)" -Server domaincontroller.domain.lcl | select name
Get-ADgroup -LDAPFilter "(admincount=1)" -Server domaincontroller.domain.lcl | select name
#clear admincount
Get-AdUser [user name] | Set-AdObject -clear adminCount
#re-enforce inheritance
$User = [ADSI] $_.Path
dsacls $User.distinguishedName /p:n

#checkdsacls -
#Run the following commands once for each domain (root and child)
#Check OU Permissions 
CheckDSAcls /Target:"distinguishedName of domain" /ShowChildren /SearchFilter:"objectClass=organizationalUnit" /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389

#Check domain-level permissions

CheckDSAcls /Target:"distinguishedName of domain" /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389

#Run the following commands for each OU (or container) where in-scope objects reside
#Several locations/OUs may contain "interesting" objects like servers, service accounts, etc.:
#Please list these locations and for each locations OUs containing objects of interest, run the following command:
CheckDSAcls /Target:"distinguishedName of location" /ShowChildren /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389