ADCMDStuff: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 4: | Line 4: | ||
gpresult | gpresult | ||
==run as any domainuser== | |||
runas /netonly /u:domain\user cmd | |||
Revision as of 11:31, 13 January 2014
CMD stuff related to Active Directory
repadmin.exe /showObjMeta domaincontroller cn
gpresult
run as any domainuser
runas /netonly /u:domain\user cmd
check audit policies
auditpol /get /category:*
- for file sacl modifications
gpedit.msc => Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access
runas /netonly /u:domain\user cmd
nltest /dsgetdc:domain.lcl
#dsacls
dsacls "cn=users,dc=corp,dc=contoso,dc=com"
dsacls "\\domaincontroller.domain.lcl\DC=domain,DC=lcl"
#in powershell
Import-Module activedirectory
set-location ad:
(Get-Acl 'cn=users,dc=corp,dc=contoso,dc=com').access | ft identityreference, accesscontroltype -AutoSize
(Get-Acl 'cn=users,dc=corp,dc=contoso,dc=com').access | select identityreference, accesscontroltype | out-gridview
#to find everything that ever was admin - http://www.ehloworld.com/1621
([adsisearcher]"(AdminCount=1)").findall()
dsquery * -filter "(admincount=1)"
Get-ADuser -LDAPFilter "(admincount=1)" -Server domaincontroller.domain.lcl | select name
Get-ADgroup -LDAPFilter "(admincount=1)" -Server domaincontroller.domain.lcl | select name
#clear admincount
Get-AdUser [user name] | Set-AdObject -clear adminCount
#re-enforce inheritance
$User = [ADSI] $_.Path
dsacls $User.distinguishedName /p:n
#checkdsacls - http://activedirectoryutils.codeplex.com/releases/view/13664
#Run the following commands once for each domain (root and child)
#
#Check OU Permissions
#
CheckDSAcls /Target:"distinguishedName of domain" /ShowChildren /SearchFilter:"objectClass=organizationalUnit" /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389
#Check domain-level permissions
CheckDSAcls /Target:"distinguishedName of domain" /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389
#Run the following commands for each OU (or container) where in-scope objects reside
#Several locations/OUs may contain "interesting" objects like servers, service accounts, etc.:
#
#Please list these locations and for each locations OUs containing objects of interest, run the following command:
CheckDSAcls /Target:"distinguishedName of location" /ShowChildren /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389