ADCMDStuff: Difference between revisions
Jump to navigation
Jump to search
(Created page with "CMD stuff related to Active Directory <syntaxhighlight lang="dos"> runas /netonly /u:domain\user cmd nltest /dsgetdc:domain.lcl </syntaxhighlight>") (change visibility) |
|||
(12 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
CMD stuff related to Active Directory | CMD stuff related to Active Directory | ||
repadmin.exe /showObjMeta domaincontroller cn | |||
gpresult | |||
==run as any domainuser== | |||
*runas /netonly /u:domain\user cmd | |||
'''in elevated cmd!''' | |||
*runas /env /netonly /u:domain\user "mmc dsa.msc /server=domain.lcl" | |||
otherwise | |||
[[File:Mmc.JPG|300px]] | |||
==check audit policies== | |||
auditpol /get /category:* | |||
*for file [[sacl]] modifications | |||
[[gpedit]].msc => Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access | |||
Line 5: | Line 27: | ||
runas /netonly /u:domain\user cmd | runas /netonly /u:domain\user cmd | ||
nltest /dsgetdc:domain.lcl | nltest /dsgetdc:domain.lcl | ||
#dsacls | |||
dsacls "cn=users,dc=corp,dc=contoso,dc=com" | |||
dsacls "\\domaincontroller.domain.lcl\DC=domain,DC=lcl" | |||
#in powershell | |||
Import-Module activedirectory | |||
set-location ad: | |||
(Get-Acl 'cn=users,dc=corp,dc=contoso,dc=com').access | ft identityreference, accesscontroltype -AutoSize | |||
(Get-Acl 'cn=users,dc=corp,dc=contoso,dc=com').access | select identityreference, accesscontroltype | out-gridview | |||
#to find everything that ever was admin - http://www.ehloworld.com/1621 | |||
([adsisearcher]"(AdminCount=1)").findall() | |||
dsquery * -filter "(admincount=1)" | |||
Get-ADuser -LDAPFilter "(admincount=1)" -Server domaincontroller.domain.lcl | select name | |||
Get-ADgroup -LDAPFilter "(admincount=1)" -Server domaincontroller.domain.lcl | select name | |||
#clear admincount | |||
Get-AdUser [user name] | Set-AdObject -clear adminCount | |||
#re-enforce inheritance | |||
$User = [ADSI] $_.Path | |||
dsacls $User.distinguishedName /p:n | |||
#checkdsacls - http://activedirectoryutils.codeplex.com/releases/view/13664 | |||
#Run the following commands once for each domain (root and child) | |||
# | |||
#Check OU Permissions | |||
# | |||
CheckDSAcls /Target:"distinguishedName of domain" /ShowChildren /SearchFilter:"objectClass=organizationalUnit" /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389 | |||
#Check domain-level permissions | |||
CheckDSAcls /Target:"distinguishedName of domain" /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389 | |||
#Run the following commands for each OU (or container) where in-scope objects reside | |||
#Several locations/OUs may contain "interesting" objects like servers, service accounts, etc.: | |||
# | |||
#Please list these locations and for each locations OUs containing objects of interest, run the following command: | |||
CheckDSAcls /Target:"distinguishedName of location" /ShowChildren /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389 | |||
</syntaxhighlight> | </syntaxhighlight> |
Revision as of 14:50, 13 January 2014
CMD stuff related to Active Directory
repadmin.exe /showObjMeta domaincontroller cn
gpresult
run as any domainuser
- runas /netonly /u:domain\user cmd
in elevated cmd!
- runas /env /netonly /u:domain\user "mmc dsa.msc /server=domain.lcl"
otherwise
Error creating thumbnail: File missing
check audit policies
auditpol /get /category:*
- for file sacl modifications
gpedit.msc => Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access
runas /netonly /u:domain\user cmd
nltest /dsgetdc:domain.lcl
#dsacls
dsacls "cn=users,dc=corp,dc=contoso,dc=com"
dsacls "\\domaincontroller.domain.lcl\DC=domain,DC=lcl"
#in powershell
Import-Module activedirectory
set-location ad:
(Get-Acl 'cn=users,dc=corp,dc=contoso,dc=com').access | ft identityreference, accesscontroltype -AutoSize
(Get-Acl 'cn=users,dc=corp,dc=contoso,dc=com').access | select identityreference, accesscontroltype | out-gridview
#to find everything that ever was admin - http://www.ehloworld.com/1621
([adsisearcher]"(AdminCount=1)").findall()
dsquery * -filter "(admincount=1)"
Get-ADuser -LDAPFilter "(admincount=1)" -Server domaincontroller.domain.lcl | select name
Get-ADgroup -LDAPFilter "(admincount=1)" -Server domaincontroller.domain.lcl | select name
#clear admincount
Get-AdUser [user name] | Set-AdObject -clear adminCount
#re-enforce inheritance
$User = [ADSI] $_.Path
dsacls $User.distinguishedName /p:n
#checkdsacls - http://activedirectoryutils.codeplex.com/releases/view/13664
#Run the following commands once for each domain (root and child)
#
#Check OU Permissions
#
CheckDSAcls /Target:"distinguishedName of domain" /ShowChildren /SearchFilter:"objectClass=organizationalUnit" /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389
#Check domain-level permissions
CheckDSAcls /Target:"distinguishedName of domain" /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389
#Run the following commands for each OU (or container) where in-scope objects reside
#Several locations/OUs may contain "interesting" objects like servers, service accounts, etc.:
#
#Please list these locations and for each locations OUs containing objects of interest, run the following command:
CheckDSAcls /Target:"distinguishedName of location" /ShowChildren /SplitDN /OutputToFile:"<FILENAME>.txt" /ServerName:"Any Domain Controller" /Port:389