Questions tagged [active-directory]

Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. It provides a central location for network administration and security.

An advanced, hierarchical directory service that comes with Windows servers and used for managing permissions and user access to network resources. Introduced in Windows 2000, Active Directory is a domain-based network that is structured like the Internet's Domain Naming System (DNS). Using the LDAP directory access protocol, a company's workgroups (departments, sections, offices, etc.) are assigned domain names similar to Web addresses, and any LDAP-compliant Windows, Mac, Unix or Linux client can access them.

239 questions

votes

1 answer

What's the risk if I accidently type my password into a username field (Windows logon)?

I'm used to logging into my personal Mac which is a password-only field (like waking from sleep mode). Sometimes I have to use a Windows network on which I have an account, but of course I have to type my username first. Still, going right into my…

asked May 12 '12 at 20:11

Matt

3,192
2
21
26

votes

5 answers

Why do I need Kerberos when I could just use a username and password to access services?

I have read that Kerberos is used for authenticating users who wish to access services on various servers in an enterprise network, but I still do not understand the purpose of Kerberos. Why doesn't the system admin just create a user account for…

authentication active-directory sso kerberos

asked Jul 20 '16 at 19:17

Minaj

1,536
2
14
23

votes

4 answers

What is the difference between a RADIUS server and Active Directory?

Why would I need a RADIUS server if my clients can connect and authenticate with Active Directory? When do I need a RADIUS server?

active-directory radius

asked Jul 14 '16 at 17:52

johnny

votes

2 answers

Does Windows really still use unsalted MD4 for password storage?

I find it quite difficult to believe that the passwords in Active Directory for Windows 2008 R2 are still stored using the unsalted MD4 (aka "NT Hash") algorithm. Can it really be true? I've been revising my understanding of password storage…

hash windows password-management active-directory

asked Jul 07 '11 at 17:26

Richard Gadsden

votes

4 answers

How do you discover what permissions an AD group has, if you have no documentation?

You just got hired at company A and the old administrator is no longer there. Requests start coming through for adding users to the internet restrict group. When you look at the groups none of the names make sense and there is no documentation out…

windows access-control active-directory

asked Jun 13 '11 at 11:51

Ambar Batista

votes

8 answers

Monitoring Active Directory Domain Administrator Activities

I need to monitor Active Directory domain administrator activities and look for the following: Looking for anomalies in daily activity Getting alerted upon a violation My problem is that turning on Windows Auditing in my environment (over 100…

active-directory monitoring domain-admin

asked Apr 09 '15 at 01:34

Fahmy Aziz

votes

3 answers

Safe to expose Active Directory via LDAPS externally?

We currently access Active Directory via LDAPS internally for authentication and user data retrieval. Is it common, or safe, to expose this publicly over LDAPs? Addendum 1: Our business case, our Cloud based remote hosted web-application needs…

tls authentication protocols active-directory ldap

asked Oct 24 '13 at 16:21

Andy

votes

4 answers

Extract Password Hashes from Active Directory LDAP

Currently we are working on a monthly internal security test which among other should contain a verification of the real password strength the users choose. For this reason I want to extract the password hashes of all users via LDAP. Everything I…

hash active-directory ldap

asked Sep 14 '15 at 17:53

davidb

4,285
3
19
31

votes

2 answers

Limiting Concurrent Login For System Admins On Windows Domain

Quick background: we are a smaller sized team meaning that we perform multi-function roles. Thus a developer is typically a DBA as well and some developers do have domain admin access. As a rule our team does not use the admin accounts (there are no…

authentication windows active-directory

asked Jul 27 '15 at 20:59

Namphibian

votes

3 answers

To DMZ, or not to DMZ

So for an assignment, we need to create a scheme (and eventually also the set-up) of a couple of servers in a network. The 'networks' are: Internal network DMZ The internet And the servers we need to place are the following: DNS Server Active…

dns active-directory exchange

asked Mar 01 '13 at 15:06

voluminat0

votes

3 answers

How to manage admin rights for helpdesk staff?

My question is about issuing administrative rights to helpdesk staff in a large Active Directory setting. Helpdesk staff commonly require administrative rights to provide support for end users. I know that this is commonly done (see [1] [2] [3]) by…

windows malware active-directory authorization

asked Aug 31 '12 at 03:11

Nic

1,136
2
10
13

votes

4 answers

Can an intruder still possibly succeed with pass-the-hash or pass-the-ticket on Windows 10 / Server 2016 networks where Credential Guard is enabled?

In sum: Does Credential Guard make passing-the-hash and passing-the-ticket attacks effectively unavailable on networks of Windows 10 / Windows Server 2016 machines? If not, how do you still acquire hashes or tickets to pass? From what I've learned…

authentication windows active-directory windows-10

asked Nov 03 '16 at 09:13

mostlyinformed

2,715
16
38

votes

1 answer

What practical uses are there for the AD feature of "Confidential Attributes"

Are any applications (off the shelf, or internal) leveraging Active Directory's Confidential Attributes? Would you store sensitive information here such as a private key, or a salt here? I'm planning a demonstration of this feature, but would like…

appsec access-control confidentiality active-directory ldap

asked Oct 17 '11 at 20:24

makerofthings7

50,090
54
250
536

votes

1 answer

Deploying a campus WiFi network that authenticates against an AD LDAP

We are looking to deploy about 15-20 Cisco 1131ag access points on campus. I have been reading up on different authentication methods, but I don’t know what will be the best long term solution that allows for a balance between simple management and…

network authentication wifi active-directory

asked Jul 01 '11 at 13:57

YerPhate

votes

2 answers

Implications of having a service account in AD use RC4 rather than AES for Kerberos?

Bear with me, I know this is sloppy, but here is the back story: We have a partner that uses Jira and is using spnego with a custom auth back-end that expects certain group membership in the token. Assuming the presented token meets the…

aes active-directory kerberos rc4

asked Jan 17 '13 at 02:36

MDMarra

2 3

…

15 16 Next