IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [active-directory]

Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. It provides a central location for network administration and security.

An advanced, hierarchical directory service that comes with Windows servers and used for managing permissions and user access to network resources. Introduced in Windows 2000, Active Directory is a domain-based network that is structured like the Internet's Domain Naming System (DNS). Using the LDAP directory access protocol, a company's workgroups (departments, sections, offices, etc.) are assigned domain names similar to Web addresses, and any LDAP-compliant Windows, Mac, Unix or Linux client can access them.

239 questions
5
votes
3 answers

How can I detect users that have requested AD Administrators to reuse an expired password?

There is a trend among companies I've worked at where administrators (or helpdesk folks) give a user a courtesy extension of the old expired password... rather than forcing the user to change it. This is usually done by re-entering the expired…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
1 answer

Any legitimate reason for notepad.exe to make network connections

Is there any known legitimate reason that notepad.exe would make network connections to a domain controller? I observed this behavior. The first connection was to port 135 and the second was to one of the Microsoft RPC dynamic ports. In addition I…
dcom-launch
  • 265
  • 1
  • 10
5
votes
2 answers

How does a client authenticate the domain controller

On an active directory based network how do hosts authenticate the Domain Controller? Is it possible for an attacker to impersonate the Domain Controller? PS: I'm having a problem getting info on how this works on a low level, I think because I…
Keith Loughnane
  • 257
  • 2
  • 8
5
votes
1 answer

Are passwords for Windows accounts always stored in cleartext in memory, while the account is logged on?

Are passwords for Windows accounts always stored in cleartext in memory, while the account is logged on? Using Mimikatz I've seen lots of examples where passwords are stored in memory, either for domain/local accounts or service accounts. Therefore…
Shuzheng
  • 1,097
  • 4
  • 22
  • 37
5
votes
1 answer

Use token for Windows Server 2008 AD RMS

I have a Windows Server 2008 configured for AD RMS (Active Directory Rights Management Service), another Windows Server 2008 machine that is the domain controller, and a third machine that is a member of the domain I've created to be a client. How…
Sahar
  • 59
  • 1
5
votes
2 answers

How do I sanitize LDAP input and prevent injection attacks? What LDAP injection scenarios are possible?

In the following C# example I'm querying AD's configuration container for Exchange overrides. If the domain name in unsanitised the end user could get LDAP to read a different object then intended. I'm not sure if other actions other than read are…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
1 answer

DSquery leaking personal information

Today I found DSquery on one of my smb shares at work. I ran it to query users and since my company uses IC numbers as the unique CN, I got to see all my colleagues' ICs. Firstly, is this considered a vulnerability? and secondly how can this be…
jia chen
  • 149
  • 4
5
votes
1 answer

How does UNC path hardening and SMB signing work under the hood?

With a lot of unpatched versions of Windows in an Active Directory domain, one can man-in-the-middle a client when it connects to the domain controller and inject a group policy that gives an attacker local administrator privileges…
Volker
  • 1,243
  • 8
  • 12
5
votes
2 answers

How does multi factor authentication modify the AD authentication process?

I'm trying to understand what would have to be updated to make Windows-based systems support multifactor authentication. Possible things that might have to be modified: Active Directory / Domain Controllers The application itself (IIS, Apache + the…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
1 answer

Is running IIS application pools as a domain user considered bad practice?

I'd say the question is self-explanatory, but to give a bit of context to the sort of environment I'm talking about. The scenario is that your webservers are being joined to the domain to make administration easier. Then, if we run the website as a…
Martin
  • 303
  • 3
  • 8
5
votes
1 answer

userWorkstations attribute in AD preventing users from logging into WebApp

For some of our users in AD, we have set userWorkstations attribute to restrict access to other machines. But this is preventing those users from logging into WebApplications (around 50+) protected by Access Manager(in our case OpenAM). One way to…
Karthik
  • 153
  • 6
4
votes
1 answer

Accessing user accounts without asking for their password

I don't like asking my (windows network) users for their passwords, it doesn't seem like a good security practice. I also want to train my users to never give their password to anyone if they ask for it. But there are certain things that I just need…
blsub6
  • 141
  • 2
4
votes
2 answers

How to locate a domain controller on a Windows network when not a member?

Is there a way to determine which machine on an active directory network is the domain controller, if on a computer not logged on to the domain? This is for a penetration test, going in blind. I've tried looking up the domain (which I know the name…
Joseph Midas
  • 51
  • 1
  • 2
4
votes
1 answer

Where does Active Directory store user hashes?

During a penetration test for a client, having an infrastructure with multiple (5) Active Directory Servers (Win Serv 2008 R2)... I found a nice exploit to drop a system shell in one of the servers, and stole the domain admin account with…
AnonZed
  • 61
  • 1
  • 2
  • 4
4
votes
2 answers

Storing the MAC Address of a computer in Active Directory

I’m considering enabling WoL (Wake on LAN) on the workstations on my network. In order to boot a workstation using WoL I require its MAC address. I could store the MAC address in a database, however I’d much rather store it as an attribute of the…
Fitzroy
  • 141
  • 1
  • 1
  • 4
1 2
3
15 16