Category: Active Directory

Avoid enabling Kerberos Pre-Authentication in AD

Kerberos Pre-Authentication The Key Distribution Center (KDC) is available as part of the domain controller and performs two key functions which are: Authentication Service (AS) and Ticket-Granting Service (TGS) By default the KDC requires all accounts to use pre-authentication. This is a security feature which offers protection against password-guessing attacks. The AS request identifies the client to…
Read more

 16,066 total views,  16 views today


November 11, 2021 0

LLMNR and NBT-NS Attack

LLMNR (Link-Local Multicast Name Resolution) is a protocol that is based upon the Domain Name System (DNS). It is often used by network-connected systems to identify hosts on the local-subnet when DNS fails, is not present or where peer-to-peer name-resolutions services are required. NBT-NS (NetBIOS Name Service) is a protocol to LLMNR and operates similarly…
Read more

 5,270 total views,  7 views today


October 30, 2021 0

Kerberos (Un)Constrained Delegation

 5,629 total views,  6 views today Love0 Share Tweet Share Pin

 5,629 total views,  6 views today


October 22, 2021 0

How to Modify Preferred DNS Settings via PowerShell

How to Update/Modify Preferred DNS Settings via Powershell To get the Existing DNS Settings run the below command, Get-DnsClientServerAddress Need to get Interface Index for which you need to modify and New DNS information To modify the DNS Settings, use the below command, Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses (“10.0.0.10″,”10.0.0.11”) Now you can check Preferred DNS Settings…
Read more

 3,102 total views,  5 views today


September 16, 2021 0

How to Modify AD User Attributes via PowerShell

In this article, we will see How to Get/Modify the Active Directory User Attributes via PowerShell. Below command help you to get all AD User attributes and values for the respective user1. Get-ADUser User1 -Properties * | fl You can use below command to filter with limited result, Get-ADUser User1 -Properties * | fl *Date*…
Read more

 3,127 total views,  5 views today


September 16, 2021 0

Group Managed Service Account (gMSA)

Active Directory managed service account that can be used to securely run services, applications, and scheduled tasks. Managed Service Accounts (MSA) to automatically manage (change) passwords of service accounts. Using MSA, you can considerably reduce the risk of system accounts running system services being compromised. MSA has one major problem which is the usage of…
Read more

 2,673 total views,  4 views today


September 11, 2021 0

Domain Join failed

  Delegated security group us unable to join the systems to the domain, where IT Admin getting the error as “Access Denied”   Start your investigation from client machine  NetSetup.log which helps you to track further towards resolution. 06/06/2021 10:25:23:033 NetpModifyComputerObjectInDs: Attribute values to set: 06/06/2021 10:25:23:033   DnsHostName  =  Client-PC.cloudapex.com 06/06/2021 10:25:23:033   ServicePrincipalName  =  HOST/Client-PC.cloudapex.com…
Read more

 2,541 total views,  4 views today


September 11, 2021 0

How to Extend Expired AD User Password

Active directory account passwords expire set (for example, every 45 days) in most of the organisations. Configuring an AD account with Password Never Expires is not recommended due to security. I came across the scenario to extend an active directory account’s current password expiration date without changing the password expiration policy.   Extend Expired AD…
Read more

 2,896 total views,  3 views today


September 11, 2021 0

Golden Ticket Attack – krbtgt

 3,844 total views,  3 views today Love1 Share Tweet Share Pin

 3,844 total views,  3 views today


August 29, 2021 1

Group Policy Overview

Group Policy that allows you to specify manage configurations for Users and Computers through Group Policy settings and Group Policy Preferences. There are 2 parts to a GPO One part is an object in AD (Called the Group Policy Container, or GPC) Another part is a set of files/folder within SYSVOL, on each DC (Called…
Read more

 2,228 total views,  3 views today


August 29, 2021 0