Collaborate Disseminate
If a network has multiple domains (parent and child domains) each with a domain controller but only one child domain controller is vulnerable to CVE-2020-1472, would the parent and other child domains be affected if the vulnerable domain c… Continue reading Does CVE-2020-1472 affect multiple domains
Learn all there is to know about how Active Directory (AD) replication works. This guide covers the basics of how domain controllers (DCs) replicate all of your user accounts, passwords, computers, and other objects in your environment. Learn about how sites define the logical layout of your network and how the tools and features in […] Continue reading Active Directory Replication: A Guide for IT Pros
Domain controllers (DCs) are at the heart of Active Directory Domain Services (AD DS), the directory service that provides authentication, authorization, and password management for Microsoft Windows networks. Find out here why they’re so important and what they do. What does a domain controller do? A domain controller (DC) is a server on your network that manages access for users, computers, servers, etc. centrally. It uses […] Continue reading What is a Domain Controller?
Last month, Microsoft released the November Patch Tuesday updates to address two Active Directory (AD) Domain Services privilege escalation security flaws affecting all supported versions of Windows Server. But it looks like some customers have not updated their servers yet. The company published a blog post yesterday advising customers to install the emergency fixes on […] Continue reading Microsoft Advises Customers to Patch Active Directory Privilege Escalation Vulnerability
Is there a way to spot the method which an attacker used to do all of the necessary credential dumping, or stealing/forging tickets/using pass-the-hash/ticket techniques, if we don’t have access to the DC security log files, but only from … Continue reading Identifying the method which an attacker used to harvest important account credentials, while the security logs are deleted
If an attacker succeeds in getting the password of an IT support privileged account (that has Domain Control rights), can he successfully carry out the attack and do the lateral movement needed between the Domain Controllers and/or users?
… Continue reading Can a ransomware attack succeed with no root privileges, but instead if it does have privileged user access?
We are moving users and computers/servers from an old domain to a new one within our company. The domains are managed using Active Directory.
What are the security risks, considerations, and controls I need to consider to allow a secure mi… Continue reading What are the security risks when doing domain migration of users and computers?
RODCs can be deployed in locations where physical security cannot be guaranteed, to improve the security. This is the primary use case where a RODC should be deployed.
An other scenario would be to deploy a RODC in an insecure network segm… Continue reading Read-Only Domain Controller (RODC) in Insecure Networks – Security Benefits
My boss has requested me to perform a GPO (Group Policy Object) review for Microsoft AD which is currently running in my organization. But I have no clue what this means. Does anyone have an idea what this is? Please let me know how to sta… Continue reading How to perform a Microsoft AD GPO Review? [closed]
Recently I noticed that every few days, at (almost) the same time, one host is querying the Domain Controller for group members using SAMR calls. I am trying to understand why its happening continuously around the same time? is there a leg… Continue reading What legitimate services uses SAMR queries? And how to verify?