Extracting Password Hashes from Active Directory

Extracting hashes from Active Directory

To extract hashes from Active Directory you must first obtain a copy of the underlying Active Directory database; ntds.dit

For more information on the Data Store Architecture please refer to this Microsoft Technet article

Prerequisites

You must be logged on to a domain controller.

Extracting the Database

To extract . . . → Read More: Extracting Password Hashes from Active Directory

Active Directory Password Expiration Date

To find out the password expiration date for an Active Directory user you must first determine your domain’s password expiration policy and then when the password was last set.

Find your Domain Password Expiration Policy import-module activedirectory Get-ADDefaultDomainPasswordPolicy

Property MaxPasswordAge will tell you the default password expiration policy

Determine Date User Password Was Last Set . . . → Read More: Active Directory Password Expiration Date

active directory cheatsheet

Active Directory Cheat Sheet

This page contains my Active Directory Cheat Sheet. A list of collected one liners and vb scripts. Enjoy and feel free to add some yourself via comments!

Active Directory One Liners

This isn’t so much a script as an awesome way to reset an active directory user’s password.

How to Reset . . . → Read More: active directory cheatsheet

Apache Active Directory Authentication howto

Apache Active Directory Authentication howto

Modules Needed

mod_authz_ldap

Install mod_authz_ldap yum install mod_authz_ldap Verify Apache Config has Needed Modules LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so Apache Group LDAP Configuration (Active Directory Group Level Auth) AuthBasicProvider ldap AuthzLDAPAuthoritative On AuthLDAPURL ldap://10.128.28.3:3268/dc=xx,dc=com?sAMAccountName . . . → Read More: Apache Active Directory Authentication howto

Reset Active Directory Password Script

This isn’t so much a script as an awesome way to reset an active directory user’s password.

Requirements You must have admin rights to domain controller psexec How to Reset Active Directory User’s Password from Command Line

In this case you would need to be on the domain controller to run this:

DSQUERY USER -samid . . . → Read More: Reset Active Directory Password Script

getdn.bat

To return the distinguished name for all users in an active directory domain create a new file called getdn.bat

Content:

del c:\activeUsers.txt DSQUERY.exe * -limit 0 -filter “(&(objectCategory=Person)(objectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=2))” >”c:\activeUsers.txt” C:\WINDOWS\NOTEPAD.EXE c:\activeUsers.txt

active directory disable users older than x days

Script Details

This is example will show you how to disable folks that have a password older than x number of days AND / OR have not logged in for X number of days

Requirements ActiveRoles Management Shell (free) Powershell Server 2003 or Higher Domain Controller Example Script

Filename: C:\1audit\scripts\disable_accounts_password_age_greater_91_days.ps1 Description: (Disable users that have . . . → Read More: active directory disable users older than x days

Export All Users from OU

How can you export all users from an OU in active directory on server 2003?

Create a file called exportusers.vbs and paste in this text: Dim ObjWb Dim zz Set objRoot = GetObject(“LDAP://RootDSE”) strDNC = objRoot.Get(“DefaultNamingContext”) Set objDomain = GetObject(“LDAP://” & strDNC) ‘ Bind to the top of the Domain using LDAP using ROotDSE Set . . . → Read More: Export All Users from OU

list all users in security group active directory

howto list all users in security group active directory ?

dsquery group -name “” | dsget group -members -expand | dsget user -fn -ln -disabled

find username email address active directory

need to find username email address active directory ?

place this in a .bat file and run it:

dsquery.exe * -limit 0 -filter “(&(objectCategory=person)(objectClass=user)(mail=*))” -attr sAMAccountName name mail >”c:\PrimaryEmailAddresses.txt” notepad “c:\PrimaryEmailAddresses.txt”