From Microsoft’s Virtualization Blog, How to install integration services when the virtual machine is not running: We’ve been talking to a lot of people about deploying integration services (integration components) lately. As it turns out, they’re pretty easy to patch offline with existing Hyper-V tools. First, why would you update integration services on a not-running …
Category: PowerShell
Oct 15 2014
PowerShell Function: Get-ADAuthGroups
Here’s a PowerShell Function that leverages Active Directory .Net to get a list of the AD authorization groups. This is extremely useful to get a complete list of security groups that comprise a user’s AD Kerberos token without having to loop or recurse AD groups. Function GetAuthGroups { Param ( $AccountID, [switch]$CountAuthGroups, [Switch]$ReturnGroups = …
Oct 10 2014
PowerShell and Ambiguous Name Resolution (ANR) Search in Active Directory
I was recently asked how to find a user when you have data that may be the SamAccountName or in another attribute. My first thought was leveraging Ambiguous Name Resolution (ANR) Search in Active Directory. ANR enables you to find a user when you have some information about a user, but don’t know exactly to …
Oct 07 2014
PowerShell Code: Find User in Active Directory Forest
PowerShell Code: Find User in Active Directory Forest There are times when you have a userid, but don’t know where in a multi-domain forest a user is located. Here’s some PowerShell code for locating the user’s domain. PowerShell code leverages the Active Directory PowerShell module to query a local Global Catalog (GC) server in …
Oct 02 2014
Using PowerShell to Perform a Reverse DNS Lookup in Active Directory
Typically, one would use ping -a to get the hostname for a specific IP address which performs a DNS reverse lookup. Querying AD for a computer with an IP works great for computers joined to the Active Directory domain since most computers in AD have the IP Address configured on the computer account. When the …
Oct 01 2014
Black Hat USA 2014 Presentation: Investigating PowerShell Attacks
Black Hat USA 2014 Presentation: Investigating PowerShell Attacks This is an excellent presentation and I highly recommend anyone who is an admin or who is responsible for AD security. Investigating PowerShell Attacks Ryan Kazanciyan Technical Director, Mandiant Matt Hastings Consultant, Mandiant Over the past two years, we’ve seen targeted attackers increasingly utilize PowerShell to conduct …
Sep 28 2014
PowerShell: ADSI and Case Sensitivity
In developing a custom PowerShell script which leveraged ADSI, I noticed that the script wasn’t working properly. Here’s a sample block of the script which uses ADSI to get changes made to ExtensionAttribute11 as part of an Active Directory Convergence test script: 1 2 3 4 $ADSITarget = [ADSI]”LDAP://$DC” $Searcher = New-Object DirectoryServices.DirectorySearcher($ADSITarget,”(sAMAccountName=$ConvergenceObject)”) $ConvergenceObjectData = …
Sep 27 2014
Powershell Remote Use of Module Commandlets (Remoting Import-Module)
Practically all of my Powershell scripts use an Active Directory commandlet. Ok, so they use several. I like to query AD to get environmental information so when I run the script, I know what I am working with from an AD perspective. I can’t help it, I’m an AD Guy. In order to run the …
Sep 25 2014
PowerShell Code: Find Active Directory Site Containing AD Subnet
Here’s a quick script that returns the site in the Active Directory forest given a subnet (ex. 10.20.30.0). Match-Subnet2Site.ps1 Param ( [string]$Subnet ) $IPSubnetRegEx = ‘\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|0)\b’ # $IPRegEx = ‘\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b’ IF ($Subnet -match $IPSubnetRegEx) { Write-Output “Searching the AD forest for subnet: $Subnet ” } ELSE { Write-Error “The provided subnet ($Subnet) is not …
Sep 23 2014
PowerShell Code: Active Directory Domain Controller Discovery
There are several different ways to find AD Domain Controllers (DCs). Here are a few: AD PowerShell Module: Discover the closest Domain Controller running the AD web services (support PowerShell AD cmdlets): import-module activedirectory Get-ADDomainController -discover -forcediscover -nextclosestsite -service ADWS discover – find a DC forcediscover – re-discover a DC and not use a cached …
Recent Comments