Microsoft Exchange 2016 – Version Store Out of Memory Error

The Microsoft Exchange 2016 ESE database engine manages the database engine and database files that make up the Mailbox Databases on the Microsoft Exchange server; it reads and writes data to and from the database and manages the database files through background management tasks. The Exchange databases are based on the JET database engine and […]

More...

Finding gMSA Accounts with Custom Search in ADUC

To find gMSA (Group Managed Service) Accounts i.e. group managed accounts and if your ADUC doesn’t have this as an option you can use a “Custom Search” and click “Advanced”, then use the following string in the “Enter LDAP query:” https://www.mssqltips.com/sqlservertip/5340/using-group-managed-service-accounts-with-sql-server/

More...

Microsoft Active Directory Trusts Explained

Microsoft Active Directory uses the concepts of “domains”, a domain is the outer edge of a security compartment; within a domain, user accounts, computer accounts and resources are authenticated and share a common authentication source. There is also the concept of a “forest”, a forest is a collection of domains, in the most basic configuration […]

More...

Check (Not Directly Accessible) SSL Certificate Expiry on Microsoft Windows Server

NagiosXI and other monitoring tools have ways to determine if your SSL certificates on say a web server are nearing expiry, but what if you have software that uses a certificate but that certificate is not directly poll-able over the standard HTTPS checks. The script which can be found here, is a passive check, so […]

More...

Kemp Load Master – SAML via OKTA with KCD to Microsoft Exchange OWA (Outlook Web Access)

The Kemp Load Master allows for the configuration of authentication offloading to itself (from the Microsoft Exchange server supporting Kerberos) to allow for the Kemp Load Master to act as a sP (Service Provider) against an IdP (Identity Provider) for example OKTA. The use of SAML via OKTA allows for any SAML (and Kerberos KCD […]

More...

Active Directory Certificate Services (ADCS) PKI Domain Admin Vulnerability

Microsoft have published a vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/ADV210003 which allows an attacker to use the NTLM authentications to begin an attack chain to make an unauthenticated NTLM connection that is then relayed to allow a connection to the Active Directory Certificate Services (ADCS), this assuming the auto-enrollment is enabled means that an attacker can make a request […]

More...

Dell Openmanage DNS Records for Server Initiated Discovery (with Microsoft DNS)

OpenManage Enterprise version 3.4 allows automatic discovery of servers that have iDRAC firmware version 4.00.00.00 or later. The appliance can be configured to allow these servers to automatically locate the console by querying the DNS and initiate their discovery. The instructions (and this) give the use of the TUI or manual creation for Dell Openmanage […]

More...

Leaky Print Spooler Vulnerability (CVE-2021-1675)

So it appears that there is a vulnerability identified in Microsoft Windows machines running Active Directory, this is covered on the Register: https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ Until you patch this you can just disable the “Printer Spooler” service on your Domain Controllers and well to be honest you don’t need this running on the Domain Controller anyway. Edit: […]

More...