The ramblings of a computer geek
Microsoft Active Directory uses the concepts of “domains”, a domain is the outer edge of a security compartment; within a domain, user accounts, computer accounts and resources are authenticated and share a common authentication source. There is also the concept of a “forest”, a forest is a collection of domains, in the most basic configuration … Read more
The Kemp Load Master allows for the configuration of authentication offloading to itself (from the Microsoft Exchange server supporting Kerberos) to allow for the Kemp Load Master to act as a sP (Service Provider) against an IdP (Identity Provider) for example OKTA. The use of SAML via OKTA allows for any SAML (and Kerberos KCD … Read more
So it appears that there is a vulnerability identified in Microsoft Windows machines running Active Directory, this is covered on the Register: https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ Until you patch this you can just disable the “Printer Spooler” service on your Domain Controllers and well to be honest you don’t need this running on the Domain Controller anyway. Edit: … Read more
Here is a one liner to allow you to do this: Image Attribution: CHUTTERSNAP
PROBLEM: You need to check if two domain controllers are in sync with each other. SOLUTION: To do this you need to understand a bit about how Active Directory reports if a domain controller replication is in sync. There is something called a UTDV up-to-dateness vector that is basically a number representing what the domain … Read more
Using powershell you can get the value of a specific attribute of a user. To do this run the below, this will get all the user objects in the OU called “Users” and display the samAccountName and extensionAttribute10 attribute.
So here is an example you want to set all the users in the OU called “Users” to have the extensionAttribute10 with the value “student” to do this you can run the below script:
With the prevalence of mobile devices this is becoming more of a problem, you have a user who comes in every day and swears blind nothing has the wrong password, but something is locking them out. Here is how to fix it: Firstly you must ensure that you are logging the stuff correctly on your … Read more
So to find any failed logon requests for a user you can use one of the two following XML queries, the first just shows all successes and failures for that user. The second shows just the failures only for that user. 1. Open the event viewer, and click on the “Security” log on the left … Read more
Upon the setup of the new Windows 2008 R2 DNS servers there is a problem that the DNS lookups for external domain fail; internal domain name resolution is unaffected. Restarting the DNS server (or the whole server) resolve the problem, as does clearing the cache. When the problem is happening, an nslookup command issued for … Read more