CINXE.COM

<!DOCTYPE html>   <html lang="en-US" prefix="og: http://ogp.me/ns#">  <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Gathering AD Data with the Active Directory PowerShell Module – Active Directory Security</title> <meta name='robots' content='max-image-preview:large' /> <link rel="alternate" type="application/rss+xml" title="Active Directory Security » Feed" href="https://adsecurity.org/?feed=rss2" /> <link rel="alternate" type="application/rss+xml" title="Active Directory Security » Comments Feed" href="https://adsecurity.org/?feed=comments-rss2" /> <link rel="alternate" type="application/rss+xml" title="Active Directory Security » Gathering AD Data with the Active Directory PowerShell Module Comments Feed" href="https://adsecurity.org/?feed=rss2&p=3719" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/adsecurity.org\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.5"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css' type='text/css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://adsecurity.org/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 14px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 20px;--wp--preset--font-size--x-large: 42px;--wp--preset--font-size--tiny: 10px;--wp--preset--font-size--regular: 16px;--wp--preset--font-size--larger: 26px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}body .is-layout-flex{flex-wrap: wrap;align-items: center;}body .is-layout-flex > *{margin: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} .wp-block-navigation a:where(:not(.wp-element-button)){color: inherit;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} .wp-block-pullquote{font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='bootstrap-css' href='https://adsecurity.org/wp-content/themes/graphene/bootstrap/css/bootstrap.min.css?ver=6.5.5' type='text/css' media='all' /> <link rel='stylesheet' id='font-awesome-css' href='https://adsecurity.org/wp-content/themes/graphene/fonts/font-awesome/css/font-awesome.min.css?ver=6.5.5' type='text/css' media='all' /> <link rel='stylesheet' id='graphene-css' href='https://adsecurity.org/wp-content/themes/graphene/style.css?ver=2.8.4' type='text/css' media='screen' /> <link rel='stylesheet' id='graphene-responsive-css' href='https://adsecurity.org/wp-content/themes/graphene/responsive.css?ver=2.8.4' type='text/css' media='all' /> <link rel='stylesheet' id='graphene-blocks-css' href='https://adsecurity.org/wp-content/themes/graphene/blocks.css?ver=2.8.4' type='text/css' media='all' /> <script type="text/javascript" src="https://adsecurity.org/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://adsecurity.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/bootstrap/js/bootstrap.min.js?ver=2.8.4" id="bootstrap-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/bootstrap-hover-dropdown/bootstrap-hover-dropdown.min.js?ver=2.8.4" id="bootstrap-hover-dropdown-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/bootstrap-submenu/bootstrap-submenu.min.js?ver=2.8.4" id="bootstrap-submenu-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/jquery.infinitescroll.min.js?ver=2.8.4" id="infinite-scroll-js"></script> <script type="text/javascript" id="graphene-js-extra"> /* <![CDATA[ */ var grapheneJS = {"siteurl":"https:\/\/adsecurity.org","ajaxurl":"https:\/\/adsecurity.org\/wp-admin\/admin-ajax.php","templateUrl":"https:\/\/adsecurity.org\/wp-content\/themes\/graphene","isSingular":"1","enableStickyMenu":"","shouldShowComments":"1","commentsOrder":"newest","sliderDisable":"","sliderInterval":"7000","infScrollBtnLbl":"Load more","infScrollOn":"","infScrollCommentsOn":"","totalPosts":"1","postsPerPage":"10","isPageNavi":"","infScrollMsgText":"Fetching window.grapheneInfScrollItemsPerPage of window.grapheneInfScrollItemsLeft items left ...","infScrollMsgTextPlural":"Fetching window.grapheneInfScrollItemsPerPage of window.grapheneInfScrollItemsLeft items left ...","infScrollFinishedText":"All loaded!","commentsPerPage":"50","totalComments":"2","infScrollCommentsMsg":"Fetching window.grapheneInfScrollCommentsPerPage of window.grapheneInfScrollCommentsLeft comments left ...","infScrollCommentsMsgPlural":"Fetching window.grapheneInfScrollCommentsPerPage of window.grapheneInfScrollCommentsLeft comments left ...","infScrollCommentsFinishedMsg":"All comments loaded!","disableLiveSearch":"1","txtNoResult":"No result found.","isMasonry":""}; /* ]]> */ </script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/graphene.js?ver=2.8.4" id="graphene-js"></script> <script type="text/javascript" id="wpstg-global-js-extra"> /* <![CDATA[ */ var wpstg = {"nonce":"7d657d8247"}; /* ]]> */ </script> <script type="text/javascript" src="https://adsecurity.org/wp-content/plugins/wp-staging-pro/assets/js/dist/wpstg-blank-loader.min.js?ver=6.5.5" id="wpstg-global-js"></script> <link rel="https://api.w.org/" href="https://adsecurity.org/index.php?rest_route=/" /><link rel="alternate" type="application/json" href="https://adsecurity.org/index.php?rest_route=/wp/v2/posts/3719" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://adsecurity.org/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress 6.5.5" /> <link rel="canonical" href="https://adsecurity.org/?p=3719" /> <link rel='shortlink' href='https://adsecurity.org/?p=3719' /> <link rel="alternate" type="application/json+oembed" href="https://adsecurity.org/index.php?rest_route=%2Foembed%2F1.0%2Fembed&url=https%3A%2F%2Fadsecurity.org%2F%3Fp%3D3719" /> <link rel="alternate" type="text/xml+oembed" href="https://adsecurity.org/index.php?rest_route=%2Foembed%2F1.0%2Fembed&url=https%3A%2F%2Fadsecurity.org%2F%3Fp%3D3719&format=xml" /> <script type="text/javascript"> var _statcounter = _statcounter || []; _statcounter.push({"tags": {"author": "SeanMetcalf"}}); </script> <script> WebFontConfig = { google: { families: ["Lato:400,400i,700,700i&display=swap"] } }; (function(d) { var wf = d.createElement('script'), s = d.scripts[0]; wf.src = 'https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js'; wf.async = true; s.parentNode.insertBefore(wf, s); })(document); </script> <style type="text/css"> .header_title, .header_title a, .header_title a:visited, .header_title a:hover, .header_desc {color:#000000}.carousel, .carousel .item{height:400px}@media (max-width: 991px) {.carousel, .carousel .item{height:250px}}#header{max-height:198px}@media (min-width: 1200px) {.container {width:1280px}} </style> <script type="application/ld+json">{"@context":"http:\/\/schema.org","@type":"Article","mainEntityOfPage":"https:\/\/adsecurity.org\/?p=3719","publisher":{"@type":"Organization","name":"Active Directory Security"},"headline":"Gathering AD Data with the Active Directory PowerShell Module","datePublished":"2017-08-11T07:59:39+00:00","dateModified":"2017-08-11T16:26:22+00:00","description":"Microsoft provided several Active Directory PowerShell cmdlets with Windows Server 2008 R2 (and newer) which greatly simplify tasks which previously required putting together lengthy lines of code involving ADSI. On a Windows client, install the Remote Sever Administration Tools (RSAT) and ensure the Active Directory PowerShell module is installed. On a Windows server (2008 R2 ...","author":{"@type":"Person","name":"Sean Metcalf"},"image":["https:\/\/adsecurity.org\/wp-content\/uploads\/2017\/08\/Get-ADRootDSE.png"]}</script> <style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style><meta property="og:type" content="article" /> <meta property="og:title" content="Gathering AD Data with the Active Directory PowerShell Module" /> <meta property="og:url" content="https://adsecurity.org/?p=3719" /> <meta property="og:site_name" content="Active Directory Security" /> <meta property="og:description" content="Microsoft provided several Active Directory PowerShell cmdlets with Windows Server 2008 R2 (and newer) which greatly simplify tasks which previously required putting together lengthy lines of code involving ADSI. On a Windows client, install the Remote Sever Administration Tools (RSAT) and ensure the Active Directory PowerShell module is installed. On a Windows server (2008 R2 ..." /> <meta property="og:updated_time" content="2017-08-11T16:26:22+00:00" /> <meta property="article:modified_time" content="2017-08-11T16:26:22+00:00" /> <meta property="article:published_time" content="2017-08-11T07:59:39+00:00" /> <meta property="og:image" content="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADRootDSE.png" /> <meta property="og:image:width" content="1200" /> <meta property="og:image:height" content="561" /> </head> <body class="post-template-default single single-post postid-3719 single-format-standard custom-background wp-embed-responsive layout-boxed two_col_left two-columns singular"> <div class="container boxed-wrapper"> <div id="top-bar" class="row clearfix top-bar "> <div class="col-md-12 top-bar-items"> <ul class="social-profiles"> <li class="social-profile social-profile-rss"> <a href="https://adsecurity.org/?feed=rss2" title="Subscribe to Tech, News, and Other Ideations's RSS feed" id="social-id-1" class="mysocial social-rss"> <i class="fa fa-rss"></i> </a> </li> </ul> <button type="button" class="search-toggle navbar-toggle collapsed" data-toggle="collapse" data-target="#top_search"> <span class="sr-only">Toggle search form</span> <i class="fa fa-search-plus"></i> </button> <div id="top_search" class="top-search-form"> <form class="searchform" method="get" action="https://adsecurity.org"> <div class="input-group"> <div class="form-group live-search-input"> <label for="s" class="screen-reader-text">Search for:</label> <input type="text" id="s" name="s" class="form-control" placeholder="Search"> </div> <span class="input-group-btn"> <button class="btn btn-default" type="submit"><i class="fa fa-search"></i></button> </span> </div> </form> </div> </div> </div> <div id="header" class="row"> <img src="https://adsecurity.org/wp-content/themes/graphene/images/headers/fluid.jpg" alt="Active Directory Security" title="Active Directory Security" width="960" height="198" /> </div> <nav class="navbar row navbar-inverse"> <div class="navbar-header align-center"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#header-menu-wrap, #secondary-menu-wrap"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <p class="header_title"> <a href="https://adsecurity.org" title="Go back to the front page"> Active Directory Security </a> </p> <p class="header_desc">Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…</p> </div> <div class="collapse navbar-collapse" id="header-menu-wrap"> <ul class="nav navbar-nav flip"><li ><a href="https://adsecurity.org/">Home</a></li><li class="menu-item menu-item-8"><a href="https://adsecurity.org/?page_id=8" >About</a></li><li class="menu-item menu-item-41"><a href="https://adsecurity.org/?page_id=41" >AD Resources</a></li><li class="menu-item menu-item-4031"><a href="https://adsecurity.org/?page_id=4031" >Attack Defense & Detection</a></li><li class="menu-item menu-item-293"><a href="https://adsecurity.org/?page_id=293" >Contact</a></li><li class="menu-item menu-item-1821"><a href="https://adsecurity.org/?page_id=1821" >Mimikatz</a></li><li class="menu-item menu-item-1352"><a href="https://adsecurity.org/?page_id=1352" >Presentations</a></li><li class="menu-item menu-item-195"><a href="https://adsecurity.org/?page_id=195" >Schema Versions</a></li><li class="menu-item menu-item-399"><a href="https://adsecurity.org/?page_id=399" >Security Resources</a></li><li class="menu-item menu-item-183"><a href="https://adsecurity.org/?page_id=183" >SPNs</a></li><li class="menu-item menu-item-2532"><a href="https://adsecurity.org/?page_id=2532" >Top Posts</a></li></ul> </div> </nav> <div id="content" class="clearfix hfeed row"> <div id="content-main" class="clearfix content-main col-md-8"> <div class="post-nav post-nav-top clearfix"> <p class="previous col-sm-6"><i class="fa fa-arrow-circle-left"></i> <a href="https://adsecurity.org/?p=3700" rel="prev">Beyond Domain Admins – Domain Controller & AD Administration</a></p> <p class="next-post col-sm-6"><a href="https://adsecurity.org/?p=3782" rel="next">Securing Microsoft Active Directory Federation Server (ADFS)</a> <i class="fa fa-arrow-circle-right"></i></p> </div> <div id="post-3719" class="clearfix post post-3719 type-post status-publish format-standard has-post-thumbnail hentry category-powershell category-technical-reference tag-active-directory-powershell-module tag-active-directory-trusts tag-ad-cmdlets tag-ad-powershell-cmdlets tag-add-windowsfeature-rsat-ad-powershell tag-adsi tag-backup-domain-gpos tag-enumerate-domain-trusts tag-find-ad-kerberos-service-accounts tag-finding-active-directory-flexible-master-single-operation-fsmo-roles tag-get-ad-site-information tag-get-adcomputer tag-get-addomain tag-get-addomaincontroller tag-get-adforest tag-get-adgroup tag-get-adgroupmember tag-get-adreplicationpartnerfailure tag-get-adreplicationpartnermetadata tag-get-adreplicationuptodatenessvectortable tag-get-aduser tag-get-command-module-activedirectory tag-get-module-listavailable tag-get-rootdse tag-import-module-servermanager tag-inventory-domain-controllers tag-powershell tag-powershell-find-inactive-computers tag-powershell-find-inactive-users item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Aug</span> <span class="day">11</span> <span class="year">2017</span> </p> </div> <h1 class="post-title entry-title"> Gathering AD Data with the Active Directory PowerShell Module </h1> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-7" href="https://adsecurity.org/?cat=7">PowerShell</a>, <a class="term term-category term-2" href="https://adsecurity.org/?cat=2">Technical Reference</a></span></span> </li> </ul> <div class="entry-content clearfix"> <p>Microsoft provided several Active Directory PowerShell cmdlets with Windows Server 2008 R2 (and newer) which greatly simplify tasks which previously required putting together lengthy lines of code involving ADSI.</p> <p>On a Windows client, install the <a href="https://www.microsoft.com/en-us/download/details.aspx?id=45520">Remote Sever Administration Tools (RSAT)</a> and ensure the Active Directory PowerShell module is installed.</p> <p>On a Windows server (2008 R2 or newer), run the following commands in a PowerShell console (as an Adminsitrator):</p> <p><strong><em>Import-Module ServerManager ; Add-WindowsFeature RSAT-AD-PowerShell</em></strong></p> <p>Here’s my (poor) ADSI example:</p> <pre>$UserID = “JoeUser” $root = [ADSI]'' $searcher = new-object System.DirectoryServices.DirectorySearcher($root) $searcher.filter = "(&(objectClass=user)(sAMAccountName= $UserID))" $user = $searcher.findall() $user</pre> <p>Here’s the same thing with the AD PowerShell cmdlet:</p> <p><em>Import-module ActiveDirectory</em><br /> <em>$UserID = “JoeUser”</em><br /> <em>Get-ADUser $UserID –property *</em></p> <p>Note that with PowerShell version 3 and newer, you don’t need to run the first line since Powershell will identify the necessary module and auto load it.</p> <p>Once you have the Active Directory PowerShell module loaded, you can do cool stuff like browse AD like a file system</p> <p><img fetchpriority="high" decoding="async" class="alignnone wp-image-3720" src="https://adsecurity.org/wp-content/uploads/2017/08/AD-Drive-Usage.png" alt="" width="690" height="399" srcset="https://adsecurity.org/wp-content/uploads/2017/08/AD-Drive-Usage.png 800w, https://adsecurity.org/wp-content/uploads/2017/08/AD-Drive-Usage-300x174.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/AD-Drive-Usage-768x444.png 768w" sizes="(max-width: 690px) 100vw, 690px" /></p> <p> </p> <p><span style="text-decoration: underline;"><strong>Finding Useful Commands (Cmdlets):</strong></span></p> <p>Discover available PowerShell modules: <strong>Get-Module -ListAvailable</strong></p> <p>Discover cmdlets in a PowerShell module: <strong>Get-Command -module ActiveDirectory</strong></p> <p><span style="text-decoration: underline;"> PowerShell AD Module Cmdlets:</span></p> <ul> <li>Windows Server 2008 R2: 76 cmdlets</li> <li>Windows Server 2012: 135 cmdlets</li> <li>Windows Server 2012 R2: 147 cmdlets</li> <li>Windows Server 2016: 147 cmdlets</li> </ul> <pre><strong>(Get-Command -module ActiveDirectory).count</strong></pre> <p> </p> <p><span style="text-decoration: underline;"><strong>Finding Active Directory Flexible Master Single Operation (FSMO) Roles:</strong></span></p> <p><strong>Active Directory Module:</strong></p> <ul> <li> <pre>(Get-ADForest).SchemaMaster</pre> </li> <li> <pre>(Get-ADForest).DomainNamingMaster</pre> </li> <li> <pre>(Get-ADDomain).InfrastructureMaster</pre> </li> <li> <pre>(Get-ADDomain).PDCEmulator</pre> </li> <li> <pre>(Get-ADDomain).RIDMaster </pre> </li> </ul> <p><strong>.NET Calls:</strong></p> <ul> <li> <pre>([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).SchemaRoleOwner</pre> </li> <li> <pre>([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).NamingRoleOwner</pre> </li> <li> <pre>([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).InfrastructureRoleOwner</pre> </li> <li> <pre>([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).PdcRoleOwner</pre> </li> <li> <pre>([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).RidRoleOwner</pre> </li> </ul> <p> </p> <p><span style="text-decoration: underline;"><strong>Active Directory PowerShell Module Cmdlet Examples:</strong></span></p> <p><span id="more-3719"></span></p> <p><strong>Get-RootDSE</strong> gets information about the LDAP server (the Domain Controller) and displays it. There’s some interesting information in the results like what OS the DC is running.</p> <p><img decoding="async" class="alignnone size-full wp-image-3721" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADRootDSE.png" alt="" width="1287" height="602" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADRootDSE.png 1287w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADRootDSE-300x140.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADRootDSE-768x359.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADRootDSE-1024x479.png 1024w" sizes="(max-width: 1287px) 100vw, 1287px" /></p> <p> </p> <p><strong>Get-ADForest</strong> provides information about the Active Directory forest the computer you run the command is in.</p> <p><img decoding="async" class="alignnone size-full wp-image-3722" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADForest.png" alt="" width="1400" height="362" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADForest.png 1400w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADForest-300x78.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADForest-768x199.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADForest-1024x265.png 1024w" sizes="(max-width: 1400px) 100vw, 1400px" /></p> <p> </p> <p><strong>Get-ADDomain</strong> provides information about the current domain you are in.</p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3724" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomain.png" alt="" width="1149" height="587" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomain.png 1149w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomain-300x153.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomain-768x392.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomain-1024x523.png 1024w" sizes="(max-width: 1149px) 100vw, 1149px" /></p> <p> </p> <p><strong>Get-ADDomainController</strong> provides computer information specific to Domain Controllers.<br /> This cmdlet makes it easy to find all DCs in a specific site or running an OS version.</p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3725" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomainController.png" alt="" width="1363" height="554" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomainController.png 1363w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomainController-300x122.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomainController-768x312.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADDomainController-1024x416.png 1024w" sizes="(max-width: 1363px) 100vw, 1363px" /></p> <p> </p> <p><strong>Get-ADComputer</strong> provides most of what you would want to know about a computer object in AD.<br /> <em>Run with “-Prop *” to show all standard properties.</em></p> <p><img loading="lazy" decoding="async" class="alignnone wp-image-3726" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADComputer.png" alt="" width="669" height="211" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADComputer.png 1260w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADComputer-300x95.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADComputer-768x242.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADComputer-1024x323.png 1024w" sizes="(max-width: 669px) 100vw, 669px" /></p> <p> </p> <p><strong>Get-ADUser</strong> provides most of what you want to know about an AD user.<br /> <em>Run with “-Prop *” to show all standard properties.</em></p> <p><img loading="lazy" decoding="async" class="alignnone wp-image-3727" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADUser.png" alt="" width="576" height="234" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADUser.png 1183w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADUser-300x122.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADUser-768x312.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADUser-1024x415.png 1024w" sizes="(max-width: 576px) 100vw, 576px" /></p> <p> </p> <p><strong>Get-ADGroup</strong> provides information about an AD group. Find all security groups by running:<br /> <em>Get-ADGroup -Filter {GroupCategory -eq ‘Security}</em></p> <p><img loading="lazy" decoding="async" class="alignnone wp-image-3729" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroup.png" alt="" width="658" height="206" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroup.png 1286w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroup-300x94.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroup-768x241.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroup-1024x321.png 1024w" sizes="(max-width: 658px) 100vw, 658px" /></p> <p> </p> <p><strong>Get-ADGroupMember</strong> enumerates and returns the group members. Use the Recursive parameter to include all members of nested groups.<br /> <em>Get-ADGroupMember ‘Administrators’ -Recursive</em></p> <p><img loading="lazy" decoding="async" class="alignnone wp-image-3730" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroupMember.png" alt="" width="669" height="542" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroupMember.png 782w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroupMember-300x243.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADGroupMember-768x623.png 768w" sizes="(max-width: 669px) 100vw, 669px" /></p> <p> </p> <p>These cmdlets are useful to identify situations that previously required purchasing a product or custom scripting.</p> <p>The following examples find inactive (stale) computers and users – accounts that haven’t changed their passwords in the last 10 days. Note that this is a lab example. For real-world checks, change this to 60 to 90 days for computers and 180 – 365 days for users.</p> <p><strong>Find inactive computers.</strong></p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3731" src="https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Computers.png" alt="" width="1357" height="367" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Computers.png 1357w, https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Computers-300x81.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Computers-768x208.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Computers-1024x277.png 1024w" sizes="(max-width: 1357px) 100vw, 1357px" /></p> <p><strong>Find inactive users.</strong></p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3732" src="https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Users.png" alt="" width="1174" height="606" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Users.png 1174w, https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Users-300x155.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Users-768x396.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Finding-Inactive-Users-1024x529.png 1024w" sizes="(max-width: 1174px) 100vw, 1174px" /></p> <p> </p> <p><strong>Enumerate Domain Trusts</strong></p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3733" src="https://adsecurity.org/wp-content/uploads/2017/08/Enumerate-Domain-Trusts.png" alt="" width="1383" height="224" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Enumerate-Domain-Trusts.png 1383w, https://adsecurity.org/wp-content/uploads/2017/08/Enumerate-Domain-Trusts-300x49.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Enumerate-Domain-Trusts-768x124.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Enumerate-Domain-Trusts-1024x166.png 1024w" sizes="(max-width: 1383px) 100vw, 1383px" /></p> <p> </p> <p><strong>Get AD site information.</strong><br /> Note that the Windows 2012 module includes cmdlet for sites (<a href="https://technet.microsoft.com/en-us/library/hh852269(v=wps.630).aspx">Get-ADReplicationSite</a>*).</p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3734" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADSites.png" alt="" width="1358" height="257" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADSites.png 1358w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADSites-300x57.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADSites-768x145.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADSites-1024x194.png 1024w" sizes="(max-width: 1358px) 100vw, 1358px" /></p> <p> </p> <p><strong>Backup domain GPOs</strong><br /> Note this requires that the Group Policy PowerShell module is installed, which is separate from the Active Directory module.</p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3735" src="https://adsecurity.org/wp-content/uploads/2017/08/Backup-GPOs.png" alt="" width="1165" height="366" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Backup-GPOs.png 1165w, https://adsecurity.org/wp-content/uploads/2017/08/Backup-GPOs-300x94.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Backup-GPOs-768x241.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Backup-GPOs-1024x322.png 1024w" sizes="(max-width: 1165px) 100vw, 1165px" /></p> <p> </p> <p><strong>Find AD Kerberos Service Accounts</strong></p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3736" src="https://adsecurity.org/wp-content/uploads/2017/08/Find-AD-Kerberos-Service-Accounts.png" alt="" width="903" height="634" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Find-AD-Kerberos-Service-Accounts.png 903w, https://adsecurity.org/wp-content/uploads/2017/08/Find-AD-Kerberos-Service-Accounts-300x211.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Find-AD-Kerberos-Service-Accounts-768x539.png 768w" sizes="(max-width: 903px) 100vw, 903px" /></p> <p> </p> <p><strong>Inventory Domain Controllers<br /> </strong>Get-ADDomainController–filter * | `select hostname,IPv4Address,IsGlobalCatalog,IsReadOnly,OperatingSystem | `format-table -auto</p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3737" src="https://adsecurity.org/wp-content/uploads/2017/08/DC-Inventory.png" alt="" width="774" height="69" srcset="https://adsecurity.org/wp-content/uploads/2017/08/DC-Inventory.png 774w, https://adsecurity.org/wp-content/uploads/2017/08/DC-Inventory-300x27.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/DC-Inventory-768x68.png 768w" sizes="(max-width: 774px) 100vw, 774px" /></p> <p> </p> <p><strong>Get-ADReplicationPartnerMetadata </strong>(Windows Server 2012 and newer)</p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3738" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationPartnerMetadata.png" alt="" width="1366" height="513" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationPartnerMetadata.png 1366w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationPartnerMetadata-300x113.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationPartnerMetadata-768x288.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationPartnerMetadata-1024x385.png 1024w" sizes="(max-width: 1366px) 100vw, 1366px" /></p> <p> </p> <p><strong>Get-ADReplicationPartnerFailure</strong> provides information on DC replication failure status.</p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3739" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationFailure.png" alt="" width="1380" height="208" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationFailure.png 1380w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationFailure-300x45.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationFailure-768x116.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationFailure-1024x154.png 1024w" sizes="(max-width: 1380px) 100vw, 1380px" /></p> <p> </p> <p><strong>Get-ADReplicationUptodatenessVectorTable</strong> tracks replication status between Domain Controllers.</p> <p><img loading="lazy" decoding="async" class="alignnone size-full wp-image-3740" src="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationUTDV.png" alt="" width="1376" height="374" srcset="https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationUTDV.png 1376w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationUTDV-300x82.png 300w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationUTDV-768x209.png 768w, https://adsecurity.org/wp-content/uploads/2017/08/Get-ADReplicationUTDV-1024x278.png 1024w" sizes="(max-width: 1376px) 100vw, 1376px" /></p> <p>These examples and more are in these presentation slides:<br /> <a href="https://adsecurity.org/wp-content/uploads/2015/04/NoVaPowerShellUsersGroup2015-ActiveDirectoryPowerShell.pdf">http://adsecurity.org/wp-content/uploads/2015/04/NoVaPowerShellUsersGroup2015-ActiveDirectoryPowerShell.pdf</a></p> <p> </p> <p> </p> <p> </p> <p> </p> <div class="tptn_counter" id="tptn_counter_3719">(Visited 52,277 times, 4 visits today)</div> </div> <ul class="entry-footer"> <li class="post-tags col-sm-8"><i class="fa fa-tags" title="Tags"></i> <span class="terms"><a class="term term-tagpost_tag term-1248" href="https://adsecurity.org/?tag=active-directory-powershell-module">Active Directory PowerShell Module</a>, <a class="term term-tagpost_tag term-1266" href="https://adsecurity.org/?tag=active-directory-trusts">Active Directory Trusts</a>, <a class="term term-tagpost_tag term-1249" href="https://adsecurity.org/?tag=ad-cmdlets">AD cmdlets</a>, <a class="term term-tagpost_tag term-1250" href="https://adsecurity.org/?tag=ad-powershell-cmdlets">AD PowerShell cmdlets</a>, <a class="term term-tagpost_tag term-1252" href="https://adsecurity.org/?tag=add-windowsfeature-rsat-ad-powershell">Add-WindowsFeature RSAT-AD-PowerShell</a>, <a class="term term-tagpost_tag term-223" href="https://adsecurity.org/?tag=adsi">ADSI</a>, <a class="term term-tagpost_tag term-1268" href="https://adsecurity.org/?tag=backup-domain-gpos">Backup domain GPOs</a>, <a class="term term-tagpost_tag term-1265" href="https://adsecurity.org/?tag=enumerate-domain-trusts">Enumerate Domain Trusts</a>, <a class="term term-tagpost_tag term-1269" href="https://adsecurity.org/?tag=find-ad-kerberos-service-accounts">Find AD Kerberos Service Accounts</a>, <a class="term term-tagpost_tag term-1255" href="https://adsecurity.org/?tag=finding-active-directory-flexible-master-single-operation-fsmo-roles">Finding Active Directory Flexible Master Single Operation (FSMO) Roles</a>, <a class="term term-tagpost_tag term-1267" href="https://adsecurity.org/?tag=get-ad-site-information">Get AD site information.</a>, <a class="term term-tagpost_tag term-1260" href="https://adsecurity.org/?tag=get-adcomputer">Get-ADComputer</a>, <a class="term term-tagpost_tag term-1258" href="https://adsecurity.org/?tag=get-addomain">Get-ADDomain</a>, <a class="term term-tagpost_tag term-1259" href="https://adsecurity.org/?tag=get-addomaincontroller">Get-ADDomainController</a>, <a class="term term-tagpost_tag term-1257" href="https://adsecurity.org/?tag=get-adforest">Get-ADForest</a>, <a class="term term-tagpost_tag term-1262" href="https://adsecurity.org/?tag=get-adgroup">Get-ADGroup</a>, <a class="term term-tagpost_tag term-1244" href="https://adsecurity.org/?tag=get-adgroupmember">Get-ADGroupMember</a>, <a class="term term-tagpost_tag term-1272" href="https://adsecurity.org/?tag=get-adreplicationpartnerfailure">Get-ADReplicationPartnerFailure</a>, <a class="term term-tagpost_tag term-1271" href="https://adsecurity.org/?tag=get-adreplicationpartnermetadata">Get-ADReplicationPartnerMetadata</a>, <a class="term term-tagpost_tag term-1273" href="https://adsecurity.org/?tag=get-adreplicationuptodatenessvectortable">Get-ADReplicationUptodatenessVectorTable</a>, <a class="term term-tagpost_tag term-1261" href="https://adsecurity.org/?tag=get-aduser">Get-ADUser</a>, <a class="term term-tagpost_tag term-1254" href="https://adsecurity.org/?tag=get-command-module-activedirectory">Get-Command -module ActiveDirectory</a>, <a class="term term-tagpost_tag term-1253" href="https://adsecurity.org/?tag=get-module-listavailable">Get-Module -ListAvailable</a>, <a class="term term-tagpost_tag term-1256" href="https://adsecurity.org/?tag=get-rootdse">Get-RootDSE</a>, <a class="term term-tagpost_tag term-1251" href="https://adsecurity.org/?tag=import-module-servermanager">Import-Module ServerManager</a>, <a class="term term-tagpost_tag term-1270" href="https://adsecurity.org/?tag=inventory-domain-controllers">Inventory Domain Controllers</a>, <a class="term term-tagpost_tag term-575" href="https://adsecurity.org/?tag=powershell">PowerShell</a>, <a class="term term-tagpost_tag term-1263" href="https://adsecurity.org/?tag=powershell-find-inactive-computers">PowerShell Find inactive computers</a>, <a class="term term-tagpost_tag term-1264" href="https://adsecurity.org/?tag=powershell-find-inactive-users">PowerShell Find inactive users</a></span></li> <li class="addthis col-sm-8"><div class="add-this"></div></li> </ul> </div> </div> <div class="entry-author"> <div class="row"> <div class="author-avatar col-sm-3"> <a href="https://adsecurity.org/?author=2" rel="author"> <img alt='' src='https://secure.gravatar.com/avatar/1f3ad5e878e5d0e6096c5a33718a04d0?s=200&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/1f3ad5e878e5d0e6096c5a33718a04d0?s=400&d=mm&r=g 2x' class='avatar avatar-200 photo' height='200' width='200' loading='lazy' decoding='async'/> </a> </div> <div class="author-bio col-sm-9"> <h3 class="section-title-sm">Sean Metcalf</h3> <p>I improve security for enterprises around the world working for TrimarcSecurity.com<br /> Read the About page (top left) for information about me. :)<br /> https://adsecurity.org/?page_id=8</p> <ul class="author-social"> <li><a href="mailto:sean@adsecurity.org"><i class="fa fa-envelope-o"></i></a></li> </ul> </div> </div> </div> <div id="comments" class="clearfix no-ping"> <h4 class="comments current"> <i class="fa fa-comments-o"></i> 4 comments </h4> <p class="comment-form-jump"><a href="#respond" class="btn btn-sm">Skip to comment form <i class="fa fa-arrow-circle-down"></i></a></p> <div class="comments-list-wrapper"> <ol class="clearfix comments-list" id="comments_list"> <li id="comment-13203" class="comment even thread-even depth-1 comment"> <div class="row"> <div class="comment-wrap col-md-12"> <ul class="comment-meta"> <li class="comment-avatar"><img alt='' src='https://secure.gravatar.com/avatar/9934122795ab1c50c0316ba24c21e699?s=50&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/9934122795ab1c50c0316ba24c21e699?s=100&d=mm&r=g 2x' class='avatar avatar-50 photo' height='50' width='50' loading='lazy' decoding='async'/></li> <li class="comment-attr"><span class="comment-author">Mitch Impey</span> on <span class="comment-date">August 11, 2017 <span class="time">at 8:45 am</span></span></li> <li class="single-comment-link"><a href="https://adsecurity.org/?p=3719#comment-13203">#</a></li> </ul> <div class="comment-entry"> <p>Hi Sean, I have benefited from your expertise for many years. Thanks very much !</p> </div> </div> </div> </li> <li id="comment-13204" class="comment odd alt thread-odd thread-alt depth-1 comment"> <div class="row"> <div class="comment-wrap col-md-12"> <ul class="comment-meta"> <li class="comment-avatar"><img alt='' src='https://secure.gravatar.com/avatar/50e7f8b7ff1cf8135a22af3447510c4b?s=50&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/50e7f8b7ff1cf8135a22af3447510c4b?s=100&d=mm&r=g 2x' class='avatar avatar-50 photo' height='50' width='50' loading='lazy' decoding='async'/></li> <li class="comment-attr"><span class="comment-author">SS</span> on <span class="comment-date">August 11, 2017 <span class="time">at 5:50 pm</span></span></li> <li class="single-comment-link"><a href="https://adsecurity.org/?p=3719#comment-13204">#</a></li> </ul> <div class="comment-entry"> <p>Is there a way to prevent authenticated folks who are not authorized from running these commands?</p> </div> </div> </div> <ol class="children"> <li id="comment-13215" class="comment byuser comment-author-seanmetcalf bypostauthor even depth-2 comment"> <div class="row"> <div class="comment-wrap col-md-12"> <ul class="comment-meta"> <li class="comment-avatar"><img alt='' src='https://secure.gravatar.com/avatar/1f3ad5e878e5d0e6096c5a33718a04d0?s=50&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/1f3ad5e878e5d0e6096c5a33718a04d0?s=100&d=mm&r=g 2x' class='avatar avatar-50 photo' height='50' width='50' loading='lazy' decoding='async'/></li> <li class="comment-attr"><span class="comment-author"><a href="https://ADSecurity.org" rel="external">Sean Metcalf</a></span> on <span class="comment-date">August 14, 2017 <span class="time">at 9:34 am</span></span><br /><span class="label label-primary author-cred">Author</span></li> <li class="single-comment-link"><a href="https://adsecurity.org/?p=3719#comment-13215">#</a></li> </ul> <div class="comment-entry"> <p>Not built-in and working to get these blocked would be non-trivial. Not that this is the same type of data that authenticated users can gather via LDAP.<br /> Check out the PowerShell module “PowerView”: <a href="https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon" rel="nofollow ugc">https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon</a></p> </div> </div> </div> </li> <li id="comment-13229" class="comment odd alt depth-2 comment"> <div class="row"> <div class="comment-wrap col-md-12"> <ul class="comment-meta"> <li class="comment-avatar"><img alt='' src='https://secure.gravatar.com/avatar/7d27dc2b11ab5d614e8b71bc853e161f?s=50&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/7d27dc2b11ab5d614e8b71bc853e161f?s=100&d=mm&r=g 2x' class='avatar avatar-50 photo' height='50' width='50' loading='lazy' decoding='async'/></li> <li class="comment-attr"><span class="comment-author">Joonas</span> on <span class="comment-date">August 17, 2017 <span class="time">at 6:46 am</span></span></li> <li class="single-comment-link"><a href="https://adsecurity.org/?p=3719#comment-13229">#</a></li> </ul> <div class="comment-entry"> <p>There is a way to prevent cmdlets or functions for PS remote session. Look at Securing Privileged Access document from Microsoft. From there look at Just enough admin and you find how to restrict PS usage</p> </div> </div> </div> </li> </ol> </li> </ol> </div> </div> <div id="respond"> <h3 id="reply-title"><i class="fa fa-comment-o"></i> Comments have been disabled.</h3> </div> </div> <div id="sidebar1" class="sidebar sidebar-right widget-area col-md-4"> <div id="recent-posts-4" class="sidebar-wrap widget_recent_entries"> <h3>Recent Posts</h3> <ul> <li> <a href="https://adsecurity.org/?p=4436">BSides Dublin – The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations – Sean Metcalf</a> </li> <li> <a href="https://adsecurity.org/?p=4434">DEFCON 2017: Transcript – Hacking the Cloud</a> </li> <li> <a href="https://adsecurity.org/?p=4432">Detecting the Elusive: Active Directory Threat Hunting</a> </li> <li> <a href="https://adsecurity.org/?p=4430">Detecting Kerberoasting Activity</a> </li> <li> <a href="https://adsecurity.org/?p=4428">Detecting Password Spraying with Security Event Auditing</a> </li> </ul> </div><div id="text-3" class="sidebar-wrap widget_text"><h3>Trimarc Active Directory Security Services</h3> <div class="textwidget">Have concerns about your Active Directory environment? Trimarc helps enterprises improve their security posture. <p> <a href="http://trimarcsecurity.com/security-services">Find out how...</a> TrimarcSecurity.com</div> </div><div id="widget_tptn_pop-4" class="sidebar-wrap tptn_posts_list_widget"><h3>Popular Posts</h3><div class="tptn_posts tptn_posts_widget tptn_posts_widget4"><ul><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=478" class="tptn_link"><span class="tptn_title">PowerShell Encoding & Decoding (Base64)</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=2362" class="tptn_link"><span class="tptn_title">Attack Methods for Gaining Domain Admin Rights in…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=483" class="tptn_link"><span class="tptn_title">Kerberos & KRBTGT: Active Directory’s…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=2288" class="tptn_link"><span class="tptn_title">Finding Passwords in SYSVOL & Exploiting Group…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3377" class="tptn_link"><span class="tptn_title">Securing Domain Controllers to Improve Active…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3299" class="tptn_link"><span class="tptn_title">Securing Windows Workstations: Developing a Secure Baseline</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3458" class="tptn_link"><span class="tptn_title">Detecting Kerberoasting Activity</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=1729" class="tptn_link"><span class="tptn_title">Mimikatz DCSync Usage, Exploitation, and Detection</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3658" class="tptn_link"><span class="tptn_title">Scanning for Active Directory Privileges &…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3164" class="tptn_link"><span class="tptn_title">Microsoft LAPS Security & Active Directory LAPS…</span></a></span></li></ul><div class="tptn_clear"></div></div></div><div id="categories-4" class="sidebar-wrap widget_categories"><h3>Categories</h3> <ul> <li class="cat-item cat-item-565"><a href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a> </li> <li class="cat-item cat-item-55"><a href="https://adsecurity.org/?cat=55">Apple Security</a> </li> <li class="cat-item cat-item-431"><a href="https://adsecurity.org/?cat=431">Cloud Security</a> </li> <li class="cat-item cat-item-17"><a href="https://adsecurity.org/?cat=17">Continuing Education</a> </li> <li class="cat-item cat-item-396"><a href="https://adsecurity.org/?cat=396">Entertainment</a> </li> <li class="cat-item cat-item-347"><a href="https://adsecurity.org/?cat=347">Exploit</a> </li> <li class="cat-item cat-item-1039"><a href="https://adsecurity.org/?cat=1039">Hacking</a> </li> <li class="cat-item cat-item-168"><a href="https://adsecurity.org/?cat=168">Hardware Security</a> </li> <li class="cat-item cat-item-172"><a href="https://adsecurity.org/?cat=172">Hypervisor Security</a> </li> <li class="cat-item cat-item-126"><a href="https://adsecurity.org/?cat=126">Linux/Unix Security</a> </li> <li class="cat-item cat-item-343"><a href="https://adsecurity.org/?cat=343">Malware</a> </li> <li class="cat-item cat-item-11"><a href="https://adsecurity.org/?cat=11">Microsoft Security</a> </li> <li class="cat-item cat-item-819"><a href="https://adsecurity.org/?cat=819">Mitigation</a> </li> <li class="cat-item cat-item-48"><a href="https://adsecurity.org/?cat=48">Network/System Security</a> </li> <li class="cat-item cat-item-7"><a href="https://adsecurity.org/?cat=7">PowerShell</a> </li> <li class="cat-item cat-item-698"><a href="https://adsecurity.org/?cat=698">RealWorld</a> </li> <li class="cat-item cat-item-21"><a href="https://adsecurity.org/?cat=21">Security</a> </li> <li class="cat-item cat-item-234"><a href="https://adsecurity.org/?cat=234">Security Conference Presentation/Video</a> </li> <li class="cat-item cat-item-1045"><a href="https://adsecurity.org/?cat=1045">Security Recommendation</a> </li> <li class="cat-item cat-item-24"><a href="https://adsecurity.org/?cat=24">Technical Article</a> </li> <li class="cat-item cat-item-4"><a href="https://adsecurity.org/?cat=4">Technical Reading</a> </li> <li class="cat-item cat-item-2"><a href="https://adsecurity.org/?cat=2">Technical Reference</a> </li> <li class="cat-item cat-item-156"><a href="https://adsecurity.org/?cat=156">TheCloud</a> </li> <li class="cat-item cat-item-930"><a href="https://adsecurity.org/?cat=930">Vulnerability</a> </li> </ul> </div><div id="tag_cloud-3" class="sidebar-wrap widget_tag_cloud"><h3>Tags</h3><div class="tagcloud"><a href="https://adsecurity.org/?tag=activedirectory" class="tag-cloud-link tag-link-20 tag-link-position-1" style="font-size: 22pt;" aria-label="ActiveDirectory (55 items)">ActiveDirectory</a> <a href="https://adsecurity.org/?tag=active-directory" class="tag-cloud-link tag-link-75 tag-link-position-2" style="font-size: 10.453608247423pt;" aria-label="Active Directory (8 items)">Active Directory</a> <a href="https://adsecurity.org/?tag=active-directory-security" class="tag-cloud-link tag-link-976 tag-link-position-3" style="font-size: 9.7319587628866pt;" aria-label="Active Directory Security (7 items)">Active Directory Security</a> <a href="https://adsecurity.org/?tag=activedirectorysecurity" class="tag-cloud-link tag-link-113 tag-link-position-4" style="font-size: 13.773195876289pt;" aria-label="ActiveDirectorySecurity (14 items)">ActiveDirectorySecurity</a> <a href="https://adsecurity.org/?tag=adreading" class="tag-cloud-link tag-link-5 tag-link-position-5" style="font-size: 13.340206185567pt;" aria-label="ADReading (13 items)">ADReading</a> <a href="https://adsecurity.org/?tag=ad-security" class="tag-cloud-link tag-link-100 tag-link-position-6" style="font-size: 8pt;" aria-label="AD Security (5 items)">AD Security</a> <a href="https://adsecurity.org/?tag=adsecurity" class="tag-cloud-link tag-link-86 tag-link-position-7" style="font-size: 10.453608247423pt;" aria-label="ADSecurity (8 items)">ADSecurity</a> <a href="https://adsecurity.org/?tag=azure" class="tag-cloud-link tag-link-25 tag-link-position-8" style="font-size: 8pt;" aria-label="Azure (5 items)">Azure</a> <a href="https://adsecurity.org/?tag=azuread" class="tag-cloud-link tag-link-136 tag-link-position-9" style="font-size: 8pt;" aria-label="AzureAD (5 items)">AzureAD</a> <a href="https://adsecurity.org/?tag=dcsync" class="tag-cloud-link tag-link-598 tag-link-position-10" style="font-size: 10.453608247423pt;" aria-label="DCSync (8 items)">DCSync</a> <a href="https://adsecurity.org/?tag=domaincontroller" class="tag-cloud-link tag-link-101 tag-link-position-11" style="font-size: 15.216494845361pt;" aria-label="DomainController (18 items)">DomainController</a> <a href="https://adsecurity.org/?tag=goldenticket" class="tag-cloud-link tag-link-303 tag-link-position-12" style="font-size: 11.175257731959pt;" aria-label="GoldenTicket (9 items)">GoldenTicket</a> <a href="https://adsecurity.org/?tag=grouppolicy" class="tag-cloud-link tag-link-196 tag-link-position-13" style="font-size: 8pt;" aria-label="GroupPolicy (5 items)">GroupPolicy</a> <a href="https://adsecurity.org/?tag=hyperv" class="tag-cloud-link tag-link-3 tag-link-position-14" style="font-size: 8pt;" aria-label="HyperV (5 items)">HyperV</a> <a href="https://adsecurity.org/?tag=invoke-mimikatz" class="tag-cloud-link tag-link-336 tag-link-position-15" style="font-size: 10.453608247423pt;" aria-label="Invoke-Mimikatz (8 items)">Invoke-Mimikatz</a> <a href="https://adsecurity.org/?tag=kb3011780" class="tag-cloud-link tag-link-337 tag-link-position-16" style="font-size: 9.7319587628866pt;" aria-label="KB3011780 (7 items)">KB3011780</a> <a href="https://adsecurity.org/?tag=kdc" class="tag-cloud-link tag-link-80 tag-link-position-17" style="font-size: 8pt;" aria-label="KDC (5 items)">KDC</a> <a href="https://adsecurity.org/?tag=kerberos" class="tag-cloud-link tag-link-81 tag-link-position-18" style="font-size: 15.216494845361pt;" aria-label="Kerberos (18 items)">Kerberos</a> <a href="https://adsecurity.org/?tag=kerberoshacking" class="tag-cloud-link tag-link-298 tag-link-position-19" style="font-size: 11.752577319588pt;" aria-label="KerberosHacking (10 items)">KerberosHacking</a> <a href="https://adsecurity.org/?tag=krbtgt" class="tag-cloud-link tag-link-394 tag-link-position-20" style="font-size: 9.7319587628866pt;" aria-label="KRBTGT (7 items)">KRBTGT</a> <a href="https://adsecurity.org/?tag=laps" class="tag-cloud-link tag-link-631 tag-link-position-21" style="font-size: 9.0103092783505pt;" aria-label="LAPS (6 items)">LAPS</a> <a href="https://adsecurity.org/?tag=lsass" class="tag-cloud-link tag-link-71 tag-link-position-22" style="font-size: 11.175257731959pt;" aria-label="LSASS (9 items)">LSASS</a> <a href="https://adsecurity.org/?tag=mcm" class="tag-cloud-link tag-link-6 tag-link-position-23" style="font-size: 14.061855670103pt;" aria-label="MCM (15 items)">MCM</a> <a href="https://adsecurity.org/?tag=microsoftemet" class="tag-cloud-link tag-link-58 tag-link-position-24" style="font-size: 11.175257731959pt;" aria-label="MicrosoftEMET (9 items)">MicrosoftEMET</a> <a href="https://adsecurity.org/?tag=microsoftwindows" class="tag-cloud-link tag-link-102 tag-link-position-25" style="font-size: 9.7319587628866pt;" aria-label="MicrosoftWindows (7 items)">MicrosoftWindows</a> <a href="https://adsecurity.org/?tag=mimikatz" class="tag-cloud-link tag-link-207 tag-link-position-26" style="font-size: 18.103092783505pt;" aria-label="mimikatz (29 items)">mimikatz</a> <a href="https://adsecurity.org/?tag=ms14068" class="tag-cloud-link tag-link-295 tag-link-position-27" style="font-size: 11.175257731959pt;" aria-label="MS14068 (9 items)">MS14068</a> <a href="https://adsecurity.org/?tag=passthehash" class="tag-cloud-link tag-link-44 tag-link-position-28" style="font-size: 9.7319587628866pt;" aria-label="PassTheHash (7 items)">PassTheHash</a> <a href="https://adsecurity.org/?tag=powershell" class="tag-cloud-link tag-link-575 tag-link-position-29" style="font-size: 18.536082474227pt;" aria-label="PowerShell (31 items)">PowerShell</a> <a href="https://adsecurity.org/?tag=powershellcode" class="tag-cloud-link tag-link-22 tag-link-position-30" style="font-size: 14.927835051546pt;" aria-label="PowerShellCode (17 items)">PowerShellCode</a> <a href="https://adsecurity.org/?tag=powershellhacking" class="tag-cloud-link tag-link-68 tag-link-position-31" style="font-size: 8pt;" aria-label="PowerShellHacking (5 items)">PowerShellHacking</a> <a href="https://adsecurity.org/?tag=powershellv5" class="tag-cloud-link tag-link-69 tag-link-position-32" style="font-size: 8pt;" aria-label="PowerShellv5 (5 items)">PowerShellv5</a> <a href="https://adsecurity.org/?tag=powersploit" class="tag-cloud-link tag-link-232 tag-link-position-33" style="font-size: 10.453608247423pt;" aria-label="PowerSploit (8 items)">PowerSploit</a> <a href="https://adsecurity.org/?tag=presentation" class="tag-cloud-link tag-link-422 tag-link-position-34" style="font-size: 9.7319587628866pt;" aria-label="Presentation (7 items)">Presentation</a> <a href="https://adsecurity.org/?tag=security" class="tag-cloud-link tag-link-576 tag-link-position-35" style="font-size: 8pt;" aria-label="Security (5 items)">Security</a> <a href="https://adsecurity.org/?tag=silverticket" class="tag-cloud-link tag-link-304 tag-link-position-36" style="font-size: 11.175257731959pt;" aria-label="SilverTicket (9 items)">SilverTicket</a> <a href="https://adsecurity.org/?tag=sneakyadpersistence" class="tag-cloud-link tag-link-596 tag-link-position-37" style="font-size: 9.0103092783505pt;" aria-label="SneakyADPersistence (6 items)">SneakyADPersistence</a> <a href="https://adsecurity.org/?tag=spn" class="tag-cloud-link tag-link-294 tag-link-position-38" style="font-size: 9.0103092783505pt;" aria-label="SPN (6 items)">SPN</a> <a href="https://adsecurity.org/?tag=tgs" class="tag-cloud-link tag-link-528 tag-link-position-39" style="font-size: 9.0103092783505pt;" aria-label="TGS (6 items)">TGS</a> <a href="https://adsecurity.org/?tag=tgt" class="tag-cloud-link tag-link-529 tag-link-position-40" style="font-size: 9.0103092783505pt;" aria-label="TGT (6 items)">TGT</a> <a href="https://adsecurity.org/?tag=windows7" class="tag-cloud-link tag-link-117 tag-link-position-41" style="font-size: 8pt;" aria-label="Windows7 (5 items)">Windows7</a> <a href="https://adsecurity.org/?tag=windows10" class="tag-cloud-link tag-link-494 tag-link-position-42" style="font-size: 10.453608247423pt;" aria-label="Windows10 (8 items)">Windows10</a> <a href="https://adsecurity.org/?tag=windowsserver2008r2" class="tag-cloud-link tag-link-46 tag-link-position-43" style="font-size: 9.0103092783505pt;" aria-label="WindowsServer2008R2 (6 items)">WindowsServer2008R2</a> <a href="https://adsecurity.org/?tag=windowsserver2012" class="tag-cloud-link tag-link-47 tag-link-position-44" style="font-size: 11.175257731959pt;" aria-label="WindowsServer2012 (9 items)">WindowsServer2012</a> <a href="https://adsecurity.org/?tag=windowsserver2012r2" class="tag-cloud-link tag-link-54 tag-link-position-45" style="font-size: 9.7319587628866pt;" aria-label="WindowsServer2012R2 (7 items)">WindowsServer2012R2</a></div> </div><div id="search-2" class="sidebar-wrap widget_search"><form class="searchform" method="get" action="https://adsecurity.org"> <div class="input-group"> <div class="form-group live-search-input"> <label for="s" class="screen-reader-text">Search for:</label> <input type="text" id="s" name="s" class="form-control" placeholder="Search"> </div> <span class="input-group-btn"> <button class="btn btn-default" type="submit"><i class="fa fa-search"></i></button> </span> </div> </form></div> <div id="recent-posts-2" class="sidebar-wrap widget_recent_entries"> <h3>Recent Posts</h3> <ul> <li> <a href="https://adsecurity.org/?p=4436">BSides Dublin – The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations – Sean Metcalf</a> </li> <li> <a href="https://adsecurity.org/?p=4434">DEFCON 2017: Transcript – Hacking the Cloud</a> </li> <li> <a href="https://adsecurity.org/?p=4432">Detecting the Elusive: Active Directory Threat Hunting</a> </li> <li> <a href="https://adsecurity.org/?p=4430">Detecting Kerberoasting Activity</a> </li> <li> <a href="https://adsecurity.org/?p=4428">Detecting Password Spraying with Security Event Auditing</a> </li> </ul> </div><div id="recent-comments-2" class="sidebar-wrap widget_recent_comments"><h3>Recent Comments</h3><ul id="recentcomments"><li class="recentcomments"><span class="comment-author-link">Derek</span> on <a href="https://adsecurity.org/?p=3592#comment-13603">Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory</a></li><li class="recentcomments"><span class="comment-author-link"><a href="https://ADSecurity.org" class="url" rel="ugc">Sean Metcalf</a></span> on <a href="https://adsecurity.org/?p=3782#comment-13545">Securing Microsoft Active Directory Federation Server (ADFS)</a></li><li class="recentcomments"><span class="comment-author-link">Brad</span> on <a href="https://adsecurity.org/?p=3782#comment-13544">Securing Microsoft Active Directory Federation Server (ADFS)</a></li><li class="recentcomments"><span class="comment-author-link">Joonas</span> on <a href="https://adsecurity.org/?p=3719#comment-13229">Gathering AD Data with the Active Directory PowerShell Module</a></li><li class="recentcomments"><span class="comment-author-link"><a href="https://ADSecurity.org" class="url" rel="ugc">Sean Metcalf</a></span> on <a href="https://adsecurity.org/?p=3719#comment-13215">Gathering AD Data with the Active Directory PowerShell Module</a></li></ul></div><div id="archives-2" class="sidebar-wrap widget_archive"><h3>Archives</h3> <ul> <li><a href='https://adsecurity.org/?m=202406'>June 2024</a></li> <li><a href='https://adsecurity.org/?m=202405'>May 2024</a></li> <li><a href='https://adsecurity.org/?m=202005'>May 2020</a></li> <li><a href='https://adsecurity.org/?m=202001'>January 2020</a></li> <li><a href='https://adsecurity.org/?m=201908'>August 2019</a></li> <li><a href='https://adsecurity.org/?m=201903'>March 2019</a></li> <li><a href='https://adsecurity.org/?m=201902'>February 2019</a></li> <li><a href='https://adsecurity.org/?m=201810'>October 2018</a></li> <li><a href='https://adsecurity.org/?m=201808'>August 2018</a></li> <li><a href='https://adsecurity.org/?m=201805'>May 2018</a></li> <li><a href='https://adsecurity.org/?m=201801'>January 2018</a></li> <li><a href='https://adsecurity.org/?m=201711'>November 2017</a></li> <li><a href='https://adsecurity.org/?m=201708'>August 2017</a></li> <li><a href='https://adsecurity.org/?m=201706'>June 2017</a></li> <li><a href='https://adsecurity.org/?m=201705'>May 2017</a></li> <li><a href='https://adsecurity.org/?m=201702'>February 2017</a></li> <li><a href='https://adsecurity.org/?m=201701'>January 2017</a></li> <li><a href='https://adsecurity.org/?m=201611'>November 2016</a></li> <li><a href='https://adsecurity.org/?m=201610'>October 2016</a></li> <li><a href='https://adsecurity.org/?m=201609'>September 2016</a></li> <li><a href='https://adsecurity.org/?m=201608'>August 2016</a></li> <li><a href='https://adsecurity.org/?m=201607'>July 2016</a></li> <li><a href='https://adsecurity.org/?m=201606'>June 2016</a></li> <li><a href='https://adsecurity.org/?m=201604'>April 2016</a></li> <li><a href='https://adsecurity.org/?m=201603'>March 2016</a></li> <li><a href='https://adsecurity.org/?m=201602'>February 2016</a></li> <li><a href='https://adsecurity.org/?m=201601'>January 2016</a></li> <li><a href='https://adsecurity.org/?m=201512'>December 2015</a></li> <li><a href='https://adsecurity.org/?m=201511'>November 2015</a></li> <li><a href='https://adsecurity.org/?m=201510'>October 2015</a></li> <li><a href='https://adsecurity.org/?m=201509'>September 2015</a></li> <li><a href='https://adsecurity.org/?m=201508'>August 2015</a></li> <li><a href='https://adsecurity.org/?m=201507'>July 2015</a></li> <li><a href='https://adsecurity.org/?m=201506'>June 2015</a></li> <li><a href='https://adsecurity.org/?m=201505'>May 2015</a></li> <li><a href='https://adsecurity.org/?m=201504'>April 2015</a></li> <li><a href='https://adsecurity.org/?m=201503'>March 2015</a></li> <li><a href='https://adsecurity.org/?m=201502'>February 2015</a></li> <li><a href='https://adsecurity.org/?m=201501'>January 2015</a></li> <li><a href='https://adsecurity.org/?m=201412'>December 2014</a></li> <li><a href='https://adsecurity.org/?m=201411'>November 2014</a></li> <li><a href='https://adsecurity.org/?m=201410'>October 2014</a></li> <li><a href='https://adsecurity.org/?m=201409'>September 2014</a></li> <li><a href='https://adsecurity.org/?m=201408'>August 2014</a></li> <li><a href='https://adsecurity.org/?m=201407'>July 2014</a></li> <li><a href='https://adsecurity.org/?m=201406'>June 2014</a></li> <li><a href='https://adsecurity.org/?m=201405'>May 2014</a></li> <li><a href='https://adsecurity.org/?m=201404'>April 2014</a></li> <li><a href='https://adsecurity.org/?m=201403'>March 2014</a></li> <li><a href='https://adsecurity.org/?m=201402'>February 2014</a></li> <li><a href='https://adsecurity.org/?m=201307'>July 2013</a></li> <li><a href='https://adsecurity.org/?m=201211'>November 2012</a></li> <li><a href='https://adsecurity.org/?m=201203'>March 2012</a></li> <li><a href='https://adsecurity.org/?m=201202'>February 2012</a></li> </ul> </div><div id="categories-2" class="sidebar-wrap widget_categories"><h3>Categories</h3> <ul> <li class="cat-item cat-item-565"><a href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a> </li> <li class="cat-item cat-item-55"><a href="https://adsecurity.org/?cat=55">Apple Security</a> </li> <li class="cat-item cat-item-431"><a href="https://adsecurity.org/?cat=431">Cloud Security</a> </li> <li class="cat-item cat-item-17"><a href="https://adsecurity.org/?cat=17">Continuing Education</a> </li> <li class="cat-item cat-item-396"><a href="https://adsecurity.org/?cat=396">Entertainment</a> </li> <li class="cat-item cat-item-347"><a href="https://adsecurity.org/?cat=347">Exploit</a> </li> <li class="cat-item cat-item-1039"><a href="https://adsecurity.org/?cat=1039">Hacking</a> </li> <li class="cat-item cat-item-168"><a href="https://adsecurity.org/?cat=168">Hardware Security</a> </li> <li class="cat-item cat-item-172"><a href="https://adsecurity.org/?cat=172">Hypervisor Security</a> </li> <li class="cat-item cat-item-126"><a href="https://adsecurity.org/?cat=126">Linux/Unix Security</a> </li> <li class="cat-item cat-item-343"><a href="https://adsecurity.org/?cat=343">Malware</a> </li> <li class="cat-item cat-item-11"><a href="https://adsecurity.org/?cat=11">Microsoft Security</a> </li> <li class="cat-item cat-item-819"><a href="https://adsecurity.org/?cat=819">Mitigation</a> </li> <li class="cat-item cat-item-48"><a href="https://adsecurity.org/?cat=48">Network/System Security</a> </li> <li class="cat-item cat-item-7"><a href="https://adsecurity.org/?cat=7">PowerShell</a> </li> <li class="cat-item cat-item-698"><a href="https://adsecurity.org/?cat=698">RealWorld</a> </li> <li class="cat-item cat-item-21"><a href="https://adsecurity.org/?cat=21">Security</a> </li> <li class="cat-item cat-item-234"><a href="https://adsecurity.org/?cat=234">Security Conference Presentation/Video</a> </li> <li class="cat-item cat-item-1045"><a href="https://adsecurity.org/?cat=1045">Security Recommendation</a> </li> <li class="cat-item cat-item-24"><a href="https://adsecurity.org/?cat=24">Technical Article</a> </li> <li class="cat-item cat-item-4"><a href="https://adsecurity.org/?cat=4">Technical Reading</a> </li> <li class="cat-item cat-item-2"><a href="https://adsecurity.org/?cat=2">Technical Reference</a> </li> <li class="cat-item cat-item-156"><a href="https://adsecurity.org/?cat=156">TheCloud</a> </li> <li class="cat-item cat-item-930"><a href="https://adsecurity.org/?cat=930">Vulnerability</a> </li> </ul> </div><div id="meta-2" class="sidebar-wrap widget_meta"><h3>Meta</h3> <ul> <li><a href="https://adsecurity.org/wp-login.php">Log in</a></li> <li><a href="https://adsecurity.org/?feed=rss2">Entries feed</a></li> <li><a href="https://adsecurity.org/?feed=comments-rss2">Comments feed</a></li> <li><a href="https://wordpress.org/">WordPress.org</a></li> </ul> </div> </div> </div> <div id="sidebar_bottom" class="sidebar widget-area row footer-widget-col-3"> <div id="text-2" class="sidebar-wrap widget_text col-sm-4"><h3>Copyright</h3> <div class="textwidget">Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2020.</div> </div> </div> <div id="footer" class="row default-footer"> <div class="copyright-developer"> <div id="copyright"> <p>Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. </p> </div> <div id="developer"> <p> Made with <i class="fa fa-heart"></i> by <a href="https://www.graphene-theme.com/" rel="nofollow">Graphene Themes</a>. </p> </div> </div> </div> </div>  <script>  </script> <script type="text/javascript" src="https://secure.statcounter.com/counter/counter.js" async></script> <noscript><div class="statcounter"><a title="web analytics" href="https://statcounter.com/"><img class="statcounter" src="https://c.statcounter.com/10100711/0/4b306538/1/" alt="web analytics" /></a></div></noscript>  <a href="#" id="back-to-top" title="Back to top"><i class="fa fa-chevron-up"></i></a> <script type="text/javascript" id="tptn_tracker-js-extra"> /* <![CDATA[ */ var ajax_tptn_tracker = {"ajax_url":"https:\/\/adsecurity.org\/wp-admin\/admin-ajax.php","top_ten_id":"3719","top_ten_blog_id":"1","activate_counter":"11","top_ten_debug":"0","tptn_rnd":"1396581256"}; /* ]]> */ </script> <script type="text/javascript" src="https://adsecurity.org/wp-content/plugins/top-10/includes/js/top-10-tracker.min.js?ver=1.0" id="tptn_tracker-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-includes/js/comment-reply.min.js?ver=6.5.5" id="comment-reply-js" async="async" data-wp-strategy="async"></script> </body> </html>