AD Object Detection: Detecting the undetectable (dynamicObject)

What an auditor want to make sure is that you have non-repudiation in place. This also applies to forensic work. You want to make sure you can track the activity to a person and to do that we need to first identify the user account. But what if it just has disappeared from Active Directory?…

0

Effective Rights - What can users do?

I guess I’m not the only one that have been sitting and wondering .. Hmm.. What permissions does these users got in Active Directory actually? I can see a lot of groups in the access control list but how do I relate that to a certain user. Ok, we got the Effective Rights tab under…

1

Take Control Over AD Permissions and the AD ACL Scanner Tool

What is the state of your delegation? Have you a documented and recent report over the permissions in your Active Directory? Have you granted permissions on the relevant OU’s in the past and left it like this ever since?? Maybe it’s time to take a look again to see what’s actually delegated in Active Directory?…


Do You Allow Blank Passwords In Your Domain?

Do you or did you back in the days use your own code or a third party tool to create user accounts that did not update the userAccountControl attribute after the account was created? Well then there’s a change you might have accounts in your domain that are allowed blank passwords or even worse have…

9