-
-
Notifications
You must be signed in to change notification settings - Fork 256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Retrieve the "lastPwdSet" and "mail" attributes from Get-ADDBAccount and Get-ADReplAccount #134
Comments
Hello @yanncam , the Other methods can be used to read these standard attributes:
That being said, I might add support for these attributes in a future version of DSInternals. |
Hello @MichaelGrafnetter, than you for the quick answer. I understand that the objective of DSInternals is towards the secrets sequestered in the AD, it is not a classic LDAP / AD browser of course. A definite advantage of DSInternals is that it is notably able to extract information from an AD in offline mode (via the ntds.dit) or in online mode. When we talk about secrets, and in particular LM / NTLM hashes, DSInternals is already very well equipped to extract them, their history, compare them to the HaveIBeenPwned database with the "Test Password Quality", etc. However, from all these functions, it is not possible to extract the Why do I think these two attributes are of interest regarding secrets?
For me these attributes have a real interest during the analysis of secrets, precisely to take concrete actions against these accounts subsequently. Yes, I agree, other standard AD query tools (online) would make it possible to retrieve these elements but would require cross-checking the results, making data crossovers between DSInternals and the tools, with risks correlation errors. If DSInternals integrated these two attributes directly, that would greatly facilitate the task, especially in the event of forensic analysis on an offline ntds.dit following a compromise of an Active Directory ecosystem for example. Thank you for your interest and have a nice day, |
yanncam Good reasoning, added to my backlog. |
👍 ! Thank you for consider it :) ! |
Hello,
I open an issue for enhancement. I have check issues (open/closed) and made some tests with
Get-ADDBAccount
andGet-ADReplAccount
but I can't retrieve the following user account's attributes that I need :mail
: the corporate email of the identity specified stored in the Active DirectorylastPwdSet
: the timestamp of the last update of the passwordAs example, from an
ntds.dit
file, I have tried:In this example, there is the
LastLogonDate
attribute (obviously empty for krbtgt, but not for other users).But no "LastPwdSet" nor "mail".
When I pipe the previous command and
select *
, some others attributes are available:In the previous output, we can see the new
LastLogonTimestamp
orLastLogon
attributes available.But no
LastPwdSet
normail
.Same with the pipe
| Format-List -Property *
.Get-ADDBAccount
andGet-ADReplAccount
(or I'm totaly blind 😎) ?LastPwdSet
andmail
attributes viaGet-ADDBAccount
andGet-ADReplAccount
?Thank you again for your great work,
Sincerely,
The text was updated successfully, but these errors were encountered: