Am I locked out? Where? How?

CoolCryEmbarassedFoot in MouthFrownInnocentKissLaughingAccount lockout feature is one of the powerful methods in order to prevent password related attacks. Using this method victim user account will be locked out after a number of failed attempts in a specific period of time. This feature has found its way to a lot of other technologies these days. My cellphone will be locked out after three wrong passwords and will not be able to work for about 2 minutes.
Although this policy can help you to prevent attackers from guessing user’s password, it is important to consider the risk provided by this solution in your environment because authorized users can lock themselves by mistyping their passwords when they do not remember the password. This problem can be quite costly for your organization, because locked out accounts will be unable to logon unless their accounts unlocks automatically after specific period of time or get unlocked by an administrator. 

Read more...

Manipulate delegation wizard in Active Directory

Delegation Wizard is one of the great features in delegating permissions to a group or user in order to delegate the responsibility and administering of objects in Active Directory. This wizard is maintained using delegwiz.inf file in each domain controller. In this tutorial we will cover how to manipulate this wizard and add our custom tasks into the default tasks of Delegation Wizard.

Manipulating the delegation wizard is not a difficult process. Firstly you have to navigate to %systemroot% and copy the delegwiz.inf file to your desktop. We have to do this because the file is protected and you are not allowed to overwrite the file. Once you copied the file you open it using notepad and edit using the following way.

Read more...

What is Secure Channel in Active Directory?

Another episode of Detailed Concepts has been released. In today’s article we are going to cover what is secure channel and how does it work. Not only we are going to discuss what it is happening behind a secure channel, but also required steps in order to troubleshoot the broken secure channel will be explained.

Read more...

Why DNS Scavenging is not working?

Scavenging feature in DNS is one of the tricky features of DNS console. Although it is quite easy to understand the concepts and configuration of scavenging feature, I have seen many cases where stale records are not being scavenged due to a misconfiguration. 

In order to scavenge your records automatically, you must prepare the environment and configure the appropriate settings. These settings reside in both DNS and DHCP console. Firstly you need to make sure that you have configured the DHCP lease time properly. The default value for DHCP lease time is 8 days. You can configure it to your desired value but you need to keep this in mind that when you are configuring the DHCP lease time, you must configure the Refresh-interval and Non_Refresh interval based on the value of DHCP lease time. Let’s clarify this with an example.

Read more...

Manipulating Active Directory search and add custom attribute

As you know search function in Active Directory plays a key role in finding your appropriate objects within your environment. You can use different methods in order to find a specific object. There are tools to perform this option, Powershell is my cool friend in searching and search function in Active Directory is another method. Sometimes you may need to search for an object based on your criteria which is a custom attribute. Suppose you have manipulated the schema and added your custom attributes and now you want to move one step forward and import this newly created attribute to the default attributes of search function in active directory. In this tutorial, firstly I create an attribute and after that, adding it to the search attributes will be explained.

Read more...

About Mahdi

Post Archive

Limit Active Directory user login to 1 session

Written By Mahdi Tehrani on Wednesday, 02 August 2017 10:21

The auditor of auditors: 'LepideAuditor Suite'

Written By Mahdi Tehrani on Tuesday, 23 May 2017 10:56

Protect your domain against WannaCry malware

Written By Mahdi Tehrani on Sunday, 14 May 2017 09:42

‘List Object Mode’ in Active Directory, a myth or future settings?

Written By Mahdi Tehrani on Thursday, 13 April 2017 08:47

Fix Group Policy error 1058

Written By Mahdi Tehrani on Saturday, 30 April 2016 09:32

Statistics

Map