Clik here to view.
Difference between ADFS and Dirsync
DirSync and ADFS are totally different: DirSync allows you to synch your AD on Office 365, that way this creates all users/groups on Office 365 based on your AD; this means 2 different accounts and...
View ArticleClik here to view.
How To Automate Changing The Local Administrator Password
Finally! http://blogs.technet.com/b/askpfeplat/archive/2014/05/19/how-to-automate-changing-the-local-administrator-password.aspx
View ArticleClik here to view.
Server 2012 R2 Domain controller on server 2003 functional domain
“The Windows Server 2003 domain and forest functional levels are deprecated. When you create a new domain or forest, you should consider using a functional level from Windows Server 2008 or newer. When...
View ArticleClik here to view.
Detecting intrusions using Windows event log monitoring
The NSA released a PDF entitled “Spotting the Adversary with Windows Event Log Monitoring” earlier this year. The good news is it’s probably one of the most detailed documents I’ve seen in a long time....
View ArticleClik here to view.
Better protect against “Pass the Hash” attacks
Resources materials: http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf...
View ArticleClik here to view.
Advanced XML filtering in the Windows Event Viewer
http://blogs.technet.com/b/askds/archive/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer.aspx http://blog.oneboredadmin.com/2013/05/filtering-windows-event-log-using-xpath.html
View ArticleClik here to view.
List of most common and useful Windows Event IDs
Here is a list of the most common / useful Windows Event IDs. Event Log, Source EventID EventID Description Pre-vista Post-Vista Security, Security 512 4608 Windows NT is starting up. Security,...
View ArticleClik here to view.
Penetration testing resources
Hi, Here are list of web resources about Penetration techniques (pentest)/forensics techniques etc: Definitions: http://en.wikipedia.org/wiki/Penetration_test ;...
View ArticleClik here to view.
Powershell: One-liners to Get You Started
The server rebooted recently – who did it and when exactly? Event ID 1074 covers a few activities beyond reboots, such as shutdown Get-EventLog -log system –newest 1000 | where-object {$_.eventid –eq...
View ArticleClik here to view.
Windows forensics: have I been hacked?
Main question is: How do I know if I have been hacked? additional resources on my blog: http://wp.me/p15Zft-od and some other links: http://www.computerforensicsworld.com/,...
View ArticleClik here to view.
Powershell: how to mail enable a group using Quest and Exchange
http://smtpport25.wordpress.com/2010/07/19/tips-on-quest-and-exchange-shell-and-to-manage-groups-and-group-members/ Note: to mail enable a group, using Exchange powershell cmdlet do:...
View ArticleClik here to view.
Certsrv prompted for credentials !
One of the issues we run into when requesting new certificates from ADCS is the dreaded 401 Unauthorized issue with Certsrv. Symptom Type the URL for your Certificate Server http://server/certsrv You...
View ArticleClik here to view.
Best Practices for AD DS Backup and Recovery
The AD DS domain/forest recovery is a very complex procedure that requires regular hands on and proper isolated recovery environment (hyper/V or vmware isolated LAN). AD DS forest recovery guidelines...
View ArticleClik here to view.
Windows Server 2012 IPAM
IP Address Management (IPAM) in Windows Server 2012 is a framework for discovering, monitoring, managing and auditing IP address space on a corporate network. IPAM provides the following features:...
View ArticleClik here to view.
Active Directory ldap conformance and ldap filters
reference: http://msdn.microsoft.com/en-us/library/cc223241.aspx ldap filters: http://msdn.microsoft.com/en-us/library/aa746475%28v=vs.85%29.aspx
View ArticleClik here to view.
AD object permissions, how to hide AD data, impact on ldap search and browsing
AD object permissions: http://www.selfadsi.org/deep-inside/ad-security-descriptors.htm http://technet.microsoft.com/en-us/library/cc740104(v=ws.10).aspx How to hide AD data: part 1:...
View ArticleClik here to view.
How to use fiddler to analyse a SAML request from ADFS
http://msinnovations.wordpress.com/2011/05/24/using-fiddler-to-trace-a-saml-idp-request-from-adfs-2-0/
View ArticleClik here to view.
How to move a Secondary ADFS to Primary?
When you deploy AD FS 2.x out of the box and install in a default setup, it will make use of a Windows Internal Database (WID) The default setup for the WID database is that the Primary AD FS server...
View ArticleClik here to view.
How to check expired certificates on multiple computers or user AD attribute?
How to check expired certificates on multiple computer? Just use the Invoke-Command to the Dir command and make sure PowerShell remoting has been set up by using Enable-PSRemoting on the target serv...
View ArticleClik here to view.
AD CS (PKI): how to renew root and issuing CA certificates?
How to renew root CA certificate: http://www.youtube.com/watch?v=Q-1Y1ZI9R6k How to renew issuing CA certificate: http://www.youtube.com/watch?v=7t9ZgD_xuaA
View Article