This might be specific to my Windows Server environment and PoSH scripting, but using
-SeachBase with PowerShell’s
Get-ADComputer gives me faster results. You can use this for your own advantage, here is a little example to speed up AD DS queries.
Ryan McFarland writes on his blog:
“Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you start to filter through what is normal and what isn’t. It eventually becomes easier to know what to look for rather than digging through everything hoping to find that needle in the haystack. Hopefully this guide will provide a good foundation to build upon and get you started.”
There are a lot of hints & tips out there for troubleshooting SPNs, or Service Principal Names. Listing duplicate SPNs is fairly easy, just use
setspn -X on your command-line and you’ll find out. But how do you find out which SPNs are used for which users and computers are used for this?
When promoting a Windows Server 2012 R2 to a Domain Controller failed…
The other day, when I attempted to add a newly installed Active Directory to become the slave domain controller of a master, the error message “A domain rename operation is already in progress” was displayed. Promoting the Windows Server 2012 R2 server to a Domain Controller failed.