TechJam Active Directory Auditing Presenter Matt Warburton Professional Services



Similar documents
Active Directory Commands ( )

Step-by-Step Guide to Bulk Import and Export to Active Directory

Step-by-Step Guide to Active Directory Bulk Import and Export

Active Directory Manager Pro New Features

Module 4: Implementing User, Group, and Computer Accounts

Owner of the content within this article is Written by Marc Grote

Active Directory Friday: All Articles. Jaap Brasser

The following gives an overview of LDAP from a user's perspective.

Introduction Installing and Configuring the LDAP Server Configuring Yealink IP Phones Using LDAP Phonebook...

About the Authors Fundamentals p. 1 Introduction to LDAP and Active Directory p. 3 A Brief History of Directory Services p. 3 Definition of LDAP p.

R4: Configuring Windows Server 2008 Active Directory

Searching for accepting?

LDAP Server Configuration Example

Configuring Windows Server 2008 Active Directory

GlobalSign Enterprise Solutions

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Integrating LANGuardian with Active Directory

Stellar Active Directory Manager

HOW TO: Customise the style of the display name in Active Directory Users and Computers and the GAL

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Using VBScript to Automate User and Group Administration

WINDOWS 2000 Training Division, NIC

How To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log

Exam : Administrating Windows Server 2012 R2. Course Overview

11 essential tools for managing Active Directory

Configuring Sponsor Authentication

Hands-On Microsoft Windows Server 2008

Module 4. Managing Groups. Contents: Lesson 1: Overview of Groups 4-3. Lesson 2: Administer Groups Lab A: Administer Groups 4-36

IPBrick - Member of AD domain IPBrick iportalmais

WHITE PAPER BT Sync, the alternative for DirSync during Migrations

Module 1: Introduction to Active Directory Infrastructure

Troubleshooting Active Directory Server

JiJi Active Directory Reports JiJi Active Directory Reports User Manual

Integrating Webalo with LDAP or Active Directory

70-417: Upgrading Your Skills to MCSA Windows Server 2012

6425C - Windows Server 2008 R2 Active Directory Domain Services

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

User Management Resource Administrator. Managing LDAP directory services with UMRA

Restructuring Active Directory Domains Within a Forest

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Active Directory Cleaner User Guide 1. Active Directory Cleaner User Guide

AD Schema Update IPBrick iportalmais

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Chapter 10 Encryption Service

StarTeam/CaliberRM LDAP QuickStart Manager Administration Guide

Using LDAP Authentication in a PowerCenter Domain

Preface. DirXmetahub Document Set

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

How to monitor AD security with MOM

Exam : Installing and Configuring Windows Server 2012

ibaan ERP 5.2a Configuration Guide for ibaan ERP Windows Client

Configuring User Identification via Active Directory

LDAP Server Configuration Example

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

FOREFRONT IDENTITY MANAGEMENT

Module 3: Implementing an Organizational Unit Structure

Active Directory Sync (AD) How it Works in WhosOnLocation

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Managing Identities and Admin Access

Understand Troubleshooting Methodology

Avatier Identity Management Suite

BlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services

Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure

Admin Report Kit for Active Directory

User Migration Tool. Note. Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1) 1

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Avatier Identity Management Suite

Samba and LDAP in 30 Minutes

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

SchoolBooking LDAP Integration Guide

Version 7.5 Backup and Recovery Guide

Windows Server 2003 Logon Scripts Paul Flynn

Getting Started with Clearlogin A Guide for Administrators V1.01

How To Install And Manage Exchange 2007 With Hostda.Com (Hostda) On A Single Server With Hostdroid (Hostdda) (Hostmaster) ( (Webmaster) And Hostda (Hosting

Course 6425C: Five days

CISNTWK-492e. Microsoft Exchange Server 2003 Administration. Chapter Five Managing Addresses

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide

Z-Term V4 Administration Guide

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services

Microsoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF)

How To Write A Gpmc Script For A Gpc (Windows 2003) On A Windows 2000 (Windows 2000) On Your Computer Or Your Computer (Windows 3) On An Ipad Or Ipad (Windows 2) On The Macbook

The client transfer between epo servers guide. McAfee Drive Encryption 7.1.3

LT Auditor Windows Assessment SP1 Installation & Configuration Guide

ADMT v3 Migration Guide

Nexio Insight LDAP Synchronization Service

This is a training module for Maximo Asset Management V7.1. It demonstrates how to use the E-Audit function.

Top 10 Security Hardening Settings for Windows Servers and Active Directory

Mailbox Recovery for Microsoft Exchange 2000 Server. Published: August 2000 Updated: July 2002 Applies To: Microsoft Exchange 2000 Server SP3

Transcription:

TechJam Active Directory Auditing Presenter Matt Warburton Professional Services

Objectives Automate Auditing of Active Directory Review an Array of Examples Minimize Security Related Risk Address Compliance Auditing Requirements Use Available Tools/Technologies Kaseya Scripting, Documents & Logging LDAP Data Interchange Format Data Exchange (LDIFDE) Tool Comma Separated Values Data Exchange (CSVDE) Tool VBScript/Active Directory Services Interface (ADSI) Answer Questions 2

Review Examples Group Memberships Enterprise Admins, Domain Admins, All Groups User Account Control Disabled, Enabled Users, Non-Expiring Password Users Legacy/Deleted Disabled Computers, Old Computers, Deleted Objects Logon Information User Last Logon Date Other Exchange Mailbox Users, Domain Trusts, Group Policy Objects 3

LDIFDE Syntax LDIFDE -? Export Specific =============== -d RootDN The root of the LDAP search (Default to Naming Context) -r Filter LDAP search filter (Default to "(objectclass=*)") -p SearchScope Search Scope (Base/OneLevel/Subtree) -l list List of attributes (comma separated) to look for in an LDAP search -o list List of attributes (comma separated) to omit from input. -g Disable Paged Search. -m Enable the SAM logic on export. -n Do not export binary values -x Include deleted objects (tombstones) LDAP Search Filters Search filter criteria can be combined using Boolean operators expressed in prefix notation as follows: (Boolean-operator(filter)(filter)(filter)...) where Boolean-operator is any one of the Boolean operators listed below. Boolean operators can be combined and nested together to form complex expressions, such as: (Boolean-operator(filter)(Boolean-operator(filter)(filter))) The Boolean operators available for use with search filters include the following: Operator Symbol Description AND & All specified filters must be true for the statement to be true. OR At least one specified filter must be true for the statement to be true. NOT! The specified filter must not be true for the expression to be true. 4

LDIFDE (Group Memberships) Enterprise Admins -f GroupMembership-Enterprise_Admins.txt -d "DC=home,DC=local" -r "(&(objectcategory=group)(name=enterprise Admins))" -l "cn,grouptype,member" Domain Admins -f GroupMembership-Domain_Admins.txt -d "DC=home,DC=local" -r "(&(objectcategory=group)(name=domain Admins))" -l "cn,grouptype,member" All Groups -f GroupMemberships-All.txt -d "DC=home,DC=local" -r "(objectclass=group)" -l "cn,grouptype,member" 5

LDIFDE (User Account Control) Disabled Users -f UserAccounts-Disabled.txt -r "(&(objectcategory=person)(objectclass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2))" -l "dn,cn,givenname,sn,useraccountcontrol" Enabled Users -f UserAccounts-Enabled.txt -r "(&(objectcategory=person)(objectclass=user)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))" -l "dn,cn,givenname,sn,useraccountcontrol" Users with Non-Expiring Passwords -f UserAccounts-NonExpiringPasswords.txt -r "(&(objectcategory=person)(objectclass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=65536))" -l "dn,cn,givenname,sn,useraccountcontrol" 6

LDIFDE (Legacy/Deleted) Disabled Computers -f DisabledComputers.txt -r "(&(objectcategory=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=2))" -l "dn,cn Old Computers -f OldComputers.txt -r "(&(objectcategory=computer)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))" -l "dn,cn,whenchanged Deleted Objects -f DeletedObjects.txt -d "cn=deleted objects,dc=home,dc=local" -x l "dn,distinguishedname,samaccountname,whenchanged,lastknownparent,objectclass,isdeleted" 7

VBScript/ADSI (Logon Information) LastLogon.vbs Enumerate All AD Users Calculate Last Logon Date Export List to Delimited File Syntax: CSCRIPT.EXE LastLogon.vbs outputfilename 8

LDIFDE (Other) Exchange Mailbox Users -f ExchangeMailboxUsers.txt -r "(&(&(& (mailnickname=*) ( (&(objectcategory=person)(objectclass=user)( (homemdb=*)(msexchhomeservername=*))) ))))" -l "dn,cn,givenname,sn,mailnickname,msexchhomeservername,homemdb,mail,proxyaddresses" Trusted Domains -f TrustedDomains.txt -r "(&(objectcategory=trusteddomain)(cn=*))" Group Policy Objects -f GroupPolicies.txt -r "(objectclass=grouppolicycontainer)" 9

Resources WikiPedia LDIF http://en.wikipedia.org/wiki/ldap_data_interchange_format Microsoft LDIFDE Syntax http://support.microsoft.com/kb/237677 Computer Performance LDIFDE/CSVDE References/Examples http://www.computerperformance.co.uk/logon/csvde_ldifde.htm 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information