Practical audit advice you can use today.
# 9 : Active Directory Auditing & Security
Active Directory under Windows 2003 and Windows 2008 can be a very powerful resource for both auditors and security researchers. In this episode we examine some uses of the DSQuery and DSGet tools.
How can you find out who the users are in your domain? Is there a way to easily extract all of the logon ids for all of the users? Is there an easy way to find out who the members of certain groups are? How about finding accounts that are set with a non-expiring password?
All of these things and more can be found with DSQuery and are demonstrated in this episode. For more information, the show notes are available at http://it-audit.sans.org/blog/2011/08/02/episode-9-easy-but-useful-windows-domain-queries/
Please feel free to send in any questions or post comments over on the show notes!
© 2011, David Hoelzer & EnclaveForensics