Comments (3)
You can use getObjectAttributes with ms-mcs-AdmPwd
to read a LAPS password on a computer object that has LAPS installed of course. You also need to have All Extended rights permissions on the object (by default for domain Admins). In order to check if LAPS is installed as a simple user you can query ms-mcs-AdmPwdExpirationTime
and see if there is any result.
More information: https://adsecurity.org/?p=3164
from bloodyad.
Good. You write that checking "ms-mcs-AdmPwdExpirationTime" can output a result. However, when I try this I get an error. Either this property cannot be used in the way you say or something is broken. I get the same error when checking "ms-mcs-AdmPwd" but I can't tell if that is due to me not having LAPS installed or your tool being broken.
from bloodyad.
It means that those attributes are not part of the schema of your AD. Maybe because you didn't install LAPS on your AD?
from bloodyad.
Related Issues (20)
- Issue with pathgen HOT 1
- ldap3.core.exceptions.LDAPNoSuchObjectResult HOT 1
- Bloodhound 4.2.0 released, new edges added HOT 1
- Missing winkerberos HOT 1
- pip install bloodyad error HOT 2
- ldap3.core.exceptions.LDAPStartTLSError HOT 6
- module "setGenericAll" remove permissions does not work HOT 3
- module "addUser" adjust help text HOT 1
- Execute addComputer. An error is reported when executing the new version, but the old version can execute normally HOT 4
- Permission Issues and Constraint Errors even with Bloodhound saying its vuln HOT 3
- "ModuleNotFoundError: No module named 'bloodyAD.cli_modules'" in BloodyAD 0.1.9 HOT 12
- Request: Support for toggling inheritance on containers and OUs HOT 2
- Filtering "get children" on type "user" does not work HOT 5
- "get writable" errors with "Logon failure" in some cases HOT 9
- add computer - LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - ERROR_LOGON_FAILURE: Logon failure: Unknown user name or bad password. - bindResponse - None HOT 12
- Unspecified GSS failure. HOT 3
- improve --resolve-sd output HOT 2
- add authentication test HOT 1
- Cannot add, remove, or modify SPNs HOT 6
- Can I modify a computer sAMAccountName through bloodyAD ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bloodyad.