ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. active directory domain
    Log in to post
    • All categories
    • gjacobseG

      Active Directory Domain name

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion domain name registration domain name active directory active directory domain
      54
      0 Votes
      54 Posts
      6k Views
      dbeatoD

      @scottalanmiller said in Active Directory Domain name:

      @stacksofplates said in Active Directory Domain name:

      @dbeato said in Active Directory Domain name:

      @scottalanmiller said in Active Directory Domain name:

      used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

      The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

      Yeah from a quick search looks like at least GoDaddy and Digicert offered them.

      Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.

      https://cabforum.org/internal-names/

      Damn, that's a major security hole! So I could go get a cert issued for a domain someone else used and there had to be zero verification since.... there was nothing to verify!

      Yup.

    • WrCombsW

      Anyway I can Learn AD?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion active directory domain windows administration
      82
      0 Votes
      82 Posts
      7k Views
      thwrT

      @pmoncho said in Anyway I can Learn AD?:

      @WrCombs said in Anyway I can Learn AD?:

      @pmoncho said in Anyway I can Learn AD?:

      wrcombs.com is available. Go register it for a year at godaddy (or whoever) for $12.

      Then, like @thwr pointed out in his list, use something like ad.wrcombs.com as your AD domain.

      doesn't sound horrible. thanks.

      Welcome. Staying away from .local domains, plus knowing you are not using somebody else's domain will make your life SO MUCH easier. No need to start learning bad habits in the beginning.

      ^ this

    • IT-ADMINI

      How Can You Prevent Non-Domain Users from Getting an IP Configuration

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion active directory domain active directory network access control security networking
      16
      0 Votes
      16 Posts
      2k Views
      scottalanmillerS

      Discussion on the policy side of this is over here:

      https://mangolassi.it/topic/20894/policies-vs-network-access-control

    • gjacobseG

      Server 2012 PS: Script to find OU path

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion server2012 server 2012 aduc active directory domain ou path
      6
      3 Votes
      6 Posts
      983 Views
      dbeatoD

      @scottalanmiller said in Server 2012 PS: Script to find OU path:

      @dbeato he's looking for NTG admin accounts on someone else's domain.

      Good!

    • EddieJenningsE

      Logging Domain user authentication failures

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion audit policy windows domain server 2012 active directory active directory domain group policy
      5
      0 Votes
      5 Posts
      2k Views
      travisdh1T

      @eddiejennings said in Logging Domain user authentication failures:

      @travisdh1 said in Logging Domain user authentication failures:

      @eddiejennings No OSSEC, Wazuh, or some other security monitoring available? All of them monitor logins by default that I've looked at. Should be easy to customize a report for whatever you need.

      I haven't had to set this up in a Windows environment yet, so I'm also curious as to what you end up doing.

      We do have ExtraHop; however, it's not capturing all the traffic it should (and another team is in charge of its configuration), so using auditing on the domain controllers is a bit of a stop-gap measure.

      Ah. What an ..... effective use of resources.

      Good luck, ExtraHop is very nice, but like every other tool, it's useless untill deployed properly.

    • EddieJenningsE

      Domaing Joining Windows Servers

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows server infrastructure active directory domain
      20
      0 Votes
      20 Posts
      3k Views
      J

      @eddiejennings said in Domaing Joining Windows Servers:

      @tim_g said in Domaing Joining Windows Servers:

      Seems odd you'd have the least secure systems on the domain, the client computers... and not have the most secure systems on the domain, the servers. With your DC and hypervisor being on the domain, how many times have those been compromised? Do you not update your servers? Do they all have internet access

      To my knowledge they haven't been. No. All servers receive Windows updates. Yes.

      And I agree, this is odd. This, and so many other things, are being fixed one bite at a time.

      Set your firewall to drop outbound traffic from servers that don't need Internet access. Point those servers to a local WSUS server for updates. Allow the WSUS server to get out to Internet. You can set local policy and point servers to WSUS, if they aren't domain joined. That way, servers can be updated but lower attack vector as they cannot get online.

    • gjacobseG

      AD User Tool: Bulk AD User

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion server 2012 r2 security ad active directory domain domain active directory password reset password
      15
      1 Votes
      15 Posts
      4k Views
      DashrenderD

      @dbeato said in AD User Tool: Bulk AD User:

      @Dashrender Then, he needs to force it with Powershell no just a GUI....

      Agreed.

    • OksanaO

      Intraforest migration in Windows Server 2016 using Active Directory Migration Tool v3.2

      Watching Ignoring Scheduled Pinned Locked Moved Starwind windows server active directory domain admt active directory migration tool vbscript powershell admt snap-in intraforest migration migration
      1
      1 Votes
      1 Posts
      2k Views
      No one has replied
    • 1 / 1