MichaelGrafnetter
commented
3 years ago Hi @modem2k2 yes, that would be nice and I actually already thought about adding such feature.
Open modem2k2 opened 3 years ago
MichaelGrafnetter
commented
3 years ago Hi @modem2k2 yes, that would be nice and I actually already thought about adding such feature.
arsalanaltaf432
commented
2 years ago Does DSInternals support getting password hash from Azure Active Directory(AAD)? (In AAD password hash are stored in SHA256)
MichaelGrafnetter
commented
2 years ago Does DSInternals support getting password hash from Azure Active Directory(AAD)? (In AAD password hash are stored in SHA256)
It's PBKDF2 actually and nope, there is no publicly available API for retrieving hashes from AAD.
arsalanaltaf432
commented
2 years ago Does DSInternals support getting password hash from Azure Active Directory(AAD)? (In AAD password hash are stored in SHA256)
It's PBKDF2 actually and nope, there is no publicly available API for retrieving hashes from AAD.
Thanks Michael. I have one more question does DSInternals support remote calls or it just works locally for Active Directory?
MichaelGrafnetter
commented
2 years ago Thanks Michael. I have one more question does DSInternals support remote calls or it just works locally for Active Directory?
Depends on what command you are asking about, as there are 30+cmdlets in DSInternals and some of them work with local backups of AD data and others communicate with DCs remotely over the network. See the documentation.
I'd be happy to answer any other questions you might have, but just please open new threads/issues, if they are unrelated to LAPS support.
I have been testing the tool in my AD environment with LAPS enabled on many machines, although Get-ADDBAccount it works perfectly on my ntds.dis does not seem to be able to extract the clear credentials associated with the local Administrator computer accounts (stored under ms-MCS-adminpwd ). I think it would be an interesting feature and there is no tool right now that allows to do this.