ghost
commented
2 years ago or is it possible to feed the module a user list?
Closed ghost closed 2 years ago
ghost
commented
2 years ago or is it possible to feed the module a user list?
MichaelGrafnetter
commented
2 years ago @njbaker7 Could you please clarify which cmdlet you are talking about? DSInternals contains more than 30. But I will presume that you have Get-ADDBAccount or Get-ADReplAccount in mind.
You could do standard PowerShell filtering:
Get-ADReplAccount ... | where DistinguishedName -like '*,OU=Employees,DC=contoso,DC=com'Or indeed provide a list of users:
Get-ADUser -Filter * -SearchBase 'OU=Employees,DC=contoso,DC=com' | select DistinguishedName | Get-ADReplAccount ...And similarly with Get-ADDBAccount. BTW, almost all parameters of these commands accept pipeline input (SamAccountName, DistinguishedName, UserPrincipalName, SID, Guid).
ghost
commented
2 years ago I am new to the DSInternals script. I was attempting to retrieve AD passwords remotely but from a specific OU as opposed to all users.
ghost
commented
2 years ago Got it working! thank you!
ghost
commented
2 years ago One last question, if I may, is there anyway to pass an NT hash into the $cred = Get-Credential command?
MichaelGrafnetter
commented
2 years ago One last question, if I may, is there anyway to pass an NT hash into the $cred = Get-Credential command?
Nope, that is not possible with the built-in Windows API the cmdlets are based on. But you could execute powershell.exe using mimikatz and perform the pass-the-hash attack, as with any other Windows app that uses Integrated Windows Authentication.
ghost
commented
2 years ago Thank you again for the help.
I was wondering if there was a way to grab all the users from a specific ou? If you could please provide an example. Thank you!