Closed jsdhasfedssad closed 11 months ago
Can you explicitely specify the target domain controller (for the child domain), and try again? I would also make bloodhound or dacledit analysis to assert 100% that you have the right to edit the msDS-KeyCredentialLink attribute, because the tool seems to return a permissions issue, which comes directly from the domain controller
I actually did try targeting the child domain DC and tried checking access rights using dacledit.py before posting. Here is a screenshot of the first but I had issues using dacledit.py so I have no screenshot of that at the moment. I will try again.
Alright, then I think it's most likely your user doesn't really have the permission to do shadow creds on the target for some reason.
You were right. Strangely enough adlab_shadow1
did not have write access to child_domainuser1
despite the settings in ADUC...
Authenticating using adlab.local\administrator
works.
Active Directory shenanigans 🤷 Enjoy! Closing
Hi,
Thank you for this tool.
During testing of the new cross-domain shadow credential writing I encountered an issue. As you can see in the pictures,
adlab.local\adlab_shadow1
has full control ofchild.adlab.local\child_domainuser1
but still the writing of shadow credentials fails due to insufficient rights. I have no issues writing shadow credentials within a domain.The trust involved is a parent-child trust where
adlab.local
is the parent domain andchild.adlab.local
is the child domain.