Fast Dangling SPN identification includes false positives.

TrimarcJake / BlueTuxedo

A tiny tool to find and fix common misconfigurations in Active Directory-integrated DNS

Other

99 stars 7 forks source link

Fast Dangling SPN identification includes false positives. #30

Closed TrimarcJake closed 1 month ago

TrimarcJake commented 2 months ago

As mentioned here: https://github.com/TrimarcJake/BlueTuxedo/pull/28#issuecomment-2323323853

SPNs on DCs such as ldap/3bffb92d-4949-47f1-b861-e24f1414a63a._msdcs.BlueTuxedo.DanglingSPNs.lol are not dangling SPNs and should be filtered from the list.

The original Get-BTDanglingSPN filtered out SPNs on DCs that had a GUID in the host portion. Probably need to restore that functionality.

TrimarcJake commented 1 month ago

Resolved in 523d82274cd8c824f21c8bca5552e9ac86ea4d1b