systemFlags attribute
Decimal Bit Mask Description 1 0x00000001 When applied to an attribute, the attribute will not be replicated.When applied to a…
Knowledge Base
searchFlags attribute
The searchFlags attribute determines the search behaviour of a schema attribute. Decimal Bit mask Code Description 1 0x00000001 fATTINDEX Create…
Port 389 may not be as much of a problem as they are telling you it is
This article is loosely based on my German blog article from 2024 (here). Almost every AD security assessment, penetration test…
PowerShell: Get Well-Known Objects (WKO)
Depending on your environment, default well-known containers may have been renamed or, for example, default locations for new users and…
PowerShell: Getting JIT group memberships
If you are using temporary group memberships introduced as a part of the Privileged Access Management optional feature in Server…
LDAP Controls in Active Directory
To get the currently supported LDAP controls, you can query rootDSE: Be aware that, although the client-side controls “bitwise matching…
LDAP Capabilities in Active Directory
To get the currently supported LDAP capabilities, you can query rootDSE: Currently the following capabilities are supported: OID Capability 1.2.840.113556.1.4.800…
PowerShell: Resolve dsHeursitics
This function is handy for resolving dsHeuristics values:
dsHeuristics behavior manipulation
Many aspects of ADs behavior are governed by the dsHeuristics attribute of the Directory Service configuration object: In contrast to…
DSA Heuristics on Domain Controllers
Besides dsHeuristics which is stored in the configuration partition, Domain Controllers’ behavior is also governed by the DSA Heuristics value…