en-US/DSInternals.PowerShell.dll-Help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-ADDBSidHistory</command:name> <command:verb>Add</command:verb> <command:noun>ADDBSidHistory</command:noun> <maml:description> <maml:para>Adds one or more values to the sIDHistory attribute of an object in a ntds.dit file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet can be used to add any value to the sIDHistory attribute by directly modifying the Active Directory database. Note that the Active Directory Migration Tool (ADMT) is the only supported way of modifying the sIDHistory attribute.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-ADDBSidHistory</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History"> <maml:name>SidHistory</maml:name> <maml:Description> <maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Add-ADDBSidHistory</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History"> <maml:name>SidHistory</maml:name> <maml:Description> <maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Add-ADDBSidHistory</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History"> <maml:name>SidHistory</maml:name> <maml:Description> <maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Add-ADDBSidHistory</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History"> <maml:name>SidHistory</maml:name> <maml:Description> <maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History"> <maml:name>SidHistory</maml:name> <maml:Description> <maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier[]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Stop-Service -Name ntds -Force PS C:\> Add-ADDBSidHistory -SamAccountName John ` -SidHistory 'S-1-5-21-3623811102-3361044346-30300840-512', 'S-1-5-21-3623811102-3361044346-30300840-519' ` -DatabasePath C:\Windows\NTDS\ntds.dit PS C:\> Start-Service -Name ntds</dev:code> <dev:remarks> <maml:para>Adds the SIDs of the Domain Admins and Enterprise Admins groups into user John 's sIDHistory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Import-Csv user.csv | Add-ADDBSidHistory -DatabasePath C:\Windows\NTDS\ntds.dit</dev:code> <dev:remarks> <maml:para>Imports a CSV file containing SamAccountName and SidHistory columns into a nds.dit file.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADDBSidHistory.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBPrimaryGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBDomainController</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-ADReplNgcKey</command:name> <command:verb>Add</command:verb> <command:noun>ADReplNgcKey</command:noun> <maml:description> <maml:para>Composes and updates the msDS-KeyCredentialLink value on an object through the MS-DRSR protocol.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet wraps the IDL_DRSWriteNgcKey RPC call.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-ADReplNgcKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicKey</maml:name> <maml:Description> <maml:para>Specifies the NGC key value.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Add-ADReplNgcKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam, AccountName, User"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory account.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="AccountDomain, UserDomain"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the NetBIOS domain name of the target Active Directory account.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicKey</maml:name> <maml:Description> <maml:para>Specifies the NGC key value.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Add-ADReplNgcKey</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicKey</maml:name> <maml:Description> <maml:para>Specifies the NGC key value.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Add-ADReplNgcKey</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory account.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicKey</maml:name> <maml:Description> <maml:para>Specifies the NGC key value.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Add-ADReplNgcKey</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicKey</maml:name> <maml:Description> <maml:para>Specifies the NGC key value.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="UPN"> <maml:name>UserPrincipalName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory account.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="AccountDomain, UserDomain"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the NetBIOS domain name of the target Active Directory account.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory object.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory account.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicKey</maml:name> <maml:Description> <maml:para>Specifies the NGC key value.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam, AccountName, User"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory account.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="UPN"> <maml:name>UserPrincipalName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the target Active Directory account.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Add-ADReplNgcKey -UserPrincipalName 'john@contoso.com' -Server LON-DC1 -PublicKey 525341310008000003000000000100000000000000000000010001C1A78914457758B0B13C70C710C7F8548F3F9ED56AD4640B6E6A112655C98ECAC1CBD68A298F5686C08439428A97FE6FDF58D78EA481905182BAD684C2D9C5CDE1CDE34AA19742E8BBF58B953EAC4C562FCF598CC176B02DBE9FFFEF5937A65815C236F92892F7E511A1FEDD5483CB33F1EA715D68106180DED2432A293367114A6E325E62F93F73D7ECE4B6A2BCDB829D95C8645C3073B94BA7CB7515CD29042F0967201C6E24A77821E92A6C756DF79841ACBAAE11D90CA03B9FCD24EF9E304B5D35248A7BD70557399960277058AE3E99C7C7E2284858B7BF8B08CDD286964186A50A7FCBCC6A24F00FEE5B9698BBD3B1AEAD0CE81FEA461C0ABD716843A5</dev:code> <dev:remarks> <maml:para>Registers the specified NGC public key for user john@contoso.com .</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADReplNgcKey.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertFrom-ADManagedPasswordBlob</command:name> <command:verb>ConvertFrom</command:verb> <command:noun>ADManagedPasswordBlob</command:noun> <maml:description> <maml:para>Decodes the value of the msDS-ManagedPassword attribute of a Group Managed Service Account.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Decodes the MSDS-MANAGEDPASSWORD_BLOB structure containing a group-managed service account's password information.</maml:para> <maml:para>The password is actually a cryptographically generated array of 256 bytes that is represented as an 128 characters long UTF-16 string.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertFrom-ADManagedPasswordBlob</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="msDS-ManagedPassword, ManagedPassword, ManagedPasswordBlob"> <maml:name>Blob</maml:name> <maml:Description> <maml:para>Specifies the binary value stored in the msDS-ManagedPassword attribute.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="msDS-ManagedPassword, ManagedPassword, ManagedPasswordBlob"> <maml:name>Blob</maml:name> <maml:Description> <maml:para>Specifies the binary value stored in the msDS-ManagedPassword attribute.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.ManagedPassword</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> $gmsa = Get-ADServiceAccount -Identity 'SQL_HQ_Primary' -Properties 'msDS-ManagedPassword' PS C:\> ConvertFrom-ADManagedPasswordBlob -Blob $gmsa.'msDS-ManagedPassword' <# Sample Output: Version : 1 CurrentPassword : 湤ୟɰ橣낔饔ᦺ几᧾ʞꈠ⿕ՔὬ랭뷾햾咶郸�렇ͧ퀟럓몚ꬶ佩䎖∘Ǐ㦗ן뱷鼹⽩Ⲃ⫝咽㠅E䠹鸞왶婰鞪 PreviousPassword : QueryPasswordInterval : 29.17:15:36.3736817 UnchangedPasswordInterval : 29.17:10:36.3736817 #></dev:code> <dev:remarks> <maml:para>Decodes the managed password information from a group-managed service account (GMSA) called SQL_HQ_Primary . The user retrieving the managed password needs to be listed in the PrincipalsAllowedToRetrieveManagedPassword property of the GMSA.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertFrom-ADManagedPasswordBlob.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADServiceAccount</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adserviceaccount</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADServiceAccount</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-adserviceaccount</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-ADServiceAccount</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/powershell/module/addsadministration/new-adserviceaccount</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertFrom-GPPrefPassword</command:name> <command:verb>ConvertFrom</command:verb> <command:noun>GPPrefPassword</command:noun> <maml:description> <maml:para>Decodes a password from the format used by Group Policy Preferences.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{Fill in the Description}}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertFrom-GPPrefPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none"> <maml:name>EncryptedPassword</maml:name> <maml:Description> <maml:para>Provide an encrypted password from a Group Policy Preferences XML file.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none"> <maml:name>EncryptedPassword</maml:name> <maml:Description> <maml:para>Provide an encrypted password from a Group Policy Preferences XML file.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertFrom-GPPrefPassword.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertFrom-UnicodePassword</command:name> <command:verb>ConvertFrom</command:verb> <command:noun>UnicodePassword</command:noun> <maml:description> <maml:para>Decodes a password from the format used in unattend.xml files.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{Fill in the Description}}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertFrom-UnicodePassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>UnicodePassword</maml:name> <maml:Description> <maml:para>Specifies the encoded password that should be decoded.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>UnicodePassword</maml:name> <maml:Description> <maml:para>Specifies the encoded password that should be decoded.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertFrom-UnicodePassword.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertTo-GPPrefPassword</command:name> <command:verb>ConvertTo</command:verb> <command:noun>GPPrefPassword</command:noun> <maml:description> <maml:para>Converts a password to the format used by Group Policy Preferences.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{Fill in the Description}}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertTo-GPPrefPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Provide a password in the form of a SecureString.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Provide a password in the form of a SecureString.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Security.SecureString</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-GPPrefPassword.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertTo-Hex</command:name> <command:verb>ConvertTo</command:verb> <command:noun>Hex</command:noun> <maml:description> <maml:para>Helper cmdlet that converts binary input to a hexadecimal string.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Converts a byte array to its hexadecimal representation.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertTo-Hex</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none"> <maml:name>Input</maml:name> <maml:Description> <maml:para>Specifies the binary input in the form of an array of bytes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UpperCase</maml:name> <maml:Description> <maml:para>Indicates that the output should be encoded using uppercase characters instead of lowercase ones.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none"> <maml:name>Input</maml:name> <maml:Description> <maml:para>Specifies the binary input in the form of an array of bytes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UpperCase</maml:name> <maml:Description> <maml:para>Indicates that the output should be encoded using uppercase characters instead of lowercase ones.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Byte[]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> ConvertTo-Hex -Input 0,255,32 00ff20</dev:code> <dev:remarks> <maml:para>Converts the byte array to its hexadecimal representation, using lowercase characters.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> ConvertTo-Hex -Input 0,255,32 -UpperCase 00FF20</dev:code> <dev:remarks> <maml:para>Converts the byte array to its hexadecimal representation, using uppercase characters.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-Hex.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertTo-KerberosKey</command:name> <command:verb>ConvertTo</command:verb> <command:noun>KerberosKey</command:noun> <maml:description> <maml:para>Computes Kerberos keys from a given password using Kerberos version 5 Key Derivation Functions.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Supports the derivation of AES256, AES128 and DES encryption keys. To calculate the RC4 key, the ConvertTo-NTHash cmdlet should be used instead.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertTo-KerberosKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Specifies an input password from which kerberos keys will be derived.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="s"> <maml:name>Salt</maml:name> <maml:Description> <maml:para>Specifies the salt parameter of the string-to-key functions.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="i"> <maml:name>Iterations</maml:name> <maml:Description> <maml:para>Specifies the iteration count parameter of the string-to-key functions.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>4096</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="i"> <maml:name>Iterations</maml:name> <maml:Description> <maml:para>Specifies the iteration count parameter of the string-to-key functions.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>4096</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Specifies an input password from which kerberos keys will be derived.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="s"> <maml:name>Salt</maml:name> <maml:Description> <maml:para>Specifies the salt parameter of the string-to-key functions.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.KerberosKeyDataNew</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> $pwd = ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force PS C:\> ConvertTo-KerberosKey -Password $pwd -Salt 'CONTOSO.COMAdministrator' <# Sample Output: AES256_CTS_HMAC_SHA1_96 Key: 660e61042b190b5724c62bb473facca12058fb9ad3c03c0d2809f839c0352502 Iterations: 4096 AES128_CTS_HMAC_SHA1_96 Key: bd75e98362b16649ffbaed630d5341d0 Iterations: 4096 DES_CBC_MD5 Key: aed02c52204ca2ce Iterations: 4096 #></dev:code> <dev:remarks> <maml:para>Applies 3 different kerberos key derivation functions to the specified password and salt.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-KerberosKey.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>ConvertTo-NTHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>ConvertTo-LMHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertTo-LMHash</command:name> <command:verb>ConvertTo</command:verb> <command:noun>LMHash</command:noun> <maml:description> <maml:para>Calculates LM hash of a given password.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Applies the Lan Manager one-way function (LM OWF) to a given cleartext password and returns the resulting hash.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertTo-LMHash</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Specifies a password in the form of a SecureString.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Specifies a password in the form of a SecureString.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Security.SecureString</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> ConvertTo-LMHash cmdlet ConvertTo-LMHash at command pipeline position 1 Supply values for the following parameters: (Type !? for Help.) Password: ******** 727e3576618fa1754a3b108f3fa6cb6d</dev:code> <dev:remarks> <maml:para>Reads a password from the command line and calculates its LM hash.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> $pwd = ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force PS C:\> ConvertTo-LMHash -Password $pwd 727e3576618fa1754a3b108f3fa6cb6d</dev:code> <dev:remarks> <maml:para>Calculates the LM hash of password Pa$$w0rd .</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-LMHash.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>ConvertTo-NTHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>ConvertTo-KerberosKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertTo-NTHash</command:name> <command:verb>ConvertTo</command:verb> <command:noun>NTHash</command:noun> <maml:description> <maml:para>Calculates NT hash of a given password.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Applies the NT one-way function (NT OWF) to a given cleartext password and returns the resulting hash, which is just the MD4 hash function applied to the UTF-16 encoded input.</maml:para> <maml:para>This hash is sometimes called NTLM hash, because it is mainly used in the NTLM(v2) network authentication protocol.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertTo-NTHash</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Specifies a password in the form of a SecureString.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Specifies a password in the form of a SecureString.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Security.SecureString</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> ConvertTo-NTHash cmdlet ConvertTo-NTHash at command pipeline position 1 Supply values for the following parameters: (Type !? for Help.) Password: ******** 92937945b518814341de3f726500d4ff</dev:code> <dev:remarks> <maml:para>Reads a password from the command line and calculates its NT hash.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> $pwd = ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force PS C:\> ConvertTo-NTHash -Password $pwd 92937945b518814341de3f726500d4ff</dev:code> <dev:remarks> <maml:para>Calculates the NT hash of password Pa$$w0rd .</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-NTHash.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>ConvertTo-LMHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>ConvertTo-KerberosKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertTo-OrgIdHash</command:name> <command:verb>ConvertTo</command:verb> <command:noun>OrgIdHash</command:noun> <maml:description> <maml:para>Calculates OrgId hash of a given password. Used by Azure Active Directory Connect.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The OrgId hash is defined as PBKDF2( UTF-16( ToUpper( ToHex( MD4( UTF-16(plaintext))))), RND(10), 1000, HMAC-SHA256, 32).</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertTo-OrgIdHash</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="h"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Provide a 16-byte NT Hash of user's password in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="s"> <maml:name>Salt</maml:name> <maml:Description> <maml:para>Provide a 10-byte salt in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>ConvertTo-OrgIdHash</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Provide a password in the form of a SecureString.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="s"> <maml:name>Salt</maml:name> <maml:Description> <maml:para>Provide a 10-byte salt in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="h"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Provide a 16-byte NT Hash of user's password in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Provide a password in the form of a SecureString.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="s"> <maml:name>Salt</maml:name> <maml:Description> <maml:para>Provide a 10-byte salt in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Security.SecureString</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Byte[]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> $pwd = ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force PS C:\> ConvertTo-OrgIdHash -Password $pwd <# Sample Output: v1;PPH1_MD4,60eaffd2c886b419df7a,1000,ab9c532104713157395a70da85cc8a1b418508753c6997f02341d541328ef16b; #></dev:code> <dev:remarks> <maml:para>Calculates the OrgId hash from a cleartext password using a random salt.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> ConvertTo-OrgIdHash -NTHash 92937945b518814341de3f726500d4ff <# Sample Output: v1;PPH1_MD4,46c0c5d9095185ce5cf8,1000,6bb7b360d9105ed5157460b343d5d143e465a59195bc9b568718268c334ea4a9; #></dev:code> <dev:remarks> <maml:para>Calculates the OrgId hash from a NT hash while using a random salt.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> ConvertTo-OrgIdHash -NTHash 92937945b518814341de3f726500d4ff -Salt a42b92067e4b8123101a <# Sample Output: v1;PPH1_MD4,a42b92067e4b8123101a,1000,f0fc762ea9051ef754652becd83ee5e54c1c857c1c0965abac5d85de9c143911; #></dev:code> <dev:remarks> <maml:para>Calculates the OrgId hash from a NT hash while using the given salt.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-OrgIdHash.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>ConvertTo-NTHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>ConvertTo-UnicodePassword</command:name> <command:verb>ConvertTo</command:verb> <command:noun>UnicodePassword</command:noun> <maml:description> <maml:para>Converts a password to the format used in unattend.xml or *.ldif files.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{Fill in the Description}}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>ConvertTo-UnicodePassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Specifies a password that will be converted to the specifiet format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsUnattendPassword</maml:name> <maml:Description> <maml:para>Indicates that the result should be in the format for unattend.xml instead of *.ldif.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsUnattendPassword</maml:name> <maml:Description> <maml:para>Indicates that the result should be in the format for unattend.xml instead of *.ldif.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Password</maml:name> <maml:Description> <maml:para>Specifies a password that will be converted to the specifiet format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-UnicodePassword.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Disable-ADDBAccount</command:name> <command:verb>Disable</command:verb> <command:noun>ADDBAccount</command:noun> <maml:description> <maml:para>Disables an Active Directory account in an offline ntds.dit file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Finds an account in Active Directory database file and modifies the appropriate bit in its userAccountControl attribute.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Disable-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Disable-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Disable-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Disable-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Disable-ADDBAccount -SamAccountName john -DatabasePath .\ntds.dit</dev:code> <dev:remarks> <maml:para>Finds an account with name john and disables it.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Disable-ADDBAccount.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Enable-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Enable-ADDBAccount</command:name> <command:verb>Enable</command:verb> <command:noun>ADDBAccount</command:noun> <maml:description> <maml:para>Enables an Active Directory account in an offline ntds.dit file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Finds an account in Active Directory database file and modifies the appropriate bit in its userAccountControl attribute.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Enable-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Enable-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Enable-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Enable-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Enable-ADDBAccount -SamAccountName john -DatabasePath .\ntds.dit</dev:code> <dev:remarks> <maml:para>Finds an account with name john and enables it.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Enable-ADDBAccount.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Disable-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADDBAccount</command:name> <command:verb>Get</command:verb> <command:noun>ADDBAccount</command:noun> <maml:description> <maml:para>Reads one or more accounts from a ntds.dit file, including secret attributes.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Reads one or more accounts from an Active Directory database file. When provided with a boot key (AKA SysKey or system key), it also decrypts secret attributes.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllAccounts, ReturnAllAccounts"> <maml:name>All</maml:name> <maml:Description> <maml:para>Indicates that all accounts will be read from the selected database.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADDBAccount</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADDBAccount</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADDBAccount</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADDBAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllAccounts, ReturnAllAccounts"> <maml:name>All</maml:name> <maml:Description> <maml:para>Indicates that all accounts will be read from the selected database.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.DSAccount</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBAccount -SamAccountName Administrator ` -DatabasePath 'C:\IFM Backup\Active Directory\ntds.dit' <# Sample Output: DistinguishedName: CN=Administrator,CN=Users,DC=contoso,DC=com Sid: S-1-5-21-1236425271-2880748467-2592687428-500 Guid: b3d02974-6b1c-484c-9103-fd2f60d592c4 SamAccountName: Administrator SamAccountType: User UserPrincipalName: PrimaryGroupId: 513 SidHistory: Enabled: True UserAccountControl: NormalAccount, PasswordNeverExpires AdminCount: True Deleted: False LastLogonDate: 2/23/2015 10:27:18 AM DisplayName: GivenName: Surname: Description: Built-in account for administering the computer/domain ServicePrincipalName: SecurityDescriptor: DiscretionaryAclPresent, SystemAclPresent, DiscretionaryAclAutoInherited, SystemAclAutoInherited, DiscretionaryAclProtected, SelfRelative Owner: S-1-5-21-1236425271-2880748467-2592687428-512 Secrets NTHash: LMHash: NTHashHistory: LMHashHistory: SupplementalCredentials: Key Credentials: Credential Roaming Created: Modified: Credentials: #></dev:code> <dev:remarks> <maml:para>Retrieves information about a single account from an Active Directory database. Secret attributes are not decrypted as no boot key is provided.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> $key = Get-BootKey -SystemHiveFilePath 'C:\IFM Backup\registry\SYSTEM' PS C:\> Get-ADDBAccount -DistinguishedName: 'CN=Joe Smith,OU=Employees,DC=contoso,DC=com' ` -BootKey $key ` -DatabasePath 'C:\IFM Backup\Active Directory\ntds.dit' <# Sample Output: DistinguishedName: CN=Joe Smith,OU=Employees,DC=contoso,DC=com Sid: S-1-5-21-1236425271-2880748467-2592687428-1110 Guid: 6fb7aca4-fe85-4dc5-9acd-b5b2529fe2bc SamAccountName: joe SamAccountType: User UserPrincipalName: joe@contoso.com PrimaryGroupId: 513 SidHistory: Enabled: True UserAccountControl: NormalAccount, PasswordNeverExpires AdminCount: False Deleted: False LastLogonDate: 2/23/2015 10:27:18 AM DisplayName: Joe Smith GivenName: Joe Surname: Smith Description: ServicePrincipalName: SecurityDescriptor: DiscretionaryAclPresent, SystemAclPresent, DiscretionaryAclAutoInherited, SystemAclAutoInherited, SelfRelative Owner: S-1-5-21-1236425271-2880748467-2592687428-512 Secrets NTHash: 92937945b518814341de3f726500d4ff LMHash: NTHashHistory: Hash 01: 92937945b518814341de3f726500d4ff LMHashHistory: Hash 01: 30ce97eef1084cf1656cc4be70d68600 SupplementalCredentials: ClearText: NTLMStrongHash: 2c6d57beebeafdae65b3f40f2a0d5430 Kerberos: Credentials: DES_CBC_MD5 Key: 7f16bc4ada0b8a52 OldCredentials: Salt: CONTOSO.COMjoe Flags: 0 KerberosNew: Credentials: AES256_CTS_HMAC_SHA1_96 Key: cd541be0838c787b5c6a34d7b19274aee613545a0e6cc6f5ac5918d8a464d24f Iterations: 4096 AES128_CTS_HMAC_SHA1_96 Key: 5c88972747bd454704c117ae52c474e4 Iterations: 4096 DES_CBC_MD5 Key: 7f16bc4ada0b8a52 Iterations: 4096 OldCredentials: OlderCredentials: ServiceCredentials: Salt: CONTOSO.COMjoe DefaultIterationCount: 4096 Flags: 0 WDigest: Hash 01: 61fed940f0e8d03a49d3727f55800497 Hash 02: a1d54499dda6a6b5431f29a8d741a640 Hash 03: b6cdf00bc0c4578992f718de81251721 Hash 04: 61fed940f0e8d03a49d3727f55800497 Hash 05: a1d54499dda6a6b5431f29a8d741a640 Hash 06: 9a8991bd99763df2e37f1e1e67d71cc8 Hash 07: 61fed940f0e8d03a49d3727f55800497 Hash 08: 8a9fe94883c8ccf3bcfc6591ddd2288f Hash 09: 8a9fe94883c8ccf3bcfc6591ddd2288f Hash 10: 1b7b16b49ecd8d9d59c1d0db6fa2cc36 Hash 11: d4c24695cfa4dc3810a469d5efb8ecaf Hash 12: 8a9fe94883c8ccf3bcfc6591ddd2288f Hash 13: a5b8aa5088280298c8c27fa99dcaa1e3 Hash 14: d4c24695cfa4dc3810a469d5efb8ecaf Hash 15: 1aa8e567622fe53d6fb36f1f34f12aaa Hash 16: 1aa8e567622fe53d6fb36f1f34f12aaa Hash 17: 2af425244079f8f45927c34fa115e45b Hash 18: cf283a35102b820e25003b1ddf270221 Hash 19: b98c902c57449253e6f06b5d585866bd Hash 20: 2a690b1eeda9cb8f3157a4a3ba0be9c3 Hash 21: af2654776d5f9f27f3283ecb0aa25011 Hash 22: af2654776d5f9f27f3283ecb0aa25011 Hash 23: ba6fe0513ed2a60ec253a41bbde6a837 Hash 24: 8bf5a67b598087be948e040f85c72b4d Hash 25: 8bf5a67b598087be948e040f85c72b4d Hash 26: aa5ff46d23a5c7ebd603e1793225350d Hash 27: 656b6a7f5b52d05b3ce9168a2b7ac8ac Hash 28: ae884c92ecd87e8d54f1844f09c5a519 Hash 29: a500a9e26afc9f817df8a07e15771577 Key Credentials: Usage=NGC, Source=ActiveDirectory, Device=1966d4da-14da-4581-a7a7-5e8e07e93ad9, Created=8/1/2019 10:53:12 PM, LastLogon=8/1/2019 10:53:12 PM Usage=NGC, Source=ActiveDirectory, Device=cfe9a872-13ff-4751-a777-aec88c30a762, Created=8/1/2019 11:09:15 PM, LastLogon=8/1/2019 11:09:15 PM Credential Roaming Created: 3/12/2017 9:15:56 AM Modified: 3/13/2017 10:01:18 AM Credentials: DPAPIMasterKey: joe\Protect\S-1-5-21-1236425271-2880748467-2592687428-1110\47070660-c259-4d90-8bc9-187605323450 DPAPIMasterKey: joe\Protect\S-1-5-21-1236425271-2880748467-2592687428-1110\7fc19508-7b85-4a7c-9e5d-15f9e00e7ce5 CryptoApiCertificate: joe\SystemCertificates\My\Certificates\574E4687133998544C0095C7B348C52CD398182E CNGCertificate: joe\SystemCertificates\My\Certificates\3B83BFA7037F6A79B3F3D17D229E1BC097F35B51 RSAPrivateKey: joe\Crypto\RSA\S-1-5-21-1236425271-2880748467-2592687428-1110\701577141985b6923998dcca035c007a_f8b7bbef-d227-4ac7-badd-3a238a7f741e CNGPrivateKey: joe\Crypto\Keys\E8F13C2BA0209401C4DFE839CD57375E26BBE38F #></dev:code> <dev:remarks> <maml:para>Retrieves information about a single account from an Active Directory database. Secret attributes are decrypted using the provided boot key.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> $results = Get-ADDBAccount -DatabasePath '.\Active Directory\ntds.dit' ` -BootKey acdba64a3929261b04e5270c3ef973cf ` -All | Test-PasswordQuality -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt</dev:code> <dev:remarks> <maml:para>Performs an offline credential hygiene audit of AD database against HIBP.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBAccount -All -DatabasePath ntds.dit -BootKey $key | Format-Custom -View PwDump | Out-File -FilePath users.pwdump -Encoding ascii</dev:code> <dev:remarks> <maml:para>Exports NT and LM password hashes from an Active Directory database to a pwdump file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBBackupKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' ` -BootKey 0be7a2afe1713642182e9b96f73a75da | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ADDBAccount -All -DatabasePath '.\ADBackup\Active Directory\ntds.dit' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code> <dev:remarks> <maml:para>Extracts DPAPI backup keys and roamed credentials (certificates, private keys, and DPAPI master keys) from an Active Directory database file and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 6 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBAccount -All -DatabasePath '.\ADBackup\Active Directory\ntds.dit' | Select-Object -ExpandProperty KeyCredentials | Where-Object Usage -eq NGC | Format-Table -View ROCA <# Sample Output: Usage IsWeak Source DeviceId Created Owner ----- ------ ------ -------- ------- ----- NGC True AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 CN=John Doe,CN=Users,DC=contoso,DC=com NGC False AD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 CN=Jane Doe,CN=Users,DC=contoso,DC=com #></dev:code> <dev:remarks> <maml:para>Lists weak public keys registered in Active Directory that were generated on ROCA-vulnerable TPMs.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 7 --------------------------</maml:title> <dev:code>PS C:\> $dc = Get-ADDBDomainController -DatabasePath '.\ADBackup\Active Directory\ntds.dit' PS C:\> $adminSid = '{0}-500' -f $dc.DomainSid PS C:\> $account = Get-ADDBAccount -Sid $adminSid ` -DatabasePath '.\ADBackup\Active Directory\ntds.dit' ` -BootKey 0be7a2afe1713642182e9b96f73a75da</dev:code> <dev:remarks> <maml:para>Retrieves information about a the the built-in Administrator account, even if it was renamed.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBAccount.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-BootKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADSIAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Test-PasswordQuality</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Save-DPAPIBlob</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADDBBackupKey</command:name> <command:verb>Get</command:verb> <command:noun>ADDBBackupKey</command:noun> <maml:description> <maml:para>Reads the DPAPI backup keys from a ntds.dit file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Reads and decrypts Data Protection API (DPAPI) backup keys from an Active Directory database file. The output can be saved to the file system using the Save-DPAPIBlob cmdlet.</maml:para> <maml:para>DPAPI is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user's master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset and the original master key is rendered inaccessible to the user, the user's access to the master key is automatically restored using the backup key.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADDBBackupKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.DPAPIBackupKey</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> $key = Get-BootKey -SystemHiveFilePath '.\ADBackup\registry\SYSTEM' PS C:\> Get-ADDBBackupKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' ` -BootKey $key | Format-List <# Sample Output: FilePath : ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key KiwiCommand : Type : LegacyKey DistinguishedName : CN=BCKUPKEY_b116cbfa-b881-43e6-ba85-ef3efa64ba22 Secret,CN=System,DC=contoso,DC=com KeyId : b116cbfa-b881-43e6-ba85-ef3efa64ba22 Data : {1, 0, 0, 0...} FilePath : KiwiCommand : Type : PreferredLegacyKeyPointer DistinguishedName : CN=BCKUPKEY_P Secret,CN=System,DC=contoso,DC=com KeyId : b116cbfa-b881-43e6-ba85-ef3efa64ba22 Data : {250, 203, 22, 177...} FilePath : ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk KiwiCommand : REM Add this parameter to at least the first dpapi::masterkey command: /pvk:"ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk" Type : RSAKey DistinguishedName : CN=BCKUPKEY_290914ed-b1a8-482e-a89f-7caa217bf3c3 Secret,CN=System,DC=contoso,DC=com KeyId : 290914ed-b1a8-482e-a89f-7caa217bf3c3 Data : {2, 0, 0, 0...} FilePath : KiwiCommand : Type : PreferredRSAKeyPointer DistinguishedName : CN=BCKUPKEY_PREFERRED Secret,CN=System,DC=contoso,DC=com KeyId : 290914ed-b1a8-482e-a89f-7caa217bf3c3 Data : {237, 20, 9, 41...} #></dev:code> <dev:remarks> <maml:para>Extracts the boot key (AKA SysKey or system key) from a backup of the SYSTEM registry hive and decrypts all DPAPI backup keys stored in the an Active Directory database file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBBackupKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' ` -BootKey 0be7a2afe1713642182e9b96f73a75da | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ChildItem -Path '.\Output' | Select-Object -ExpandProperty Name <# Sample Output: kiwiscript.txt ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.cer ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pfx ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk #></dev:code> <dev:remarks> <maml:para>Exports DPAPI backup keys to the Output directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBBackupKey.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Save-DPAPIBlob</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-LsaBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADDBDomainController</command:name> <command:verb>Get</command:verb> <command:noun>ADDBDomainController</command:noun> <maml:description> <maml:para>Reads information about the originating DC from a ntds.dit file, including domain name, domain SID, DC name and DC site.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Reads domain controller (DC) infromation from a ntds.dit file that is either retrieved from an offline DC or from an (IFM) backup.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADDBDomainController</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.PowerShell.DomainController</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBDomainController -DatabasePath .\ntds.dit <# Sample Output: Name : LON-DC1 DNSHostName : LON-DC1.contoso.com ServerReference : CN=LON-DC1,OU=Domain Controllers,DC=contoso,DC=com DomainName : contoso.com ForestName : contoso.com NetBIOSDomainName : contoso DomainSid : S-1-5-21-1236425271-2880748467-2592687428 DomainGuid : 262d915a-3c58-4614-86c0-f9fb3f1aa1cd Guid : 71ccee43-1c03-4ab1-910c-ed4168df5a33 Sid : S-1-5-21-1236425271-2880748467-2592687428-1111 DomainMode : WinThreshold ForestMode : WinThreshold SiteName : Default-First-Site-Name DsaGuid : 0a8574e2-9361-4f3c-8528-ca73d7534f4b InvocationId : 14a1b16d-591c-45bc-a342-153090027bbc IsADAM : False IsGlobalCatalog : True Options : GlobalCatalog OSName : Windows Server 2019 Datacenter OSVersion : 10.0 OSVersionMajor : 10 OSVersionMinor : 0 DomainNamingContext : DC=contoso,DC=com ConfigurationNamingContext : CN=Configuration,DC=contoso,DC=com SchemaNamingContext : CN=Schema,CN=Configuration,DC=contoso,DC=com WritablePartitions : {DC=contoso,DC=com, CN=Configuration,DC=contoso,DC=com, CN=Schema,CN=Configuration,DC=contoso,DC=com, DC=DomainDnsZones,DC=contoso,DC=com...} State : BackedUp HighestCommittedUsn : 69642 UsnAtIfm : BackupUsn : 65812 BackupExpiration : 2/4/2020 6:32:27 AM Epoch : 961 #></dev:code> <dev:remarks> <maml:para>Reads DC information from a ntds.dit file located in the working directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBDomainController.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBDomainController</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBPrimaryGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-ADDBSidHistory</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADDBKdsRootKey</command:name> <command:verb>Get</command:verb> <command:noun>ADDBKdsRootKey</command:noun> <maml:description> <maml:para>Reads KDS Root Keys from a ntds.dit. file. Can be used to aid DPAPI-NG decryption, e.g. SID-protected PFX files.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>KDS Root Keys are used to encrypt the following:</maml:para> <maml:para>- SID-protected private keys in PFX certificate files</maml:para> <maml:para>- BitLocker-enabled drives with SID protector</maml:para> <maml:para>- Passwords of Group Managed Service Accounts (GMSA)</maml:para> <maml:para>- DNSSEC signing keys</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADDBKdsRootKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.KdsRootKey</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBKdsRootKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' <# Sample Output: Id: 6a401799-8dd0-0b2c-3073-beb7ce2e734d Version: 1 Creation Time: 7/27/2019 6:23:26 PM Effective Time: 7/27/2019 8:23:26 AM Domain Controller: CN=LON-DC1,OU=Domain Controllers,DC=contoso,DC=com Key C16A0D16B80307D9CF102C7DB11F69FE015EB0DCD85C2FC0A5005C10E9DB963AC1E18BF161882ABEEAFF1B01CD50076F3C6F7807323253AB9598DBE027A77DD7 Key Derivation Function Algorithm: SP800_108_CTR_HMAC Parameters: {[0, SHA512]} Secret Agreement Algorithm: DH Public Key Length: 2048 Private Key Length: 512 Parameters 0c0200004448504d0001000087a8e61db4b6663cffbbd19c651959998ceef608660dd0f25d2ceed4435e3b00e00df8f1d61957d4faf7df4561b2aa3016c3d91134096fa a3bf4296d830e9a7c209e0c6497517abd5a8a9d306bcf67ed91f9e6725b4758c022e0b1ef4275bf7b6c5bfc11d45f9088b941f54eb1e59bb8bc39a0bf12307f5c4fdb70 c581b23f76b63acae1caa6b7902d52526735488a0ef13c6d9a51bfa4ab3ad8347796524d8ef6a167b5a41825d967e144e5140564251ccacb83e6b486f6b3ca3f7971506 026c0b857f689962856ded4010abd0be621c3a3960a54e710c375f26375d7014103a4b54330c198af126116d2276e11715f693877fad7ef09cadb094ae91e1a15973fb3 2c9b73134d0b2e77506660edbd484ca7b18f21ef205407f4793a1a0ba12510dbc15077be463fff4fed4aac0bb555be3a6c1b0c6b47b1bc3773bf7e8c6f62901228f8c28 cbb18a55ae31341000a650196f931c77a57f2ddf463e5e9ec144b777de62aaab8a8628ac376d282d6ed3864e67982428ebc831d14348f6f2f9193b5045af2767164e1df c967c1fb3f2e55a4bd1bffe83b9c80d052b985d182ea0adb2a3b7313d3fe14c8484b1e052588b9b7d2bbd2df016199ecd06e1557cd0915b3353bbb64e0ec377fd028370 df92b52c7891428cdc67eb6184b523d1db246c32f63078490f00ef8d647d148d47954515e2327cfef98c582664b4c0f6cc41659 #> PS C:\> .\CQDPAPINGPFXDecrypter.exe /pfx Certificate.p12 /master C16A0D16B80307D9CF102C7DB11F69FE015EB0DCD85C2FC0A5005C10E9DB963AC1E18BF161882ABEEAFF1B01CD50076F3C6F7807323253AB9598DBE027A77DD7 <# Sample Output: Successfully decrypted password: VBGpKPryuiWBSyq/+CjC0WjNsnZ1xS3Hs6IqGZwa0BM= #></dev:code> <dev:remarks> <maml:para>Retrieves a KDS Root Key from an AD database and then uses the "CQURE DPAPI NG PFX Decrypter" to decrypt the password of the PFX file.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBKdsRootKey.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADDBSchemaAttribute</command:name> <command:verb>Get</command:verb> <command:noun>ADDBSchemaAttribute</command:noun> <maml:description> <maml:para>Reads AD schema from a ntds.dit file, including datatable column names.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{Fill in the Description}}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADDBSchemaAttribute</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="LdapDisplayName, AttributeName, AttrName, Attr"> <maml:name>Name</maml:name> <maml:Description> <maml:para>Specifies the name of a specific attribute to retrieve.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="LdapDisplayName, AttributeName, AttrName, Attr"> <maml:name>Name</maml:name> <maml:Description> <maml:para>Specifies the name of a specific attribute to retrieve.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.PowerShell.SchemaAttribute</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBSchemaAttribute.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADKeyCredential</command:name> <command:verb>Get</command:verb> <command:noun>ADKeyCredential</command:noun> <maml:description> <maml:para>Creates an object representing Windows Hello for Business or FIDO credentials from its binary representation or an X.509 certificate.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet can be used to display existing key credentials from Active Directory (including NGC, STK and FIDO keys) and to generate new NGC credentials from self-signed certificates. See the examples for more info.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADKeyCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Binary"> <maml:name>BinaryData</maml:name> <maml:Description> <maml:para>Specifies the credentials in binary/hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DistinguishedName, DN, ObjectDN, HolderDN, Holder, Owner, UserPrincipalName, UPN"> <maml:name>OwnerDN</maml:name> <maml:Description> <maml:para>Specifies the distinguished name (DN) of the object that these credentials are associated with.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADKeyCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Certificate</maml:name> <maml:Description> <maml:para>Specifies a certificate that wraps an NGC key.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="ComputerId, ComputerGuid"> <maml:name>DeviceId</maml:name> <maml:Description> <maml:para>Specifies an identifier (typically objectGUID) of the associated computer.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CreatedTime, TimeCreated, TimeGenerated"> <maml:name>CreationTime</maml:name> <maml:Description> <maml:para>Specifies the time when the key was created. Default value is the current time.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DistinguishedName, DN, ObjectDN, HolderDN, Holder, Owner, UserPrincipalName, UPN"> <maml:name>OwnerDN</maml:name> <maml:Description> <maml:para>Specifies the distinguished name (DN) of the object that these credentials are associated with.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADKeyCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Certificate</maml:name> <maml:Description> <maml:para>Specifies a certificate that wraps an NGC key.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CreatedTime, TimeCreated, TimeGenerated"> <maml:name>CreationTime</maml:name> <maml:Description> <maml:para>Specifies the time when the key was created. Default value is the current time.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsComputerKey</maml:name> <maml:Description> <maml:para>Indicates that the resulting key credential must meet the DS-Validated-Write-Computer requirements.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DistinguishedName, DN, ObjectDN, HolderDN, Holder, Owner, UserPrincipalName, UPN"> <maml:name>OwnerDN</maml:name> <maml:Description> <maml:para>Specifies the distinguished name (DN) of the object that these credentials are associated with.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADKeyCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="DNWithBinary, DistinguishedNameWithBinary"> <maml:name>DNWithBinaryData</maml:name> <maml:Description> <maml:para>Specifies the credentials in the DN-Binary syntax.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Binary"> <maml:name>BinaryData</maml:name> <maml:Description> <maml:para>Specifies the credentials in binary/hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Certificate</maml:name> <maml:Description> <maml:para>Specifies a certificate that wraps an NGC key.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CreatedTime, TimeCreated, TimeGenerated"> <maml:name>CreationTime</maml:name> <maml:Description> <maml:para>Specifies the time when the key was created. Default value is the current time.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="ComputerId, ComputerGuid"> <maml:name>DeviceId</maml:name> <maml:Description> <maml:para>Specifies an identifier (typically objectGUID) of the associated computer.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="DNWithBinary, DistinguishedNameWithBinary"> <maml:name>DNWithBinaryData</maml:name> <maml:Description> <maml:para>Specifies the credentials in the DN-Binary syntax.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsComputerKey</maml:name> <maml:Description> <maml:para>Indicates that the resulting key credential must meet the DS-Validated-Write-Computer requirements.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DistinguishedName, DN, ObjectDN, HolderDN, Holder, Owner, UserPrincipalName, UPN"> <maml:name>OwnerDN</maml:name> <maml:Description> <maml:para>Specifies the distinguished name (DN) of the object that these credentials are associated with.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.KeyCredential</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-ADObject -LDAPFilter '(msDS-KeyCredentialLink=*)' -Properties msDS-KeyCredentialLink | Select-Object -ExpandProperty msDS-KeyCredentialLink | Get-ADKeyCredential <# Sample Output: Usage Source Flags DeviceId Created Owner ----- ------ ----- -------- ------- ----- NGC AD None cfe9a872-13ff-4751-a777-aec88c30a762 2019-08-01 CN=John Doe,CN=Users,DC=contoso,DC=com STK AD None 2017-08-23 CN=PC01,CN=Computers,DC=contoso,DC=com NGC AD MFANotUsed 2017-08-23 CN=PC02,CN=Computers,DC=contoso,DC=com NGC AzureAD None fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 CN=John Doe,CN=Users,DC=contoso,DC=com FIDO AzureAD Attestation 00000000-0000-0000-0000-000000000000 2019-08-26 CN=John Doe,CN=Users,DC=contoso,DC=com #></dev:code> <dev:remarks> <maml:para>Lists all key credentials that are registered in Active Directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-ADObject -LDAPFilter '(msDS-KeyCredentialLink=*)' -Properties msDS-KeyCredentialLink | Select-Object -ExpandProperty msDS-KeyCredentialLink | Get-ADKeyCredential | Where-Object Usage -eq NGC | Format-Table -View ROCA <# Sample Output: Usage IsWeak Source DeviceId Created Owner ----- ------ ------ -------- ------- ----- NGC True AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 CN=John Doe,CN=Users,DC=contoso,DC=com NGC False AD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 CN=Jane Doe,CN=Users,DC=contoso,DC=com #></dev:code> <dev:remarks> <maml:para>Lists weak public keys registered in Active Directory that were generated on ROCA-vulnerable TPMs.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Get-ADObject -LDAPFilter '(msDS-KeyCredentialLink=*)' -Properties msDS-KeyCredentialLink | Select-Object -ExpandProperty msDS-KeyCredentialLink | Get-ADKeyCredential | Where-Object Usage -eq NGC | Format-Custom -View Moduli | Out-File -FilePath .\moduli.txt -Encoding ascii -Force</dev:code> <dev:remarks> <maml:para>Exports all RSA public key moduli from NGC keys to a file in BASE64 encoding. This format is supported by the original Python ROCA Detection Tool.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Get-ADObject -LDAPFilter '(msDS-KeyCredentialLink=*)' -Properties msDS-KeyCredentialLink | Select-Object -ExpandProperty msDS-KeyCredentialLink | Get-ADKeyCredential | Where-Object Usage -eq FIDO | Format-Table -View FIDO <# Sample Output: DisplayName AAGUID Alg Counter Created Owner ----------- ------ --- ------- ------- ----- eWMB Goldengate G320 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256 37 2019-08-29 CN=John Doe,CN=Users,DC=contoso,DC=com eWBM Goldengate G310 95442b2e-f15e-4def-b270-efb106facb4e ES256 48 2019-08-29 CN=John Doe,CN=Users,DC=contoso,DC=com Yubikey 5 cb69481e-8ff7-4039-93ec-0a2729a154a8 ES256 25 2019-06-21 CN=John Doe,CN=Users,DC=contoso,DC=com Feitian All-In-Pass 12ded745-4bed-47d4-abaa-e713f51d6393 ES256 1398 2020-03-31 CN=John Doe,CN=Users,DC=contoso,DC=com #></dev:code> <dev:remarks> <maml:para>Lists FIDO tokens registered in Active Directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> Get-ADUser -Identity john -Properties msDS-KeyCredentialLink | Select-Object -ExpandProperty msDS-KeyCredentialLink | Get-ADKeyCredential | Out-GridView -OutputMode Multiple -Title 'Select a credentials for removal...' | ForEach-Object { Set-ADObject -Identity $PSItem.Owner -Remove @{ 'msDS-KeyCredentialLink' = $PSItem.ToDNWithBinary() } }</dev:code> <dev:remarks> <maml:para>Selectively deletes key credentials from Active Directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 6 --------------------------</maml:title> <dev:code>PS C:\> $upn = 'john@contoso.com' PS C:\> $userSid = 'S-1-5-21-1236425271-2880748467-2592687428-1109' PS C:\> $certificateSubject = '{0}/{1}/login.windows.net/383a3889-5bc9-47a3-846c-2b70f0b7fe0e/{2}' -f $userSid, (New-Guid), $upn PS C:\> $certificate = New-SelfSignedCertificate -Subject $certificateSubject ` -KeyLength 2048 ` -Provider 'Microsoft Strong Cryptographic Provider' ` -CertStoreLocation Cert:\CurrentUser\My ` -NotAfter (Get-Date).AddYears(30) ` -TextExtension '2.5.29.19={text}false', '2.5.29.37={text}1.3.6.1.4.1.311.20.2.2' ` -SuppressOid '2.5.29.14' ` -KeyUsage None ` -KeyExportPolicy Exportable PS C:\> $ngcKey = Get-ADKeyCredential -Certificate $certificate -DeviceId (New-Guid) -OwnerDN 'CN=John Doe,CN=Users,DC=contoso,DC=com' PS C:\> Set-ADObject -Identity $ngcKey.Owner -Add @{ 'msDS-KeyCredentialLink' = $ngcKey.ToDNWithBinary() }</dev:code> <dev:remarks> <maml:para>Generates a new NGC key for a user account and registers it in Active Directory. Note that the value of the certificate Subject has no effect on the functionality, but as it appears in DC logs, this example uses the same format as Windows does.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 7 --------------------------</maml:title> <dev:code>PS C:\> $certificate = New-SelfSignedCertificate -Subject 'S-1-5-21-1236425271-2880748467-2592687428-1001' ` -KeyLength 2048 ` -Provider 'Microsoft Strong Cryptographic Provider' ` -CertStoreLocation Cert:\LocalMachine\My ` -NotAfter (Get-Date).AddYears(30) ` -TextExtension '2.5.29.19={text}false', '2.5.29.37={text}1.3.6.1.4.1.311.20.2.2' ` -SuppressOid '2.5.29.14' ` -KeyUsage None ` -KeyExportPolicy Exportable PS C:\> $ngcKey = Get-ADKeyCredential -IsComputerKey -Certificate $certificate -OwnerDN 'CN=PC01,CN=Computers,DC=contoso,DC=com' PS C:\> Set-ADComputer -Identity 'PC01$' -Clear msDS-KeyCredentialLink -Add @{ 'msDS-KeyCredentialLink' = $ngcKey.ToDNWithBinary() }</dev:code> <dev:remarks> <maml:para>Performs a validated write of computer NGC key. Must be executed under the computer account's identity.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADKeyCredential.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-ADReplNgcKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-AzureADUserEx</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADReplAccount</command:name> <command:verb>Get</command:verb> <command:noun>ADReplAccount</command:noun> <maml:description> <maml:para>Reads one or more accounts through the MS-DRSR protocol, including secret attributes.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Reads one or more accounts from a target Active Directory domain controller through the MS-DRSR protocol, including secret attributes.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADReplAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllAccounts, ReturnAllAccounts"> <maml:name>All</maml:name> <maml:Description> <maml:para>Indidates that all accounts will be replicated from the target domain controller.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NC, DomainNC, DomainNamingContext"> <maml:name>NamingContext</maml:name> <maml:Description> <maml:para>Specifies the naming context root of the replica to replicate.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>TCP</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADReplAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>TCP</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADReplAccount</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam, AccountName, User"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="AccountDomain, UserDomain"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the NetBIOS domain name of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>TCP</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADReplAccount</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>TCP</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADReplAccount</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>TCP</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADReplAccount</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>TCP</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="UPN"> <maml:name>UserPrincipalName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllAccounts, ReturnAllAccounts"> <maml:name>All</maml:name> <maml:Description> <maml:para>Indidates that all accounts will be replicated from the target domain controller.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="AccountDomain, UserDomain"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the NetBIOS domain name of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NC, DomainNC, DomainNamingContext"> <maml:name>NamingContext</maml:name> <maml:Description> <maml:para>Specifies the naming context root of the replica to replicate.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>TCP</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam, AccountName, User"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="UPN"> <maml:name>UserPrincipalName</maml:name> <maml:Description> <maml:para>Specifies the identifier of the account that will be replicated.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.DSAccount</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-ADReplAccount -SamAccountName joe -Server 'lon-dc1.contoso.com' <# Sample Output: DistinguishedName: CN=Joe Smith,OU=Employees,DC=contoso,DC=com Sid: S-1-5-21-1236425271-2880748467-2592687428-1110 Guid: 6fb7aca4-fe85-4dc5-9acd-b5b2529fe2bc SamAccountName: joe SamAccountType: User UserPrincipalName: joe@contoso.com PrimaryGroupId: 513 SidHistory: Enabled: True UserAccountControl: NormalAccount, PasswordNeverExpires AdminCount: False Deleted: False LastLogonDate: 2/23/2015 10:27:18 AM DisplayName: Joe Smith GivenName: Joe Surname: Smith Description: ServicePrincipalName: SecurityDescriptor: DiscretionaryAclPresent, SystemAclPresent, DiscretionaryAclAutoInherited, SystemAclAutoInherited, SelfRelative Owner: S-1-5-21-1236425271-2880748467-2592687428-512 Secrets NTHash: 92937945b518814341de3f726500d4ff LMHash: NTHashHistory: Hash 01: 92937945b518814341de3f726500d4ff LMHashHistory: Hash 01: 30ce97eef1084cf1656cc4be70d68600 SupplementalCredentials: ClearText: NTLMStrongHash: 2c6d57beebeafdae65b3f40f2a0d5430 Kerberos: Credentials: DES_CBC_MD5 Key: 7f16bc4ada0b8a52 OldCredentials: Salt: CONTOSO.COMjoe Flags: 0 KerberosNew: Credentials: AES256_CTS_HMAC_SHA1_96 Key: cd541be0838c787b5c6a34d7b19274aee613545a0e6cc6f5ac5918d8a464d24f Iterations: 4096 AES128_CTS_HMAC_SHA1_96 Key: 5c88972747bd454704c117ae52c474e4 Iterations: 4096 DES_CBC_MD5 Key: 7f16bc4ada0b8a52 Iterations: 4096 OldCredentials: OlderCredentials: ServiceCredentials: Salt: CONTOSO.COMjoe DefaultIterationCount: 4096 Flags: 0 WDigest: Hash 01: 61fed940f0e8d03a49d3727f55800497 Hash 02: a1d54499dda6a6b5431f29a8d741a640 Hash 03: b6cdf00bc0c4578992f718de81251721 Hash 04: 61fed940f0e8d03a49d3727f55800497 Hash 05: a1d54499dda6a6b5431f29a8d741a640 Hash 06: 9a8991bd99763df2e37f1e1e67d71cc8 Hash 07: 61fed940f0e8d03a49d3727f55800497 Hash 08: 8a9fe94883c8ccf3bcfc6591ddd2288f Hash 09: 8a9fe94883c8ccf3bcfc6591ddd2288f Hash 10: 1b7b16b49ecd8d9d59c1d0db6fa2cc36 Hash 11: d4c24695cfa4dc3810a469d5efb8ecaf Hash 12: 8a9fe94883c8ccf3bcfc6591ddd2288f Hash 13: a5b8aa5088280298c8c27fa99dcaa1e3 Hash 14: d4c24695cfa4dc3810a469d5efb8ecaf Hash 15: 1aa8e567622fe53d6fb36f1f34f12aaa Hash 16: 1aa8e567622fe53d6fb36f1f34f12aaa Hash 17: 2af425244079f8f45927c34fa115e45b Hash 18: cf283a35102b820e25003b1ddf270221 Hash 19: b98c902c57449253e6f06b5d585866bd Hash 20: 2a690b1eeda9cb8f3157a4a3ba0be9c3 Hash 21: af2654776d5f9f27f3283ecb0aa25011 Hash 22: af2654776d5f9f27f3283ecb0aa25011 Hash 23: ba6fe0513ed2a60ec253a41bbde6a837 Hash 24: 8bf5a67b598087be948e040f85c72b4d Hash 25: 8bf5a67b598087be948e040f85c72b4d Hash 26: aa5ff46d23a5c7ebd603e1793225350d Hash 27: 656b6a7f5b52d05b3ce9168a2b7ac8ac Hash 28: ae884c92ecd87e8d54f1844f09c5a519 Hash 29: a500a9e26afc9f817df8a07e15771577 Key Credentials: Usage=NGC, Source=ActiveDirectory, Device=1966d4da-14da-4581-a7a7-5e8e07e93ad9, Created=8/1/2019 10:53:12 PM, LastLogon=8/1/2019 10:53:12 PM Usage=NGC, Source=ActiveDirectory, Device=cfe9a872-13ff-4751-a777-aec88c30a762, Created=8/1/2019 11:09:15 PM, LastLogon=8/1/2019 11:09:15 PM Credential Roaming Created: 3/12/2017 9:15:56 AM Modified: 3/13/2017 10:01:18 AM Credentials: DPAPIMasterKey: joe\Protect\S-1-5-21-1236425271-2880748467-2592687428-1110\47070660-c259-4d90-8bc9-187605323450 DPAPIMasterKey: joe\Protect\S-1-5-21-1236425271-2880748467-2592687428-1110\7fc19508-7b85-4a7c-9e5d-15f9e00e7ce5 CryptoApiCertificate: joe\SystemCertificates\My\Certificates\574E4687133998544C0095C7B348C52CD398182E CNGCertificate: joe\SystemCertificates\My\Certificates\3B83BFA7037F6A79B3F3D17D229E1BC097F35B51 RSAPrivateKey: joe\Crypto\RSA\S-1-5-21-1236425271-2880748467-2592687428-1110\701577141985b6923998dcca035c007a_f8b7bbef-d227-4ac7-badd-3a238a7f741e CNGPrivateKey: joe\Crypto\Keys\E8F13C2BA0209401C4DFE839CD57375E26BBE38F #></dev:code> <dev:remarks> <maml:para>Replicates a single Active Directory account from the target domain controller.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> $accounts = Get-ADReplAccount -All -Server 'lon-dc1.contoso.com'</dev:code> <dev:remarks> <maml:para>Replicates all Active Directory accounts from the target domain controller.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> $results = Get-ADReplAccount -All -Server 'lon-dc1.contoso.com' | Test-PasswordQuality -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt</dev:code> <dev:remarks> <maml:para>Performs an online credential hygiene audit of AD against HIBP.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Get-ADReplAccount -All -Server LON-DC1 | Format-Custom -View PwDump | Out-File -FilePath users.pwdump -Encoding ascii</dev:code> <dev:remarks> <maml:para>Replicates all Active Directory accounts from the target domain controller and exports their NT and LM password hashes to a pwdump file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> Get-ADReplBackupKey -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ADReplAccount -All -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code> <dev:remarks> <maml:para>Replicates all DPAPI backup keys and roamed credentials (certificates, private keys, and DPAPI master keys) from the target Active Directory domain controller and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplAccount.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADSIAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Test-PasswordQuality</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Save-DPAPIBlob</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADReplBackupKey</command:name> <command:verb>Get</command:verb> <command:noun>ADReplBackupKey</command:noun> <maml:description> <maml:para>Reads the DPAPI backup keys from a domain controller through the MS-DRSR protocol.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Replicates the Data Protection API (DPAPI) backup keys from an Active Directory domain controller through the MS-DRSR protocol. The output can be saved to the file system using the Save-DPAPIBlob cmdlet.</maml:para> <maml:para>DPAPI is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user's master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset and the original master key is rendered inaccessible to the user, the user's access to the master key is automatically restored using the backup key.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADReplBackupKey</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="FQDN, DomainName, DNSDomainName"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the DNS name of the target Active Directory domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="FQDN, DomainName, DNSDomainName"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the DNS name of the target Active Directory domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN"> <maml:name>Protocol</maml:name> <maml:Description> <maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue> <dev:type> <maml:name>RpcProtocol</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.DPAPIBackupKey</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-ADReplBackupKey -Server 'lon-dc1.contoso.com' <# Sample Output: FilePath : ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key KiwiCommand : Type : LegacyKey DistinguishedName : CN=BCKUPKEY_b116cbfa-b881-43e6-ba85-ef3efa64ba22 Secret,CN=System,DC=contoso,DC=com KeyId : b116cbfa-b881-43e6-ba85-ef3efa64ba22 Data : {1, 0, 0, 0...} FilePath : KiwiCommand : Type : PreferredLegacyKeyPointer DistinguishedName : CN=BCKUPKEY_P Secret,CN=System,DC=contoso,DC=com KeyId : b116cbfa-b881-43e6-ba85-ef3efa64ba22 Data : {250, 203, 22, 177...} FilePath : ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk KiwiCommand : REM Add this parameter to at least the first dpapi::masterkey command: /pvk:"ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk" Type : RSAKey DistinguishedName : CN=BCKUPKEY_290914ed-b1a8-482e-a89f-7caa217bf3c3 Secret,CN=System,DC=contoso,DC=com KeyId : 290914ed-b1a8-482e-a89f-7caa217bf3c3 Data : {2, 0, 0, 0...} FilePath : KiwiCommand : Type : PreferredRSAKeyPointer DistinguishedName : CN=BCKUPKEY_PREFERRED Secret,CN=System,DC=contoso,DC=com KeyId : 290914ed-b1a8-482e-a89f-7caa217bf3c3 Data : {237, 20, 9, 41...} #></dev:code> <dev:remarks> <maml:para>Replicates all DPAPI backup keys from the target Active Directory domain controller.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-ADReplBackupKey -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ChildItem -Path '.\Output' | Select-Object -ExpandProperty Name <# Sample Output: kiwiscript.txt ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.cer ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pfx ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk #></dev:code> <dev:remarks> <maml:para>Replicates all DPAPI backup keys from the target Active Directory domain controller and saves them to the Output directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplBackupKey.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Save-DPAPIBlob</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-LsaBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADSIAccount</command:name> <command:verb>Get</command:verb> <command:noun>ADSIAccount</command:noun> <maml:description> <maml:para>Gets all Active Directory user accounts from a given domain controller using ADSI. Typically used for Credential Roaming data retrieval through LDAP.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Gets all Active Directory user accounts from a given domain controller using ADSI/LDAP. Typically used for Credential Roaming data retrieval and NGC key auditing.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADSIAccount</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account to use when connecting to the target domain controller. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC, ComputerName"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies a user account to use when connecting to the target domain controller. The default is the current user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC, ComputerName"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.DSAccount</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-LsaBackupKey -ComputerName 'lon-dc1.contoso.com' | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ADSIAccount -Server 'lon-dc1.contoso.com' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code> <dev:remarks> <maml:para>Retrieves DPAPI backup keys from the target domain controller through the MS-LSAD protocol. Also retrieves roamed credentials (certificates, private keys, and DPAPI master keys) from this domain controller through LDAP and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-ADSIAccount -Server 'lon-dc1.contoso.com' | Select-Object -ExpandProperty KeyCredentials | Where-Object Usage -eq NGC | Format-Table -View ROCA <# Sample Output: Usage IsWeak Source DeviceId Created Owner ----- ------ ------ -------- ------- ----- NGC True AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 CN=John Doe,CN=Users,DC=contoso,DC=com NGC False AD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 CN=Jane Doe,CN=Users,DC=contoso,DC=com #></dev:code> <dev:remarks> <maml:para>Lists weak public keys registered in Active Directory that were generated on ROCA-vulnerable TPMs.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADSIAccount.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Save-DPAPIBlob</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-AzureADUserEx</command:name> <command:verb>Get</command:verb> <command:noun>AzureADUserEx</command:noun> <maml:description> <maml:para>Gets a user from Azure AD, including the associated FIDO and NGC keys.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-AzureADUserEx cmdlet uses an undocumented Azure AD Graph API endpoint to retrieve the normally hidden searchableDeviceKeys attribute of user accounts. This attribute holds different types of key credentials, including the FIDO2 and NGC keys that are used by Windows Hello for Business.</maml:para> <maml:para>This cmdlet is not intended to replace the Get-AzureADUser cmdlet from Microsoft's AzureAD module. Only a handful of attributes are retrieved from Azure Active Directory and authentication fully relies on the Connect-AzureAD cmdlet.</maml:para> <maml:para>No administrative role is required to perform this operation. The cmdlet was tested on a tenant with 150,000 user accounts and ran under 5 minutes.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-AzureADUserEx</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token"> <maml:name>AccessToken</maml:name> <maml:Description> <maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllUsers"> <maml:name>All</maml:name> <maml:Description> <maml:para>If true, return all users. If false, return the first 999 objects.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant"> <maml:name>TenantId</maml:name> <maml:Description> <maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-AzureADUserEx</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token"> <maml:name>AccessToken</maml:name> <maml:Description> <maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Identity, Id, UserId, ObjectGuid"> <maml:name>ObjectId</maml:name> <maml:Description> <maml:para>Specifies the identity of a user in Azure AD.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant"> <maml:name>TenantId</maml:name> <maml:Description> <maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-AzureADUserEx</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token"> <maml:name>AccessToken</maml:name> <maml:Description> <maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant"> <maml:name>TenantId</maml:name> <maml:Description> <maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UPN, UserName"> <maml:name>UserPrincipalName</maml:name> <maml:Description> <maml:para>Specifies the UPN of a user in Azure AD.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token"> <maml:name>AccessToken</maml:name> <maml:Description> <maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllUsers"> <maml:name>All</maml:name> <maml:Description> <maml:para>If true, return all users. If false, return the first 999 objects.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Identity, Id, UserId, ObjectGuid"> <maml:name>ObjectId</maml:name> <maml:Description> <maml:para>Specifies the identity of a user in Azure AD.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant"> <maml:name>TenantId</maml:name> <maml:Description> <maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UPN, UserName"> <maml:name>UserPrincipalName</maml:name> <maml:Description> <maml:para>Specifies the UPN of a user in Azure AD.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.AzureAD.AzureADUser</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Install-Module -Name AzureAD,DSInternals -Force PS C:\> Connect-AzureAD PS C:\> $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken PS C:\> Get-AzureADUserEx -All -Token $token | Where-Object KeyCredentials -ne $null <# Sample Output: ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea UserPrincipalName: john@contoso.com Enabled: True DisplayName: John Doe Key Credentials: Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM ObjectId: 5dd9c7f0-9441-4c5a-b2df-ca7b889d8c4c UserPrincipalName: peter@contoso.com Enabled: True DisplayName: Peter Smith Key Credentials: Usage=NGC, Source=AzureAD, Device=21c915a8-0326-47c4-8985-2aceda00eaee, Created=12/26/2019 1:22:17 PM Usage=NGC, Source=AzureAD, Device=ec45d71b-b5dd-45dc-beaf-e248cbcb2bd3, Created=12/24/2019 9:44:56 AM #></dev:code> <dev:remarks> <maml:para>Displays info about Azure AD users with key credentials. Authentication is handled by the AzureAD module.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Install-Module -Name AzureAD,DSInternals -Force PS C:\> Connect-AzureAD PS C:\> $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken PS C:\> Get-AzureADUserEx -All -Token $token | Where-Object Enabled -eq $true | Select-Object -ExpandProperty KeyCredentials | Where-Object Usage -eq FIDO | Format-Table -View FIDO <# Sample Output: DisplayName AAGUID Alg Counter Created Owner ----------- ------ --- ------- ------- ----- SoloKeys Tap 8876631b-d4a0-427f-5773-0ec71c9e0279 ES256 274 2019-08-29 james@contoso.com SoloKeys Solo 8876631b-d4a0-427f-5773-0ec71c9e0279 ES256 281 2019-08-29 thomas@contoso.com eWBM Goldengate G320 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256 83 2019-08-29 jane@contoso.com eWBM Goldengate G310 95442b2e-f15e-4def-b270-efb106facb4e ES256 4 2019-08-29 mary@contoso.com Feitian BioPass FIDO2 77010bd7-212a-4fc9-b236-d2ca5e9d4084 ES256 261 2019-08-26 george@contoso.com Yubico Security Key FIDO2 f8a011f3-8c0a-4d15-8006-17111f9edc7d ES256 257 2019-08-26 matt@contoso.com Feitian AllinPass FIDO2 12ded745-4bed-47d4-abaa-e713f51d6393 ES256 231 2019-08-26 jenny@contoso.com YubiKey 5 fa2b99dc-9e39-4257-8f92-4a30d23c4118 ES256 229 2019-08-26 jill@contoso.com YubiKey 5 cb69481e-8ff7-4039-93ec-0a2729a154a8 ES256 25 2019-12-12 john@contoso.com Feitian All-In-Pass 12ded745-4bed-47d4-abaa-e713f51d6393 ES256 1398 2020-03-31 peter@contoso.com eWBM Goldengate G320 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256 37 2019-08-29 joe@contoso.com eWBM Goldengate G310 95442b2e-f15e-4def-b270-efb106facb4e ES256 48 2019-08-29 joe@contoso.com #></dev:code> <dev:remarks> <maml:para>Lists all FIDO2 tokens registered in an Azure AD tenant, but only on accounts that are enabled.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Get-AzureADUserEx -All -Token $token | Where-Object Enabled -eq $true | Select-Object -ExpandProperty KeyCredentials | Where-Object Usage -eq NGC | Format-Table -View ROCA <# Sample Output: Usage IsWeak Source DeviceId Created Owner ----- ------ ------ -------- ------- ----- NGC True AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 joe@contoso.com NGC False AzureAD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 peter@contoso.com #></dev:code> <dev:remarks> <maml:para>Lists weak public keys registered in Azure Active Directory that were generated on ROCA-vulnerable TPMs.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Get-AzureADTenantDetail | Out-Null PS C:\> $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken PS C:\> Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -Token $token <# Sample Output: ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea UserPrincipalName: john@contoso.com Enabled: True DisplayName: John Doe Key Credentials: Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM #></dev:code> <dev:remarks> <maml:para>Gets information about a single Azure Active Directory user. If necessary, the access token is automatically refreshed by the standard Get-AzureADTenantDetail cmdlet.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -AccessToken $token | ForEach-Object { $PSItem.KeyCredentials.FidoKeyMaterial } <# Sample Output: Version: 1 DisplayName: SoloKeys Tap AttestationCertificates E=hello@solokeys.com, CN=solokeys.com, OU=Authenticator Attestation, O=Solo Keys, S=Maryland, C=US AuthenticatorData RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81 Flags: UserPresent, UserVerified, AttestationData, ExtensionData SignatureCount: 274 AttestedCredentialData AAGUID: 8876631b-d4a0-427f-5773-0ec71c9e0279 CredentialID: 9d0c595c03cd6c9dd22b0b8f852585302c2d5a13f77669251406c390de6ba42a63f3ea6632a39cd8bc505184352541367725a5283689d825f4355fe2016af2f0008112010000 PublicKeyAlgorithm: ES256 Extensions: {"hmac-secret": true} Version: 1 DisplayName: SoloKeys Solo AttestationCertificates E=hello@solokeys.com, CN=solokeys.com, OU=Authenticator Attestation, O=Solo Keys, S=Maryland, C=US AuthenticatorData RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81 Flags: UserPresent, UserVerified, AttestationData, ExtensionData SignatureCount: 281 AttestedCredentialData AAGUID: 8876631b-d4a0-427f-5773-0ec71c9e0279 CredentialID: ac5373c1eaa6722c351db6554715fd534906f5c98f4548b8390fe11b97325a943f0905d0a9de19765385f9bce512673128a95e3fea15f53ee46dbe307d0f94c84d8119010000 PublicKeyAlgorithm: ES256 Extensions: {"hmac-secret": true} Version: 1 DisplayName: eWBM Goldengate G320 AttestationCertificates E=info@ewbm.com, CN=eWBM FIDO2 Certificate, OU=Authenticator Attestation, O="eWBM Co., Ltd.", L=Gangnam-Gu, S=Seoul-Si, C=KR AuthenticatorData RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81 Flags: UserPresent, UserVerified, AttestationData, ExtensionData SignatureCount: 83 AttestedCredentialData AAGUID: 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c CredentialID: fb64eb483921507239317b6f5f1d7a0b9499afd4dd0698eaa55ad8871fe1c25a PublicKeyAlgorithm: ES256 Extensions: {"hmac-secret": true} Version: 1 DisplayName: eWBM Goldengate G310 AttestationCertificates E=info@ewbm.com, CN=eWBM FIDO2 Certificate, OU=Authenticator Attestation, O="eWBM Co., Ltd.", L=Gangnam-Gu, S=Seoul-Si, C=KR AuthenticatorData RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81 Flags: UserPresent, UserVerified, AttestationData, ExtensionData SignatureCount: 4 AttestedCredentialData AAGUID: 95442b2e-f15e-4def-b270-efb106facb4e CredentialID: 4dd34d8760bc0e92fcb53b64cc1c354ac7112931bd6f53c0a6aabba7c813c36d PublicKeyAlgorithm: ES256 Extensions: {"hmac-secret": true} Version: 1 DisplayName: Feitian BioPass FIDO2 AttestationCertificates CN=FT BioPass FIDO2 USB, OU=Authenticator Attestation, O=Feitian Technologies, C=US AuthenticatorData RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81 Flags: UserPresent, UserVerified, AttestationData, ExtensionData SignatureCount: 261 AttestedCredentialData AAGUID: 77010bd7-212a-4fc9-b236-d2ca5e9d4084 CredentialID: db2baabf8450f6af3b931b35acc7d5f77ebe4ed98cf0b55c0513cff31e18520d PublicKeyAlgorithm: ES256 Extensions: {"hmac-secret": true} Version: 1 DisplayName: Yubico Security Key FIDO2 AttestationCertificates CN=Yubico U2F EE Serial 8513128192, OU=Authenticator Attestation, O=Yubico AB, C=SE AuthenticatorData RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81 Flags: UserPresent, UserVerified, AttestationData, ExtensionData SignatureCount: 257 AttestedCredentialData AAGUID: f8a011f3-8c0a-4d15-8006-17111f9edc7d CredentialID: 09956acca523d532e04c647a4a158664 PublicKeyAlgorithm: ES256 Extensions: {"hmac-secret": true} Version: 1 DisplayName: Feitian AllinPass FIDO2 AttestationCertificates CN=FT BioPass FIDO2 0470, OU=Authenticator Attestation, O=Feitian Technologies, C=US AuthenticatorData RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81 Flags: UserPresent, UserVerified, AttestationData, ExtensionData SignatureCount: 231 AttestedCredentialData AAGUID: 12ded745-4bed-47d4-abaa-e713f51d6393 CredentialID: 59dc5439faef677d7e81688a27604a205dab922978372062c5c10206639c3c00 PublicKeyAlgorithm: ES256 Extensions: {"hmac-secret": true} Version: 1 DisplayName: YubiKey 5 AttestationCertificates CN=Yubico U2F EE Serial 14818162, OU=Authenticator Attestation, O=Yubico AB, C=SE AuthenticatorData RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81 Flags: UserPresent, UserVerified, AttestationData, ExtensionData SignatureCount: 229 AttestedCredentialData AAGUID: fa2b99dc-9e39-4257-8f92-4a30d23c4118 CredentialID: bc879d1e8da27d5f29a66d9a457ac1d8 PublicKeyAlgorithm: ES256 Extensions: {"hmac-secret": true} #></dev:code> <dev:remarks> <maml:para>Displays details about FIDO2 keys registered in Azure Active Directory by a specific user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-AzureADUserEx.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-AzureADUserEx</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-BootKey</command:name> <command:verb>Get</command:verb> <command:noun>BootKey</command:noun> <maml:description> <maml:para>Reads the Boot Key (AKA SysKey or System Key) from an online or offline SYSTEM registry hive.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The BootKey/SysKey is an encryption key that is stored in the Windows SYSTEM registry hive. This key is used by several Windows components to encrypt sensitive information like the AD database, machine account password or system certificates etc.</maml:para> <maml:para>The Boot Key is returned in hexadecimal format.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-BootKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Online</maml:name> <maml:Description> <maml:para>Specifies that the action is to be taken on the operating system that is currently running on the local computer.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-BootKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, FilePath, SystemHivePath, HivePath"> <maml:name>SystemHiveFilePath</maml:name> <maml:Description> <maml:para>Path to an offline SYSTEM registry hive.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Online</maml:name> <maml:Description> <maml:para>Specifies that the action is to be taken on the operating system that is currently running on the local computer.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, FilePath, SystemHivePath, HivePath"> <maml:name>SystemHiveFilePath</maml:name> <maml:Description> <maml:para>Path to an offline SYSTEM registry hive.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-BootKey -Online 0be7a2afe1713642182e9b96f73a75da</dev:code> <dev:remarks> <maml:para>Retrieves the BootKey from the currently running OS.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> reg.exe SAVE HKLM\SYSTEM C:\RegBackup\SYSTEM.hiv PS C:\> $key = Get-BootKey -SystemHiveFilePath C:\RegBackup\SYSTEM.hiv</dev:code> <dev:remarks> <maml:para>Creates a backup of the SYSTEM registry hive and then retrieves the BootKey from this backup.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-BootKey.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBAccountPassword</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBAccountPasswordHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBBootKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-LsaBackupKey</command:name> <command:verb>Get</command:verb> <command:noun>LsaBackupKey</command:noun> <maml:description> <maml:para>Reads the DPAPI backup keys from a domain controller through the LSARPC protocol.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Reads the Data Protection API (DPAPI) backup keys from an Active Directory domain controller through the MS-LSAD (AKA LSARPC) protocol. The output can be saved to the file system using the Save-DPAPIBlob cmdlet.</maml:para> <maml:para>DPAPI is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user's master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset and the original master key is rendered inaccessible to the user, the user's access to the master key is automatically restored using the backup key.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-LsaBackupKey</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName"> <maml:name>ComputerName</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> <maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName"> <maml:name>ComputerName</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> <maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.Common.Data.DPAPIBackupKey</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>Administrative permissions on the target domain controller (DC) are required in order to retrieve DPAPI backup keys.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-LsaBackupKey -ComputerName LON-DC1 <# Sample Output: FilePath : ntds_capi_b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d.pvk KiwiCommand : REM Add this parameter to at least the first dpapi::masterkey command: /pvk:"ntds_capi_b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d.pvk" Type : RSAKey DistinguishedName : KeyId : b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d Data : {2, 0, 0, 0...} FilePath : ntds_legacy_7882b20e-96ef-4ce5-a2b9-3efdccbbce28.key KiwiCommand : Type : LegacyKey DistinguishedName : KeyId : 7882b20e-96ef-4ce5-a2b9-3efdccbbce28 Data : {1, 0, 0, 0...} #></dev:code> <dev:remarks> <maml:para>Displays the DPAPI domain backup keys.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-LsaBackupKey -ComputerName LON-DC1 | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ChildItem -Path '.\Output' | Select-Object -ExpandProperty Name <# Sample Output: kiwiscript.txt ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.cer ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pfx ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk #></dev:code> <dev:remarks> <maml:para>Saves the DPAPI domain backup keys to the Output directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaBackupKey.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Save-DPAPIBlob</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-LsaPolicyInformation</command:name> <command:verb>Get</command:verb> <command:noun>LsaPolicyInformation</command:noun> <maml:description> <maml:para>Retrieves AD-related information from the Local Security Authority Policy of the local computer or a remote one.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Local Security Authority (LSA) is a protected subsystem of Windows that maintains information about all aspects of local security on a system, collectively known as the local security policy of the system.</maml:para> <maml:para>The local security policy of a system is a set of information about the security of a local computer.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-LsaPolicyInformation</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName"> <maml:name>ComputerName</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> <maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName"> <maml:name>ComputerName</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> <maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.PowerShell.LsaPolicyInformation</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-LSAPolicyInformation <# Sample Output: Domain/Workgroup Name : WORKGROUP Account Domain Name : MYPC Account Domain SID : S-1-5-21-2814909047-1086830290-2660982408 Local Domain Name : MYPC Local Domain SID : S-1-5-21-2814909047-1086830290-2660982408 #></dev:code> <dev:remarks> <maml:para>Retrieves LSA Policy from the local computer.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-LSAPolicyInformation -ComputerName LON-DC1 <# Sample Output: Domain/Workgroup Name : ADATUM Forest DNS Name : Adatum.com Domain DNS Name : Adatum.com Domain GUID : 281582b4-9d3e-449d-a238-676bd5844f56 Domain SID : S-1-5-21-3180365339-800773672-3767752645 Account Domain Name : ADATUM Account Domain SID : S-1-5-21-3180365339-800773672-3767752645 Local Domain Name : LON-DC1 Local Domain SID : S-1-5-21-2929860833-2984454239-2848460202 #></dev:code> <dev:remarks> <maml:para>Retrieves LSA Policy from a remote computer called LON-DC1.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaPolicyInformation.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-LsaPolicyInformation</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-LsaBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>LSA Policy</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/desktop/secmgmt/lsa-policy</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-SamPasswordPolicy</command:name> <command:verb>Get</command:verb> <command:noun>SamPasswordPolicy</command:noun> <maml:description> <maml:para>Queries Active Directory for the default password policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Retrieves the current password policy for a domain through the MS-SAMR protocol.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-SamPasswordPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the NetBIOS domain name. Local accounts are stored a domain called Builtin.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> <maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>localhost</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the NetBIOS domain name. Local accounts are stored a domain called Builtin.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> <maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>localhost</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.SAM.SamDomainPasswordInformation</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-SamPasswordPolicy -Domain CONTOSO -Server LON-DC1 <# Sample Output: MinPasswordLength : 8 ComplexityEnabled : True ReversibleEncryptionEnabled : False MaxPasswordAge : 90.00:00:00.0 MinPasswordAge : 01:00:00 PasswordHistoryCount : 10 #></dev:code> <dev:remarks> <maml:para>Queries the LON-DC1 domain controller for default domain password policy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-SamPasswordPolicy -Domain Builtin <# Sample Output: MinPasswordLength : 0 ComplexityEnabled : False ReversibleEncryptionEnabled : False MaxPasswordAge : 42.22:47:31.7437440 MinPasswordAge : 00:00:00 PasswordHistoryCount : 0 #></dev:code> <dev:remarks> <maml:para>Queries the local computer for its current password policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-SamPasswordPolicy.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-SamAccountPasswordHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-ADDBRestoreFromMediaScript</command:name> <command:verb>New</command:verb> <command:noun>ADDBRestoreFromMediaScript</command:noun> <maml:description> <maml:para>Generates a PowerShell script that can be used to restore a domain controller from an IFM-equivalent backup (i.e. ntds.dit + SYSVOL).</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-ADDBRestoreFromMediaScript cmdlet was created to save the day under certain specific circumstances. Imagine a company that had been attacked by some ransomware to the extent that all their domain controllers have been wiped. Moreover, no proper System State backups of DCs are available, only file-level ones. As a consequence, they are not able to restore Active Directory, the time is ticking and their only option seems to be reinstalling the entire AD forest from scratch. It might be hard to believe that someone would have violated all the best practices and neglected planning for disaster recovery, but, alas, such situations have occurred in large enterprises during the 2017 NotPetya outbreak. I have therefore come up with a domain controller recovery method that I call Restore from Media (RFM). As already hinted, this method can be used to restore domain controllers from file-level backups.</maml:para> <maml:para>Unlike the Install from Media (IFM) (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816722(v=ws.10)) method, the Restore from Media method does not require network connectivity to a live writable domain controller. Nevertheless, the same installation source ([IFM backup](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816574(v=ws.10)) with SYSVOL)can be used with both methods of DC installation.</maml:para> <maml:para>To perform the Restore from Media operation, you need to have the following:</maml:para> <maml:para>- A full Install from Media (IFM) backup of a domain controller or equivalent file-level backup. The backup must contain these files:</maml:para> <maml:para> - Domain database file (ntds.dit)</maml:para> <maml:para> - SYSTEM registry hive or a corresponding Boot Key / SysKey</maml:para> <maml:para> - SYSVOL directory</maml:para> <maml:para>- A freshly installed Windows Server of the same version as the domain controller originally running the database that is to be restored. This information can be retrieved from the corresponding ntds.dit file using the Get-ADDBDomainController (Get-ADDBDomainController.md)cmdlet.</maml:para> <maml:para>- An isolated VLAN / virtual network as connectivity to any existing production domain controllers would have unforseen consequences.</maml:para> <maml:para>Follow these steps on the target server in order to restore the domain controller:</maml:para> <maml:para>1. In case of Windows Server 2008 (R2), run the `$PSVersionTable.PSVersion` to verify that at least PowerShell 3 is installed. Upgrade (https://docs.microsoft.com/en-us/powershell/wmf/overview)if necessary.</maml:para> <maml:para>2. Verify that the PowerShell Script Execution Policy (https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-6)is set to RemoteSigned, Unrestricted or Bypass in the LocalMachine scope.</maml:para> <maml:para>3. Install (https://github.com/MichaelGrafnetter/DSInternals/wiki/Installation)the DSInternals PowerShell module for all users.</maml:para> <maml:para>4. Copy the backup data to a local drive, e.g. C:\Backup.</maml:para> <maml:para>5. Run the `New-ADDBRestoreFromMediaScript -DatabasePath 'C:\Backup\Active Directory\ntds.dit' | Invoke-Expression` command.</maml:para> <maml:para>6. Sit back and watch the magic happen. Up to 3 reboots will follow and the entire process may take up to 20 minutes to finish. You should then end up with a fully functional domain controller.</maml:para> <maml:para>The script that is generated by the `New-ADDBRestoreFromMediaScript` cmdlet does the following actions:</maml:para> <maml:para>- Rename the server to match the original domain controller.</maml:para> <maml:para>- Install a new forest by promoting the server to a domain controller.</maml:para> <maml:para>- Replace the newly generated database file (ntds.dit) and SYSVOL directory by the original ones.</maml:para> <maml:para>- Re-encrypt the database using the local Boot Key.</maml:para> <maml:para>- Write the newly generated machine account password into ntds.dit.</maml:para> <maml:para>- Update the LSA Policy to match the SID and GUID of the domain that is being restored.</maml:para> <maml:para>- Reset the Invocation ID of the domain controller.</maml:para> <maml:para>- Reconfigure SYSVOL replication in case it has been restored to a different path.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-ADDBRestoreFromMediaScript</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the system key that encrypts secrets stored in the database specified by the -DatabasePath parameter. If none is specified, it is automatically extracted from a backup of the SYSTEM registry hive, provided that it is present in the ..\registry\SYSTEM path relative to the -DatabasePath parameter.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies a non-UNC path to the backup of domain database (ntds.dit file) that will be used to restore the domain controller.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies a non-UNC path to a directory that contains the backup of domain log files. If not specified, the value of the DatabasePath parameter is used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SafeModeAdminPassword, AdminPassword, DSRMPassword"> <maml:name>SafeModeAdministratorPassword</maml:name> <maml:Description> <maml:para>Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode. If no value is specified for this parameter, the cmdlet prompts you to enter and confirm a masked password. If specified with a value, the value must be a secure string.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SysVol"> <maml:name>SysvolPath</maml:name> <maml:Description> <maml:para>Specifies a non-UNC path to a directory that contains the backup of Sysvol data. If none is specified, the ..\SYSVOL\ path relative to the -DatabasePath parameter is used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the system key that encrypts secrets stored in the database specified by the -DatabasePath parameter. If none is specified, it is automatically extracted from a backup of the SYSTEM registry hive, provided that it is present in the ..\registry\SYSTEM path relative to the -DatabasePath parameter.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies a non-UNC path to the backup of domain database (ntds.dit file) that will be used to restore the domain controller.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies a non-UNC path to a directory that contains the backup of domain log files. If not specified, the value of the DatabasePath parameter is used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SafeModeAdminPassword, AdminPassword, DSRMPassword"> <maml:name>SafeModeAdministratorPassword</maml:name> <maml:Description> <maml:para>Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode. If no value is specified for this parameter, the cmdlet prompts you to enter and confirm a masked password. If specified with a value, the value must be a secure string.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SysVol"> <maml:name>SysvolPath</maml:name> <maml:Description> <maml:para>Specifies a non-UNC path to a directory that contains the backup of Sysvol data. If none is specified, the ..\SYSVOL\ path relative to the -DatabasePath parameter is used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>This recovery procedure is NOT SUPPORTED by Microsoft. Use at your own risk in situations when Active Directory forest reinstallation is the only other option.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> New-ADDBRestoreFromMediaScript -DatabasePath 'C:\IFM\Active Directory\ntds.dit' | Invoke-Expression</dev:code> <dev:remarks> <maml:para>Restores a domain controller from a previously created IFM backup.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> New-ADDBRestoreFromMediaScript -DatabasePath 'C:\IFM\Active Directory\ntds.dit' -BootKey 610bc29e6f62ca7004e9872cd51a0116 -SysvolPath 'C:\IFM\SYSVOL'</dev:code> <dev:remarks> <maml:para>Generates a domain controller restoration script from a previously created IFM backup. The script can then be reviewed, modified if necessary and executed manually.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>ntdsutil.exe "activate instance ntds" ifm "create sysvol full c:\IFM" quit quit</dev:code> <dev:remarks> <maml:para>Creates an Install From Media (IFM) backup of a running domain controller. This backup can later be used by the New-ADDBRestoreFromMediaScript cmdlet.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code><# .SYNOPSIS Restores the LON-DC1 domain controller from ntds.dit. .REMARKS This script should only be executed on a freshly installed Windows Server 2012 R2 Datacenter Evaluation. Use at your own risk. The DSInternals PowerShell module must be installed for all users on the target server. Author: Michael Grafnetter #> #Requires -Version 3 -Modules DSInternals,ServerManager,PSScheduledJob -RunAsAdministrator # Perform a VSS backup before doing anything else. Write-Host 'Creating a snapshot of the system drive to make rollback possible...' $vssResult = ([wmiclass] 'Win32_ShadowCopy').Create("$env:SystemDrive\", 'ClientAccessible') # The PS module must be present as workflows cannot contain non-existing activities. Write-Host 'Installing the Active Directory module for Windows PowerShell...' Add-WindowsFeature -Name RSAT-AD-PowerShell -ErrorAction Stop # All the other operations will be executed by a restartable workflow running in SYSTEM context. Write-Host 'Registering restartable workflows...' # Delete any pre-existing scheduled jobs with the same names before registering new ones. Unregister-ScheduledJob -Name DSInternals-RFM-Initializer,DSInternals-RFM-Resumer -Force -ErrorAction SilentlyContinue # The DSInternals-RFM-Initializer job will only be executed once in order to register the workflow and to invoke it for the first time. $initTask = Register-ScheduledJob -Name DSInternals-RFM-Initializer -ScriptBlock { workflow Restore-DomainController { if ($env:COMPUTERNAME -ne 'LON-DC1') { # A server rename operation is required. Rename-Computer -NewName 'LON-DC1' -Force # We explicitly suspend the workflow as Restart-Computer with the -Wait parameter does not survive local reboots. shutdown.exe /r /t 5 Suspend-Workflow -Label 'Waiting for reboot' } if ((Get-Service NTDS -ErrorAction SilentlyContinue) -eq $null) { # A DC promotion is required. # Note: In order to maintain compatibility with Windows Server 2008 R2, the ADDSDeployment module is not used. # Advice: It is recommenced to change the DSRM password after DC promotion. dcpromo.exe /unattend /ReplicaOrNewDomain:Domain /NewDomain:Forest /NewDomainDNSName:"adatum.com" /DomainNetBiosName:"ADATUM" /DomainLevel:7 /ForestLevel:7 '/SafeModeAdminPassword:"Pa$$w0rd"' /DatabasePath:"$env:SYSTEMROOT\NTDS" /LogPath:"$env:SYSTEMROOT\NTDS" /SysVolPath:"$env:SYSTEMROOT\SYSVOL" /AllowDomainReinstall:Yes /CreateDNSDelegation:No /DNSOnNetwork:No /InstallDNS:Yes /RebootOnCompletion:No Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\10 -Name ConfigurationStatus -Value 2 -Force <# Alternative approach for Winows Server 2012+ Install-WindowsFeature -Name AD-Domain-Services Install-ADDSForest -DomainName 'adatum.com' ` -DomainNetbiosName 'ADATUM' ` -ForestMode WinThreshold ` -DomainMode WinThreshold ` -DatabasePath "$env:SYSTEMROOT\NTDS" ` -LogPath "$env:SYSTEMROOT\NTDS" ` -SysvolPath "$env:SYSTEMROOT\SYSVOL" ` -InstallDns ` -CreateDnsDelegation:$false ` -NoDnsOnNetwork ` -SafeModeAdministratorPassword (ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force)` -NoRebootOnCompletion ` -Force #> } # Reboot the computer into the Directory Services Restore Mode. bcdedit.exe /set safeboot dsrepair shutdown.exe /r /t 5 Suspend-Workflow -Label 'Waiting for reboot' # Re-encrypt the DB with the new boot key. $currentBootKey = Get-BootKey -Online Set-ADDBBootKey -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -OldBootKey 610bc29e6f62ca7004e9872cd51a0116 -NewBootKey $currentBootKey # Clone the DC account password. $ntdsParams = Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters InlineScript { # Note: SupplementalCredentials do not get serialized properly without using the InlineScript activity. $dcAccount = Get-ADDBAccount -SamAccountName 'LON-DC1$' -DatabasePath $using:ntdsParams.'DSA Database file' -LogPath $using:ntdsParams.'Database log files path' -BootKey $using:currentBootKey Set-ADDBAccountPasswordHash -ObjectGuid 9bb4d6f4-060a-4585-9f18-625774e7c088 -NTHash $dcAccount.NTHash -SupplementalCredentials $dcAccount.SupplementalCredentials -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -BootKey $using:currentBootKey } # Replace the database and transaction logs. robocopy.exe 'C:\Backup\Active Directory' $ntdsParams.'DSA Working Directory' *.dit *.edb *.chk *.jfm /MIR /NP /NDL /NJS robocopy.exe 'C:\Backup\Active Directory' $ntdsParams.'Database log files path' *.log *.jrs /MIR /NP /NDL /NJS # Replace SYSVOL. robocopy.exe 'C:\Backup\SYSVOL\Adatum.com' "$env:SYSTEMROOT\SYSVOL\domain" /MIR /XD DfsrPrivate /XJ /COPYALL /SECFIX /TIMFIX /NP /NDL # Reconfigure LSA policies. We would get into a BSOD loop if they do not match the corresponding values in the database. Set-LsaPolicyInformation -DomainName 'ADATUM' -DnsDomainName 'Adatum.com' -DnsForestName 'Adatum.com' -DomainGuid 279b615e-ae79-4c86-a61a-50f687b9f7b8 -DomainSid S-1-5-21-1817670852-3242289776-1304069626 # Tell the DC that its DB has intentionally been restored. A new InvocationID will be generated as soon as the service starts. Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters -Name 'Database restored from backup' -Value 1 -Force Remove-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters -Name 'DSA Database Epoch' -Force # Disable DSRM and do one last reboot. bcdedit.exe /deletevalue safeboot shutdown.exe /r /t 5 Suspend-Workflow -Label 'Waiting for reboot' # Reconfigure SYSVOL replication in case it has been restored to a different path. # Update DFS-R subscription if present in AD. $dfsrSubscriptionDN = 'CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=LON-DC1,OU=Domain Controllers,DC=Adatum,DC=com' $dfsrSubscription = Set-ADObject -Identity $dfsrSubscriptionDN -Server localhost -PassThru -ErrorAction SilentlyContinue -Replace @{ 'msDFSR-RootPath' = "$env:SYSTEMROOT\SYSVOL\domain"; 'msDFSR-StagingPath' = "$env:SYSTEMROOT\SYSVOL\staging areas\Adatum.com" } if($dfsrSubscription -ne $null) { # Download the updated DFS-R configuration from AD. Invoke-WmiMethod -Class DfsrConfig -Name PollDsNow -ArgumentList localhost -Namespace ROOT\MicrosoftDfs } # Update FRS subscription if present in AD. $frsSubscriptionDN = 'CN=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions,CN=LON-DC1,OU=Domain Controllers,DC=Adatum,DC=com' $frsSubscription = Set-ADObject -Identity $frsSubscriptionDN -Server localhost -PassThru -ErrorAction SilentlyContinue -Replace @{ 'fRSRootPath' = "$env:SYSTEMROOT\SYSVOL\domain"; 'fRSStagingPath' = "$env:SYSTEMROOT\SYSVOL\staging\domain" } if($frsSubscription -ne $null) { # Download the updated FRS configuration from AD. InlineScript { ntfrsutl.exe poll /now } } } # Delete any pre-existing workflows with the same name before starting a new one. Remove-Job -Name DSInternals-RFM-Workflow -Force -ErrorAction SilentlyContinue # Start the workflow. Restore-DomainController -JobName DSInternals-RFM-Workflow } # The DSInternals-RFM-Resumer job will be executed after each reboot to unpause the workflow. $resumeTask = Register-ScheduledJob -Name DSInternals-RFM-Resumer -Trigger (New-JobTrigger -AtStartup) -ScriptBlock { # Unregister the one-time task that must already have been executed. Unregister-ScheduledJob -Name DSInternals-RFM-Initializer -Force -ErrorAction SilentlyContinue # Resume the workflow after the computer is rebooted. Resume-Job -Name DSInternals-RFM-Workflow -Wait | Wait-Job | where State -In Completed,Failed,Stopped | foreach { # Perform cleanup when finished. Remove-Job -Job $PSItem -Force Unregister-ScheduledJob -Name DSInternals-RFM-Resumer -Force } } # Configure the scheduled tasks to run under the SYSTEM account. # Note: In order to maintain compatibility with Windows Server 2008 R2, the ScheduledTasks module is not used. schtasks.exe /Change /TN '\Microsoft\Windows\PowerShell\ScheduledJobs\DSInternals-RFM-Initializer' /RU SYSTEM | Out-Null schtasks.exe /Change /TN '\Microsoft\Windows\PowerShell\ScheduledJobs\DSInternals-RFM-Resumer' /RU SYSTEM | Out-Null # Start the workflow task and let the magic happen. Write-Host 'The LON-DC1 domain controller will now be restored from media. Up to 3 reboots will follow.' pause $initTask.RunAsTask()</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-BootKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBDomainController</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-ADDBObject</command:name> <command:verb>Remove</command:verb> <command:noun>ADDBObject</command:noun> <maml:description> <maml:para>Physically removes specified object from a ntds.dit file, making it semantically inconsistent. Highly experimental!</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{Fill in the Description}}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-ADDBObject</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:Description> <maml:para>Forces the cmdlet to remove the specified object from the target database.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:Description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:Description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Remove-ADDBObject</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:Description> <maml:para>Forces the cmdlet to remove the specified object from the target database.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:Description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:Description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:Description> <maml:para>Forces the cmdlet to remove the specified object from the target database.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:Description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:Description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Remove-ADDBObject.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Save-DPAPIBlob</command:name> <command:verb>Save</command:verb> <command:noun>DPAPIBlob</command:noun> <maml:description> <maml:para>Saves DPAPI and Credential Roaming data retrieved from Active Directory to the filesystem for further processing.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet saves DPAPI-related data retrieved from Active Directory to a selected directory. It also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys and to decode the certificates. Supports DPAPI backup keys returned by the Get-ADReplBackupKey, Get-ADDBBackupKey, and Get-LsaBackupKey cmdlets and roamed credentials (certificates, private keys, and DPAPI master keys) returned by the Get-ADReplAccount, Get-ADDBAccount, and Get-ADSIAccount cmdlets.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Save-DPAPIBlob</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, OutputPath"> <maml:name>DirectoryPath</maml:name> <maml:Description> <maml:para>Specifies the path to a target directory where the output file(s) will be saved.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="named" aliases="none"> <maml:name>Account</maml:name> <maml:Description> <maml:para>Specifies an Active Directory account whose DPAPI-related attribute values will be exported to the target directory.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DSAccount</command:parameterValue> <dev:type> <maml:name>DSAccount</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Save-DPAPIBlob</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, OutputPath"> <maml:name>DirectoryPath</maml:name> <maml:Description> <maml:para>Specifies the path to a target directory where the output file(s) will be saved.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="named" aliases="DPAPIBlob, Object, Blob, BackupKey"> <maml:name>DPAPIObject</maml:name> <maml:Description> <maml:para>Specifies a DPAPI object (e.g. Domain Backup Key or Master Key) that will be saved to the target directory.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DPAPIObject</command:parameterValue> <dev:type> <maml:name>DPAPIObject</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="named" aliases="none"> <maml:name>Account</maml:name> <maml:Description> <maml:para>Specifies an Active Directory account whose DPAPI-related attribute values will be exported to the target directory.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DSAccount</command:parameterValue> <dev:type> <maml:name>DSAccount</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, OutputPath"> <maml:name>DirectoryPath</maml:name> <maml:Description> <maml:para>Specifies the path to a target directory where the output file(s) will be saved.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="named" aliases="DPAPIBlob, Object, Blob, BackupKey"> <maml:name>DPAPIObject</maml:name> <maml:Description> <maml:para>Specifies a DPAPI object (e.g. Domain Backup Key or Master Key) that will be saved to the target directory.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DPAPIObject</command:parameterValue> <dev:type> <maml:name>DPAPIObject</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>DSInternals.Common.Data.DPAPIObject</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>DSInternals.Common.Data.DSAccount</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBBackupKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' ` -BootKey 0be7a2afe1713642182e9b96f73a75da | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ADDBAccount -All -DatabasePath '.\ADBackup\Active Directory\ntds.dit' | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ChildItem -Path '.\Output' -Recurse -File | Foreach-Object { $PSItem.FullName.Replace((Resolve-Path -Path '.\Output'), '') } <# Sample Output: \kiwiscript.txt \ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.cer \ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.pfx \ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.pvk \ntds_legacy_d78736ad-5206-4eda-bfd4-cd10cc49d163.key \Abbi\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1304\99c6f954ca07d75267f9a369a0bf5cd3_9e75a609-18c7-4c98-8cd0-c34c3aeae423 \Abbi\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1304\ba7577742c7900c29f8e7f8193ca5f6d_9e75a609-18c7-4c98-8cd0-c34c3aeae423 \Abbi\Protect\S-1-5-21-4534338-1127018997-2609994386-1304\eadae2b5-3933-434a-9bcf-804175877104 \Abbi\SystemCertificates\My\Certificates\366004B5FA21294B80B22DA1385F414C70DF611B \Abbi\SystemCertificates\My\Certificates\6441367E7BF2D4C7DAA1CF27C72D6552F4A48B48 \Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\0b0c01d1f2bb6db4cd9496cd5e1214d6_f8b7bbef-d227-4ac7-badd-3a238a7f741e \Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\2907acacb201238bd89fe63b20c6d23b_f8b7bbef-d227-4ac7-badd-3a238a7f741e \Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\701577141985b6923998dcca035c007a_f8b7bbef-d227-4ac7-badd-3a238a7f741e \Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\d881dc8bbed7c3a08f03b01de4b9f45f_f8b7bbef-d227-4ac7-badd-3a238a7f741e \Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\e1b4cc613d831f27c664af17b8f98021_f8b7bbef-d227-4ac7-badd-3a238a7f741e \Administrator\Protect\S-1-5-21-4534338-1127018997-2609994386-500\47070660-c259-4d90-8bc9-187605323450 \Administrator\Protect\S-1-5-21-4534338-1127018997-2609994386-500\e13655bb-9519-45aa-abf8-a50a7b01317a \Administrator\SystemCertificates\My\Certificates\01ADA5237C2D2D1F1571247A239CA66B31885389 \Administrator\SystemCertificates\My\Certificates\5479CDDE0747E2CB5DF64F28A9E4AD3266AB27AF \Administrator\SystemCertificates\My\Certificates\574E4687133998544C0095C7B348C52CD398182E \Administrator\SystemCertificates\My\Certificates\B422F98237039C9836D24E22E5A92FCEC507EF89 \Administrator\SystemCertificates\My\Certificates\DBE2B5417D56BC061B05B7265A47D3595EEC6A32 \Administrator\SystemCertificates\Request\Certificates\AE1EBACC333E48E80C5DED7D0C644D80417CB6EC \Lara\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1359\1eceade740dd71b94c3a7333522b9859_9e75a609-18c7-4c98-8cd0-c34c3aeae423 \Lara\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1359\2995fb4c62c9211bc265c89fe1c85061_9e75a609-18c7-4c98-8cd0-c34c3aeae423 \Lara\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1359\3183cd1aef41afc9af73e231607b5266_9e75a609-18c7-4c98-8cd0-c34c3aeae423 \Lara\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1359\4f8bd0d10c208c8d57d2a1babd288a83_9e75a609-18c7-4c98-8cd0-c34c3aeae423 \Lara\Protect\S-1-5-21-4534338-1127018997-2609994386-1359\5f6d65d9-c363-4c78-af8d-034fb80efc5a \Lara\SystemCertificates\My\Certificates\1307CE05C8247AA08508302431B6A99647FF600E \Lara\SystemCertificates\My\Certificates\7B0928AF99A3244E73F7F17957ABD5A80818B210 \Lara\SystemCertificates\My\Certificates\90E1D7F90AD73F66F2C8F60120C256D038FD1F2C \Lara\SystemCertificates\My\Certificates\DB690E9D99D094D3E9746DE484D3050951516E29 \Logan\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1272\fd56f510920bd55b31ff5207eafda8c8_9e75a609-18c7-4c98-8cd0-c34c3aeae423 \Logan\Protect\S-1-5-21-4534338-1127018997-2609994386-1272\9c6cc9e0-b5f8-48f4-a478-305ad77fceab \Logan\SystemCertificates\My\Certificates\5D7A3A4FE8ADF5A61C5079EB7FDD1507B2753682 #> PS C:\> Get-Content -Path '.\Output\kiwiscript.txt' <# Sample Output: REM Add this parameter to at least the first dpapi::masterkey command: /pvk:"ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk" dpapi::masterkey /in:"Install\Protect\S-1-5-21-1236425271-2880748467-2592687428-1000\0f2ca69c-c144-4d80-905f-a6bcdfb0d659" /sid:S-1-5-21-1236425271-2880748467-2592687428-1000 dpapi::masterkey /in:"Install\Protect\S-1-5-21-1236425271-2880748467-2592687428-1000\acdad60e-bcc0-48fb-9ceb-7514ca5aa558" /sid:S-1-5-21-1236425271-2880748467-2592687428-1000 dpapi::cng /in:"Install\Crypto\Keys\002F8F86566CEFBC8694EE7F5BB24A5FF2BA2C18" dpapi::cng /in:"Install\Crypto\Keys\476D927F1B009662D46D785BA58BD8E9DB42F687" crypto::system /file:"Install\SystemCertificates\My\Certificates\EA4AD6192A82AB059BFA5E774515FDE0DA604160" /export crypto::system /file:"Install\SystemCertificates\My\Certificates\D6F23BB7BD8C0099DF5F1324507EA0CA3DE7DEAB" /export dpapi::masterkey /in:"john\Protect\S-1-5-21-1236425271-2880748467-2592687428-1109\bfefb3a6-5cdc-44f9-8521-a31feb3acdb1" /sid:S-1-5-21-1236425271-2880748467-2592687428-1109 dpapi::masterkey /in:"john\Protect\S-1-5-21-1236425271-2880748467-2592687428-1109\c14e7f69-3bf5-4c49-92d8-78d759d74ece" /sid:S-1-5-21-1236425271-2880748467-2592687428-1109 crypto::system /file:"john\SystemCertificates\My\Certificates\AF839B040D1257997A8D83EE71F96918F4C3EA01" /export dpapi::cng /in:"john\Crypto\Keys\9F95F8E4F381BFFFD22B5EFAA013E53268451310" dpapi::cng /in:"john\Crypto\Keys\C9ABDF8DC38EA2BA2E20AEC770D91210FF919F87" crypto::system /file:"john\SystemCertificates\My\Certificates\DEFFADB62EE547CB88973DF664C4DC958E8E64D8" /export crypto::system /file:"john\SystemCertificates\My\Certificates\49FD324E5CC4A6020AC9D12D4311C7B33393A1C4" /export crypto::system /file:"john\SystemCertificates\My\Certificates\4E951C29567A261B2E90C94BCCEFAE1FA878A2CB" /export dpapi::capi /in:"john\Crypto\RSA\S-1-5-21-1236425271-2880748467-2592687428-1109\0581f4e6088649266038726d9f8786a9_edc46440-65c9-41ce-aaeb-73754e0e38c8" dpapi::capi /in:"john\Crypto\RSA\S-1-5-21-1236425271-2880748467-2592687428-1109\4771dfabcc8ad1ec2c84c489df041fad_edc46440-65c9-41ce-aaeb-73754e0e38c8" #></dev:code> <dev:remarks> <maml:para>Extracts DPAPI backup keys and roamed credentials (certificates, private keys, and DPAPI master keys) from an Active Directory database file and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-ADReplBackupKey -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ADReplAccount -All -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code> <dev:remarks> <maml:para>Replicates all DPAPI backup keys and roamed credentials (certificates, private keys, and DPAPI master keys) from the target Active Directory domain controller and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Get-LsaBackupKey -ComputerName 'lon-dc1.contoso.com' | Save-DPAPIBlob -DirectoryPath '.\Output' PS C:\> Get-ADSIAccount -Server 'lon-dc1.contoso.com' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code> <dev:remarks> <maml:para>Retrieves DPAPI backup keys from the target domain controller through the MS-LSAD protocol. Also retrieves roamed credentials (certificates, private keys, and DPAPI master keys) from this domain controller through LDAP and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Save-DPAPIBlob.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-LsaBackupKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADSIAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-ADDBAccountPassword</command:name> <command:verb>Set</command:verb> <command:noun>ADDBAccountPassword</command:noun> <maml:description> <maml:para>Sets the password for a user, computer, or service account stored in a ntds.dit file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Generates new password hashes of the given password, including NT hash, WDigest hashes and Kerberos DES, AES128 and AES256 keys and encrypts them into the database using boot key.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-ADDBAccountPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p"> <maml:name>NewPassword</maml:name> <maml:Description> <maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBAccountPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p"> <maml:name>NewPassword</maml:name> <maml:Description> <maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBAccountPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p"> <maml:name>NewPassword</maml:name> <maml:Description> <maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBAccountPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p"> <maml:name>NewPassword</maml:name> <maml:Description> <maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p"> <maml:name>NewPassword</maml:name> <maml:Description> <maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Security.SecureString</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> $pass = Read-Host -AsSecureString -Prompt 'Provide new password for user john' PS C:\> Set-ADDBAccountPassword -SamAccountName john ` -NewPassword $pass ` -DatabasePath '.\ADBackup\Active Directory\ntds.dit' ` -BootKey 0be7a2afe1713642182e9b96f73a75da</dev:code> <dev:remarks> <maml:para>Performs an offline password reset for user john .</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPassword.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBAccountPasswordHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-SamAccountPasswordHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-BootKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-ADDBAccountPasswordHash</command:name> <command:verb>Set</command:verb> <command:noun>ADDBAccountPasswordHash</command:noun> <maml:description> <maml:para>Sets the password hash for a user, computer, or service account stored in a ntds.dit file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Writes the specified NT hash and optionally an entire supplementalCredentials data structure into an offline database. Also enables cross-database / cross-forest password migration without the requirement of a domain trust being in place.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-ADDBAccountPasswordHash</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c"> <maml:name>SupplementalCredentials</maml:name> <maml:Description> <maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue> <dev:type> <maml:name>SupplementalCredentials</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBAccountPasswordHash</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c"> <maml:name>SupplementalCredentials</maml:name> <maml:Description> <maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue> <dev:type> <maml:name>SupplementalCredentials</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBAccountPasswordHash</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c"> <maml:name>SupplementalCredentials</maml:name> <maml:Description> <maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue> <dev:type> <maml:name>SupplementalCredentials</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBAccountPasswordHash</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c"> <maml:name>SupplementalCredentials</maml:name> <maml:Description> <maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue> <dev:type> <maml:name>SupplementalCredentials</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey"> <maml:name>BootKey</maml:name> <maml:Description> <maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c"> <maml:name>SupplementalCredentials</maml:name> <maml:Description> <maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue> <dev:type> <maml:name>SupplementalCredentials</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Byte[]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>DSInternals.Common.Data.SupplementalCredentials</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> $pass = Read-Host -AsSecureString -Prompt 'Provide new password for user hacker' PS C:\> $hash = ConvertTo-NTHash $pass PS C:\> Set-ADDBAccountPasswordHash -SamAccountName john ` -NTHash $hash ` -DatabasePath '.\ADBackup\Active Directory\ntds.dit' ` -BootKey 0be7a2afe1713642182e9b96f73a75da</dev:code> <dev:remarks> <maml:para>Performs an offline password reset for user john by injecting a raw NT hash value.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPasswordHash.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBAccountPassword</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-SamAccountPasswordHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-BootKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-ADDBBootKey</command:name> <command:verb>Set</command:verb> <command:noun>ADDBBootKey</command:noun> <maml:description> <maml:para>Re-encrypts a ntds.dit file with a new BootKey/SysKey.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Decrypts the password encryption key list from the pekList domain attribute using the current/old boot key and re-encrypts it using a new one. This might be useful during some DC restore operations. Note that this procedure is highly unsupported by Microsoft.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-ADDBBootKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NewKey, New, NewSysKey"> <maml:name>NewBootKey</maml:name> <maml:Description> <maml:para>Specifies the new boot key (AKA system key) that will be used to re-encrypt the password encryption key (pekList) stored in the target Active Directory database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="OldKey, Old, OldSysKey"> <maml:name>OldBootKey</maml:name> <maml:Description> <maml:para>Specifies the current boot key (AKA system key) that will be used to decrypt the password encryption key (pekList) stored in the target Active Directory database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NewKey, New, NewSysKey"> <maml:name>NewBootKey</maml:name> <maml:Description> <maml:para>Specifies the new boot key (AKA system key) that will be used to re-encrypt the password encryption key (pekList) stored in the target Active Directory database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="OldKey, Old, OldSysKey"> <maml:name>OldBootKey</maml:name> <maml:Description> <maml:para>Specifies the current boot key (AKA system key) that will be used to decrypt the password encryption key (pekList) stored in the target Active Directory database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Set-ADDBBootKey -DatabasePath 'C:\Backup\Active Directory\ntds.dit' ` -LogPath 'C:\Backup\Active Directory' ` -OldBootKey 610bc29e6f62ca7004e9872cd51a0116 ` -NewBootKey 6ffec6b70dc863db1906a5507c0576ee</dev:code> <dev:remarks> <maml:para>Re-encrypts the ntds.dit file with a new boot key.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBBootKey.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-BootKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-ADDBRestoreFromMediaScript</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-ADDBDomainController</command:name> <command:verb>Set</command:verb> <command:noun>ADDBDomainController</command:noun> <maml:description> <maml:para>Writes information about the DC to a ntds.dit file, including the highest committed USN and database epoch.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-ADDBDomainController cmdlet can be used to simulate USN rollbacks, USN depletion, and database file restore operations. This cmdlet should only be used in lab environments.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-ADDBDomainController</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Expiration, Expire"> <maml:name>BackupExpiration</maml:name> <maml:Description> <maml:para>Specifies the database backup expiration time.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:Description> <maml:para>Confirms that you understand the implications of using this cmdlet and still want to use it.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBDomainController</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DSAEpoch"> <maml:name>Epoch</maml:name> <maml:Description> <maml:para>Specifies the database epoch which must be consistent with the information in the registry.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:Description> <maml:para>Confirms that you understand the implications of using this cmdlet and still want to use it.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBDomainController</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:Description> <maml:para>Confirms that you understand the implications of using this cmdlet and still want to use it.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="USN"> <maml:name>HighestCommittedUsn</maml:name> <maml:Description> <maml:para>Specifies the highest committed USN for the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int64</command:parameterValue> <dev:type> <maml:name>Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Expiration, Expire"> <maml:name>BackupExpiration</maml:name> <maml:Description> <maml:para>Specifies the database backup expiration time.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DSAEpoch"> <maml:name>Epoch</maml:name> <maml:Description> <maml:para>Specifies the database epoch which must be consistent with the information in the registry.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:Description> <maml:para>Confirms that you understand the implications of using this cmdlet and still want to use it.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="USN"> <maml:name>HighestCommittedUsn</maml:name> <maml:Description> <maml:para>Specifies the highest committed USN for the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int64</command:parameterValue> <dev:type> <maml:name>Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> $currentEpoch = Get-ItemPropertyValue -Path 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters' -Name 'DSA Database Epoch' PS C:\> Set-ADDBDomainController -DatabasePath .\ntds.dit -Epoch $currentEpoch -Force</dev:code> <dev:remarks> <maml:para>Copies the database epoch from registry to the ntds.dit file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Set-ADDBDomainController -DatabasePath .\ntds.dit -HighestCommittedUsn 9223372036854775800 -Force</dev:code> <dev:remarks> <maml:para>Modifies the highest committed USN of the AD database. This might be helpful when trying to simulate USN rollbacks and USN depletion.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBDomainController.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBDomainController</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBBootKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-ADDBPrimaryGroup</command:name> <command:verb>Set</command:verb> <command:noun>ADDBPrimaryGroup</command:noun> <maml:description> <maml:para>Modifies the primaryGroupId attribute of an object in a ntds.dit file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Modifies the primaryGroupId attribute of an account in a ntds.dit file. The most relevant group relative identifiers (RIDs) include 512 for Domain Admins , 513 for Domain Users , and 519 for Schema Admins .</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-ADDBPrimaryGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId"> <maml:name>PrimaryGroupId</maml:name> <maml:Description> <maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBPrimaryGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId"> <maml:name>PrimaryGroupId</maml:name> <maml:Description> <maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBPrimaryGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId"> <maml:name>PrimaryGroupId</maml:name> <maml:Description> <maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-ADDBPrimaryGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId"> <maml:name>PrimaryGroupId</maml:name> <maml:Description> <maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath"> <maml:name>DatabasePath</maml:name> <maml:Description> <maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn"> <maml:name>DistinguishedName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath"> <maml:name>LogPath</maml:name> <maml:Description> <maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid"> <maml:name>ObjectGuid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid"> <maml:name>ObjectSid</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId"> <maml:name>PrimaryGroupId</maml:name> <maml:Description> <maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate"> <maml:name>SkipMetaUpdate</maml:name> <maml:Description> <maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Int32</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Set-ADDBPrimaryGroup -SamAccountName John ` -PrimaryGroupId 512 ` -DatabasePath 'D:\Windows\NTDS\ntds.dit'</dev:code> <dev:remarks> <maml:para>Moves the account John from the default Domain Users group to Domain Admins .</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBPrimaryGroup.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-ADDBSidHistory</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-AzureADUserEx</command:name> <command:verb>Set</command:verb> <command:noun>AzureADUserEx</command:noun> <maml:description> <maml:para>Registers new or revokes existing FIDO and NGC keys in Azure Active Directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-AzureADUserEx cmdlet uses an undocumented Azure AD Graph API endpoint to modify the normally hidden searchableDeviceKeys attribute of user accounts. This attribute holds different types of key credentials, including the FIDO2 and NGC keys that are used by Windows Hello for Business.</maml:para> <maml:para>This cmdlet also enables Global Admins to selectively revoke security keys registered by other users. This is a unique feature, as Microsoft only supports self-service FIDO2 security key registration and revocation (at least at the time of publishing this cmdlet).</maml:para> <maml:para>This cmdlet is not intended to replace the Set-AzureADUser cmdlet from Microsoft's AzureAD module. Authentication fully relies on the official Connect-AzureAD cmdlet.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-AzureADUserEx</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token"> <maml:name>AccessToken</maml:name> <maml:Description> <maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SearchableDeviceKey, KeyCredentialLink"> <maml:name>KeyCredential</maml:name> <maml:Description> <maml:para>Specifies a list of key credentials (typically FIDO2 and NGC keys) that can be used by the target user for authentication.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">KeyCredential[]</command:parameterValue> <dev:type> <maml:name>KeyCredential[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Identity, Id, UserId, ObjectGuid"> <maml:name>ObjectId</maml:name> <maml:Description> <maml:para>Specifies the identity of a user in Azure AD.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant"> <maml:name>TenantId</maml:name> <maml:Description> <maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-AzureADUserEx</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token"> <maml:name>AccessToken</maml:name> <maml:Description> <maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SearchableDeviceKey, KeyCredentialLink"> <maml:name>KeyCredential</maml:name> <maml:Description> <maml:para>Specifies a list of key credentials (typically FIDO2 and NGC keys) that can be used by the target user for authentication.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">KeyCredential[]</command:parameterValue> <dev:type> <maml:name>KeyCredential[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant"> <maml:name>TenantId</maml:name> <maml:Description> <maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UPN, UserName"> <maml:name>UserPrincipalName</maml:name> <maml:Description> <maml:para>Specifies the UPN of a user in Azure AD.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token"> <maml:name>AccessToken</maml:name> <maml:Description> <maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SearchableDeviceKey, KeyCredentialLink"> <maml:name>KeyCredential</maml:name> <maml:Description> <maml:para>Specifies a list of key credentials (typically FIDO2 and NGC keys) that can be used by the target user for authentication.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">KeyCredential[]</command:parameterValue> <dev:type> <maml:name>KeyCredential[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Identity, Id, UserId, ObjectGuid"> <maml:name>ObjectId</maml:name> <maml:Description> <maml:para>Specifies the identity of a user in Azure AD.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant"> <maml:name>TenantId</maml:name> <maml:Description> <maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UPN, UserName"> <maml:name>UserPrincipalName</maml:name> <maml:Description> <maml:para>Specifies the UPN of a user in Azure AD.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Install-Module -Name AzureAD,DSInternals -Force PS C:\> Connect-AzureAD PS C:\> $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken PS C:\> Set-AzureADUserEx -UserPrincipalName 'john@contoso.com' -KeyCredential @() -Token $token</dev:code> <dev:remarks> <maml:para>Revokes all FIDO2 security keys and NGC keys (Windows Hello for Business) that were previously registered by the specified user. Typical use case includes stolen devices and other security incidents.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> $user = Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -AccessToken $token PS C:\> $newCreds = $user.KeyCredentials | where { $PSItem.FidoKeyMaterial.DisplayName -notlike '*YubiKey*' } PS C:\> Set-AzureADUserEx -UserPrincipalName 'john@contoso.com' -KeyCredential $newCreds -Token $token</dev:code> <dev:remarks> <maml:para>Selectively revokes a specific FIDO2 security key based on its display name. Typical use case is a stolen/lost security key.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Get-AzureADUserEx</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-LsaPolicyInformation</command:name> <command:verb>Set</command:verb> <command:noun>LsaPolicyInformation</command:noun> <maml:description> <maml:para>Configures AD-related Local Security Authority Policies of the local computer or a remote one.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Configures AD-related Local Security Authority (LSA) Policies of the local or a remote computer. This functionality is helpful when restoring Active Directory domain controllers (DC) from IFM backups. Note that running this command against a DC with parameters that do not match the information stored in its local AD database might prevent the target DC from booting ever again.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-LsaPolicyInformation</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName"> <maml:name>ComputerName</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> <maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DnsDomainName</maml:name> <maml:Description> <maml:para>Specifies the DNS name of the primary domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DnsForestName</maml:name> <maml:Description> <maml:para>Specifies the DNS forest name of the primary domain. This is the DNS name of the domain at the root of the enterprise.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DomainGuid</maml:name> <maml:Description> <maml:para>Specifies the GUID of the primary domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NetBIOSDomainName, Workgroup"> <maml:name>DomainName</maml:name> <maml:Description> <maml:para>Specifies the name of the primary domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DomainSid</maml:name> <maml:Description> <maml:para>Specifies the SID of the primary domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName"> <maml:name>ComputerName</maml:name> <maml:Description> <maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para> <maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DnsDomainName</maml:name> <maml:Description> <maml:para>Specifies the DNS name of the primary domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DnsForestName</maml:name> <maml:Description> <maml:para>Specifies the DNS forest name of the primary domain. This is the DNS name of the domain at the root of the enterprise.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DomainGuid</maml:name> <maml:Description> <maml:para>Specifies the GUID of the primary domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NetBIOSDomainName, Workgroup"> <maml:name>DomainName</maml:name> <maml:Description> <maml:para>Specifies the name of the primary domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DomainSid</maml:name> <maml:Description> <maml:para>Specifies the SID of the primary domain.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Set-LsaPolicyInformation -DomainName 'ADATUM' ` -DnsDomainName 'Adatum.com' ` -DnsForestName 'Adatum.com' ` -DomainGuid 279b615e-ae79-4c86-a61a-50f687b9f7b8 ` -DomainSid S-1-5-21-1817670852-3242289776-1304069626</dev:code> <dev:remarks> <maml:para>Configures AD-related LSA Policy Information of the local computer.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-LsaPolicyInformation.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-ADDBRestoreFromMediaScript</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-SamAccountPasswordHash</command:name> <command:verb>Set</command:verb> <command:noun>SamAccountPasswordHash</command:noun> <maml:description> <maml:para>Sets NT and LM hashes of an Active Directory or local account through the MS-SAMR protocol.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Sets NT and LM password hashes of a user account in a local or remote Security Account Manager (SAM) or Active Directory (AD) database through the SAM Remote Protocol (MS-SAMR). Note that kerberos AES and DES ekeys of the target account are cleared by this command.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-SamAccountPasswordHash</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies the user account credentials to be used to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the target NetBIOS domain name the target account belongs to.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>LMHash</maml:name> <maml:Description> <maml:para>Specifies a new LM password hash value in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Specifies a new NT password hash value in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies user's login.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the name of a SAM server.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>localhost</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Set-SamAccountPasswordHash</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies the user account credentials to be used to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>LMHash</maml:name> <maml:Description> <maml:para>Specifies a new LM password hash value in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Specifies a new NT password hash value in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the name of a SAM server.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>localhost</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Sid</maml:name> <maml:Description> <maml:para>Specifies user SID.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:Description> <maml:para>Specifies the user account credentials to be used to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>Specifies the target NetBIOS domain name the target account belongs to.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>LMHash</maml:name> <maml:Description> <maml:para>Specifies a new LM password hash value in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>NTHash</maml:name> <maml:Description> <maml:para>Specifies a new NT password hash value in hexadecimal format.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>SamAccountName</maml:name> <maml:Description> <maml:para>Specifies user's login.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer"> <maml:name>Server</maml:name> <maml:Description> <maml:para>Specifies the name of a SAM server.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>localhost</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Sid</maml:name> <maml:Description> <maml:para>Specifies user SID.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue> <dev:type> <maml:name>SecurityIdentifier</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.Principal.SecurityIdentifier</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Byte[]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Set-SamAccountPasswordHash -SamAccountName 'john' ` -Domain CONTOSO ` -NTHash ac5d3227c79791b451eb28fcd9efbfb2 ` -Server 'lon-dc1.contoso.com'</dev:code> <dev:remarks> <maml:para>Resets the NT password hash of the target Active Directory account through the MS-SAMR protocol.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-SamAccountPasswordHash.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-ADDBAccountPasswordHash</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Test-PasswordQuality</command:name> <command:verb>Test</command:verb> <command:noun>PasswordQuality</command:noun> <maml:description> <maml:para>Performs AD audit, including checks for weak, duplicate, default and empty passwords. Accepts input from the Get-ADReplAccount and Get-ADDBAccount cmdlets.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Test-PasswordQuality cmdlet is a simple tool for Active Directory password auditing. It can detect weak, duplicate, default, non-expiring or empty passwords and find accounts that are violating security best practices. The cmdlet accepts output of the Get-ADDBAccount and Get-ADReplAccount cmdlets, so both offline (ntds.dit) and online (DCSync) password analysis can be done.</maml:para> <maml:para>Lists of leaked passwords that can be obtained from HaveIBeenPwned are fully supported. Be sure to download the list that is marked as "NTLM (ordered by hash)" and extract the archive to your HDD.</maml:para> <maml:para>Although the cmdlet output is formatted in a human readable fashion, it is still an object, whose properties can be accessed separately (e.g. $result.WeakPassword) to produce a desired output. When scripted, it can be used to audit Active Directory passwords on a regular basis.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Test-PasswordQuality</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="ADAccount, DSAccount"> <maml:name>Account</maml:name> <maml:Description> <maml:para>Active Directory account to check. The accounts are typically piped in from the Get-ADDBAccount and Get-ADReplAccount cmdlets.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DSAccount</command:parameterValue> <dev:type> <maml:name>DSAccount</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IncludeDisabledAccounts</maml:name> <maml:Description> <maml:para>Process even accounts that are disabled. Such accounts are skipped otherwise.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SkipDuplicatePasswordTest</maml:name> <maml:Description> <maml:para>Do not compare account hashes with each other.</maml:para> </maml:Description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WeakPasswordHashesFile</maml:name> <maml:Description> <maml:para>Path to a file that contains NT hashes of weak passwords, one hash in HEX format per line. For performance reasons, the -WeakPasswordHashesSortedFile parameter should be used instead.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WeakPasswordHashesSortedFile</maml:name> <maml:Description> <maml:para>Path to a file that contains NT hashes of weak passwords, one hash in HEX format per line. The hashes must be sorted alphabetically, because a binary search is performed. This parameter is typically used with a list of leaked password hashes from HaveIBeenPwned.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WeakPasswords</maml:name> <maml:Description> <maml:para>List of passwords that are considered weak, e.g. Password123 or April2019. If more than a handful passwords are to be tested, the WeakPasswordsFile parameter should be used instead.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WeakPasswordsFile</maml:name> <maml:Description> <maml:para>Path to a file that contains weak passwords, one password per line.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="ADAccount, DSAccount"> <maml:name>Account</maml:name> <maml:Description> <maml:para>Active Directory account to check. The accounts are typically piped in from the Get-ADDBAccount and Get-ADReplAccount cmdlets.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">DSAccount</command:parameterValue> <dev:type> <maml:name>DSAccount</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IncludeDisabledAccounts</maml:name> <maml:Description> <maml:para>Process even accounts that are disabled. Such accounts are skipped otherwise.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SkipDuplicatePasswordTest</maml:name> <maml:Description> <maml:para>Do not compare account hashes with each other.</maml:para> </maml:Description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WeakPasswordHashesFile</maml:name> <maml:Description> <maml:para>Path to a file that contains NT hashes of weak passwords, one hash in HEX format per line. For performance reasons, the -WeakPasswordHashesSortedFile parameter should be used instead.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WeakPasswordHashesSortedFile</maml:name> <maml:Description> <maml:para>Path to a file that contains NT hashes of weak passwords, one hash in HEX format per line. The hashes must be sorted alphabetically, because a binary search is performed. This parameter is typically used with a list of leaked password hashes from HaveIBeenPwned.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WeakPasswords</maml:name> <maml:Description> <maml:para>List of passwords that are considered weak, e.g. Password123 or April2019. If more than a handful passwords are to be tested, the WeakPasswordsFile parameter should be used instead.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>WeakPasswordsFile</maml:name> <maml:Description> <maml:para>Path to a file that contains weak passwords, one password per line.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>DSInternals.Common.Data.DSAccount</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>DSInternals.PowerShell.PasswordQualityTestResult</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBAccount -All -DatabasePath ntds.dit -BootKey acdba64a3929261b04e5270c3ef973cf | Test-PasswordQuality -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt <# Sample Output: Active Directory Password Quality Report ---------------------------------------- Passwords of these accounts are stored using reversible encryption: CONTOSO\smith CONTOSO\doe LM hashes of passwords of these accounts are present: CONTOSO\hodge These accounts have no password set: CONTOSO\test01 CONTOSO\test02 Passwords of these accounts have been found in the dictionary: CONTOSO\Administrator These groups of accounts have the same passwords: Group 1: CONTOSO\graham CONTOSO\graham_admin Group 2: CONTOSO\admin CONTOSO\sql_svc01 These computer accounts have default passwords: CONTOSO\DESKTOP27$ Kerberos AES keys are missing from these accounts: CONTOSO\sql_svc01 Kerberos pre-authentication is not required for these accounts: CONTOSO\jboss Only DES encryption is allowed to be used with these accounts: CONTOSO\sql_svc01 These administrative accounts are allowed to be delegated to a service: CONTOSO\AdatumAdmin CONTOSO\Administrator Passwords of these accounts will never expire: CONTOSO\admin CONTOSO\sql_svc01 These accounts are not required to have a password: CONTOSO\gonzales These accounts that require smart card authentication have a password: CONTOSO\smithj CONTOSO\jonesp #></dev:code> <dev:remarks> <maml:para>Performs an offline credential hygiene audit of AD database against HIBP.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> $results = Get-ADReplAccount -All -Server LON-DC1 | Test-PasswordQuality -WeakPasswords 'Pa$$w0rd','April2019' ` -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt</dev:code> <dev:remarks> <maml:para>Performs an online credential hygiene audit of AD against HIBP + a custom wordlist.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> $pwnedUsers = $accounts | Test-PasswordQuality -WeakPasswordsFile rockyou.txt -SkipDuplicatePasswordTest | Select-Object -ExpandProperty WeakPassword</dev:code> <dev:remarks> <maml:para>Performs a dictionary attack against a set of accounts. The Test-PasswordQuality cmdlet always returns structured data.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Get-ADDBAccount -All -DatabasePath ntds.dit -BootKey $key | where DistinguishedName -like '*OU=Employees,DC=contoso,DC=com' | Test-PasswordQuality -IncludeDisabledAccounts -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt</dev:code> <dev:remarks> <maml:para>Performs an offline credential hygiene audit of a selected OU from AD database against HIBP.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> $contosoAccounts = Get-ADReplAccount -All -Server LON-DC1.contoso.com PS C:\> $adatumAccounts = Get-ADReplAccount -All -Server NYC-DC1.adatum.com -Credential (Get-Credential) PS C:\> $contosoAccounts + $adatumAccounts | Test-PasswordQuality <# Sample Output (Partial): These groups of accounts have the same passwords: Group 1: ADATUM\smith ADATUM\doe Group 2: ADATUM\Administrator ADATUM\joe_admin CONTOSO\Administrator CONTOSO\joe_admin #></dev:code> <dev:remarks> <maml:para>Performs a cross-forest duplicate password discovery. Any number of Get-ADReplAccount and Get-ADDBAccount cmdlet outputs can be combined together, as long as the computer has enough memory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Test-PasswordQuality.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADDBAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ADReplAccount</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |