Announcement

Collapse
No announcement yet.

Domain Upgrade Auditing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Guest's Avatar
    Guest replied
    Re: Domain Upgrade Auditing

    Go to Tools->Settings->Display, change the Display Mode to User Details. Add SID from the right window over to the Current Columns side. Click OK to save that.

    Your computer accounts show up under the Domain Users group after expanding Global Groups. Right-click on Domain Users and choose View All User Member Details.

    Leave a comment:


  • MattKey
    replied
    Re: Domain Upgrade Auditing

    "However, you can get the SID information for computers and users using Hyena, and copy this information our of Hyena to a file"

    Could you please explain further on this...

    Will this work for a Domain of this size (as described in the original post) and results are from the Domain SAM data - not from the workstations?

    Thanks

    Leave a comment:


  • kstanush
    replied
    Re: Domain Upgrade Auditing

    Exporter Pro does not get user or computer information from the registry...that would be a very bad idea. It relies on API functions to get the information.

    There isn't any way for Exporter Pro to get the SID for a computer easily as it isn't returned in the function that we use to get computer information. This only applies for Windows NT domains (and computers).

    However, you can get the SID information for computers and users using Hyena, and copy this information our of Hyena to a file.

    If this is something that you need to do, let us know.

    Thanks

    Leave a comment:


  • MattKey
    replied
    Re: Domain Upgrade Auditing

    reg.exe from the NT4 Reskit is also able to query REG_BINARY values (I would prefer to do this all in one tool though!)

    Just to clarify what I am trying to achieve:
    I am performing auditing for an in-place upgrade of a NT4 Domain to Active Directory. I will take a baseline audit before the upgrade and do a comparison after the upgrade. With no PDC online during the upgrade, the data values stored in the Domain SAM (including all password hashes) will not change - unless there is corruption.

    As mentioned before the domain computer SIDs are stored in subkeys of HKLM/Security/SAM/Domains/Account. Can you clarify how Exporter Pro is able to query values for Domain User SIDs - stored in the same V and F subkeys and in the same format (8 byte reverse encoded REG_BINARY) - but not Domain Computer SIDs? Guessing there is no API function call for doing this...?

    Leave a comment:


  • kstanush
    replied
    Re: Domain Upgrade Auditing

    Exporter Pro cannot currently handle REG_BINARY strings. Hyena, can however. We may add this support in the next update.

    The reason that I don't think that you can easily use the password for a computer accounts is that the computer and the domain controller maintain this password and it gets synced every few days. If you migrate a computer and find that you can't logon to the domain and you have set the password using CopyPwd, this may be the cause. In particular, if you change domains, the password might get changed.

    Leave a comment:


  • MattKey
    replied
    Re: Domain Upgrade Auditing

    The domain computer SIDs are stored in a subkey in HKLM/Security/SAM/Domains/Account. As an alternative I thought to run a registry query against this key - the problem I am experiencing now is the result returns NO_FORMAT for %VALUE% when the data type is REG_BINARY - this is NOT permissions related - I get this result on any other value of the same data type. Is Exporter Pro unable to query binary registry values?

    BTW - The Copypwd utility does export both computer and user passwords.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Re: Domain Upgrade Auditing

    In answering your question initially, I didn't catch the fact that you are looking for computer SID from an NT domain. Unfortunately we have no way of exporting computer SID for NT. You can't export the password hash for computer accounts either, but I don't think you would be able to use that for anything if you could.

    Leave a comment:


  • MattKey
    replied
    Re: Domain Upgrade Auditing

    ...what if the computer is not currently turned on when I run the report?

    Ideally I would like to export all attributes (name, SID, computer's password) of a computer object from the SAM before / after migration (using newly installed BDC to run the query against). Looks like I can do this with Exporter Pro for user objects - not computer objects...?

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Re: Domain Upgrade Auditing

    Our free CopyPwd utility will dump the password hashes to a file for you, and it can set them on another computer if that is what you are looking for.

    On the other question, the choice between those two options shouldn't have anything to do with whether or not you get the SID. The Browse List option is probably not returning more computers because of your filter, or the browse list itself is incomplete. The SAM option simply takes the list of computers from the domain (or AD) and then queries each computer to determine it's type. If a computer responds with a type that matches your filter criteria, then it is queried for the information you are exporting. When finished your output file should only contain the computers that match your filter.

    Leave a comment:


  • MattKey
    started a topic Domain Upgrade Auditing

    Domain Upgrade Auditing

    I am using Exporter Pro that is bundled with Hyena 6.3 to put together an auditing strategy for an NT to AD Domain migration. The NT Domain contains approx. 20000 users, 12000 computers and 2000 groups - it's big and it's old. Some issues that I have come across from testing Exporter Pro:
    I cannot query the password attribute hash for an NT user - I am reluctant to use a hacker tool like l0pht - is Exporter Pro able to report this? Can you add custom queries? If not - is there an "honest" tool for this?
    When I query for computer objects - if I force it to use the SAM not the browse list - the only computer object returned is the PDC that I targeted the query. Can I query the SAM for all computer objects and their corresponding SIDs?
    THNX!!
Working...
X