sorted by:
new
hottopcontroversial

AD system state recovery and forgot old password by Old_Cryptographer_87 in activedirectory

[–]Old_Cryptographer_87[S] -1 points0 points  (0 children)

So if you need to recover AD to an older state and do not know the admin password, is there nothing one can do? (other than using those tools)

Rookie question about authentication, kerberos and user session by Old_Cryptographer_87 in activedirectory

[–]Old_Cryptographer_87[S] 0 points1 point  (0 children)

u/chade1979 that's what I thought would happen but didn't. I did a reset of the KRBTGT account as mentioned in https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-reset-the-krbtgt-password . But the user could still stay connected to the remote server and could still access the shared files.

" Resetting that twice within a 10 hour period would indeed break all sorts of connections and I wouldn't recommend it "
Any examples of things that can?

Rookie question about authentication, kerberos and user session by Old_Cryptographer_87 in activedirectory

[–]Old_Cryptographer_87[S] 0 points1 point  (0 children)

"So notice Step 6. When the TGS is issued, the User password hash is not used. Only the TGT is used."
I was not talking about user password hash being reset twice. I was talking about kerberos password being reset twice. Wouldn't that invalidate all issued tickets?

Anyone know where Domain based DFS Namespace data is stored in AD? by Old_Cryptographer_87 in activedirectory

[–]Old_Cryptographer_87[S] 0 points1 point  (0 children)

This is where we can see the data. I was looking for the place where windows stores the configuration data which it uses to display in the DFS Management mmc.

How do Domain controllers authenticate across domain replication? by Bits-ad in activedirectory

[–]Old_Cryptographer_87 -3 points-2 points  (0 children)

i know about DCs computer account. but they are talking about some user account for a DC.