Commands to create AD environment
Install AD Dependencies
Windows Server Datacenter (GUI)





Next and Install.
Windows Server Standard (CLI)
From here https://medium.com/@serkanturan_79203/installing-active-directory-with-powershell-ea48de56088c
Install AD DS (Active Directory Domain Services):
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Configure a new Forest:
Import-Module ADDSDeployment
Install-ADDSForest -DomainName "lanz-corp.com" -InstallDNS
Verify installation:
Get-Service adws,kdc,netlogon,dns
Promote Server to Domain Controller (GUI)

Click on "Promote this server to a domain controller":





Install:


The server has been promoted to a Domain Controller, and the authentication is now based in domain.
Users
Configure users, groups, machines...
Run from the start menu: Active Directory Users and Computers
Get-ADUser (search users)
Get-ADUser -Filter 'Name -like "*Paul*"'
Get-ADUser -Filter "Name -like '*Orion*'" -Properties *
Get-ADUser -Filter 'Name -like "*Mike*"' | Format-Table Name,SamAccountName
Name SamAccountName
---- --------------
Mike Andrews Jectle1984
Mike Rocha Trequievery
Mike Rosa Mans1990
Mike Blackmon Stemodgme01
Joshua Mikels Wifen1938
Mike Goodwin Lovicher
Mike Dukes Imosed
Mike Bynum Barve1947
Mike Pritchard Pludenis
Mike O'Hare mohare
New-ADUser (add user)
Using the Active Directory Users and Computers
from the start-menu and inside a folder or using PowerShell commands:
New-ADUser -Name "Orion Starchaser" -DisplayName 'Orion Starchaser' -SamAccountName 'o.starchaser' -UserPrincipalName 'orion.starchaser@inlanefreight.local' -AccountPassword (Read-Host -AsSecureString 'Enter a password') -Enabled $true -ChangePasswordAtLogon $true -OtherAttributes @{'title'='analyst';'mail'='o.starchaser@inlanefreight.local'}
Get-ADUser -Identity o.starchaser
Set-ADUser (update user info)
Set-ADUser -Identity 'Artemis Callisto' -DisplayName 'Artemis Callisto'
Get-ADUser -Filter "Name -like 'Andromeda Cepheus'" -Properties *
[...]
DistinguishedName : CN=Andromeda Cepheus,OU=Analysts,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL
Enabled : True
GivenName : Andromeda
Name : Andromeda Cepheus
ObjectClass : user
ObjectGUID : 300c377e-db3d-4da4-aabd-7235d69693ff
SamAccountName : a.cepheus
SID : S-1-5-21-3842939050-3880317879-2865463114-7604
Surname : Cepheus
UserPrincipalName : a.cepheus@INLANEFREIGHT.LOCAL
[...]
EmailAddress :
[...]
mail :
[...]
Let's update the Email:
Set-ADUser -Identity 'a.cepheus' -EmailAddress 'a.cepheus@inlanefreight.local'
Get-ADUser -Filter "Name -like 'Andromeda Cepheus'" -Properties *
[...]
EmailAddress : a.cepheus@inlanefreight.local
[...]
mail : a.cepheus@inlanefreight.local
[...]
Remove-ADUser (remove user)
Get-ADUser -Filter "Name -like '*Orion*'" | Format-Table Name,SamAccountName
Name SamAccountName
---- --------------
Orion Starchaser Orion Starchaser
Remove-ADUser -Identity 'Orion Starchaser'

Unlock-ADAccount (unlock user)
Get-ADUser -Filter 'Name -like "*Masters*"'
DistinguishedName : CN=Adam Masters,OU=Interns,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL
Enabled : True
GivenName : Adam
Name : Adam Masters
ObjectClass : user
ObjectGUID : 56d0f2af-e8a0-4d12-a910-c55257c702a2
SamAccountName : amasters
SID : S-1-5-21-3842939050-3880317879-2865463114-6108
Surname : Masters
UserPrincipalName : amasters@INLANEFREIGHT.LOCAL
Unlock-ADAccount -Identity 'amasters'
Set-ADAccountPassword amasters -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password')
Set-ADUser -ChangePasswordAtLogon $true -Identity amasters
Update credentials
Set-ADAccountPassword username -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password') -Verbose
Set-ADUser -ChangePasswordAtLogon $true -Identity username -Verbose
Change DoesNotRequirePreAuth Right
This permission is used in Kerberos and is related to ASREP-Roast attack.
GUI:
Enable "Do not require Kerberos preauthentication":

CLI:
We have a list of valid users:

Does anyone have the DoesNotRequirePreAuth right?
python3 GetNPUsers.py -no-pass -usersfile users.txt -dc-ip 10.10.10.10 -format john -outputfile dc-freed-om-corp-asreproastable-users.txt 'lanz.com/'

Nop.
Let's activate it...
Get-ADUser -Identity paolo.suarez -Properties * | Format-Table Name,DoesNotRequierePreAuth
Get-ADUser -Identity paolo.suarez | Set-ADAccountControl -DoesNotRequirePreAuth $true

Again, does anyone have the DoesNotRequirePreAuth right?

Yeah, there is one!
Computers
Add-Computer (add a computer to a domain)
In the new computer we are going to execute:
Add-Computer -DomainName INLANEFREIGHT.LOCAL -Credential INLANEFREIGHT.LOCAL\htb-student_adm -Restart
Or remotely:
Add-Computer -ComputerName ACADEMY-IAD-W10 -LocalCredential ACADEMY-IAD-W10\image -DomainName INLANEFREIGHT.LOCAL -Credential INLANEFREIGHT\htb-student_adm -Restart
It will generate a pop-up to input credentials of a Domain Admin (or if the user is already created in the Domain, we can set the user credentials instead of Administrator).

Move a computer to an OU
Get-ADComputer -Identity 'ACADEMY-IAD-W10' | Move-ADObject -TargetPath 'OU=Security Analysts,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL'
Remove-Computer
Remove-Computer -ComputerName 'ACADEMY-IAD-W10' -UnjoinDomainCredential 'INLANEFREIGHT.LOCAL\htb-student_adm' -PassThru -Restart -Verbose
If doesn't work, do it manually in the local computer:
Group Policy Object (GPO)
Configure Group Policy Object with GUI
Run from the start menu: Group Policy Management
Force any particular computer to sync its GPOs
gpupdate /force
Copy-GPO (copy/duplicate a GPO)
Get-GPO -All | FT Displayname
Copy-GPO -SourceName 'Logon Banner' -TargetName 'Security Analysts Control'

New-GPLink (link a GPO to an OU)
New-GPLink -Name 'Security Analysts Control' -Target 'OU=Security Analysts,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL' -LinkEnabled Yes
Get-GPO -Name 'Security Analysts Control' | New-GPLink -Target 'OU=Security Analysts,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL' -LinkEnabled Yes

Organization Unit (OU)
Get-ADOrganizationUnit (obtain OUs)
Get-ADOrganizationalUnit -Filter 'Name -like "*"'
Get-ADOrganizationalUnit -Filter 'Name -like "*HelpDesk*"'
City :
Country :
DistinguishedName : OU=HelpDesk,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL
LinkedGroupPolicyObjects : {}
ManagedBy :
Name : HelpDesk
ObjectClass : organizationalUnit
ObjectGUID : 2ad47f9e-4550-44c6-bb99-104bc3ac2105
PostalCode :
State :
StreetAddress :
Get-ADOrganizationalUnit -Identity 'OU=HelpDesk,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL'
City :
Country :
DistinguishedName : OU=HelpDesk,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL
LinkedGroupPolicyObjects : {}
ManagedBy :
Name : HelpDesk
ObjectClass : organizationalUnit
ObjectGUID : 2ad47f9e-4550-44c6-bb99-104bc3ac2105
PostalCode :
State :
StreetAddress :
Get members of an OU
Get-ADuser -Filter * -SearchBase "OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL" | select name,DistinguishedName
[...]
Andromeda Cepheus CN=Andromeda Cepheus,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL
Artemis Callisto CN=Artemis Callisto,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL
Orion Starchaser CN=Orion Starchaser,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL
New-ADOrganizationUnit (create an OU)
New-ADOrganizationalUnit -Name 'Security Analysts' -Path 'OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL'

Remove-ADOrganizationUnit (remove an OU)
Get-ADOrganizationalUnit -Identity 'OU=Analysts,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL' | Set-ADObject -ProtectedFromAccidentalDeletion:$false -PassThru | Remove-ADOrganizationalUnit -Confirm:$false
Move-ADObject (to move an object (user, group, etc) to another OU)
Move-ADObject -Identity "CN=Artemis Callisto,CN=Users,DC=INLANEFREIGHT,DC=LOCAL" -TargetPath "OU=Security Analysts,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL"
Get-ADUser -Identity a.callisto | Move-ADObject -TargetPath 'OU=Security Analysts,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL'
Groups
New-ADGroup (create a security group)
New-ADGroup -Name "Security Analysts" -SamAccountName Analysts -GroupCategory Security -GroupScope Global -DisplayName "Security Analysts" -Path "OU=Security Analysts,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL" -Description "Members of this group are Security Analysts under the IT OU"
Security groups: Use to assign permissions to shared resources.
Distribution groups: Use to create email distribution lists.
Set-ADGroup (update group info)
Set-ADGroup -Identity 'Analysts' -SamAccountName 'Security Analysts'
Get-ADGroupMember (get members of a group)
Get-ADGroupMember -Identity 'Security Analysts'
Add-ADGroupMember (add members to a group)
Add-ADGroupMember -Identity 'Security Analysts' -Members a.cepheus
Add-ADGroupMember -Identity 'Security Analysts' -Members 'Orion Starchaser','Artemis Callisto'

Shared Folders
Create a shared folder
GUI:



Check "Type a custom path", and create a folder.




Click on "Customize permissions"
And set a user with full access (for test) over that folder

Create and we done:

CLI:
New-SmbShare -Name "Pagos" -Path "C:\Pagos" -FullAccess "lanz.com\jose.lopez"


And checking:
smbmap -H 10.10.10.10 -d lanz.com -u 'jose.lopez' -p 'Jose123!'

Last updated