Downloads:
42,132
Downloads of v 4.10.0:
512
Last Update:
16 Sep 2023
Package Maintainer(s):
Software Author(s):
- Michael Grafnetter
Tags:
admin dsinternals powershell activedirectory ad security ntds passwords dpapi lsa sam audit- Software Specific:
- Software Site
- Software Source
- Software License
- Software Docs
- Software Issues
- Package Specific:
- Package Source
- Package outdated?
- Package broken?
- Contact Maintainers
- Contact Site Admins
- Software Vendor?
- Report Abuse
- Download
DSInternals PowerShell Module
This is not the latest version of DSInternals PowerShell Module available.
- 1
- 2
- 3
4.10.0 | Updated: 16 Sep 2023
- Software Specific:
- Software Site
- Software Source
- Software License
- Software Docs
- Software Issues
- Package Specific:
- Package Source
- Package outdated?
- Package broken?
- Contact Maintainers
- Contact Site Admins
- Software Vendor?
- Report Abuse
- Download
Downloads:
42,132
Downloads of v 4.10.0:
512
Maintainer(s):
Software Author(s):
- Michael Grafnetter
DSInternals PowerShell Module 4.10.0
This is not the latest version of DSInternals PowerShell Module available.
Legal Disclaimer: Neither this package nor Chocolatey Software, Inc. are affiliated with or endorsed by Michael Grafnetter. The inclusion of Michael Grafnetter trademark(s), if any, upon this webpage is solely to identify Michael Grafnetter goods or services and not for commercial purposes.
- 1
- 2
- 3
This Package Contains an Exempted Check
Not All Tests Have Passed
Deployment Method: Individual Install, Upgrade, & Uninstall
To install DSInternals PowerShell Module, run the following command from the command line or from PowerShell:
To upgrade DSInternals PowerShell Module, run the following command from the command line or from PowerShell:
To uninstall DSInternals PowerShell Module, run the following command from the command line or from PowerShell:
Deployment Method:
This applies to both open source and commercial editions of Chocolatey.
1. Enter Your Internal Repository Url
(this should look similar to https://community.chocolatey.org/api/v2/)
2. Setup Your Environment
1. Ensure you are set for organizational deployment
Please see the organizational deployment guide
2. Get the package into your environment
Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)-
Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
- You can also just download the package and push it to a repository Download
-
Open Source
-
Download the package:
Download - Follow manual internalization instructions
-
-
Package Internalizer (C4B)
-
Run: (additional options)
choco download dsinternals-psmodule --internalize --version=4.10.0 --source=https://community.chocolatey.org/api/v2/
-
For package and dependencies run:
choco push --source="'INTERNAL REPO URL'"
- Automate package internalization
-
Run: (additional options)
3. Copy Your Script
choco upgrade dsinternals-psmodule -y --source="'INTERNAL REPO URL'" --version="'4.10.0'" [other options]
See options you can pass to upgrade.
See best practices for scripting.
Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.
If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:
choco upgrade dsinternals-psmodule -y --source="'INTERNAL REPO URL'" --version="'4.10.0'"
$exitCode = $LASTEXITCODE
Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
Exit 0
}
Exit $exitCode
- name: Install dsinternals-psmodule
win_chocolatey:
name: dsinternals-psmodule
version: '4.10.0'
source: INTERNAL REPO URL
state: present
See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.
chocolatey_package 'dsinternals-psmodule' do
action :install
source 'INTERNAL REPO URL'
version '4.10.0'
end
See docs at https://docs.chef.io/resource_chocolatey_package.html.
cChocoPackageInstaller dsinternals-psmodule
{
Name = "dsinternals-psmodule"
Version = "4.10.0"
Source = "INTERNAL REPO URL"
}
Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.
package { 'dsinternals-psmodule':
ensure => '4.10.0',
provider => 'chocolatey',
source => 'INTERNAL REPO URL',
}
Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.
4. If applicable - Chocolatey configuration/installation
See infrastructure management matrix for Chocolatey configuration elements and examples.
This package was approved as a trusted package on 17 Sep 2023.
The DSInternals PowerShell Module has these main features:
- Azure Active Directory FIDO2 key auditing and retrieval of system information about all user-registered key credentials.
- Active Directory password auditing that discovers accounts sharing the same passwords or having passwords in a public database like HaveIBeenPwned or in a custom dictionary.
- Bare-metal recovery of domain controllers from just IFM backups (ntds.dit + SYSVOL).
- Offline ntds.dit file manipulation, including hash dumping, password resets, group membership changes, SID History injection and enabling/disabling accounts.
- Online password hash dumping through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR). This feature is commonly called DCSync.
- Domain or local account password hash injection through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or directly into the database.
- LSA Policy modification through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC).
- Extracting credential roaming data and DPAPI domain backup keys, either online through directory replication, LSARPC and offline from ntds.dit.
- Password hash calculation, including NT hash, LM hash and kerberos keys.
Installation Notes
- The module will be installed to the $PSHome\Modules directory. This is to avoid conflicts with the PowerShell Gallery and still support module autoloading.
Disclaimer
Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.
$ErrorActionPreference = 'Stop'
# Remove Module Files
$destinationDir = Join-Path -Path $PSHOME -ChildPath 'Modules\DSInternals'
Remove-Item -Path $destinationDir -Recurse -Force -ErrorAction SilentlyContinue
# Remove Start Menu Link
$shortcutPath = Join-Path -Path $env:ProgramData -ChildPath 'Microsoft\Windows\Start Menu\Programs\DSInternals PowerShell Module.lnk'
Remove-Item -Path $shortcutPath -Force -ErrorAction SilentlyContinue
VERIFICATION
This is the official DSInternals PowerShell Module Chocolatey package.
The package is self-contained and contains the same files as the GitHub ZIP release (https://github.com/MichaelGrafnetter/DSInternals/releases).
File integrity can be checked against the catalog file using the following PowerShell 5 command:
Test-FileCatalog -CatalogFilePath tools\DSInternals.cat -Path DSInternals -Detailed
Note that the catalog file is not digitally signed (for now).
md5: 8334A7C482816D4354EAB9BD727DDF25 | sha1: 589C1A17B40F8619C616DC048F9BEB73AAEFDC04 | sha256: AA8FE57F3949392509DC64390C7129A4DCF1E679D65824385E43B5101FCE232F | sha512: 2DB020C1A2ED6309DB0DDEABC9BABD036F345D32C75E09BFA37C116F9B738B5045EF9D60A20CBAC62CBB9BA7D5B9622550A8801CEBB367918548BFB56020A9AA
md5: CF38ABA069CADF6DEBD67A9AD9FB23BF | sha1: D93D36FF8F6745DA6DA15B277A0E1571FDB49AC8 | sha256: 0A2E8408C0533E7DA44E4F40DCB475667F9DD5EEBE34C21A4BFBFB826065A501 | sha512: C243AFCEB438587E7BC31EA447131A5251460C1E75D786B2BE2076E231D0B8B84E074584C09F4F4DDA759B8DB6E4059A2E2D3BEAF2F3A9A16041BE8E9F2F40C3
md5: C7FDD6BF400563738ABD16AC28D27326 | sha1: 8675EB2D43AA7C1B39CE251607B9BD605F1B2F26 | sha256: AE29FACCAEB22091B293C7128CAE908D5F09176AC8E9D779BB0ABBEC507236DA | sha512: E4422C068A80CA47AB2009F7AD0AE536BCCDDBBD8C44BEB1DDE343D22904A0FECE5EF1B50213DDB29B4572AB83929EF1C4401269C48A8030A661189621FAA5DA
md5: 8DEF7E1FC741E9D8CBCE2E8F4D4E11B4 | sha1: 85BA62180D7ED3BAA15BD2E4DFDDB3091FF8675E | sha256: 442ADD0037FF9593C3737F5C77BF77B198AFD5DD3A8DA0714F3C50D990EA733C | sha512: 199AC50D872069BF915CA15C3EDB55DCAFE5465DB2319DB755572A6C66CC71695AF008EF075B2E3CD8B13F862C0341756F0A488730E3F0E3B0D52BA0A08E22D6
md5: B2902B7B4701C1324F276C2A68ACD10D | sha1: 59CB992625E5DC1F5A7295EE7CAD2D7BE9B91ED1 | sha256: 751EC49BA459511DC0A7B67C56F537BB9548CAEB2F167E958489AA551197BA19 | sha512: E56AE4E02B9D4CECAE51DB81906DE798E6D4F907477025ABBEFF3DBFEF737B929FCCF1D3919651C0115D43804E95FA3FFE6463563B7B14151CA17F042ECAA214
#
# Script module file for the 'DSInternals' module.
#
# Copyright (c) Michael Grafnetter
#
#
# Load the platform-specific libraries.
# Note: This operation cannot be done in the module manifest,
# as it only supports restricted language mode.
#
[string] $interopAssemblyPath = Join-Path $PSScriptRoot "$env:PROCESSOR_ARCHITECTURE\DSInternals.Replication.Interop.dll"
try
{
Add-Type -Path $interopAssemblyPath -ErrorAction Stop
}
catch [System.IO.IOException]
{
#
# Make the error message more meaningful by checking common failure reasons.
#
[string] $message = 'The Get-ADRepl* cmdlets will not work properly, because the "{0}" assembly could not be loaded.' -f $interopAssemblyPath
[System.Management.Automation.ErrorCategory] $errorCategory = [System.Management.Automation.ErrorCategory]::OpenError
# Check the presence of the Universal C Runtime
[string] $ucrtPath = Join-Path ([System.Environment]::SystemDirectory) 'ucrtbase.dll'
[bool] $ucrtPresent = Test-Path -Path $ucrtPath
if(-not $ucrtPresent)
{
# This can happen on systems prior to Windows 10 with missing updates.
$message += ' The Universal C Runtime is missing. Run Windows Update or install it manually and reload the DSInternals module afterwards.'
$errorCategory = [System.Management.Automation.ErrorCategory]::NotInstalled
}
# Check if the interop assembly is blocked
[object] $zoneIdentifier = Get-Item -Path $interopAssemblyPath -Stream 'Zone.Identifier' -ErrorAction SilentlyContinue
if($zoneIdentifier -ne $null)
{
# This usually happens to users of the ZIP distribution who forget to unblock it before extracting the files.
$message += ' Unblock the assembly using either the Properties dialog or the Unblock-File cmdlet and reload the DSInternals module afterwards.'
$errorCategory = [System.Management.Automation.ErrorCategory]::SecurityError
}
# Build the error report
Write-Error -Message $message `
-Exception $PSItem.Exception `
-Category $errorCategory `
-CategoryTargetName $interopAssemblyPath `
-CategoryActivity $PSItem.CategoryInfo.Activity `
-CategoryReason $PSItem.CategoryInfo.Reason
}
#
# Check if the MD5 hash function is available.
#
if([System.Security.Cryptography.CryptoConfig]::AllowOnlyFipsAlgorithms)
{
[string] $message = 'Only FIPS certified cryptographic algorithms are enabled in .NET. DSInternals cmdlets that require the MD5 hash function will not work as expected.'
[string] $configPath = [System.Diagnostics.Process]::GetCurrentProcess().Path + '.config'
[string] $recommendedAction = 'Add the <enforceFIPSPolicy enabled="false"/> directive to the "{0}" file.' -f $configPath
Write-Error -Message $message `
-RecommendedAction $recommendedAction `
-Category ([System.Management.Automation.ErrorCategory]::SecurityError)
}
#
# Check if the current OS is Windows.
#
if($env:OS -ne 'Windows_NT')
{
Write-Error -Message 'The DSInternals PowerShell module is only supported on Windows.' `
-Category ([System.Management.Automation.ErrorCategory]::NotImplemented)
}
#
# Type Data
# Note: *.types.ps1xml cannot be used for the following configuration, because it is processed before *.psm1 and would thus fail loading platform-specific assemblies.
#
Update-TypeData -TypeName 'DSInternals.Common.Data.SupplementalCredentials' `
-TypeConverter ([DSInternals.PowerShell.SupplementalCredentialsDeserializer]) `
-Force
#
# Cmdlet aliases
#
New-Alias -Name Set-ADAccountPasswordHash -Value Set-SamAccountPasswordHash
New-Alias -Name Set-WinUserPasswordHash -Value Set-SamAccountPasswordHash
New-Alias -Name Get-ADPasswordPolicy -Value Get-SamPasswordPolicy
New-Alias -Name Get-ADDefaultPasswordPolicy -Value Get-SamPasswordPolicy
New-Alias -Name ConvertFrom-UnattendXmlPassword -Value ConvertFrom-UnicodePassword
New-Alias -Name ConvertTo-AADHash -Value ConvertTo-OrgIdHash
New-Alias -Name ConvertTo-MsoPasswordHash -Value ConvertTo-OrgIdHash
New-Alias -Name Get-ADReplicationAccount -Value Get-ADReplAccount
New-Alias -Name ConvertFrom-ManagedPasswordBlob -Value ConvertFrom-ADManagedPasswordBlob
New-Alias -Name Get-SysKey -Value Get-BootKey
New-Alias -Name Get-SystemKey -Value Get-BootKey
New-Alias -Name Set-ADDBSysKey -Value Set-ADDBBootKey
New-Alias -Name Test-ADPasswordQuality -Value Test-PasswordQuality
New-Alias -Name Test-ADDBPasswordQuality -Value Test-PasswordQuality
New-Alias -Name Test-ADReplPasswordQuality -Value Test-PasswordQuality
New-Alias -Name Get-KeyCredential -Value Get-ADKeyCredential
New-Alias -Name Get-KeyCredentialLink -Value Get-ADKeyCredential
New-Alias -Name Get-ADKeyCredentialLink -Value Get-ADKeyCredential
New-Alias -Name New-ADKeyCredential -Value Get-ADKeyCredential
New-Alias -Name New-ADKeyCredentialLink -Value Get-ADKeyCredential
New-Alias -Name New-ADNgcKey -Value Get-ADKeyCredential
New-Alias -Name Get-LsaPolicy -Value Get-LsaPolicyInformation
New-Alias -Name Set-LsaPolicy -Value Set-LsaPolicyInformation
New-Alias -Name Write-ADReplNgcKey -Value Add-ADReplNgcKey
New-Alias -Name Write-ADNgcKey -Value Add-ADReplNgcKey
New-Alias -Name Add-ADNgcKey -Value Add-ADReplNgcKey
# Export the aliases
Export-ModuleMember -Alias * -Cmdlet *
md5: E29E0F75729E1E72079729BCA57A5DA4 | sha1: CE0DA816F01CCC9D414A98546A5EC033477FE1F2 | sha256: F979846E7636809F142E9ECD65018B7C5DC8930B2B67C37D5534993BE2DC54FB | sha512: 7AE654667E0668EBBC68764A64D82A9650E15C80FC2A78B10ADF216C25A1EF9910740F3D90F04817BA9C5D3888443F79C3A498D8885EF9848701E4AD3EAAC661
md5: C5776CCBA337B10DBB371A0828E71A10 | sha1: CD619686571C3927E63F302893B01F2FA88E4862 | sha256: 6D578F59467DB1E46EB49BECE9A72C7B004CEA768CC4001DA6A581F7A8F7058A | sha512: 56348D0961C062C164DCFA655156ED1FAABC737F0CF632F3168D151F2AD785286EF7051EEFA19B7E6EDCFA391CB3FBD73DC5F2420FB5214606841A903C4A5C81
TOPIC
about_DSInternals
SHORT DESCRIPTION
The Directory Services Internals (DSInternals) PowerShell Module exposes
several internal and undocumented features of Active Directory.
LONG DESCRIPTION
The main features of the DSInternals PowerShell Module include:
- Offline ntds.dit file manipulation, including hash dumping, password
resets, group membership changes, SID History injection and
enabling/disabling accounts.
- Online password hash dumping through the Directory Replication Service
Remote Protocol (MS-DRSR).
- Active Directory password auditing that discovers accounts sharing the
same passwords or having passwords in a public database like HaveIBeenPwned
or in a custom dictionary.
- Domain or local account password hash injection through the Security
Account Manager Remote Protocol (MS-SAMR) or directly into the database.
- LSA Policy modification through the Local Security Authority Remote
Protocol (MS-LSAD / LSARPC).
- Extracting credential roaming data and DPAPI domain backup keys, either
online through MS-DRSR and LSARPC or offline from ntds.dit.
- Bare-metal recovery of domain controllers from just IFM backups (ntds.dit
+ SYSVOL).
- Password hash calculation, including NT hash, LM hash and kerberos keys.
NOTE
Features exposed through these tools are not supported by Microsoft.
Improper use might cause irreversible damage to domain controllers or
negatively impact domain security.
SEE ALSO
Get-ADDBAccount
Get-ADReplAccount
Test-PasswordQuality
New-ADDBRestoreFromMediaScript
ConvertTo-NTHash
md5: AFBFDB20B573411B64F06185754A1A28 | sha1: 0BED18A0F7A95C6415C8AF98E26F83020268572E | sha256: 11F7D777493D32719C1C30ACBF5681BAEE37BB69B0DBC0FF4D0F21C122E7C09C | sha512: 377F2A6892821A967E8EC68A3B9D4B5BAA6445E413F61ED073A9E5C90A7D97528554104344C824B60263CCEF812B107556F817CC4C664221FAA9B70F25ECF338
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh">
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Add-ADDBSidHistory</command:name>
<command:verb>Add</command:verb>
<command:noun>ADDBSidHistory</command:noun>
<maml:description>
<maml:para>Adds one or more values to the sIDHistory attribute of an object in a ntds.dit file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>This cmdlet can be used to add any value to the sIDHistory attribute by directly modifying the Active Directory database. Note that the Active Directory Migration Tool (ADMT) is the only supported way of modifying the sIDHistory attribute. Improper usage of this cmdlet may cause irreversible damage to the target Active Directory environment.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Add-ADDBSidHistory</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History">
<maml:name>SidHistory</maml:name>
<maml:Description>
<maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Add-ADDBSidHistory</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History">
<maml:name>SidHistory</maml:name>
<maml:Description>
<maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Add-ADDBSidHistory</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History">
<maml:name>SidHistory</maml:name>
<maml:Description>
<maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Add-ADDBSidHistory</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History">
<maml:name>SidHistory</maml:name>
<maml:Description>
<maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="hist, History">
<maml:name>SidHistory</maml:name>
<maml:Description>
<maml:para>Specifies an array of security IDs (SIDs) that will be added to the SID History of the target object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier[]</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier[]</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Stop-Service -Name ntds -Force
PS C:\> Add-ADDBSidHistory -SamAccountName John `
-SidHistory 'S-1-5-21-3623811102-3361044346-30300840-512',
'S-1-5-21-3623811102-3361044346-30300840-519' `
-DatabasePath C:\Windows\NTDS\ntds.dit
PS C:\> Start-Service -Name ntds</dev:code>
<dev:remarks>
<maml:para>Adds the SIDs of the Domain Admins and Enterprise Admins groups into user John 's sIDHistory.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Import-Csv user.csv | Add-ADDBSidHistory -DatabasePath C:\Windows\NTDS\ntds.dit</dev:code>
<dev:remarks>
<maml:para>Imports a CSV file containing SamAccountName and SidHistory columns into a nds.dit file.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADDBSidHistory.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBPrimaryGroup</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBDomainController</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Add-ADReplNgcKey</command:name>
<command:verb>Add</command:verb>
<command:noun>ADReplNgcKey</command:noun>
<maml:description>
<maml:para>Composes and updates the msDS-KeyCredentialLink value on an object through the MS-DRSR protocol.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>This cmdlet wraps the IDL_DRSWriteNgcKey RPC call.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Add-ADReplNgcKey</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>PublicKey</maml:name>
<maml:Description>
<maml:para>Specifies the NGC key value.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Add-ADReplNgcKey</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Login, sam, AccountName, User">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory account.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AccountDomain, UserDomain">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the NetBIOS domain name of the target Active Directory account.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>PublicKey</maml:name>
<maml:Description>
<maml:para>Specifies the NGC key value.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Add-ADReplNgcKey</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>PublicKey</maml:name>
<maml:Description>
<maml:para>Specifies the NGC key value.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Add-ADReplNgcKey</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory account.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>PublicKey</maml:name>
<maml:Description>
<maml:para>Specifies the NGC key value.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Add-ADReplNgcKey</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>PublicKey</maml:name>
<maml:Description>
<maml:para>Specifies the NGC key value.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="UPN">
<maml:name>UserPrincipalName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory account.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AccountDomain, UserDomain">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the NetBIOS domain name of the target Active Directory account.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory account.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>PublicKey</maml:name>
<maml:Description>
<maml:para>Specifies the NGC key value.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Login, sam, AccountName, User">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory account.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="UPN">
<maml:name>UserPrincipalName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the target Active Directory account.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Add-ADReplNgcKey -UserPrincipalName '[email protected]' -Server LON-DC1 -PublicKey 525341310008000003000000000100000000000000000000010001C1A78914457758B0B13C70C710C7F8548F3F9ED56AD4640B6E6A112655C98ECAC1CBD68A298F5686C08439428A97FE6FDF58D78EA481905182BAD684C2D9C5CDE1CDE34AA19742E8BBF58B953EAC4C562FCF598CC176B02DBE9FFFEF5937A65815C236F92892F7E511A1FEDD5483CB33F1EA715D68106180DED2432A293367114A6E325E62F93F73D7ECE4B6A2BCDB829D95C8645C3073B94BA7CB7515CD29042F0967201C6E24A77821E92A6C756DF79841ACBAAE11D90CA03B9FCD24EF9E304B5D35248A7BD70557399960277058AE3E99C7C7E2284858B7BF8B08CDD286964186A50A7FCBCC6A24F00FEE5B9698BBD3B1AEAD0CE81FEA461C0ABD716843A5</dev:code>
<dev:remarks>
<maml:para>Registers the specified NGC public key for user [email protected] .</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADReplNgcKey.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADKeyCredential</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertFrom-ADManagedPasswordBlob</command:name>
<command:verb>ConvertFrom</command:verb>
<command:noun>ADManagedPasswordBlob</command:noun>
<maml:description>
<maml:para>Decodes the value of the msDS-ManagedPassword attribute of a Group Managed Service Account.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Decodes the MSDS-MANAGEDPASSWORD_BLOB structure containing a group-managed service account's password information.</maml:para>
<maml:para>The password is actually a cryptographically generated array of 256 bytes that is represented as an 128 characters long UTF-16 string.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertFrom-ADManagedPasswordBlob</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="msDS-ManagedPassword, ManagedPassword, ManagedPasswordBlob">
<maml:name>Blob</maml:name>
<maml:Description>
<maml:para>Specifies the binary value stored in the msDS-ManagedPassword attribute.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="msDS-ManagedPassword, ManagedPassword, ManagedPasswordBlob">
<maml:name>Blob</maml:name>
<maml:Description>
<maml:para>Specifies the binary value stored in the msDS-ManagedPassword attribute.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.ManagedPassword</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> $gmsa = Get-ADServiceAccount -Identity 'SQL_HQ_Primary' -Properties 'msDS-ManagedPassword'
PS C:\> ConvertFrom-ADManagedPasswordBlob -Blob $gmsa.'msDS-ManagedPassword'
<# Sample Output:
Version : 1
CurrentPassword : 湤ୟɰ橣낔饔ᦺ几᧾ʞꈠ⿕ՔὬ랭뷾햾咶郸�렇ͧ퀟럓몚ꬶ佩䎖∘Ǐ㦗ן뱷鼹⽩Ⲃ⫝咽㠅E䠹鸞왶婰鞪
PreviousPassword :
QueryPasswordInterval : 29.17:15:36.3736817
UnchangedPasswordInterval : 29.17:10:36.3736817
#></dev:code>
<dev:remarks>
<maml:para>Decodes the managed password information from a group-managed service account (GMSA) called SQL_HQ_Primary . The user retrieving the managed password needs to be listed in the PrincipalsAllowedToRetrieveManagedPassword property of the GMSA.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertFrom-ADManagedPasswordBlob.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADServiceAccount</maml:linkText>
<maml:uri>https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adserviceaccount</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADServiceAccount</maml:linkText>
<maml:uri>https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-adserviceaccount</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>New-ADServiceAccount</maml:linkText>
<maml:uri>https://docs.microsoft.com/en-us/powershell/module/addsadministration/new-adserviceaccount</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertFrom-GPPrefPassword</command:name>
<command:verb>ConvertFrom</command:verb>
<command:noun>GPPrefPassword</command:noun>
<maml:description>
<maml:para>Decodes a password from the format used by Group Policy Preferences.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>{{Fill in the Description}}</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertFrom-GPPrefPassword</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>EncryptedPassword</maml:name>
<maml:Description>
<maml:para>Provide an encrypted password from a Group Policy Preferences XML file.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>EncryptedPassword</maml:name>
<maml:Description>
<maml:para>Provide an encrypted password from a Group Policy Preferences XML file.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> {{ Add example code here }}</dev:code>
<dev:remarks>
<maml:para>{{ Add example description here }}</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertFrom-GPPrefPassword.md</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertFrom-UnicodePassword</command:name>
<command:verb>ConvertFrom</command:verb>
<command:noun>UnicodePassword</command:noun>
<maml:description>
<maml:para>Decodes a password from the format used in unattend.xml files.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>{{Fill in the Description}}</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertFrom-UnicodePassword</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>UnicodePassword</maml:name>
<maml:Description>
<maml:para>Specifies the encoded password that should be decoded.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>UnicodePassword</maml:name>
<maml:Description>
<maml:para>Specifies the encoded password that should be decoded.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> {{ Add example code here }}</dev:code>
<dev:remarks>
<maml:para>{{ Add example description here }}</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertFrom-UnicodePassword.md</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertTo-GPPrefPassword</command:name>
<command:verb>ConvertTo</command:verb>
<command:noun>GPPrefPassword</command:noun>
<maml:description>
<maml:para>Converts a password to the format used by Group Policy Preferences.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>{{Fill in the Description}}</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertTo-GPPrefPassword</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Provide a password in the form of a SecureString.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Provide a password in the form of a SecureString.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> {{ Add example code here }}</dev:code>
<dev:remarks>
<maml:para>{{ Add example description here }}</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-GPPrefPassword.md</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertTo-Hex</command:name>
<command:verb>ConvertTo</command:verb>
<command:noun>Hex</command:noun>
<maml:description>
<maml:para>Helper cmdlet that converts binary input to a hexadecimal string.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Converts a byte array to its hexadecimal representation.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertTo-Hex</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>Input</maml:name>
<maml:Description>
<maml:para>Specifies the binary input in the form of an array of bytes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>UpperCase</maml:name>
<maml:Description>
<maml:para>Indicates that the output should be encoded using uppercase characters instead of lowercase ones.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>Input</maml:name>
<maml:Description>
<maml:para>Specifies the binary input in the form of an array of bytes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>UpperCase</maml:name>
<maml:Description>
<maml:para>Indicates that the output should be encoded using uppercase characters instead of lowercase ones.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Byte[]</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> ConvertTo-Hex -Input 0,255,32
00ff20</dev:code>
<dev:remarks>
<maml:para>Converts the byte array to its hexadecimal representation, using lowercase characters.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> ConvertTo-Hex -Input 0,255,32 -UpperCase
00FF20</dev:code>
<dev:remarks>
<maml:para>Converts the byte array to its hexadecimal representation, using uppercase characters.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-Hex.md</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertTo-KerberosKey</command:name>
<command:verb>ConvertTo</command:verb>
<command:noun>KerberosKey</command:noun>
<maml:description>
<maml:para>Computes Kerberos keys from a given password using Kerberos version 5 Key Derivation Functions.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Supports the derivation of AES256, AES128 and DES encryption keys. To calculate the RC4 key, the ConvertTo-NTHash cmdlet should be used instead.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertTo-KerberosKey</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Specifies an input password from which kerberos keys will be derived.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="s">
<maml:name>Salt</maml:name>
<maml:Description>
<maml:para>Specifies the salt parameter of the string-to-key functions.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="i">
<maml:name>Iterations</maml:name>
<maml:Description>
<maml:para>Specifies the iteration count parameter of the string-to-key functions.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4096</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="i">
<maml:name>Iterations</maml:name>
<maml:Description>
<maml:para>Specifies the iteration count parameter of the string-to-key functions.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>4096</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Specifies an input password from which kerberos keys will be derived.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="s">
<maml:name>Salt</maml:name>
<maml:Description>
<maml:para>Specifies the salt parameter of the string-to-key functions.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.KerberosKeyDataNew</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> $pwd = ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force
PS C:\> ConvertTo-KerberosKey -Password $pwd -Salt 'CONTOSO.COMAdministrator'
<# Sample Output:
AES256_CTS_HMAC_SHA1_96
Key: 660e61042b190b5724c62bb473facca12058fb9ad3c03c0d2809f839c0352502
Iterations: 4096
AES128_CTS_HMAC_SHA1_96
Key: bd75e98362b16649ffbaed630d5341d0
Iterations: 4096
DES_CBC_MD5
Key: aed02c52204ca2ce
Iterations: 4096
#></dev:code>
<dev:remarks>
<maml:para>Applies 3 different kerberos key derivation functions to the specified password and salt.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-KerberosKey.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertTo-NTHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertTo-LMHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertTo-LMHash</command:name>
<command:verb>ConvertTo</command:verb>
<command:noun>LMHash</command:noun>
<maml:description>
<maml:para>Calculates LM hash of a given password.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Applies the Lan Manager one-way function (LM OWF) to a given cleartext password and returns the resulting hash.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertTo-LMHash</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Specifies a password in the form of a SecureString.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Specifies a password in the form of a SecureString.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> ConvertTo-LMHash
cmdlet ConvertTo-LMHash at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Password: ********
727e3576618fa1754a3b108f3fa6cb6d</dev:code>
<dev:remarks>
<maml:para>Reads a password from the command line and calculates its LM hash.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> $pwd = ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force
PS C:\> ConvertTo-LMHash -Password $pwd
727e3576618fa1754a3b108f3fa6cb6d</dev:code>
<dev:remarks>
<maml:para>Calculates the LM hash of password Pa$$w0rd .</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-LMHash.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertTo-NTHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertTo-KerberosKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertTo-NTHash</command:name>
<command:verb>ConvertTo</command:verb>
<command:noun>NTHash</command:noun>
<maml:description>
<maml:para>Calculates NT hash of a given password.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Applies the NT one-way function (NT OWF) to a given cleartext password and returns the resulting hash, which is just the MD4 hash function applied to the UTF-16 encoded input.</maml:para>
<maml:para>This hash is sometimes called NTLM hash, because it is mainly used in the NTLM(v2) network authentication protocol.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertTo-NTHash</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Specifies a password in the form of a SecureString.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Specifies a password in the form of a SecureString.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> ConvertTo-NTHash
cmdlet ConvertTo-NTHash at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Password: ********
92937945b518814341de3f726500d4ff</dev:code>
<dev:remarks>
<maml:para>Reads a password from the command line and calculates its NT hash.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> $pwd = ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force
PS C:\> ConvertTo-NTHash -Password $pwd
92937945b518814341de3f726500d4ff</dev:code>
<dev:remarks>
<maml:para>Calculates the NT hash of password Pa$$w0rd .</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-NTHash.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertTo-LMHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertTo-KerberosKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertTo-OrgIdHash</command:name>
<command:verb>ConvertTo</command:verb>
<command:noun>OrgIdHash</command:noun>
<maml:description>
<maml:para>Calculates OrgId hash of a given password. Used by Azure Active Directory Connect.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The OrgId hash is defined as PBKDF2( UTF-16( ToUpper( ToHex( MD4( UTF-16(plaintext))))), RND(10), 1000, HMAC-SHA256, 32).</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertTo-OrgIdHash</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="h">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Provide a 16-byte NT Hash of user's password in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="s">
<maml:name>Salt</maml:name>
<maml:Description>
<maml:para>Provide a 10-byte salt in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>ConvertTo-OrgIdHash</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Provide a password in the form of a SecureString.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="s">
<maml:name>Salt</maml:name>
<maml:Description>
<maml:para>Provide a 10-byte salt in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="h">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Provide a 16-byte NT Hash of user's password in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="p">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Provide a password in the form of a SecureString.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="s">
<maml:name>Salt</maml:name>
<maml:Description>
<maml:para>Provide a 10-byte salt in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Byte[]</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> $pwd = ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force
PS C:\> ConvertTo-OrgIdHash -Password $pwd
<# Sample Output:
v1;PPH1_MD4,60eaffd2c886b419df7a,1000,ab9c532104713157395a70da85cc8a1b418508753c6997f02341d541328ef16b;
#></dev:code>
<dev:remarks>
<maml:para>Calculates the OrgId hash from a cleartext password using a random salt.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> ConvertTo-OrgIdHash -NTHash 92937945b518814341de3f726500d4ff
<# Sample Output:
v1;PPH1_MD4,46c0c5d9095185ce5cf8,1000,6bb7b360d9105ed5157460b343d5d143e465a59195bc9b568718268c334ea4a9;
#></dev:code>
<dev:remarks>
<maml:para>Calculates the OrgId hash from a NT hash while using a random salt.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>PS C:\> ConvertTo-OrgIdHash -NTHash 92937945b518814341de3f726500d4ff -Salt a42b92067e4b8123101a
<# Sample Output:
v1;PPH1_MD4,a42b92067e4b8123101a,1000,f0fc762ea9051ef754652becd83ee5e54c1c857c1c0965abac5d85de9c143911;
#></dev:code>
<dev:remarks>
<maml:para>Calculates the OrgId hash from a NT hash while using the given salt.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-OrgIdHash.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertTo-NTHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertTo-UnicodePassword</command:name>
<command:verb>ConvertTo</command:verb>
<command:noun>UnicodePassword</command:noun>
<maml:description>
<maml:para>Converts a password to the format used in unattend.xml or *.ldif files.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>{{Fill in the Description}}</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertTo-UnicodePassword</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Specifies a password that will be converted to the specifiet format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IsUnattendPassword</maml:name>
<maml:Description>
<maml:para>Indicates that the result should be in the format for unattend.xml instead of *.ldif.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IsUnattendPassword</maml:name>
<maml:Description>
<maml:para>Indicates that the result should be in the format for unattend.xml instead of *.ldif.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Password</maml:name>
<maml:Description>
<maml:para>Specifies a password that will be converted to the specifiet format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> {{ Add example code here }}</dev:code>
<dev:remarks>
<maml:para>{{ Add example description here }}</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-UnicodePassword.md</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Disable-ADDBAccount</command:name>
<command:verb>Disable</command:verb>
<command:noun>ADDBAccount</command:noun>
<maml:description>
<maml:para>Disables an Active Directory account in an offline ntds.dit file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Finds an account in Active Directory database file and modifies the appropriate bit in its userAccountControl attribute.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Disable-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Disable-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Disable-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Disable-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Disable-ADDBAccount -SamAccountName john -DatabasePath .\ntds.dit</dev:code>
<dev:remarks>
<maml:para>Finds an account with name john and disables it.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Disable-ADDBAccount.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Enable-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Enable-ADDBAccount</command:name>
<command:verb>Enable</command:verb>
<command:noun>ADDBAccount</command:noun>
<maml:description>
<maml:para>Enables an Active Directory account in an offline ntds.dit file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Finds an account in Active Directory database file and modifies the appropriate bit in its userAccountControl attribute.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Enable-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Enable-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Enable-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Enable-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Enable-ADDBAccount -SamAccountName john -DatabasePath .\ntds.dit</dev:code>
<dev:remarks>
<maml:para>Finds an account with name john and enables it.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Enable-ADDBAccount.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Disable-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADDBAccount</command:name>
<command:verb>Get</command:verb>
<command:noun>ADDBAccount</command:noun>
<maml:description>
<maml:para>Reads one or more accounts from a ntds.dit file, including secret attributes.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Reads one or more accounts from an Active Directory database file. When provided with a boot key (AKA SysKey or system key), it also decrypts secret attributes.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllAccounts, ReturnAllAccounts">
<maml:name>All</maml:name>
<maml:Description>
<maml:para>Indicates that all accounts will be read from the selected database.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADDBAccount</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADDBAccount</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADDBAccount</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADDBAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllAccounts, ReturnAllAccounts">
<maml:name>All</maml:name>
<maml:Description>
<maml:para>Indicates that all accounts will be read from the selected database.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account that will be retrieved from the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.DSAccount</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBAccount -SamAccountName Administrator `
-DatabasePath 'C:\IFM Backup\Active Directory\ntds.dit'
<# Sample Output:
DistinguishedName: CN=Administrator,CN=Users,DC=contoso,DC=com
Sid: S-1-5-21-1236425271-2880748467-2592687428-500
Guid: b3d02974-6b1c-484c-9103-fd2f60d592c4
SamAccountName: Administrator
SamAccountType: User
UserPrincipalName:
PrimaryGroupId: 513
SidHistory:
Enabled: True
UserAccountControl: NormalAccount, PasswordNeverExpires
SupportedEncryptionTypes: Default
AdminCount: True
Deleted: False
LastLogonDate: 2/23/2015 10:27:18 AM
DisplayName:
GivenName:
Surname:
Description: Built-in account for administering the computer/domain
ServicePrincipalName:
SecurityDescriptor: DiscretionaryAclPresent, SystemAclPresent, DiscretionaryAclAutoInherited, SystemAclAutoInherited, DiscretionaryAclProtected, SelfRelative
Owner: S-1-5-21-1236425271-2880748467-2592687428-512
Secrets
NTHash:
LMHash:
NTHashHistory:
LMHashHistory:
SupplementalCredentials:
Key Credentials:
Credential Roaming
Created:
Modified:
Credentials:
#></dev:code>
<dev:remarks>
<maml:para>Retrieves information about a single account from an Active Directory database. Secret attributes are not decrypted as no boot key is provided.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> $key = Get-BootKey -SystemHiveFilePath 'C:\IFM Backup\registry\SYSTEM'
PS C:\> Get-ADDBAccount -DistinguishedName: 'CN=Joe Smith,OU=Employees,DC=contoso,DC=com' `
-BootKey $key `
-DatabasePath 'C:\IFM Backup\Active Directory\ntds.dit'
<# Sample Output:
DistinguishedName: CN=Joe Smith,OU=Employees,DC=contoso,DC=com
Sid: S-1-5-21-1236425271-2880748467-2592687428-1110
Guid: 6fb7aca4-fe85-4dc5-9acd-b5b2529fe2bc
SamAccountName: joe
SamAccountType: User
UserPrincipalName: [email protected]
PrimaryGroupId: 513
SidHistory:
Enabled: True
UserAccountControl: NormalAccount, PasswordNeverExpires
SupportedEncryptionTypes: Default
AdminCount: False
Deleted: False
LastLogonDate: 2/23/2015 10:27:18 AM
DisplayName: Joe Smith
GivenName: Joe
Surname: Smith
Description:
ServicePrincipalName:
SecurityDescriptor: DiscretionaryAclPresent, SystemAclPresent, DiscretionaryAclAutoInherited, SystemAclAutoInherited, SelfRelative
Owner: S-1-5-21-1236425271-2880748467-2592687428-512
Secrets
NTHash: 92937945b518814341de3f726500d4ff
LMHash:
NTHashHistory:
Hash 01: 92937945b518814341de3f726500d4ff
LMHashHistory:
Hash 01: 30ce97eef1084cf1656cc4be70d68600
SupplementalCredentials:
ClearText:
NTLMStrongHash: 2c6d57beebeafdae65b3f40f2a0d5430
Kerberos:
Credentials:
DES_CBC_MD5
Key: 7f16bc4ada0b8a52
OldCredentials:
Salt: CONTOSO.COMjoe
Flags: 0
KerberosNew:
Credentials:
AES256_CTS_HMAC_SHA1_96
Key: cd541be0838c787b5c6a34d7b19274aee613545a0e6cc6f5ac5918d8a464d24f
Iterations: 4096
AES128_CTS_HMAC_SHA1_96
Key: 5c88972747bd454704c117ae52c474e4
Iterations: 4096
DES_CBC_MD5
Key: 7f16bc4ada0b8a52
Iterations: 4096
OldCredentials:
OlderCredentials:
ServiceCredentials:
Salt: CONTOSO.COMjoe
DefaultIterationCount: 4096
Flags: 0
WDigest:
Hash 01: 61fed940f0e8d03a49d3727f55800497
Hash 02: a1d54499dda6a6b5431f29a8d741a640
Hash 03: b6cdf00bc0c4578992f718de81251721
Hash 04: 61fed940f0e8d03a49d3727f55800497
Hash 05: a1d54499dda6a6b5431f29a8d741a640
Hash 06: 9a8991bd99763df2e37f1e1e67d71cc8
Hash 07: 61fed940f0e8d03a49d3727f55800497
Hash 08: 8a9fe94883c8ccf3bcfc6591ddd2288f
Hash 09: 8a9fe94883c8ccf3bcfc6591ddd2288f
Hash 10: 1b7b16b49ecd8d9d59c1d0db6fa2cc36
Hash 11: d4c24695cfa4dc3810a469d5efb8ecaf
Hash 12: 8a9fe94883c8ccf3bcfc6591ddd2288f
Hash 13: a5b8aa5088280298c8c27fa99dcaa1e3
Hash 14: d4c24695cfa4dc3810a469d5efb8ecaf
Hash 15: 1aa8e567622fe53d6fb36f1f34f12aaa
Hash 16: 1aa8e567622fe53d6fb36f1f34f12aaa
Hash 17: 2af425244079f8f45927c34fa115e45b
Hash 18: cf283a35102b820e25003b1ddf270221
Hash 19: b98c902c57449253e6f06b5d585866bd
Hash 20: 2a690b1eeda9cb8f3157a4a3ba0be9c3
Hash 21: af2654776d5f9f27f3283ecb0aa25011
Hash 22: af2654776d5f9f27f3283ecb0aa25011
Hash 23: ba6fe0513ed2a60ec253a41bbde6a837
Hash 24: 8bf5a67b598087be948e040f85c72b4d
Hash 25: 8bf5a67b598087be948e040f85c72b4d
Hash 26: aa5ff46d23a5c7ebd603e1793225350d
Hash 27: 656b6a7f5b52d05b3ce9168a2b7ac8ac
Hash 28: ae884c92ecd87e8d54f1844f09c5a519
Hash 29: a500a9e26afc9f817df8a07e15771577
Key Credentials:
Usage=NGC, Source=ActiveDirectory, Device=1966d4da-14da-4581-a7a7-5e8e07e93ad9, Created=8/1/2019 10:53:12 PM, LastLogon=8/1/2019 10:53:12 PM
Usage=NGC, Source=ActiveDirectory, Device=cfe9a872-13ff-4751-a777-aec88c30a762, Created=8/1/2019 11:09:15 PM, LastLogon=8/1/2019 11:09:15 PM
Credential Roaming
Created: 3/12/2017 9:15:56 AM
Modified: 3/13/2017 10:01:18 AM
Credentials:
DPAPIMasterKey: joe\Protect\S-1-5-21-1236425271-2880748467-2592687428-1110\47070660-c259-4d90-8bc9-187605323450
DPAPIMasterKey: joe\Protect\S-1-5-21-1236425271-2880748467-2592687428-1110\7fc19508-7b85-4a7c-9e5d-15f9e00e7ce5
CryptoApiCertificate: joe\SystemCertificates\My\Certificates\574E4687133998544C0095C7B348C52CD398182E
CNGCertificate: joe\SystemCertificates\My\Certificates\3B83BFA7037F6A79B3F3D17D229E1BC097F35B51
RSAPrivateKey: joe\Crypto\RSA\S-1-5-21-1236425271-2880748467-2592687428-1110\701577141985b6923998dcca035c007a_f8b7bbef-d227-4ac7-badd-3a238a7f741e
CNGPrivateKey: joe\Crypto\Keys\E8F13C2BA0209401C4DFE839CD57375E26BBE38F
#></dev:code>
<dev:remarks>
<maml:para>Retrieves information about a single account from an Active Directory database. Secret attributes are decrypted using the provided boot key.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>PS C:\> $results = Get-ADDBAccount -DatabasePath '.\Active Directory\ntds.dit' `
-BootKey acdba64a3929261b04e5270c3ef973cf `
-All |
Test-PasswordQuality -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt</dev:code>
<dev:remarks>
<maml:para>Performs an offline credential hygiene audit of AD database against HIBP.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 4 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBAccount -All -DatabasePath ntds.dit -BootKey $key |
Format-Custom -View PwDump |
Out-File -FilePath users.pwdump -Encoding ascii</dev:code>
<dev:remarks>
<maml:para>Exports NT and LM password hashes from an Active Directory database to a pwdump file.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 5 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBBackupKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' `
-BootKey 0be7a2afe1713642182e9b96f73a75da |
Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ADDBAccount -All -DatabasePath '.\ADBackup\Active Directory\ntds.dit' |
Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code>
<dev:remarks>
<maml:para>Extracts DPAPI backup keys and roamed credentials (certificates, private keys, and DPAPI master keys) from an Active Directory database file and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 6 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBAccount -All -DatabasePath '.\ADBackup\Active Directory\ntds.dit' |
Select-Object -ExpandProperty KeyCredentials |
Where-Object Usage -eq NGC |
Format-Table -View ROCA
<# Sample Output:
Usage IsWeak Source DeviceId Created Owner
----- ------ ------ -------- ------- -----
NGC True AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 CN=John Doe,CN=Users,DC=contoso,DC=com
NGC False AD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 CN=Jane Doe,CN=Users,DC=contoso,DC=com
#></dev:code>
<dev:remarks>
<maml:para>Lists weak public keys registered in Active Directory that were generated on ROCA-vulnerable TPMs.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 7 --------------------------</maml:title>
<dev:code>PS C:\> $dc = Get-ADDBDomainController -DatabasePath '.\ADBackup\Active Directory\ntds.dit'
PS C:\> $adminSid = '{0}-500' -f $dc.DomainSid
PS C:\> $account = Get-ADDBAccount -Sid $adminSid `
-DatabasePath '.\ADBackup\Active Directory\ntds.dit' `
-BootKey 0be7a2afe1713642182e9b96f73a75da</dev:code>
<dev:remarks>
<maml:para>Retrieves information about a the the built-in Administrator account, even if it was renamed.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBAccount.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-BootKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADSIAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Test-PasswordQuality</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Save-DPAPIBlob</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADKeyCredential</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADDBBackupKey</command:name>
<command:verb>Get</command:verb>
<command:noun>ADDBBackupKey</command:noun>
<maml:description>
<maml:para>Reads the DPAPI backup keys from a ntds.dit file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Reads and decrypts Data Protection API (DPAPI) backup keys from an Active Directory database file. The output can be saved to the file system using the Save-DPAPIBlob cmdlet.</maml:para>
<maml:para>DPAPI is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user's master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset and the original master key is rendered inaccessible to the user, the user's access to the master key is automatically restored using the backup key.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADDBBackupKey</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.DPAPIBackupKey</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> $key = Get-BootKey -SystemHiveFilePath '.\ADBackup\registry\SYSTEM'
PS C:\> Get-ADDBBackupKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' `
-BootKey $key | Format-List
<# Sample Output:
FilePath : ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key
KiwiCommand :
Type : LegacyKey
DistinguishedName : CN=BCKUPKEY_b116cbfa-b881-43e6-ba85-ef3efa64ba22
Secret,CN=System,DC=contoso,DC=com
KeyId : b116cbfa-b881-43e6-ba85-ef3efa64ba22
Data : {1, 0, 0, 0...}
FilePath :
KiwiCommand :
Type : PreferredLegacyKeyPointer
DistinguishedName : CN=BCKUPKEY_P Secret,CN=System,DC=contoso,DC=com
KeyId : b116cbfa-b881-43e6-ba85-ef3efa64ba22
Data : {250, 203, 22, 177...}
FilePath : ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk
KiwiCommand : REM Add this parameter to at least the first dpapi::masterkey
command: /pvk:"ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk"
Type : RSAKey
DistinguishedName : CN=BCKUPKEY_290914ed-b1a8-482e-a89f-7caa217bf3c3
Secret,CN=System,DC=contoso,DC=com
KeyId : 290914ed-b1a8-482e-a89f-7caa217bf3c3
Data : {2, 0, 0, 0...}
FilePath :
KiwiCommand :
Type : PreferredRSAKeyPointer
DistinguishedName : CN=BCKUPKEY_PREFERRED Secret,CN=System,DC=contoso,DC=com
KeyId : 290914ed-b1a8-482e-a89f-7caa217bf3c3
Data : {237, 20, 9, 41...}
#></dev:code>
<dev:remarks>
<maml:para>Extracts the boot key (AKA SysKey or system key) from a backup of the SYSTEM registry hive and decrypts all DPAPI backup keys stored in the an Active Directory database file.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBBackupKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' `
-BootKey 0be7a2afe1713642182e9b96f73a75da |
Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ChildItem -Path '.\Output' | Select-Object -ExpandProperty Name
<# Sample Output:
kiwiscript.txt
ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key
ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.cer
ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pfx
ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk
#></dev:code>
<dev:remarks>
<maml:para>Exports DPAPI backup keys to the Output directory.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBBackupKey.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Save-DPAPIBlob</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-LsaBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADDBDomainController</command:name>
<command:verb>Get</command:verb>
<command:noun>ADDBDomainController</command:noun>
<maml:description>
<maml:para>Reads information about the originating DC from a ntds.dit file, including domain name, domain SID, DC name and DC site.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Reads domain controller (DC) infromation from a ntds.dit file that is either retrieved from an offline DC or from an (IFM) backup.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADDBDomainController</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.PowerShell.DomainController</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBDomainController -DatabasePath .\ntds.dit
<# Sample Output:
Name : LON-DC1
DNSHostName : LON-DC1.contoso.com
ServerReference : CN=LON-DC1,OU=Domain Controllers,DC=contoso,DC=com
DomainName : contoso.com
ForestName : contoso.com
NetBIOSDomainName : contoso
DomainSid : S-1-5-21-1236425271-2880748467-2592687428
DomainGuid : 262d915a-3c58-4614-86c0-f9fb3f1aa1cd
Guid : 71ccee43-1c03-4ab1-910c-ed4168df5a33
Sid : S-1-5-21-1236425271-2880748467-2592687428-1111
DomainMode : WinThreshold
ForestMode : WinThreshold
SiteName : Default-First-Site-Name
DsaGuid : 0a8574e2-9361-4f3c-8528-ca73d7534f4b
InvocationId : 14a1b16d-591c-45bc-a342-153090027bbc
IsADAM : False
IsGlobalCatalog : True
Options : GlobalCatalog
OSName : Windows Server 2019 Datacenter
OSVersion : 10.0
OSVersionMajor : 10
OSVersionMinor : 0
DomainNamingContext : DC=contoso,DC=com
ConfigurationNamingContext : CN=Configuration,DC=contoso,DC=com
SchemaNamingContext : CN=Schema,CN=Configuration,DC=contoso,DC=com
WritablePartitions : {DC=contoso,DC=com, CN=Configuration,DC=contoso,DC=com, CN=Schema,CN=Configuration,DC=contoso,DC=com, DC=DomainDnsZones,DC=contoso,DC=com...}
State : BackedUp
HighestCommittedUsn : 69642
UsnAtIfm :
BackupUsn : 65812
BackupExpiration : 2/4/2020 6:32:27 AM
Epoch : 961
#></dev:code>
<dev:remarks>
<maml:para>Reads DC information from a ntds.dit file located in the working directory.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBDomainController.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBDomainController</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBPrimaryGroup</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Add-ADDBSidHistory</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADDBKdsRootKey</command:name>
<command:verb>Get</command:verb>
<command:noun>ADDBKdsRootKey</command:noun>
<maml:description>
<maml:para>Reads KDS Root Keys from a ntds.dit. file. Can be used to aid DPAPI-NG decryption, e.g. SID-protected PFX files.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>KDS Root Keys are used to encrypt the following:</maml:para>
<maml:para>- SID-protected private keys in PFX certificate files</maml:para>
<maml:para>- BitLocker-enabled drives with SID protector</maml:para>
<maml:para>- Passwords of Group Managed Service Accounts (GMSA)</maml:para>
<maml:para>- DNSSEC signing keys</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADDBKdsRootKey</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.KdsRootKey</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBKdsRootKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit'
<# Sample Output:
Id: 6a401799-8dd0-0b2c-3073-beb7ce2e734d
Version: 1
Creation Time: 7/27/2019 6:23:26 PM
Effective Time: 7/27/2019 8:23:26 AM
Domain Controller: CN=LON-DC1,OU=Domain Controllers,DC=contoso,DC=com
Key
C16A0D16B80307D9CF102C7DB11F69FE015EB0DCD85C2FC0A5005C10E9DB963AC1E18BF161882ABEEAFF1B01CD50076F3C6F7807323253AB9598DBE027A77DD7
Key Derivation Function
Algorithm: SP800_108_CTR_HMAC
Parameters: {[0, SHA512]}
Secret Agreement
Algorithm: DH
Public Key Length: 2048
Private Key Length: 512
Parameters
0c0200004448504d0001000087a8e61db4b6663cffbbd19c651959998ceef608660dd0f25d2ceed4435e3b00e00df8f1d61957d4faf7df4561b2aa3016c3d91134096fa
a3bf4296d830e9a7c209e0c6497517abd5a8a9d306bcf67ed91f9e6725b4758c022e0b1ef4275bf7b6c5bfc11d45f9088b941f54eb1e59bb8bc39a0bf12307f5c4fdb70
c581b23f76b63acae1caa6b7902d52526735488a0ef13c6d9a51bfa4ab3ad8347796524d8ef6a167b5a41825d967e144e5140564251ccacb83e6b486f6b3ca3f7971506
026c0b857f689962856ded4010abd0be621c3a3960a54e710c375f26375d7014103a4b54330c198af126116d2276e11715f693877fad7ef09cadb094ae91e1a15973fb3
2c9b73134d0b2e77506660edbd484ca7b18f21ef205407f4793a1a0ba12510dbc15077be463fff4fed4aac0bb555be3a6c1b0c6b47b1bc3773bf7e8c6f62901228f8c28
cbb18a55ae31341000a650196f931c77a57f2ddf463e5e9ec144b777de62aaab8a8628ac376d282d6ed3864e67982428ebc831d14348f6f2f9193b5045af2767164e1df
c967c1fb3f2e55a4bd1bffe83b9c80d052b985d182ea0adb2a3b7313d3fe14c8484b1e052588b9b7d2bbd2df016199ecd06e1557cd0915b3353bbb64e0ec377fd028370
df92b52c7891428cdc67eb6184b523d1db246c32f63078490f00ef8d647d148d47954515e2327cfef98c582664b4c0f6cc41659
#>
PS C:\> .\CQDPAPINGPFXDecrypter.exe /pfx Certificate.p12 /master C16A0D16B80307D9CF102C7DB11F69FE015EB0DCD85C2FC0A5005C10E9DB963AC1E18BF161882ABEEAFF1B01CD50076F3C6F7807323253AB9598DBE027A77DD7
<# Sample Output:
Successfully decrypted password: VBGpKPryuiWBSyq/+CjC0WjNsnZ1xS3Hs6IqGZwa0BM=
#></dev:code>
<dev:remarks>
<maml:para>Retrieves a KDS Root Key from an AD database and then uses the "CQURE DPAPI NG PFX Decrypter" to decrypt the password of the PFX file.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBKdsRootKey.md</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADDBSchemaAttribute</command:name>
<command:verb>Get</command:verb>
<command:noun>ADDBSchemaAttribute</command:noun>
<maml:description>
<maml:para>Reads AD schema from a ntds.dit file, including datatable column names.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>{{Fill in the Description}}</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADDBSchemaAttribute</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="LdapDisplayName, AttributeName, AttrName, Attr">
<maml:name>Name</maml:name>
<maml:Description>
<maml:para>Specifies the name of a specific attribute to retrieve.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="LdapDisplayName, AttributeName, AttrName, Attr">
<maml:name>Name</maml:name>
<maml:Description>
<maml:para>Specifies the name of a specific attribute to retrieve.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String[]</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.PowerShell.SchemaAttribute</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> {{ Add example code here }}</dev:code>
<dev:remarks>
<maml:para>{{ Add example description here }}</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBSchemaAttribute.md</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADKeyCredential</command:name>
<command:verb>Get</command:verb>
<command:noun>ADKeyCredential</command:noun>
<maml:description>
<maml:para>Creates an object representing Windows Hello for Business or FIDO credentials from its binary representation or an X.509 certificate.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>This cmdlet can be used to display existing key credentials from Active Directory (including NGC, STK and FIDO keys) and to generate new NGC credentials from self-signed certificates. See the examples for more info.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADKeyCredential</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Binary">
<maml:name>BinaryData</maml:name>
<maml:Description>
<maml:para>Specifies the credentials in binary/hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DistinguishedName, DN, ObjectDN, HolderDN, Holder, Owner, UserPrincipalName, UPN">
<maml:name>OwnerDN</maml:name>
<maml:Description>
<maml:para>Specifies the distinguished name (DN) of the object that these credentials are associated with.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADKeyCredential</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Certificate</maml:name>
<maml:Description>
<maml:para>Specifies a certificate that wraps an NGC key.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue>
<dev:type>
<maml:name>X509Certificate2</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="ComputerId, ComputerGuid">
<maml:name>DeviceId</maml:name>
<maml:Description>
<maml:para>Specifies an identifier (typically objectGUID) of the associated computer.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CreatedTime, TimeCreated, TimeGenerated">
<maml:name>CreationTime</maml:name>
<maml:Description>
<maml:para>Specifies the time when the key was created. Default value is the current time.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue>
<dev:type>
<maml:name>DateTime</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DistinguishedName, DN, ObjectDN, HolderDN, Holder, Owner, UserPrincipalName, UPN">
<maml:name>OwnerDN</maml:name>
<maml:Description>
<maml:para>Specifies the distinguished name (DN) of the object that these credentials are associated with.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADKeyCredential</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Certificate</maml:name>
<maml:Description>
<maml:para>Specifies a certificate that wraps an NGC key.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue>
<dev:type>
<maml:name>X509Certificate2</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CreatedTime, TimeCreated, TimeGenerated">
<maml:name>CreationTime</maml:name>
<maml:Description>
<maml:para>Specifies the time when the key was created. Default value is the current time.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue>
<dev:type>
<maml:name>DateTime</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IsComputerKey</maml:name>
<maml:Description>
<maml:para>Indicates that the resulting key credential must meet the DS-Validated-Write-Computer requirements.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DistinguishedName, DN, ObjectDN, HolderDN, Holder, Owner, UserPrincipalName, UPN">
<maml:name>OwnerDN</maml:name>
<maml:Description>
<maml:para>Specifies the distinguished name (DN) of the object that these credentials are associated with.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADKeyCredential</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="DNWithBinary, DistinguishedNameWithBinary">
<maml:name>DNWithBinaryData</maml:name>
<maml:Description>
<maml:para>Specifies the credentials in the DN-Binary syntax.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Binary">
<maml:name>BinaryData</maml:name>
<maml:Description>
<maml:para>Specifies the credentials in binary/hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Certificate</maml:name>
<maml:Description>
<maml:para>Specifies a certificate that wraps an NGC key.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue>
<dev:type>
<maml:name>X509Certificate2</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CreatedTime, TimeCreated, TimeGenerated">
<maml:name>CreationTime</maml:name>
<maml:Description>
<maml:para>Specifies the time when the key was created. Default value is the current time.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue>
<dev:type>
<maml:name>DateTime</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="ComputerId, ComputerGuid">
<maml:name>DeviceId</maml:name>
<maml:Description>
<maml:para>Specifies an identifier (typically objectGUID) of the associated computer.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="DNWithBinary, DistinguishedNameWithBinary">
<maml:name>DNWithBinaryData</maml:name>
<maml:Description>
<maml:para>Specifies the credentials in the DN-Binary syntax.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IsComputerKey</maml:name>
<maml:Description>
<maml:para>Indicates that the resulting key credential must meet the DS-Validated-Write-Computer requirements.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DistinguishedName, DN, ObjectDN, HolderDN, Holder, Owner, UserPrincipalName, UPN">
<maml:name>OwnerDN</maml:name>
<maml:Description>
<maml:para>Specifies the distinguished name (DN) of the object that these credentials are associated with.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String[]</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.KeyCredential</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADObject -LDAPFilter '(msDS-KeyCredentialLink=*)' -Properties msDS-KeyCredentialLink |
Select-Object -ExpandProperty msDS-KeyCredentialLink |
Get-ADKeyCredential
<# Sample Output:
Usage Source Flags DeviceId Created Owner
----- ------ ----- -------- ------- -----
NGC AD None cfe9a872-13ff-4751-a777-aec88c30a762 2019-08-01 CN=John Doe,CN=Users,DC=contoso,DC=com
STK AD None 2017-08-23 CN=PC01,CN=Computers,DC=contoso,DC=com
NGC AD MFANotUsed 2017-08-23 CN=PC02,CN=Computers,DC=contoso,DC=com
NGC AzureAD None fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 CN=John Doe,CN=Users,DC=contoso,DC=com
FIDO AzureAD Attestation 00000000-0000-0000-0000-000000000000 2019-08-26 CN=John Doe,CN=Users,DC=contoso,DC=com
#></dev:code>
<dev:remarks>
<maml:para>Lists all key credentials that are registered in Active Directory.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADObject -LDAPFilter '(msDS-KeyCredentialLink=*)' -Properties msDS-KeyCredentialLink |
Select-Object -ExpandProperty msDS-KeyCredentialLink |
Get-ADKeyCredential |
Where-Object Usage -eq NGC |
Format-Table -View ROCA
<# Sample Output:
Usage IsWeak Source DeviceId Created Owner
----- ------ ------ -------- ------- -----
NGC True AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 CN=John Doe,CN=Users,DC=contoso,DC=com
NGC False AD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 CN=Jane Doe,CN=Users,DC=contoso,DC=com
#></dev:code>
<dev:remarks>
<maml:para>Lists weak public keys registered in Active Directory that were generated on ROCA-vulnerable TPMs.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADObject -LDAPFilter '(msDS-KeyCredentialLink=*)' -Properties msDS-KeyCredentialLink |
Select-Object -ExpandProperty msDS-KeyCredentialLink |
Get-ADKeyCredential |
Where-Object Usage -eq NGC |
Format-Custom -View Moduli |
Out-File -FilePath .\moduli.txt -Encoding ascii -Force</dev:code>
<dev:remarks>
<maml:para>Exports all RSA public key moduli from NGC keys to a file in BASE64 encoding. This format is supported by the original Python ROCA Detection Tool.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 4 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADObject -LDAPFilter '(msDS-KeyCredentialLink=*)' -Properties msDS-KeyCredentialLink |
Select-Object -ExpandProperty msDS-KeyCredentialLink |
Get-ADKeyCredential |
Where-Object Usage -eq FIDO |
Format-Table -View FIDO
<# Sample Output:
DisplayName AAGUID Alg Counter Created Owner
----------- ------ --- ------- ------- -----
eWMB Goldengate G320 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256 37 2019-08-29 CN=John Doe,CN=Users,DC=contoso,DC=com
eWBM Goldengate G310 95442b2e-f15e-4def-b270-efb106facb4e ES256 48 2019-08-29 CN=John Doe,CN=Users,DC=contoso,DC=com
Yubikey 5 cb69481e-8ff7-4039-93ec-0a2729a154a8 ES256 25 2019-06-21 CN=John Doe,CN=Users,DC=contoso,DC=com
Feitian All-In-Pass 12ded745-4bed-47d4-abaa-e713f51d6393 ES256 1398 2020-03-31 CN=John Doe,CN=Users,DC=contoso,DC=com
#></dev:code>
<dev:remarks>
<maml:para>Lists FIDO tokens registered in Active Directory.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 5 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADUser -Identity john -Properties msDS-KeyCredentialLink |
Select-Object -ExpandProperty msDS-KeyCredentialLink |
Get-ADKeyCredential |
Out-GridView -OutputMode Multiple -Title 'Select a credentials for removal...' |
ForEach-Object { Set-ADObject -Identity $PSItem.Owner -Remove @{ 'msDS-KeyCredentialLink' = $PSItem.ToDNWithBinary() } }</dev:code>
<dev:remarks>
<maml:para>Selectively deletes key credentials from Active Directory.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 6 --------------------------</maml:title>
<dev:code>PS C:\> $upn = '[email protected]'
PS C:\> $userSid = 'S-1-5-21-1236425271-2880748467-2592687428-1109'
PS C:\> $certificateSubject = '{0}/{1}/login.windows.net/383a3889-5bc9-47a3-846c-2b70f0b7fe0e/{2}' -f $userSid, (New-Guid), $upn
PS C:\> $certificate = New-SelfSignedCertificate -Subject $certificateSubject `
-KeyLength 2048 `
-Provider 'Microsoft Strong Cryptographic Provider' `
-CertStoreLocation Cert:\CurrentUser\My `
-NotAfter (Get-Date).AddYears(30) `
-TextExtension '2.5.29.19={text}false', '2.5.29.37={text}1.3.6.1.4.1.311.20.2.2' `
-SuppressOid '2.5.29.14' `
-KeyUsage None `
-KeyExportPolicy Exportable
PS C:\> $ngcKey = Get-ADKeyCredential -Certificate $certificate -DeviceId (New-Guid) -OwnerDN 'CN=John Doe,CN=Users,DC=contoso,DC=com'
PS C:\> Set-ADObject -Identity $ngcKey.Owner -Add @{ 'msDS-KeyCredentialLink' = $ngcKey.ToDNWithBinary() }</dev:code>
<dev:remarks>
<maml:para>Generates a new NGC key for a user account and registers it in Active Directory. Note that the value of the certificate Subject has no effect on the functionality, but as it appears in DC logs, this example uses the same format as Windows does.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 7 --------------------------</maml:title>
<dev:code>PS C:\> $certificate = New-SelfSignedCertificate -Subject 'S-1-5-21-1236425271-2880748467-2592687428-1001' `
-KeyLength 2048 `
-Provider 'Microsoft Strong Cryptographic Provider' `
-CertStoreLocation Cert:\LocalMachine\My `
-NotAfter (Get-Date).AddYears(30) `
-TextExtension '2.5.29.19={text}false', '2.5.29.37={text}1.3.6.1.4.1.311.20.2.2' `
-SuppressOid '2.5.29.14' `
-KeyUsage None `
-KeyExportPolicy Exportable
PS C:\> $ngcKey = Get-ADKeyCredential -IsComputerKey -Certificate $certificate -OwnerDN 'CN=PC01,CN=Computers,DC=contoso,DC=com'
PS C:\> Set-ADComputer -Identity 'PC01$' -Clear msDS-KeyCredentialLink -Add @{ 'msDS-KeyCredentialLink' = $ngcKey.ToDNWithBinary() }</dev:code>
<dev:remarks>
<maml:para>Performs a validated write of computer NGC key. Must be executed under the computer account's identity.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADKeyCredential.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Add-ADReplNgcKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-AzureADUserEx</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADReplAccount</command:name>
<command:verb>Get</command:verb>
<command:noun>ADReplAccount</command:noun>
<maml:description>
<maml:para>Reads one or more accounts through the MS-DRSR protocol, including secret attributes.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Reads one or more accounts from a target Active Directory domain controller through the MS-DRSR protocol, including secret attributes.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADReplAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllAccounts, ReturnAllAccounts">
<maml:name>All</maml:name>
<maml:Description>
<maml:para>Indidates that all accounts will be replicated from the target domain controller.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NC, DomainNC, DomainNamingContext">
<maml:name>NamingContext</maml:name>
<maml:Description>
<maml:para>Specifies the naming context root of the replica to replicate.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>TCP</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADReplAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>TCP</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADReplAccount</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Login, sam, AccountName, User">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AccountDomain, UserDomain">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the NetBIOS domain name of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>TCP</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADReplAccount</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>TCP</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADReplAccount</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>TCP</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-ADReplAccount</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>TCP</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="UPN">
<maml:name>UserPrincipalName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllAccounts, ReturnAllAccounts">
<maml:name>All</maml:name>
<maml:Description>
<maml:para>Indidates that all accounts will be replicated from the target domain controller.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AccountDomain, UserDomain">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the NetBIOS domain name of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NC, DomainNC, DomainNamingContext">
<maml:name>NamingContext</maml:name>
<maml:Description>
<maml:para>Specifies the naming context root of the replica to replicate.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>TCP</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Login, sam, AccountName, User">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="UPN">
<maml:name>UserPrincipalName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of the account that will be replicated.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.DSAccount</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADReplAccount -SamAccountName joe -Server 'lon-dc1.contoso.com'
<# Sample Output:
DistinguishedName: CN=Joe Smith,OU=Employees,DC=contoso,DC=com
Sid: S-1-5-21-1236425271-2880748467-2592687428-1110
Guid: 6fb7aca4-fe85-4dc5-9acd-b5b2529fe2bc
SamAccountName: joe
SamAccountType: User
UserPrincipalName: [email protected]
PrimaryGroupId: 513
SidHistory:
Enabled: True
UserAccountControl: NormalAccount, PasswordNeverExpires
SupportedEncryptionTypes: Default
AdminCount: False
Deleted: False
LastLogonDate: 2/23/2015 10:27:18 AM
DisplayName: Joe Smith
GivenName: Joe
Surname: Smith
Description:
ServicePrincipalName:
SecurityDescriptor: DiscretionaryAclPresent, SystemAclPresent, DiscretionaryAclAutoInherited, SystemAclAutoInherited, SelfRelative
Owner: S-1-5-21-1236425271-2880748467-2592687428-512
Secrets
NTHash: 92937945b518814341de3f726500d4ff
LMHash:
NTHashHistory:
Hash 01: 92937945b518814341de3f726500d4ff
LMHashHistory:
Hash 01: 30ce97eef1084cf1656cc4be70d68600
SupplementalCredentials:
ClearText:
NTLMStrongHash: 2c6d57beebeafdae65b3f40f2a0d5430
Kerberos:
Credentials:
DES_CBC_MD5
Key: 7f16bc4ada0b8a52
OldCredentials:
Salt: CONTOSO.COMjoe
Flags: 0
KerberosNew:
Credentials:
AES256_CTS_HMAC_SHA1_96
Key: cd541be0838c787b5c6a34d7b19274aee613545a0e6cc6f5ac5918d8a464d24f
Iterations: 4096
AES128_CTS_HMAC_SHA1_96
Key: 5c88972747bd454704c117ae52c474e4
Iterations: 4096
DES_CBC_MD5
Key: 7f16bc4ada0b8a52
Iterations: 4096
OldCredentials:
OlderCredentials:
ServiceCredentials:
Salt: CONTOSO.COMjoe
DefaultIterationCount: 4096
Flags: 0
WDigest:
Hash 01: 61fed940f0e8d03a49d3727f55800497
Hash 02: a1d54499dda6a6b5431f29a8d741a640
Hash 03: b6cdf00bc0c4578992f718de81251721
Hash 04: 61fed940f0e8d03a49d3727f55800497
Hash 05: a1d54499dda6a6b5431f29a8d741a640
Hash 06: 9a8991bd99763df2e37f1e1e67d71cc8
Hash 07: 61fed940f0e8d03a49d3727f55800497
Hash 08: 8a9fe94883c8ccf3bcfc6591ddd2288f
Hash 09: 8a9fe94883c8ccf3bcfc6591ddd2288f
Hash 10: 1b7b16b49ecd8d9d59c1d0db6fa2cc36
Hash 11: d4c24695cfa4dc3810a469d5efb8ecaf
Hash 12: 8a9fe94883c8ccf3bcfc6591ddd2288f
Hash 13: a5b8aa5088280298c8c27fa99dcaa1e3
Hash 14: d4c24695cfa4dc3810a469d5efb8ecaf
Hash 15: 1aa8e567622fe53d6fb36f1f34f12aaa
Hash 16: 1aa8e567622fe53d6fb36f1f34f12aaa
Hash 17: 2af425244079f8f45927c34fa115e45b
Hash 18: cf283a35102b820e25003b1ddf270221
Hash 19: b98c902c57449253e6f06b5d585866bd
Hash 20: 2a690b1eeda9cb8f3157a4a3ba0be9c3
Hash 21: af2654776d5f9f27f3283ecb0aa25011
Hash 22: af2654776d5f9f27f3283ecb0aa25011
Hash 23: ba6fe0513ed2a60ec253a41bbde6a837
Hash 24: 8bf5a67b598087be948e040f85c72b4d
Hash 25: 8bf5a67b598087be948e040f85c72b4d
Hash 26: aa5ff46d23a5c7ebd603e1793225350d
Hash 27: 656b6a7f5b52d05b3ce9168a2b7ac8ac
Hash 28: ae884c92ecd87e8d54f1844f09c5a519
Hash 29: a500a9e26afc9f817df8a07e15771577
Key Credentials:
Usage=NGC, Source=ActiveDirectory, Device=1966d4da-14da-4581-a7a7-5e8e07e93ad9, Created=8/1/2019 10:53:12 PM, LastLogon=8/1/2019 10:53:12 PM
Usage=NGC, Source=ActiveDirectory, Device=cfe9a872-13ff-4751-a777-aec88c30a762, Created=8/1/2019 11:09:15 PM, LastLogon=8/1/2019 11:09:15 PM
Credential Roaming
Created: 3/12/2017 9:15:56 AM
Modified: 3/13/2017 10:01:18 AM
Credentials:
DPAPIMasterKey: joe\Protect\S-1-5-21-1236425271-2880748467-2592687428-1110\47070660-c259-4d90-8bc9-187605323450
DPAPIMasterKey: joe\Protect\S-1-5-21-1236425271-2880748467-2592687428-1110\7fc19508-7b85-4a7c-9e5d-15f9e00e7ce5
CryptoApiCertificate: joe\SystemCertificates\My\Certificates\574E4687133998544C0095C7B348C52CD398182E
CNGCertificate: joe\SystemCertificates\My\Certificates\3B83BFA7037F6A79B3F3D17D229E1BC097F35B51
RSAPrivateKey: joe\Crypto\RSA\S-1-5-21-1236425271-2880748467-2592687428-1110\701577141985b6923998dcca035c007a_f8b7bbef-d227-4ac7-badd-3a238a7f741e
CNGPrivateKey: joe\Crypto\Keys\E8F13C2BA0209401C4DFE839CD57375E26BBE38F
#></dev:code>
<dev:remarks>
<maml:para>Replicates a single Active Directory account from the target domain controller.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> $accounts = Get-ADReplAccount -All -Server 'lon-dc1.contoso.com'</dev:code>
<dev:remarks>
<maml:para>Replicates all Active Directory accounts from the target domain controller.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>PS C:\> $results = Get-ADReplAccount -All -Server 'lon-dc1.contoso.com' |
Test-PasswordQuality -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt</dev:code>
<dev:remarks>
<maml:para>Performs an online credential hygiene audit of AD against HIBP.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 4 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADReplAccount -All -Server LON-DC1 |
Format-Custom -View PwDump |
Out-File -FilePath users.pwdump -Encoding ascii</dev:code>
<dev:remarks>
<maml:para>Replicates all Active Directory accounts from the target domain controller and exports their NT and LM password hashes to a pwdump file.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 5 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADReplBackupKey -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ADReplAccount -All -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code>
<dev:remarks>
<maml:para>Replicates all DPAPI backup keys and roamed credentials (certificates, private keys, and DPAPI master keys) from the target Active Directory domain controller and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplAccount.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADSIAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Test-PasswordQuality</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Save-DPAPIBlob</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADReplBackupKey</command:name>
<command:verb>Get</command:verb>
<command:noun>ADReplBackupKey</command:noun>
<maml:description>
<maml:para>Reads the DPAPI backup keys from a domain controller through the MS-DRSR protocol.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Replicates the Data Protection API (DPAPI) backup keys from an Active Directory domain controller through the MS-DRSR protocol. The output can be saved to the file system using the Save-DPAPIBlob cmdlet.</maml:para>
<maml:para>DPAPI is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user's master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset and the original master key is rendered inaccessible to the user, the user's access to the master key is automatically restored using the backup key.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADReplBackupKey</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="FQDN, DomainName, DNSDomainName">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the DNS name of the target Active Directory domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">TCP</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">SMB</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">HTTP</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="FQDN, DomainName, DNSDomainName">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the DNS name of the target Active Directory domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Proto, RPCProtocol, NCACN">
<maml:name>Protocol</maml:name>
<maml:Description>
<maml:para>Specifies the protocol sequence that is used for RPC communication.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">RpcProtocol</command:parameterValue>
<dev:type>
<maml:name>RpcProtocol</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.DPAPIBackupKey</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADReplBackupKey -Server 'lon-dc1.contoso.com'
<# Sample Output:
FilePath : ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key
KiwiCommand :
Type : LegacyKey
DistinguishedName : CN=BCKUPKEY_b116cbfa-b881-43e6-ba85-ef3efa64ba22
Secret,CN=System,DC=contoso,DC=com
KeyId : b116cbfa-b881-43e6-ba85-ef3efa64ba22
Data : {1, 0, 0, 0...}
FilePath :
KiwiCommand :
Type : PreferredLegacyKeyPointer
DistinguishedName : CN=BCKUPKEY_P Secret,CN=System,DC=contoso,DC=com
KeyId : b116cbfa-b881-43e6-ba85-ef3efa64ba22
Data : {250, 203, 22, 177...}
FilePath : ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk
KiwiCommand : REM Add this parameter to at least the first dpapi::masterkey
command: /pvk:"ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk"
Type : RSAKey
DistinguishedName : CN=BCKUPKEY_290914ed-b1a8-482e-a89f-7caa217bf3c3
Secret,CN=System,DC=contoso,DC=com
KeyId : 290914ed-b1a8-482e-a89f-7caa217bf3c3
Data : {2, 0, 0, 0...}
FilePath :
KiwiCommand :
Type : PreferredRSAKeyPointer
DistinguishedName : CN=BCKUPKEY_PREFERRED Secret,CN=System,DC=contoso,DC=com
KeyId : 290914ed-b1a8-482e-a89f-7caa217bf3c3
Data : {237, 20, 9, 41...}
#></dev:code>
<dev:remarks>
<maml:para>Replicates all DPAPI backup keys from the target Active Directory domain controller.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADReplBackupKey -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ChildItem -Path '.\Output' | Select-Object -ExpandProperty Name
<# Sample Output:
kiwiscript.txt
ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key
ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.cer
ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pfx
ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk
#></dev:code>
<dev:remarks>
<maml:para>Replicates all DPAPI backup keys from the target Active Directory domain controller and saves them to the Output directory.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplBackupKey.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Save-DPAPIBlob</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-LsaBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ADSIAccount</command:name>
<command:verb>Get</command:verb>
<command:noun>ADSIAccount</command:noun>
<maml:description>
<maml:para>Gets all Active Directory user accounts from a given domain controller using ADSI. Typically used for Credential Roaming data retrieval through LDAP.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Gets all Active Directory user accounts from a given domain controller using ADSI/LDAP. Typically used for Credential Roaming data retrieval and NGC key auditing.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ADSIAccount</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account to use when connecting to the target domain controller. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC, ComputerName">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user account to use when connecting to the target domain controller. The default is the current user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Host, DomainController, DC, ComputerName">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.DSAccount</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-LsaBackupKey -ComputerName 'lon-dc1.contoso.com' | Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ADSIAccount -Server 'lon-dc1.contoso.com' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code>
<dev:remarks>
<maml:para>Retrieves DPAPI backup keys from the target domain controller through the MS-LSAD protocol. Also retrieves roamed credentials (certificates, private keys, and DPAPI master keys) from this domain controller through LDAP and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADSIAccount -Server 'lon-dc1.contoso.com' |
Select-Object -ExpandProperty KeyCredentials |
Where-Object Usage -eq NGC |
Format-Table -View ROCA
<# Sample Output:
Usage IsWeak Source DeviceId Created Owner
----- ------ ------ -------- ------- -----
NGC True AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 CN=John Doe,CN=Users,DC=contoso,DC=com
NGC False AD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 CN=Jane Doe,CN=Users,DC=contoso,DC=com
#></dev:code>
<dev:remarks>
<maml:para>Lists weak public keys registered in Active Directory that were generated on ROCA-vulnerable TPMs.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADSIAccount.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Save-DPAPIBlob</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADKeyCredential</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-AzureADUserEx</command:name>
<command:verb>Get</command:verb>
<command:noun>AzureADUserEx</command:noun>
<maml:description>
<maml:para>Gets a user from Azure AD, including the associated FIDO and NGC keys.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The Get-AzureADUserEx cmdlet uses an undocumented Azure AD Graph API endpoint to retrieve the normally hidden searchableDeviceKeys attribute of user accounts. This attribute holds different types of key credentials, including the FIDO2 and NGC keys that are used by Windows Hello for Business.</maml:para>
<maml:para>This cmdlet is not intended to replace the Get-AzureADUser cmdlet from Microsoft's AzureAD module. Only a handful of attributes are retrieved from Azure Active Directory and authentication fully relies on the Connect-AzureAD cmdlet.</maml:para>
<maml:para>No administrative role is required to perform this operation. The cmdlet was tested on a tenant with 150,000 user accounts and ran under 5 minutes.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-AzureADUserEx</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token">
<maml:name>AccessToken</maml:name>
<maml:Description>
<maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllUsers">
<maml:name>All</maml:name>
<maml:Description>
<maml:para>If true, return all users. If false, return the first 999 objects.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant">
<maml:name>TenantId</maml:name>
<maml:Description>
<maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-AzureADUserEx</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token">
<maml:name>AccessToken</maml:name>
<maml:Description>
<maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Identity, Id, UserId, ObjectGuid">
<maml:name>ObjectId</maml:name>
<maml:Description>
<maml:para>Specifies the identity of a user in Azure AD.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant">
<maml:name>TenantId</maml:name>
<maml:Description>
<maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-AzureADUserEx</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token">
<maml:name>AccessToken</maml:name>
<maml:Description>
<maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant">
<maml:name>TenantId</maml:name>
<maml:Description>
<maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UPN, UserName">
<maml:name>UserPrincipalName</maml:name>
<maml:Description>
<maml:para>Specifies the UPN of a user in Azure AD.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token">
<maml:name>AccessToken</maml:name>
<maml:Description>
<maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="AllUsers">
<maml:name>All</maml:name>
<maml:Description>
<maml:para>If true, return all users. If false, return the first 999 objects.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Identity, Id, UserId, ObjectGuid">
<maml:name>ObjectId</maml:name>
<maml:Description>
<maml:para>Specifies the identity of a user in Azure AD.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant">
<maml:name>TenantId</maml:name>
<maml:Description>
<maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UPN, UserName">
<maml:name>UserPrincipalName</maml:name>
<maml:Description>
<maml:para>Specifies the UPN of a user in Azure AD.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.AzureAD.AzureADUser</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Install-Module -Name AzureAD,DSInternals -Force
PS C:\> Connect-AzureAD
PS C:\> $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
PS C:\> Get-AzureADUserEx -All -Token $token | Where-Object KeyCredentials -ne $null
<# Sample Output:
ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea
UserPrincipalName: [email protected]
Enabled: True
DisplayName: John Doe
Key Credentials:
Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM
Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM
ObjectId: 5dd9c7f0-9441-4c5a-b2df-ca7b889d8c4c
UserPrincipalName: [email protected]
Enabled: True
DisplayName: Peter Smith
Key Credentials:
Usage=NGC, Source=AzureAD, Device=21c915a8-0326-47c4-8985-2aceda00eaee, Created=12/26/2019 1:22:17 PM
Usage=NGC, Source=AzureAD, Device=ec45d71b-b5dd-45dc-beaf-e248cbcb2bd3, Created=12/24/2019 9:44:56 AM
#></dev:code>
<dev:remarks>
<maml:para>Displays info about Azure AD users with key credentials. Authentication is handled by the AzureAD module.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Install-Module -Name AzureAD,DSInternals -Force
PS C:\> Connect-AzureAD
PS C:\> $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
PS C:\> Get-AzureADUserEx -All -Token $token |
Where-Object Enabled -eq $true |
Select-Object -ExpandProperty KeyCredentials |
Where-Object Usage -eq FIDO |
Format-Table -View FIDO
<# Sample Output:
DisplayName AAGUID Alg Counter Created Owner
----------- ------ --- ------- ------- -----
SoloKeys Tap 8876631b-d4a0-427f-5773-0ec71c9e0279 ES256 274 2019-08-29 [email protected]
SoloKeys Solo 8876631b-d4a0-427f-5773-0ec71c9e0279 ES256 281 2019-08-29 [email protected]
eWBM Goldengate G320 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256 83 2019-08-29 [email protected]
eWBM Goldengate G310 95442b2e-f15e-4def-b270-efb106facb4e ES256 4 2019-08-29 [email protected]
Feitian BioPass FIDO2 77010bd7-212a-4fc9-b236-d2ca5e9d4084 ES256 261 2019-08-26 [email protected]
Yubico Security Key FIDO2 f8a011f3-8c0a-4d15-8006-17111f9edc7d ES256 257 2019-08-26 [email protected]
Feitian AllinPass FIDO2 12ded745-4bed-47d4-abaa-e713f51d6393 ES256 231 2019-08-26 [email protected]
YubiKey 5 fa2b99dc-9e39-4257-8f92-4a30d23c4118 ES256 229 2019-08-26 [email protected]
YubiKey 5 cb69481e-8ff7-4039-93ec-0a2729a154a8 ES256 25 2019-12-12 [email protected]
Feitian All-In-Pass 12ded745-4bed-47d4-abaa-e713f51d6393 ES256 1398 2020-03-31 [email protected]
eWBM Goldengate G320 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256 37 2019-08-29 [email protected]
eWBM Goldengate G310 95442b2e-f15e-4def-b270-efb106facb4e ES256 48 2019-08-29 [email protected]
#></dev:code>
<dev:remarks>
<maml:para>Lists all FIDO2 tokens registered in an Azure AD tenant, but only on accounts that are enabled.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>PS C:\> Get-AzureADUserEx -All -Token $token |
Where-Object Enabled -eq $true |
Select-Object -ExpandProperty KeyCredentials |
Where-Object Usage -eq NGC |
Format-Table -View ROCA
<# Sample Output:
Usage IsWeak Source DeviceId Created Owner
----- ------ ------ -------- ------- -----
NGC True AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 [email protected]
NGC False AzureAD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 [email protected]
#></dev:code>
<dev:remarks>
<maml:para>Lists weak public keys registered in Azure Active Directory that were generated on ROCA-vulnerable TPMs.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 4 --------------------------</maml:title>
<dev:code>PS C:\> Get-AzureADTenantDetail | Out-Null
PS C:\> $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
PS C:\> Get-AzureADUserEx -UserPrincipalName '[email protected]' -Token $token
<# Sample Output:
ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea
UserPrincipalName: [email protected]
Enabled: True
DisplayName: John Doe
Key Credentials:
Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM
Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM
#></dev:code>
<dev:remarks>
<maml:para>Gets information about a single Azure Active Directory user. If necessary, the access token is automatically refreshed by the standard Get-AzureADTenantDetail cmdlet.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 5 --------------------------</maml:title>
<dev:code>PS C:\> Get-AzureADUserEx -UserPrincipalName '[email protected]' -AccessToken $token |
ForEach-Object { $PSItem.KeyCredentials.FidoKeyMaterial }
<# Sample Output:
Version: 1
DisplayName: SoloKeys Tap
AttestationCertificates
[email protected], CN=solokeys.com, OU=Authenticator Attestation, O=Solo Keys, S=Maryland, C=US
AuthenticatorData
RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81
Flags: UserPresent, UserVerified, AttestationData, ExtensionData
SignatureCount: 274
AttestedCredentialData
AAGUID: 8876631b-d4a0-427f-5773-0ec71c9e0279
CredentialID: 9d0c595c03cd6c9dd22b0b8f852585302c2d5a13f77669251406c390de6ba42a63f3ea6632a39cd8bc505184352541367725a5283689d825f4355fe2016af2f0008112010000
PublicKeyAlgorithm: ES256
Extensions: {"hmac-secret": true}
Version: 1
DisplayName: SoloKeys Solo
AttestationCertificates
[email protected], CN=solokeys.com, OU=Authenticator Attestation, O=Solo Keys, S=Maryland, C=US
AuthenticatorData
RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81
Flags: UserPresent, UserVerified, AttestationData, ExtensionData
SignatureCount: 281
AttestedCredentialData
AAGUID: 8876631b-d4a0-427f-5773-0ec71c9e0279
CredentialID: ac5373c1eaa6722c351db6554715fd534906f5c98f4548b8390fe11b97325a943f0905d0a9de19765385f9bce512673128a95e3fea15f53ee46dbe307d0f94c84d8119010000
PublicKeyAlgorithm: ES256
Extensions: {"hmac-secret": true}
Version: 1
DisplayName: eWBM Goldengate G320
AttestationCertificates
[email protected], CN=eWBM FIDO2 Certificate, OU=Authenticator Attestation, O="eWBM Co., Ltd.", L=Gangnam-Gu, S=Seoul-Si, C=KR
AuthenticatorData
RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81
Flags: UserPresent, UserVerified, AttestationData, ExtensionData
SignatureCount: 83
AttestedCredentialData
AAGUID: 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c
CredentialID: fb64eb483921507239317b6f5f1d7a0b9499afd4dd0698eaa55ad8871fe1c25a
PublicKeyAlgorithm: ES256
Extensions: {"hmac-secret": true}
Version: 1
DisplayName: eWBM Goldengate G310
AttestationCertificates
[email protected], CN=eWBM FIDO2 Certificate, OU=Authenticator Attestation, O="eWBM Co., Ltd.", L=Gangnam-Gu, S=Seoul-Si, C=KR
AuthenticatorData
RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81
Flags: UserPresent, UserVerified, AttestationData, ExtensionData
SignatureCount: 4
AttestedCredentialData
AAGUID: 95442b2e-f15e-4def-b270-efb106facb4e
CredentialID: 4dd34d8760bc0e92fcb53b64cc1c354ac7112931bd6f53c0a6aabba7c813c36d
PublicKeyAlgorithm: ES256
Extensions: {"hmac-secret": true}
Version: 1
DisplayName: Feitian BioPass FIDO2
AttestationCertificates
CN=FT BioPass FIDO2 USB, OU=Authenticator Attestation, O=Feitian Technologies, C=US
AuthenticatorData
RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81
Flags: UserPresent, UserVerified, AttestationData, ExtensionData
SignatureCount: 261
AttestedCredentialData
AAGUID: 77010bd7-212a-4fc9-b236-d2ca5e9d4084
CredentialID: db2baabf8450f6af3b931b35acc7d5f77ebe4ed98cf0b55c0513cff31e18520d
PublicKeyAlgorithm: ES256
Extensions: {"hmac-secret": true}
Version: 1
DisplayName: Yubico Security Key FIDO2
AttestationCertificates
CN=Yubico U2F EE Serial 8513128192, OU=Authenticator Attestation, O=Yubico AB, C=SE
AuthenticatorData
RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81
Flags: UserPresent, UserVerified, AttestationData, ExtensionData
SignatureCount: 257
AttestedCredentialData
AAGUID: f8a011f3-8c0a-4d15-8006-17111f9edc7d
CredentialID: 09956acca523d532e04c647a4a158664
PublicKeyAlgorithm: ES256
Extensions: {"hmac-secret": true}
Version: 1
DisplayName: Feitian AllinPass FIDO2
AttestationCertificates
CN=FT BioPass FIDO2 0470, OU=Authenticator Attestation, O=Feitian Technologies, C=US
AuthenticatorData
RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81
Flags: UserPresent, UserVerified, AttestationData, ExtensionData
SignatureCount: 231
AttestedCredentialData
AAGUID: 12ded745-4bed-47d4-abaa-e713f51d6393
CredentialID: 59dc5439faef677d7e81688a27604a205dab922978372062c5c10206639c3c00
PublicKeyAlgorithm: ES256
Extensions: {"hmac-secret": true}
Version: 1
DisplayName: YubiKey 5
AttestationCertificates
CN=Yubico U2F EE Serial 14818162, OU=Authenticator Attestation, O=Yubico AB, C=SE
AuthenticatorData
RelyingPartyIdHash: 356c9ed4a09321b9695f1eaf918203f1b55f689da61fbc96184c157dda680c81
Flags: UserPresent, UserVerified, AttestationData, ExtensionData
SignatureCount: 229
AttestedCredentialData
AAGUID: fa2b99dc-9e39-4257-8f92-4a30d23c4118
CredentialID: bc879d1e8da27d5f29a66d9a457ac1d8
PublicKeyAlgorithm: ES256
Extensions: {"hmac-secret": true}
#></dev:code>
<dev:remarks>
<maml:para>Displays details about FIDO2 keys registered in Azure Active Directory by a specific user.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-AzureADUserEx.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-AzureADUserEx</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADKeyCredential</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-BootKey</command:name>
<command:verb>Get</command:verb>
<command:noun>BootKey</command:noun>
<maml:description>
<maml:para>Reads the Boot Key (AKA SysKey or System Key) from an online or offline SYSTEM registry hive.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The BootKey/SysKey is an encryption key that is stored in the Windows SYSTEM registry hive. This key is used by several Windows components to encrypt sensitive information like the AD database, machine account password or system certificates etc.</maml:para>
<maml:para>The Boot Key is returned in hexadecimal format.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-BootKey</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Online</maml:name>
<maml:Description>
<maml:para>Specifies that the action is to be taken on the operating system that is currently running on the local computer.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-BootKey</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, FilePath, SystemHivePath, HivePath">
<maml:name>SystemHiveFilePath</maml:name>
<maml:Description>
<maml:para>Path to an offline SYSTEM registry hive.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Online</maml:name>
<maml:Description>
<maml:para>Specifies that the action is to be taken on the operating system that is currently running on the local computer.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, FilePath, SystemHivePath, HivePath">
<maml:name>SystemHiveFilePath</maml:name>
<maml:Description>
<maml:para>Path to an offline SYSTEM registry hive.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-BootKey -Online
0be7a2afe1713642182e9b96f73a75da</dev:code>
<dev:remarks>
<maml:para>Retrieves the BootKey from the currently running OS.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> reg.exe SAVE HKLM\SYSTEM C:\RegBackup\SYSTEM.hiv
PS C:\> $key = Get-BootKey -SystemHiveFilePath C:\RegBackup\SYSTEM.hiv</dev:code>
<dev:remarks>
<maml:para>Creates a backup of the SYSTEM registry hive and then retrieves the BootKey from this backup.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-BootKey.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBAccountPassword</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBAccountPasswordHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBBootKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-LsaBackupKey</command:name>
<command:verb>Get</command:verb>
<command:noun>LsaBackupKey</command:noun>
<maml:description>
<maml:para>Reads the DPAPI backup keys from a domain controller through the LSARPC protocol.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Reads the Data Protection API (DPAPI) backup keys from an Active Directory domain controller through the MS-LSAD (AKA LSARPC) protocol. The output can be saved to the file system using the Save-DPAPIBlob cmdlet.</maml:para>
<maml:para>DPAPI is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user's master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset and the original master key is rendered inaccessible to the user, the user's access to the master key is automatically restored using the backup key.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-LsaBackupKey</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName">
<maml:name>ComputerName</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
<maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName">
<maml:name>ComputerName</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
<maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.Common.Data.DPAPIBackupKey</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>Administrative permissions on the target domain controller (DC) are required in order to retrieve DPAPI backup keys.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-LsaBackupKey -ComputerName LON-DC1
<# Sample Output:
FilePath : ntds_capi_b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d.pvk
KiwiCommand : REM Add this parameter to at least the first dpapi::masterkey command:
/pvk:"ntds_capi_b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d.pvk"
Type : RSAKey
DistinguishedName :
KeyId : b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d
Data : {2, 0, 0, 0...}
FilePath : ntds_legacy_7882b20e-96ef-4ce5-a2b9-3efdccbbce28.key
KiwiCommand :
Type : LegacyKey
DistinguishedName :
KeyId : 7882b20e-96ef-4ce5-a2b9-3efdccbbce28
Data : {1, 0, 0, 0...}
#></dev:code>
<dev:remarks>
<maml:para>Displays the DPAPI domain backup keys.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Get-LsaBackupKey -ComputerName LON-DC1 | Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ChildItem -Path '.\Output' | Select-Object -ExpandProperty Name
<# Sample Output:
kiwiscript.txt
ntds_legacy_b116cbfa-b881-43e6-ba85-ef3efa64ba22.key
ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.cer
ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pfx
ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk
#></dev:code>
<dev:remarks>
<maml:para>Saves the DPAPI domain backup keys to the Output directory.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaBackupKey.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Save-DPAPIBlob</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-LsaPolicyInformation</command:name>
<command:verb>Get</command:verb>
<command:noun>LsaPolicyInformation</command:noun>
<maml:description>
<maml:para>Retrieves AD-related information from the Local Security Authority Policy of the local computer or a remote one.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The Local Security Authority (LSA) is a protected subsystem of Windows that maintains information about all aspects of local security on a system, collectively known as the local security policy of the system.</maml:para>
<maml:para>The local security policy of a system is a set of information about the security of a local computer.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-LsaPolicyInformation</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName">
<maml:name>ComputerName</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
<maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName">
<maml:name>ComputerName</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
<maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.PowerShell.LsaPolicyInformation</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-LSAPolicyInformation
<# Sample Output:
Domain/Workgroup Name : WORKGROUP
Account Domain Name : MYPC
Account Domain SID : S-1-5-21-2814909047-1086830290-2660982408
Local Domain Name : MYPC
Local Domain SID : S-1-5-21-2814909047-1086830290-2660982408
#></dev:code>
<dev:remarks>
<maml:para>Retrieves LSA Policy from the local computer.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Get-LSAPolicyInformation -ComputerName LON-DC1
<# Sample Output:
Domain/Workgroup Name : ADATUM
Forest DNS Name : Adatum.com
Domain DNS Name : Adatum.com
Domain GUID : 281582b4-9d3e-449d-a238-676bd5844f56
Domain SID : S-1-5-21-3180365339-800773672-3767752645
Account Domain Name : ADATUM
Account Domain SID : S-1-5-21-3180365339-800773672-3767752645
Local Domain Name : LON-DC1
Local Domain SID : S-1-5-21-2929860833-2984454239-2848460202
#></dev:code>
<dev:remarks>
<maml:para>Retrieves LSA Policy from a remote computer called LON-DC1.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaPolicyInformation.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-LsaPolicyInformation</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-LsaBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>LSA Policy</maml:linkText>
<maml:uri>https://docs.microsoft.com/en-us/windows/desktop/secmgmt/lsa-policy</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-SamPasswordPolicy</command:name>
<command:verb>Get</command:verb>
<command:noun>SamPasswordPolicy</command:noun>
<maml:description>
<maml:para>Queries Active Directory for the default password policy.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Retrieves the current password policy for a domain through the MS-SAMR protocol.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-SamPasswordPolicy</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the NetBIOS domain name. Local accounts are stored a domain called Builtin.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
<maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>localhost</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the NetBIOS domain name. Local accounts are stored a domain called Builtin.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
<maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>localhost</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.SAM.SamDomainPasswordInformation</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-SamPasswordPolicy -Domain CONTOSO -Server LON-DC1
<# Sample Output:
MinPasswordLength : 8
ComplexityEnabled : True
ReversibleEncryptionEnabled : False
MaxPasswordAge : 90.00:00:00.0
MinPasswordAge : 01:00:00
PasswordHistoryCount : 10
#></dev:code>
<dev:remarks>
<maml:para>Queries the LON-DC1 domain controller for default domain password policy.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Get-SamPasswordPolicy -Domain Builtin
<# Sample Output:
MinPasswordLength : 0
ComplexityEnabled : False
ReversibleEncryptionEnabled : False
MaxPasswordAge : 42.22:47:31.7437440
MinPasswordAge : 00:00:00
PasswordHistoryCount : 0
#></dev:code>
<dev:remarks>
<maml:para>Queries the local computer for its current password policy.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-SamPasswordPolicy.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-SamAccountPasswordHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>New-ADDBRestoreFromMediaScript</command:name>
<command:verb>New</command:verb>
<command:noun>ADDBRestoreFromMediaScript</command:noun>
<maml:description>
<maml:para>Generates a PowerShell script that can be used to restore a domain controller from an IFM-equivalent backup (i.e. ntds.dit + SYSVOL).</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The New-ADDBRestoreFromMediaScript cmdlet was created to save the day under certain specific circumstances. Imagine a company that had been attacked by some ransomware to the extent that all their domain controllers have been wiped. Moreover, no proper System State backups of DCs are available, only file-level ones. As a consequence, they are not able to restore Active Directory, the time is ticking and their only option seems to be reinstalling the entire AD forest from scratch. It might be hard to believe that someone would have violated all the best practices and neglected planning for disaster recovery, but, alas, such situations have occurred in large enterprises during the 2017 NotPetya outbreak. I have therefore come up with a domain controller recovery method that I call Restore from Media (RFM). As already hinted, this method can be used to restore domain controllers from file-level backups.</maml:para>
<maml:para>Unlike the Install from Media (IFM) (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816722(v=ws.10)) method, the Restore from Media method does not require network connectivity to a live writable domain controller. Nevertheless, the same installation source ([IFM backup](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816574(v=ws.10)) with SYSVOL)can be used with both methods of DC installation.</maml:para>
<maml:para>To perform the Restore from Media operation, you need to have the following:</maml:para>
<maml:para>- A full Install from Media (IFM) backup of a domain controller or equivalent file-level backup. The backup must contain these files:</maml:para>
<maml:para> - Domain database file (ntds.dit)</maml:para>
<maml:para> - SYSTEM registry hive or a corresponding Boot Key / SysKey</maml:para>
<maml:para> - SYSVOL directory</maml:para>
<maml:para>- A freshly installed Windows Server of the same version as the domain controller originally running the database that is to be restored. This information can be retrieved from the corresponding ntds.dit file using the Get-ADDBDomainController (Get-ADDBDomainController.md)cmdlet.</maml:para>
<maml:para>- An isolated VLAN / virtual network as connectivity to any existing production domain controllers would have unforseen consequences.</maml:para>
<maml:para>Follow these steps on the target server in order to restore the domain controller:</maml:para>
<maml:para>1. In case of Windows Server 2008 (R2), run the `$PSVersionTable.PSVersion` to verify that at least PowerShell 3 is installed. Upgrade (https://docs.microsoft.com/en-us/powershell/wmf/overview)if necessary.</maml:para>
<maml:para>2. Verify that the PowerShell Script Execution Policy (https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-6)is set to RemoteSigned, Unrestricted or Bypass in the LocalMachine scope.</maml:para>
<maml:para>3. Install (https://github.com/MichaelGrafnetter/DSInternals/wiki/Installation)the DSInternals PowerShell module for all users.</maml:para>
<maml:para>4. Copy the backup data to a local drive, e.g. C:\Backup.</maml:para>
<maml:para>5. Run the `New-ADDBRestoreFromMediaScript -DatabasePath 'C:\Backup\Active Directory\ntds.dit' | Invoke-Expression` command.</maml:para>
<maml:para>6. Sit back and watch the magic happen. Up to 3 reboots will follow and the entire process may take up to 20 minutes to finish. You should then end up with a fully functional domain controller.</maml:para>
<maml:para>The script that is generated by the `New-ADDBRestoreFromMediaScript` cmdlet does the following actions:</maml:para>
<maml:para>- Rename the server to match the original domain controller.</maml:para>
<maml:para>- Install a new forest by promoting the server to a domain controller.</maml:para>
<maml:para>- Replace the newly generated database file (ntds.dit) and SYSVOL directory by the original ones.</maml:para>
<maml:para>- Re-encrypt the database using the local Boot Key.</maml:para>
<maml:para>- Write the newly generated machine account password into ntds.dit.</maml:para>
<maml:para>- Update the LSA Policy to match the SID and GUID of the domain that is being restored.</maml:para>
<maml:para>- Reset the Invocation ID of the domain controller.</maml:para>
<maml:para>- Reconfigure SYSVOL replication in case it has been restored to a different path.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>New-ADDBRestoreFromMediaScript</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the system key that encrypts secrets stored in the database specified by the -DatabasePath parameter. If none is specified, it is automatically extracted from a backup of the SYSTEM registry hive, provided that it is present in the ..\registry\SYSTEM path relative to the -DatabasePath parameter.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies a non-UNC path to the backup of domain database (ntds.dit file) that will be used to restore the domain controller.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies a non-UNC path to a directory that contains the backup of domain log files. If not specified, the value of the DatabasePath parameter is used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SafeModeAdminPassword, AdminPassword, DSRMPassword">
<maml:name>SafeModeAdministratorPassword</maml:name>
<maml:Description>
<maml:para>Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode. If no value is specified for this parameter, the cmdlet prompts you to enter and confirm a masked password. If specified with a value, the value must be a secure string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SysVol">
<maml:name>SysvolPath</maml:name>
<maml:Description>
<maml:para>Specifies a non-UNC path to a directory that contains the backup of Sysvol data. If none is specified, the ..\SYSVOL\ path relative to the -DatabasePath parameter is used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the system key that encrypts secrets stored in the database specified by the -DatabasePath parameter. If none is specified, it is automatically extracted from a backup of the SYSTEM registry hive, provided that it is present in the ..\registry\SYSTEM path relative to the -DatabasePath parameter.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies a non-UNC path to the backup of domain database (ntds.dit file) that will be used to restore the domain controller.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies a non-UNC path to a directory that contains the backup of domain log files. If not specified, the value of the DatabasePath parameter is used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SafeModeAdminPassword, AdminPassword, DSRMPassword">
<maml:name>SafeModeAdministratorPassword</maml:name>
<maml:Description>
<maml:para>Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode. If no value is specified for this parameter, the cmdlet prompts you to enter and confirm a masked password. If specified with a value, the value must be a secure string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SysVol">
<maml:name>SysvolPath</maml:name>
<maml:Description>
<maml:para>Specifies a non-UNC path to a directory that contains the backup of Sysvol data. If none is specified, the ..\SYSVOL\ path relative to the -DatabasePath parameter is used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>This recovery procedure is NOT SUPPORTED by Microsoft. Use at your own risk in situations when Active Directory forest reinstallation is the only other option.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> New-ADDBRestoreFromMediaScript -DatabasePath 'C:\IFM\Active Directory\ntds.dit' | Invoke-Expression</dev:code>
<dev:remarks>
<maml:para>Restores a domain controller from a previously created IFM backup.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> New-ADDBRestoreFromMediaScript -DatabasePath 'C:\IFM\Active Directory\ntds.dit' -BootKey 610bc29e6f62ca7004e9872cd51a0116 -SysvolPath 'C:\IFM\SYSVOL'</dev:code>
<dev:remarks>
<maml:para>Generates a domain controller restoration script from a previously created IFM backup. The script can then be reviewed, modified if necessary and executed manually.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>ntdsutil.exe "activate instance ntds" ifm "create sysvol full c:\IFM" quit quit</dev:code>
<dev:remarks>
<maml:para>Creates an Install From Media (IFM) backup of a running domain controller. This backup can later be used by the New-ADDBRestoreFromMediaScript cmdlet.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 4 --------------------------</maml:title>
<dev:code><#
.SYNOPSIS
Restores the LON-DC1 domain controller from ntds.dit.
.REMARKS
This script should only be executed on a freshly installed Windows Server 2012 R2 Datacenter Evaluation. Use at your own risk.
The DSInternals PowerShell module must be installed for all users on the target server.
Author: Michael Grafnetter
#>
#Requires -Version 3 -Modules DSInternals,ServerManager,PSScheduledJob -RunAsAdministrator
# Perform a VSS backup before doing anything else.
Write-Host 'Creating a snapshot of the system drive to make rollback possible...'
$vssResult = ([wmiclass] 'Win32_ShadowCopy').Create("$env:SystemDrive\", 'ClientAccessible')
# The PS module must be present as workflows cannot contain non-existing activities.
Write-Host 'Installing the Active Directory module for Windows PowerShell...'
Add-WindowsFeature -Name RSAT-AD-PowerShell -ErrorAction Stop
# All the other operations will be executed by a restartable workflow running in SYSTEM context.
Write-Host 'Registering restartable workflows...'
# Delete any pre-existing scheduled jobs with the same names before registering new ones.
Unregister-ScheduledJob -Name DSInternals-RFM-Initializer,DSInternals-RFM-Resumer -Force -ErrorAction SilentlyContinue
# The DSInternals-RFM-Initializer job will only be executed once in order to register the workflow and to invoke it for the first time.
$initTask = Register-ScheduledJob -Name DSInternals-RFM-Initializer -ScriptBlock {
workflow Restore-DomainController
{
if ($env:COMPUTERNAME -ne 'LON-DC1')
{
# A server rename operation is required.
Rename-Computer -NewName 'LON-DC1' -Force
# We explicitly suspend the workflow as Restart-Computer with the -Wait parameter does not survive local reboots.
shutdown.exe /r /t 5
Suspend-Workflow -Label 'Waiting for reboot'
}
if ((Get-Service NTDS -ErrorAction SilentlyContinue) -eq $null)
{
# A DC promotion is required.
# Note: In order to maintain compatibility with Windows Server 2008 R2, the ADDSDeployment module is not used.
# Advice: It is recommenced to change the DSRM password after DC promotion.
dcpromo.exe /unattend /ReplicaOrNewDomain:Domain /NewDomain:Forest /NewDomainDNSName:"adatum.com" /DomainNetBiosName:"ADATUM" /DomainLevel:7 /ForestLevel:7 '/SafeModeAdminPassword:"Pa$$w0rd"' /DatabasePath:"$env:SYSTEMROOT\NTDS" /LogPath:"$env:SYSTEMROOT\NTDS" /SysVolPath:"$env:SYSTEMROOT\SYSVOL" /AllowDomainReinstall:Yes /CreateDNSDelegation:No /DNSOnNetwork:No /InstallDNS:Yes /RebootOnCompletion:No
Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\10 -Name ConfigurationStatus -Value 2 -Force
<# Alternative approach for Winows Server 2012+
Install-WindowsFeature -Name AD-Domain-Services
Install-ADDSForest -DomainName 'adatum.com' `
-DomainNetbiosName 'ADATUM' `
-ForestMode WinThreshold `
-DomainMode WinThreshold `
-DatabasePath "$env:SYSTEMROOT\NTDS" `
-LogPath "$env:SYSTEMROOT\NTDS" `
-SysvolPath "$env:SYSTEMROOT\SYSVOL" `
-InstallDns `
-CreateDnsDelegation:$false `
-NoDnsOnNetwork `
-SafeModeAdministratorPassword (ConvertTo-SecureString -String 'Pa$$w0rd' -AsPlainText -Force)`
-NoRebootOnCompletion `
-Force
#>
}
# Reboot the computer into the Directory Services Restore Mode.
bcdedit.exe /set safeboot dsrepair
shutdown.exe /r /t 5
Suspend-Workflow -Label 'Waiting for reboot'
# Re-encrypt the DB with the new boot key.
$currentBootKey = Get-BootKey -Online
Set-ADDBBootKey -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -OldBootKey 610bc29e6f62ca7004e9872cd51a0116 -NewBootKey $currentBootKey -Force
# Clone the DC account password.
$ntdsParams = Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
InlineScript {
# Note: SupplementalCredentials do not get serialized properly without using the InlineScript activity.
$dcAccount = Get-ADDBAccount -SamAccountName 'LON-DC1$' -DatabasePath $using:ntdsParams.'DSA Database file' -LogPath $using:ntdsParams.'Database log files path' -BootKey $using:currentBootKey
Set-ADDBAccountPasswordHash -ObjectGuid 9bb4d6f4-060a-4585-9f18-625774e7c088 -NTHash $dcAccount.NTHash -SupplementalCredentials $dcAccount.SupplementalCredentials -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -BootKey $using:currentBootKey -Force
}
# Replace the database and transaction logs.
robocopy.exe 'C:\Backup\Active Directory' $ntdsParams.'DSA Working Directory' *.dit *.edb *.chk *.jfm /MIR /NP /NDL /NJS
robocopy.exe 'C:\Backup\Active Directory' $ntdsParams.'Database log files path' *.log *.jrs /MIR /NP /NDL /NJS
# Replace SYSVOL.
robocopy.exe 'C:\Backup\SYSVOL\Adatum.com' "$env:SYSTEMROOT\SYSVOL\domain" /MIR /XD DfsrPrivate /XJ /COPYALL /SECFIX /TIMFIX /NP /NDL
# Reconfigure LSA policies. We would get into a BSOD loop if they do not match the corresponding values in the database.
Set-LsaPolicyInformation -DomainName 'ADATUM' -DnsDomainName 'Adatum.com' -DnsForestName 'Adatum.com' -DomainGuid 279b615e-ae79-4c86-a61a-50f687b9f7b8 -DomainSid S-1-5-21-1817670852-3242289776-1304069626
# Tell the DC that its DB has intentionally been restored. A new InvocationID will be generated as soon as the service starts.
Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters -Name 'Database restored from backup' -Value 1 -Force
Remove-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters -Name 'DSA Database Epoch' -Force
# Disable DSRM and do one last reboot.
bcdedit.exe /deletevalue safeboot
shutdown.exe /r /t 5
Suspend-Workflow -Label 'Waiting for reboot'
# Reconfigure SYSVOL replication in case it has been restored to a different path.
# Update DFS-R subscription if present in AD.
$dfsrSubscriptionDN = 'CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=LON-DC1,OU=Domain Controllers,DC=Adatum,DC=com'
$dfsrSubscription = Set-ADObject -Identity $dfsrSubscriptionDN -Server localhost -PassThru -ErrorAction SilentlyContinue -Replace @{
'msDFSR-RootPath' = "$env:SYSTEMROOT\SYSVOL\domain";
'msDFSR-StagingPath' = "$env:SYSTEMROOT\SYSVOL\staging areas\Adatum.com"
}
if($dfsrSubscription -ne $null)
{
# Download the updated DFS-R configuration from AD.
Invoke-WmiMethod -Class DfsrConfig -Name PollDsNow -ArgumentList localhost -Namespace ROOT\MicrosoftDfs
}
# Update FRS subscription if present in AD.
$frsSubscriptionDN = 'CN=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions,CN=LON-DC1,OU=Domain Controllers,DC=Adatum,DC=com'
$frsSubscription = Set-ADObject -Identity $frsSubscriptionDN -Server localhost -PassThru -ErrorAction SilentlyContinue -Replace @{
'fRSRootPath' = "$env:SYSTEMROOT\SYSVOL\domain";
'fRSStagingPath' = "$env:SYSTEMROOT\SYSVOL\staging\domain"
}
if($frsSubscription -ne $null)
{
# Download the updated FRS configuration from AD.
InlineScript { ntfrsutl.exe poll /now }
}
}
# Delete any pre-existing workflows with the same name before starting a new one.
Remove-Job -Name DSInternals-RFM-Workflow -Force -ErrorAction SilentlyContinue
# Start the workflow.
Restore-DomainController -JobName DSInternals-RFM-Workflow
}
# The DSInternals-RFM-Resumer job will be executed after each reboot to unpause the workflow.
$resumeTask = Register-ScheduledJob -Name DSInternals-RFM-Resumer -Trigger (New-JobTrigger -AtStartup) -ScriptBlock {
# Unregister the one-time task that must already have been executed.
Unregister-ScheduledJob -Name DSInternals-RFM-Initializer -Force -ErrorAction SilentlyContinue
# Resume the workflow after the computer is rebooted.
Resume-Job -Name DSInternals-RFM-Workflow -Wait | Wait-Job | where State -In Completed,Failed,Stopped | foreach {
# Perform cleanup when finished.
Remove-Job -Job $PSItem -Force
Unregister-ScheduledJob -Name DSInternals-RFM-Resumer -Force
}
}
# Configure the scheduled tasks to run under the SYSTEM account.
# Note: In order to maintain compatibility with Windows Server 2008 R2, the ScheduledTasks module is not used.
schtasks.exe /Change /TN '\Microsoft\Windows\PowerShell\ScheduledJobs\DSInternals-RFM-Initializer' /RU SYSTEM | Out-Null
schtasks.exe /Change /TN '\Microsoft\Windows\PowerShell\ScheduledJobs\DSInternals-RFM-Resumer' /RU SYSTEM | Out-Null
# Start the workflow task and let the magic happen.
Write-Host 'The LON-DC1 domain controller will now be restored from media. Up to 3 reboots will follow.'
pause
$initTask.RunAsTask()</dev:code>
<dev:remarks>
<maml:para></maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-BootKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBDomainController</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Remove-ADDBObject</command:name>
<command:verb>Remove</command:verb>
<command:noun>ADDBObject</command:noun>
<maml:description>
<maml:para>Physically removes specified object from a ntds.dit file, making it semantically inconsistent. Highly experimental!</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>{{Fill in the Description}}</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Remove-ADDBObject</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to remove the specified object from the target database.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Remove-ADDBObject</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to remove the specified object from the target database.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to remove the specified object from the target database.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> {{ Add example code here }}</dev:code>
<dev:remarks>
<maml:para>{{ Add example description here }}</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Remove-ADDBObject.md</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Save-DPAPIBlob</command:name>
<command:verb>Save</command:verb>
<command:noun>DPAPIBlob</command:noun>
<maml:description>
<maml:para>Saves DPAPI and Credential Roaming data retrieved from Active Directory to the filesystem for further processing.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>This cmdlet saves DPAPI-related data retrieved from Active Directory to a selected directory. It also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys and to decode the certificates. Supports DPAPI backup keys returned by the Get-ADReplBackupKey, Get-ADDBBackupKey, and Get-LsaBackupKey cmdlets and roamed credentials (certificates, private keys, and DPAPI master keys) returned by the Get-ADReplAccount, Get-ADDBAccount, and Get-ADSIAccount cmdlets.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Save-DPAPIBlob</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, OutputPath">
<maml:name>DirectoryPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a target directory where the output file(s) will be saved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="named" aliases="none">
<maml:name>Account</maml:name>
<maml:Description>
<maml:para>Specifies an Active Directory account whose DPAPI-related attribute values will be exported to the target directory.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DSAccount</command:parameterValue>
<dev:type>
<maml:name>DSAccount</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Save-DPAPIBlob</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, OutputPath">
<maml:name>DirectoryPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a target directory where the output file(s) will be saved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="named" aliases="DPAPIBlob, Object, Blob, BackupKey">
<maml:name>DPAPIObject</maml:name>
<maml:Description>
<maml:para>Specifies a DPAPI object (e.g. Domain Backup Key or Master Key) that will be saved to the target directory.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DPAPIObject</command:parameterValue>
<dev:type>
<maml:name>DPAPIObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="named" aliases="none">
<maml:name>Account</maml:name>
<maml:Description>
<maml:para>Specifies an Active Directory account whose DPAPI-related attribute values will be exported to the target directory.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DSAccount</command:parameterValue>
<dev:type>
<maml:name>DSAccount</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Path, OutputPath">
<maml:name>DirectoryPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a target directory where the output file(s) will be saved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="named" aliases="DPAPIBlob, Object, Blob, BackupKey">
<maml:name>DPAPIObject</maml:name>
<maml:Description>
<maml:para>Specifies a DPAPI object (e.g. Domain Backup Key or Master Key) that will be saved to the target directory.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DPAPIObject</command:parameterValue>
<dev:type>
<maml:name>DPAPIObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>DSInternals.Common.Data.DPAPIObject</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>DSInternals.Common.Data.DSAccount</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBBackupKey -DatabasePath '.\ADBackup\Active Directory\ntds.dit' `
-BootKey 0be7a2afe1713642182e9b96f73a75da |
Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ADDBAccount -All -DatabasePath '.\ADBackup\Active Directory\ntds.dit' |
Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ChildItem -Path '.\Output' -Recurse -File |
Foreach-Object { $PSItem.FullName.Replace((Resolve-Path -Path '.\Output'), '') }
<# Sample Output:
\kiwiscript.txt
\ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.cer
\ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.pfx
\ntds_capi_4cee80c0-b6c6-406c-a68b-c0e5818bc436.pvk
\ntds_legacy_d78736ad-5206-4eda-bfd4-cd10cc49d163.key
\Abbi\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1304\99c6f954ca07d75267f9a369a0bf5cd3_9e75a609-18c7-4c98-8cd0-c34c3aeae423
\Abbi\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1304\ba7577742c7900c29f8e7f8193ca5f6d_9e75a609-18c7-4c98-8cd0-c34c3aeae423
\Abbi\Protect\S-1-5-21-4534338-1127018997-2609994386-1304\eadae2b5-3933-434a-9bcf-804175877104
\Abbi\SystemCertificates\My\Certificates\366004B5FA21294B80B22DA1385F414C70DF611B
\Abbi\SystemCertificates\My\Certificates\6441367E7BF2D4C7DAA1CF27C72D6552F4A48B48
\Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\0b0c01d1f2bb6db4cd9496cd5e1214d6_f8b7bbef-d227-4ac7-badd-3a238a7f741e
\Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\2907acacb201238bd89fe63b20c6d23b_f8b7bbef-d227-4ac7-badd-3a238a7f741e
\Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\701577141985b6923998dcca035c007a_f8b7bbef-d227-4ac7-badd-3a238a7f741e
\Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\d881dc8bbed7c3a08f03b01de4b9f45f_f8b7bbef-d227-4ac7-badd-3a238a7f741e
\Administrator\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-500\e1b4cc613d831f27c664af17b8f98021_f8b7bbef-d227-4ac7-badd-3a238a7f741e
\Administrator\Protect\S-1-5-21-4534338-1127018997-2609994386-500\47070660-c259-4d90-8bc9-187605323450
\Administrator\Protect\S-1-5-21-4534338-1127018997-2609994386-500\e13655bb-9519-45aa-abf8-a50a7b01317a
\Administrator\SystemCertificates\My\Certificates\01ADA5237C2D2D1F1571247A239CA66B31885389
\Administrator\SystemCertificates\My\Certificates\5479CDDE0747E2CB5DF64F28A9E4AD3266AB27AF
\Administrator\SystemCertificates\My\Certificates\574E4687133998544C0095C7B348C52CD398182E
\Administrator\SystemCertificates\My\Certificates\B422F98237039C9836D24E22E5A92FCEC507EF89
\Administrator\SystemCertificates\My\Certificates\DBE2B5417D56BC061B05B7265A47D3595EEC6A32
\Administrator\SystemCertificates\Request\Certificates\AE1EBACC333E48E80C5DED7D0C644D80417CB6EC
\Lara\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1359\1eceade740dd71b94c3a7333522b9859_9e75a609-18c7-4c98-8cd0-c34c3aeae423
\Lara\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1359\2995fb4c62c9211bc265c89fe1c85061_9e75a609-18c7-4c98-8cd0-c34c3aeae423
\Lara\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1359\3183cd1aef41afc9af73e231607b5266_9e75a609-18c7-4c98-8cd0-c34c3aeae423
\Lara\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1359\4f8bd0d10c208c8d57d2a1babd288a83_9e75a609-18c7-4c98-8cd0-c34c3aeae423
\Lara\Protect\S-1-5-21-4534338-1127018997-2609994386-1359\5f6d65d9-c363-4c78-af8d-034fb80efc5a
\Lara\SystemCertificates\My\Certificates\1307CE05C8247AA08508302431B6A99647FF600E
\Lara\SystemCertificates\My\Certificates\7B0928AF99A3244E73F7F17957ABD5A80818B210
\Lara\SystemCertificates\My\Certificates\90E1D7F90AD73F66F2C8F60120C256D038FD1F2C
\Lara\SystemCertificates\My\Certificates\DB690E9D99D094D3E9746DE484D3050951516E29
\Logan\Crypto\RSA\S-1-5-21-4534338-1127018997-2609994386-1272\fd56f510920bd55b31ff5207eafda8c8_9e75a609-18c7-4c98-8cd0-c34c3aeae423
\Logan\Protect\S-1-5-21-4534338-1127018997-2609994386-1272\9c6cc9e0-b5f8-48f4-a478-305ad77fceab
\Logan\SystemCertificates\My\Certificates\5D7A3A4FE8ADF5A61C5079EB7FDD1507B2753682
#>
PS C:\> Get-Content -Path '.\Output\kiwiscript.txt'
<# Sample Output:
REM Add this parameter to at least the first dpapi::masterkey command: /pvk:"ntds_capi_290914ed-b1a8-482e-a89f-7caa217bf3c3.pvk"
dpapi::masterkey /in:"Install\Protect\S-1-5-21-1236425271-2880748467-2592687428-1000\0f2ca69c-c144-4d80-905f-a6bcdfb0d659" /sid:S-1-5-21-1236425271-2880748467-2592687428-1000
dpapi::masterkey /in:"Install\Protect\S-1-5-21-1236425271-2880748467-2592687428-1000\acdad60e-bcc0-48fb-9ceb-7514ca5aa558" /sid:S-1-5-21-1236425271-2880748467-2592687428-1000
dpapi::cng /in:"Install\Crypto\Keys\002F8F86566CEFBC8694EE7F5BB24A5FF2BA2C18"
dpapi::cng /in:"Install\Crypto\Keys\476D927F1B009662D46D785BA58BD8E9DB42F687"
crypto::system /file:"Install\SystemCertificates\My\Certificates\EA4AD6192A82AB059BFA5E774515FDE0DA604160" /export
crypto::system /file:"Install\SystemCertificates\My\Certificates\D6F23BB7BD8C0099DF5F1324507EA0CA3DE7DEAB" /export
dpapi::masterkey /in:"john\Protect\S-1-5-21-1236425271-2880748467-2592687428-1109\bfefb3a6-5cdc-44f9-8521-a31feb3acdb1" /sid:S-1-5-21-1236425271-2880748467-2592687428-1109
dpapi::masterkey /in:"john\Protect\S-1-5-21-1236425271-2880748467-2592687428-1109\c14e7f69-3bf5-4c49-92d8-78d759d74ece" /sid:S-1-5-21-1236425271-2880748467-2592687428-1109
crypto::system /file:"john\SystemCertificates\My\Certificates\AF839B040D1257997A8D83EE71F96918F4C3EA01" /export
dpapi::cng /in:"john\Crypto\Keys\9F95F8E4F381BFFFD22B5EFAA013E53268451310"
dpapi::cng /in:"john\Crypto\Keys\C9ABDF8DC38EA2BA2E20AEC770D91210FF919F87"
crypto::system /file:"john\SystemCertificates\My\Certificates\DEFFADB62EE547CB88973DF664C4DC958E8E64D8" /export
crypto::system /file:"john\SystemCertificates\My\Certificates\49FD324E5CC4A6020AC9D12D4311C7B33393A1C4" /export
crypto::system /file:"john\SystemCertificates\My\Certificates\4E951C29567A261B2E90C94BCCEFAE1FA878A2CB" /export
dpapi::capi /in:"john\Crypto\RSA\S-1-5-21-1236425271-2880748467-2592687428-1109\0581f4e6088649266038726d9f8786a9_edc46440-65c9-41ce-aaeb-73754e0e38c8"
dpapi::capi /in:"john\Crypto\RSA\S-1-5-21-1236425271-2880748467-2592687428-1109\4771dfabcc8ad1ec2c84c489df041fad_edc46440-65c9-41ce-aaeb-73754e0e38c8"
#></dev:code>
<dev:remarks>
<maml:para>Extracts DPAPI backup keys and roamed credentials (certificates, private keys, and DPAPI master keys) from an Active Directory database file and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADReplBackupKey -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ADReplAccount -All -Server 'lon-dc1.adatum.com' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code>
<dev:remarks>
<maml:para>Replicates all DPAPI backup keys and roamed credentials (certificates, private keys, and DPAPI master keys) from the target Active Directory domain controller and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>PS C:\> Get-LsaBackupKey -ComputerName 'lon-dc1.contoso.com' | Save-DPAPIBlob -DirectoryPath '.\Output'
PS C:\> Get-ADSIAccount -Server 'lon-dc1.contoso.com' | Save-DPAPIBlob -DirectoryPath '.\Output'</dev:code>
<dev:remarks>
<maml:para>Retrieves DPAPI backup keys from the target domain controller through the MS-LSAD protocol. Also retrieves roamed credentials (certificates, private keys, and DPAPI master keys) from this domain controller through LDAP and saves them to the Output directory. Also creates a file called kiwiscript.txt that contains mimikatz commands needed to decrypt the private keys.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Save-DPAPIBlob.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-LsaBackupKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADSIAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-ADDBAccountPassword</command:name>
<command:verb>Set</command:verb>
<command:noun>ADDBAccountPassword</command:noun>
<maml:description>
<maml:para>Sets the password for a user, computer, or service account stored in a ntds.dit file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Generates new password hashes of the given password, including NT hash, WDigest hashes and Kerberos DES, AES128 and AES256 keys and encrypts them into the database using boot key.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-ADDBAccountPassword</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p">
<maml:name>NewPassword</maml:name>
<maml:Description>
<maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBAccountPassword</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p">
<maml:name>NewPassword</maml:name>
<maml:Description>
<maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBAccountPassword</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p">
<maml:name>NewPassword</maml:name>
<maml:Description>
<maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBAccountPassword</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p">
<maml:name>NewPassword</maml:name>
<maml:Description>
<maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Password, Pwd, Pass, AccountPassword, p">
<maml:name>NewPassword</maml:name>
<maml:Description>
<maml:para>Specifies a new password value. This value is stored as an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue>
<dev:type>
<maml:name>SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> $pass = Read-Host -AsSecureString -Prompt 'Provide new password for user john'
PS C:\> Set-ADDBAccountPassword -SamAccountName john `
-NewPassword $pass `
-DatabasePath '.\ADBackup\Active Directory\ntds.dit' `
-BootKey 0be7a2afe1713642182e9b96f73a75da</dev:code>
<dev:remarks>
<maml:para>Performs an offline password reset for user john .</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPassword.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBAccountPasswordHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-SamAccountPasswordHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-BootKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-ADDBAccountPasswordHash</command:name>
<command:verb>Set</command:verb>
<command:noun>ADDBAccountPasswordHash</command:noun>
<maml:description>
<maml:para>Sets the password hash for a user, computer, or service account stored in a ntds.dit file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Writes the specified NT hash and optionally an entire supplementalCredentials data structure into an offline database. Also enables cross-database / cross-forest password migration without the requirement of a domain trust being in place.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-ADDBAccountPasswordHash</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c">
<maml:name>SupplementalCredentials</maml:name>
<maml:Description>
<maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue>
<dev:type>
<maml:name>SupplementalCredentials</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBAccountPasswordHash</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c">
<maml:name>SupplementalCredentials</maml:name>
<maml:Description>
<maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue>
<dev:type>
<maml:name>SupplementalCredentials</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBAccountPasswordHash</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c">
<maml:name>SupplementalCredentials</maml:name>
<maml:Description>
<maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue>
<dev:type>
<maml:name>SupplementalCredentials</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBAccountPasswordHash</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c">
<maml:name>SupplementalCredentials</maml:name>
<maml:Description>
<maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue>
<dev:type>
<maml:name>SupplementalCredentials</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Key, SysKey, SystemKey">
<maml:name>BootKey</maml:name>
<maml:Description>
<maml:para>Specifies the boot key (AKA system key) that will be used to decrypt/encrypt values of secret attributes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Hash, PasswordHash, NTLMHash, MD4Hash, h">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Specifies the NT hash of a password that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an account on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="KerberosKeys, sc, c">
<maml:name>SupplementalCredentials</maml:name>
<maml:Description>
<maml:para>Specifies the kerberos keys and WDigest hashes that will be written to the target AD database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SupplementalCredentials</command:parameterValue>
<dev:type>
<maml:name>SupplementalCredentials</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Byte[]</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>DSInternals.Common.Data.SupplementalCredentials</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> $pass = Read-Host -AsSecureString -Prompt 'Provide new password for user hacker'
PS C:\> $hash = ConvertTo-NTHash $pass
PS C:\> Set-ADDBAccountPasswordHash -SamAccountName john `
-NTHash $hash `
-DatabasePath '.\ADBackup\Active Directory\ntds.dit' `
-BootKey 0be7a2afe1713642182e9b96f73a75da</dev:code>
<dev:remarks>
<maml:para>Performs an offline password reset for user john by injecting a raw NT hash value.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPasswordHash.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBAccountPassword</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-SamAccountPasswordHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-BootKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-ADDBBootKey</command:name>
<command:verb>Set</command:verb>
<command:noun>ADDBBootKey</command:noun>
<maml:description>
<maml:para>Re-encrypts a ntds.dit file with a new BootKey/SysKey.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Decrypts the password encryption key list from the pekList domain attribute using the current/old boot key and re-encrypts it using a new one. This might be useful during some DC restore operations. Note that this procedure is highly unsupported by Microsoft.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-ADDBBootKey</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NewKey, New, NewSysKey">
<maml:name>NewBootKey</maml:name>
<maml:Description>
<maml:para>Specifies the new boot key (AKA system key) that will be used to re-encrypt the password encryption key (pekList) stored in the target Active Directory database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="OldKey, Old, OldSysKey">
<maml:name>OldBootKey</maml:name>
<maml:Description>
<maml:para>Specifies the current boot key (AKA system key) that will be used to decrypt the password encryption key (pekList) stored in the target Active Directory database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NewKey, New, NewSysKey">
<maml:name>NewBootKey</maml:name>
<maml:Description>
<maml:para>Specifies the new boot key (AKA system key) that will be used to re-encrypt the password encryption key (pekList) stored in the target Active Directory database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="OldKey, Old, OldSysKey">
<maml:name>OldBootKey</maml:name>
<maml:Description>
<maml:para>Specifies the current boot key (AKA system key) that will be used to decrypt the password encryption key (pekList) stored in the target Active Directory database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Set-ADDBBootKey -DatabasePath 'C:\Backup\Active Directory\ntds.dit' `
-LogPath 'C:\Backup\Active Directory' `
-OldBootKey 610bc29e6f62ca7004e9872cd51a0116 `
-NewBootKey 6ffec6b70dc863db1906a5507c0576ee</dev:code>
<dev:remarks>
<maml:para>Re-encrypts the ntds.dit file with a new boot key.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBBootKey.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-BootKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>New-ADDBRestoreFromMediaScript</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-ADDBDomainController</command:name>
<command:verb>Set</command:verb>
<command:noun>ADDBDomainController</command:noun>
<maml:description>
<maml:para>Writes information about the DC to a ntds.dit file, including the highest committed USN and database epoch.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The Set-ADDBDomainController cmdlet can be used to simulate USN rollbacks, USN depletion, and database file restore operations. This cmdlet should only be used in lab environments.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-ADDBDomainController</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Expiration, Expire">
<maml:name>BackupExpiration</maml:name>
<maml:Description>
<maml:para>Specifies the database backup expiration time.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue>
<dev:type>
<maml:name>DateTime</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Confirms that you understand the implications of using this cmdlet and still want to use it.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBDomainController</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DSAEpoch">
<maml:name>Epoch</maml:name>
<maml:Description>
<maml:para>Specifies the database epoch which must be consistent with the information in the registry.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Confirms that you understand the implications of using this cmdlet and still want to use it.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBDomainController</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Confirms that you understand the implications of using this cmdlet and still want to use it.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="USN">
<maml:name>HighestCommittedUsn</maml:name>
<maml:Description>
<maml:para>Specifies the highest committed USN for the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int64</command:parameterValue>
<dev:type>
<maml:name>Int64</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Expiration, Expire">
<maml:name>BackupExpiration</maml:name>
<maml:Description>
<maml:para>Specifies the database backup expiration time.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue>
<dev:type>
<maml:name>DateTime</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="DSAEpoch">
<maml:name>Epoch</maml:name>
<maml:Description>
<maml:para>Specifies the database epoch which must be consistent with the information in the registry.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Confirms that you understand the implications of using this cmdlet and still want to use it.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="USN">
<maml:name>HighestCommittedUsn</maml:name>
<maml:Description>
<maml:para>Specifies the highest committed USN for the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int64</command:parameterValue>
<dev:type>
<maml:name>Int64</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> $currentEpoch = Get-ItemPropertyValue -Path 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters' -Name 'DSA Database Epoch'
PS C:\> Set-ADDBDomainController -DatabasePath .\ntds.dit -Epoch $currentEpoch -Force</dev:code>
<dev:remarks>
<maml:para>Copies the database epoch from registry to the ntds.dit file.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> Set-ADDBDomainController -DatabasePath .\ntds.dit -HighestCommittedUsn 9223372036854775800 -Force</dev:code>
<dev:remarks>
<maml:para>Modifies the highest committed USN of the AD database. This might be helpful when trying to simulate USN rollbacks and USN depletion.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBDomainController.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBDomainController</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBBootKey</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-ADDBPrimaryGroup</command:name>
<command:verb>Set</command:verb>
<command:noun>ADDBPrimaryGroup</command:noun>
<maml:description>
<maml:para>Modifies the primaryGroupId attribute of an object in a ntds.dit file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Modifies the primaryGroupId attribute of an account in a ntds.dit file. The most relevant group relative identifiers (RIDs) include 512 for Domain Admins , 513 for Domain Users , and 519 for Schema Admins .</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-ADDBPrimaryGroup</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId">
<maml:name>PrimaryGroupId</maml:name>
<maml:Description>
<maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBPrimaryGroup</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId">
<maml:name>PrimaryGroupId</maml:name>
<maml:Description>
<maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBPrimaryGroup</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId">
<maml:name>PrimaryGroupId</maml:name>
<maml:Description>
<maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-ADDBPrimaryGroup</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId">
<maml:name>PrimaryGroupId</maml:name>
<maml:Description>
<maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Database, DBPath, DatabaseFilePath, DBFilePath">
<maml:name>DatabasePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a domain database, for instance, C:\Windows\NTDS\ntds.dit.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="dn">
<maml:name>DistinguishedName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Guid">
<maml:name>ObjectGuid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="Sid">
<maml:name>ObjectSid</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="gid, Group, PrimaryGroup, GroupId">
<maml:name>PrimaryGroupId</maml:name>
<maml:Description>
<maml:para>Specifies the new primary group relative identifier (RID) that will be written to the database.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Int32</command:parameterValue>
<dev:type>
<maml:name>Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="Login, sam">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies the identifier of an object on which to perform this operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SkipMeta, NoMetaUpdate, NoMeta, SkipObjMeta, NoObjMeta, SkipMetaDataUpdate, NoMetaDataUpdate">
<maml:name>SkipMetaUpdate</maml:name>
<maml:Description>
<maml:para>Indicates that the replication metadata of the affected object should not be updated.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Int32</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Guid</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Set-ADDBPrimaryGroup -SamAccountName John `
-PrimaryGroupId 512 `
-DatabasePath 'D:\Windows\NTDS\ntds.dit'</dev:code>
<dev:remarks>
<maml:para>Moves the account John from the default Domain Users group to Domain Admins .</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBPrimaryGroup.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Add-ADDBSidHistory</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-AzureADUserEx</command:name>
<command:verb>Set</command:verb>
<command:noun>AzureADUserEx</command:noun>
<maml:description>
<maml:para>Registers new or revokes existing FIDO and NGC keys in Azure Active Directory.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The Set-AzureADUserEx cmdlet uses an undocumented Azure AD Graph API endpoint to modify the normally hidden searchableDeviceKeys attribute of user accounts. This attribute holds different types of key credentials, including the FIDO2 and NGC keys that are used by Windows Hello for Business.</maml:para>
<maml:para>This cmdlet also enables Global Admins to selectively revoke security keys registered by other users. This is a unique feature, as Microsoft only supports self-service FIDO2 security key registration and revocation (at least at the time of publishing this cmdlet).</maml:para>
<maml:para>This cmdlet is not intended to replace the Set-AzureADUser cmdlet from Microsoft's AzureAD module. Authentication fully relies on the official Connect-AzureAD cmdlet.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-AzureADUserEx</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token">
<maml:name>AccessToken</maml:name>
<maml:Description>
<maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SearchableDeviceKey, KeyCredentialLink">
<maml:name>KeyCredential</maml:name>
<maml:Description>
<maml:para>Specifies a list of key credentials (typically FIDO2 and NGC keys) that can be used by the target user for authentication.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">KeyCredential[]</command:parameterValue>
<dev:type>
<maml:name>KeyCredential[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Identity, Id, UserId, ObjectGuid">
<maml:name>ObjectId</maml:name>
<maml:Description>
<maml:para>Specifies the identity of a user in Azure AD.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant">
<maml:name>TenantId</maml:name>
<maml:Description>
<maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-AzureADUserEx</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token">
<maml:name>AccessToken</maml:name>
<maml:Description>
<maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SearchableDeviceKey, KeyCredentialLink">
<maml:name>KeyCredential</maml:name>
<maml:Description>
<maml:para>Specifies a list of key credentials (typically FIDO2 and NGC keys) that can be used by the target user for authentication.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">KeyCredential[]</command:parameterValue>
<dev:type>
<maml:name>KeyCredential[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant">
<maml:name>TenantId</maml:name>
<maml:Description>
<maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UPN, UserName">
<maml:name>UserPrincipalName</maml:name>
<maml:Description>
<maml:para>Specifies the UPN of a user in Azure AD.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Token">
<maml:name>AccessToken</maml:name>
<maml:Description>
<maml:para>Specifies the access token retrieved by the Connect-AzureAD cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SearchableDeviceKey, KeyCredentialLink">
<maml:name>KeyCredential</maml:name>
<maml:Description>
<maml:para>Specifies a list of key credentials (typically FIDO2 and NGC keys) that can be used by the target user for authentication.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">KeyCredential[]</command:parameterValue>
<dev:type>
<maml:name>KeyCredential[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Identity, Id, UserId, ObjectGuid">
<maml:name>ObjectId</maml:name>
<maml:Description>
<maml:para>Specifies the identity of a user in Azure AD.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Tenant">
<maml:name>TenantId</maml:name>
<maml:Description>
<maml:para>Specifies the Azure AD tenant to perform the search in. If not specified, the tenant of the authenticated user will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UPN, UserName">
<maml:name>UserPrincipalName</maml:name>
<maml:Description>
<maml:para>Specifies the UPN of a user in Azure AD.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Install-Module -Name AzureAD,DSInternals -Force
PS C:\> Connect-AzureAD
PS C:\> $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
PS C:\> Set-AzureADUserEx -UserPrincipalName '[email protected]' -KeyCredential @() -Token $token</dev:code>
<dev:remarks>
<maml:para>Revokes all FIDO2 security keys and NGC keys (Windows Hello for Business) that were previously registered by the specified user. Typical use case includes stolen devices and other security incidents.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> $user = Get-AzureADUserEx -UserPrincipalName '[email protected]' -AccessToken $token
PS C:\> $newCreds = $user.KeyCredentials | where { $PSItem.FidoKeyMaterial.DisplayName -notlike '*YubiKey*' }
PS C:\> Set-AzureADUserEx -UserPrincipalName '[email protected]' -KeyCredential $newCreds -Token $token</dev:code>
<dev:remarks>
<maml:para>Selectively revokes a specific FIDO2 security key based on its display name. Typical use case is a stolen/lost security key.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Get-AzureADUserEx</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADKeyCredential</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-LsaPolicyInformation</command:name>
<command:verb>Set</command:verb>
<command:noun>LsaPolicyInformation</command:noun>
<maml:description>
<maml:para>Configures AD-related Local Security Authority Policies of the local computer or a remote one.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Configures AD-related Local Security Authority (LSA) Policies of the local or a remote computer. This functionality is helpful when restoring Active Directory domain controllers (DC) from IFM backups. Note that running this command against a DC with parameters that do not match the information stored in its local AD database might prevent the target DC from booting ever again.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-LsaPolicyInformation</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName">
<maml:name>ComputerName</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
<maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DnsDomainName</maml:name>
<maml:Description>
<maml:para>Specifies the DNS name of the primary domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DnsForestName</maml:name>
<maml:Description>
<maml:para>Specifies the DNS forest name of the primary domain. This is the DNS name of the domain at the root of the enterprise.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DomainGuid</maml:name>
<maml:Description>
<maml:para>Specifies the GUID of the primary domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NetBIOSDomainName, Workgroup">
<maml:name>DomainName</maml:name>
<maml:Description>
<maml:para>Specifies the name of the primary domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DomainSid</maml:name>
<maml:Description>
<maml:para>Specifies the SID of the primary domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="Server, ServerName, Computer, Machine, MachineName, System, SystemName">
<maml:name>ComputerName</maml:name>
<maml:Description>
<maml:para>Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.</maml:para>
<maml:para>The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DnsDomainName</maml:name>
<maml:Description>
<maml:para>Specifies the DNS name of the primary domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DnsForestName</maml:name>
<maml:Description>
<maml:para>Specifies the DNS forest name of the primary domain. This is the DNS name of the domain at the root of the enterprise.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DomainGuid</maml:name>
<maml:Description>
<maml:para>Specifies the GUID of the primary domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Guid</command:parameterValue>
<dev:type>
<maml:name>Guid</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="NetBIOSDomainName, Workgroup">
<maml:name>DomainName</maml:name>
<maml:Description>
<maml:para>Specifies the name of the primary domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>DomainSid</maml:name>
<maml:Description>
<maml:para>Specifies the SID of the primary domain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Set-LsaPolicyInformation -DomainName 'ADATUM' `
-DnsDomainName 'Adatum.com' `
-DnsForestName 'Adatum.com' `
-DomainGuid 279b615e-ae79-4c86-a61a-50f687b9f7b8 `
-DomainSid S-1-5-21-1817670852-3242289776-1304069626</dev:code>
<dev:remarks>
<maml:para>Configures AD-related LSA Policy Information of the local computer.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-LsaPolicyInformation.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>New-ADDBRestoreFromMediaScript</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-SamAccountPasswordHash</command:name>
<command:verb>Set</command:verb>
<command:noun>SamAccountPasswordHash</command:noun>
<maml:description>
<maml:para>Sets NT and LM hashes of an Active Directory or local account through the MS-SAMR protocol.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>Sets NT and LM password hashes of a user account in a local or remote Security Account Manager (SAM) or Active Directory (AD) database through the SAM Remote Protocol (MS-SAMR). Note that kerberos AES and DES ekeys of the target account are cleared by this command.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-SamAccountPasswordHash</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies the user account credentials to be used to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the target NetBIOS domain name the target account belongs to.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>LMHash</maml:name>
<maml:Description>
<maml:para>Specifies a new LM password hash value in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Specifies a new NT password hash value in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies user's login.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the name of a SAM server.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>localhost</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-SamAccountPasswordHash</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies the user account credentials to be used to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>LMHash</maml:name>
<maml:Description>
<maml:para>Specifies a new LM password hash value in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Specifies a new NT password hash value in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the name of a SAM server.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>localhost</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>Sid</maml:name>
<maml:Description>
<maml:para>Specifies user SID.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies the user account credentials to be used to perform this task. The default credentials are the credentials of the currently logged on user.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue>
<dev:type>
<maml:name>PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>Domain</maml:name>
<maml:Description>
<maml:para>Specifies the target NetBIOS domain name the target account belongs to.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>LMHash</maml:name>
<maml:Description>
<maml:para>Specifies a new LM password hash value in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>NTHash</maml:name>
<maml:Description>
<maml:para>Specifies a new NT password hash value in hexadecimal format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue>
<dev:type>
<maml:name>Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>SamAccountName</maml:name>
<maml:Description>
<maml:para>Specifies user's login.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ComputerName, Computer">
<maml:name>Server</maml:name>
<maml:Description>
<maml:para>Specifies the name of a SAM server.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>localhost</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>Sid</maml:name>
<maml:Description>
<maml:para>Specifies user SID.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">SecurityIdentifier</command:parameterValue>
<dev:type>
<maml:name>SecurityIdentifier</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Security.Principal.SecurityIdentifier</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
<command:inputType>
<dev:type>
<maml:name>System.Byte[]</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Set-SamAccountPasswordHash -SamAccountName 'john' `
-Domain CONTOSO `
-NTHash ac5d3227c79791b451eb28fcd9efbfb2 `
-Server 'lon-dc1.contoso.com'</dev:code>
<dev:remarks>
<maml:para>Resets the NT password hash of the target Active Directory account through the MS-SAMR protocol.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-SamAccountPasswordHash.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ADDBAccountPasswordHash</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Test-PasswordQuality</command:name>
<command:verb>Test</command:verb>
<command:noun>PasswordQuality</command:noun>
<maml:description>
<maml:para>Performs AD audit, including checks for weak, duplicate, default and empty passwords. Accepts input from the Get-ADReplAccount and Get-ADDBAccount cmdlets.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The Test-PasswordQuality cmdlet is a simple tool for Active Directory password auditing. It can detect weak, duplicate, default, non-expiring or empty passwords and find accounts that are violating security best practices. The cmdlet accepts output of the Get-ADDBAccount and Get-ADReplAccount cmdlets, so both offline (ntds.dit) and online (DCSync) password analysis can be done.</maml:para>
<maml:para>Lists of leaked passwords that can be obtained from HaveIBeenPwned are fully supported. Be sure to download the list that is marked as "NTLM (ordered by hash)" and extract the archive to your HDD.</maml:para>
<maml:para>Although the cmdlet output is formatted in a human readable fashion, it is still an object, whose properties can be accessed separately (e.g. $result.WeakPassword) to produce a desired output. When scripted, it can be used to audit Active Directory passwords on a regular basis.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Test-PasswordQuality</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="ADAccount, DSAccount">
<maml:name>Account</maml:name>
<maml:Description>
<maml:para>Active Directory account to check. The accounts are typically piped in from the Get-ADDBAccount and Get-ADReplAccount cmdlets.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DSAccount</command:parameterValue>
<dev:type>
<maml:name>DSAccount</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeDisabledAccounts</maml:name>
<maml:Description>
<maml:para>Process even accounts that are disabled. Such accounts are skipped otherwise.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>SkipDuplicatePasswordTest</maml:name>
<maml:Description>
<maml:para>Do not compare account hashes with each other.</maml:para>
</maml:Description>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>WeakPasswordHashesFile</maml:name>
<maml:Description>
<maml:para>Path to a file that contains NT hashes of weak passwords, one hash in HEX format per line. For performance reasons, the -WeakPasswordHashesSortedFile parameter should be used instead.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>WeakPasswordHashesSortedFile</maml:name>
<maml:Description>
<maml:para>Path to a file that contains NT hashes of weak passwords, one hash in HEX format per line. The hashes must be sorted alphabetically, because a binary search is performed. This parameter is typically used with a list of leaked password hashes from HaveIBeenPwned.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>WeakPasswords</maml:name>
<maml:Description>
<maml:para>List of passwords that are considered weak, e.g. Password123 or April2019. If more than a handful passwords are to be tested, the WeakPasswordsFile parameter should be used instead.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>WeakPasswordsFile</maml:name>
<maml:Description>
<maml:para>Path to a file that contains weak passwords, one password per line.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="ADAccount, DSAccount">
<maml:name>Account</maml:name>
<maml:Description>
<maml:para>Active Directory account to check. The accounts are typically piped in from the Get-ADDBAccount and Get-ADReplAccount cmdlets.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">DSAccount</command:parameterValue>
<dev:type>
<maml:name>DSAccount</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeDisabledAccounts</maml:name>
<maml:Description>
<maml:para>Process even accounts that are disabled. Such accounts are skipped otherwise.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>SkipDuplicatePasswordTest</maml:name>
<maml:Description>
<maml:para>Do not compare account hashes with each other.</maml:para>
</maml:Description>
<command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>WeakPasswordHashesFile</maml:name>
<maml:Description>
<maml:para>Path to a file that contains NT hashes of weak passwords, one hash in HEX format per line. For performance reasons, the -WeakPasswordHashesSortedFile parameter should be used instead.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>WeakPasswordHashesSortedFile</maml:name>
<maml:Description>
<maml:para>Path to a file that contains NT hashes of weak passwords, one hash in HEX format per line. The hashes must be sorted alphabetically, because a binary search is performed. This parameter is typically used with a list of leaked password hashes from HaveIBeenPwned.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>WeakPasswords</maml:name>
<maml:Description>
<maml:para>List of passwords that are considered weak, e.g. Password123 or April2019. If more than a handful passwords are to be tested, the WeakPasswordsFile parameter should be used instead.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String[]</command:parameterValue>
<dev:type>
<maml:name>String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>WeakPasswordsFile</maml:name>
<maml:Description>
<maml:para>Path to a file that contains weak passwords, one password per line.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">String</command:parameterValue>
<dev:type>
<maml:name>String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>DSInternals.Common.Data.DSAccount</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>DSInternals.PowerShell.PasswordQualityTestResult</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBAccount -All -DatabasePath ntds.dit -BootKey acdba64a3929261b04e5270c3ef973cf |
Test-PasswordQuality -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt
<# Sample Output:
Active Directory Password Quality Report
----------------------------------------
Passwords of these accounts are stored using reversible encryption:
CONTOSO\smith
CONTOSO\doe
LM hashes of passwords of these accounts are present:
CONTOSO\hodge
These accounts have no password set:
CONTOSO\test01
CONTOSO\test02
Passwords of these accounts have been found in the dictionary:
CONTOSO\Administrator
These groups of accounts have the same passwords:
Group 1:
CONTOSO\graham
CONTOSO\graham_admin
Group 2:
CONTOSO\admin
CONTOSO\sql_svc01
These computer accounts have default passwords:
CONTOSO\DESKTOP27$
Kerberos AES keys are missing from these accounts:
CONTOSO\sql_svc01
Kerberos pre-authentication is not required for these accounts:
CONTOSO\jboss
Only DES encryption is allowed to be used with these accounts:
CONTOSO\sql_svc01
These accounts are susceptible to the Kerberoasting attack:
CONTOSO\Administrator
CONTOSO\sp_svc01
CONTOSO\sql_svc02
These administrative accounts are allowed to be delegated to a service:
CONTOSO\AdatumAdmin
CONTOSO\Administrator
Passwords of these accounts will never expire:
CONTOSO\admin
CONTOSO\sql_svc01
These accounts are not required to have a password:
CONTOSO\gonzales
These accounts that require smart card authentication have a password:
CONTOSO\smithj
CONTOSO\jonesp
#></dev:code>
<dev:remarks>
<maml:para>Performs an offline credential hygiene audit of AD database against HIBP.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>PS C:\> $results = Get-ADReplAccount -All -Server LON-DC1 |
Test-PasswordQuality -WeakPasswords 'Pa$$w0rd','April2019' `
-WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt</dev:code>
<dev:remarks>
<maml:para>Performs an online credential hygiene audit of AD against HIBP + a custom wordlist.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>PS C:\> $pwnedUsers = $accounts |
Test-PasswordQuality -WeakPasswordsFile rockyou.txt -SkipDuplicatePasswordTest |
Select-Object -ExpandProperty WeakPassword</dev:code>
<dev:remarks>
<maml:para>Performs a dictionary attack against a set of accounts. The Test-PasswordQuality cmdlet always returns structured data.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 4 --------------------------</maml:title>
<dev:code>PS C:\> Get-ADDBAccount -All -DatabasePath ntds.dit -BootKey $key |
where DistinguishedName -like '*OU=Employees,DC=contoso,DC=com' |
Test-PasswordQuality -IncludeDisabledAccounts -WeakPasswordHashesSortedFile pwned-passwords-ntlm-ordered-by-hash-v5.txt</dev:code>
<dev:remarks>
<maml:para>Performs an offline credential hygiene audit of a selected OU from AD database against HIBP.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 5 --------------------------</maml:title>
<dev:code>PS C:\> $contosoAccounts = Get-ADReplAccount -All -Server LON-DC1.contoso.com
PS C:\> $adatumAccounts = Get-ADReplAccount -All -Server NYC-DC1.adatum.com -Credential (Get-Credential)
PS C:\> $contosoAccounts + $adatumAccounts | Test-PasswordQuality
<# Sample Output (Partial):
These groups of accounts have the same passwords:
Group 1:
ADATUM\smith
ADATUM\doe
Group 2:
ADATUM\Administrator
ADATUM\joe_admin
CONTOSO\Administrator
CONTOSO\joe_admin
#></dev:code>
<dev:remarks>
<maml:para>Performs a cross-forest duplicate password discovery. Any number of Get-ADReplAccount and Get-ADDBAccount cmdlet outputs can be combined together, as long as the computer has enough memory.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Test-PasswordQuality.md</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADDBAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ADReplAccount</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
</helpItems>
md5: 1903184B752A31F224B0E6C8EAFB3BF1 | sha1: 879AEF89CACCBFC578720DCDD15FDCA270661A8D | sha256: 29E0BEA840A562C5AC6048001034901F74347BF50ABC34C21E23D6E446431ED6 | sha512: 8F80F6DA8AD5EDA21568936A473A4FFDB869D4EEC3FD127D05ACF50A7DC45032EE4B99825EF71E5A925795F1C6F47B05BA8A1660383CF3D5EC6086D4F317766A
#
# Module manifest for module 'DSInternals'
#
@{
# Script module file associated with this manifest.
RootModule = 'DSInternals.Bootstrap.psm1'
# Version number of this module.
ModuleVersion = '4.10'
# Supported PSEditions
# CompatiblePSEditions = 'Desktop'
# ID used to uniquely identify this module
GUID = '766b3ad8-eb78-48e6-84bd-61b31d96b53e'
# Author of this module
Author = 'Michael Grafnetter'
# Company or vendor of this module
CompanyName = 'DSInternals'
# Copyright statement for this module
Copyright = '(c) 2015-2023 Michael Grafnetter. All rights reserved.'
# Description of the functionality provided by this module
Description = @"
The DSInternals PowerShell Module exposes several internal features of Active Directory and Azure Active Directory. These include FIDO2 and NGC key auditing, offline ntds.dit file manipulation, password auditing, DC recovery from IFM backups and password hash calculation.
DISCLAIMER: Features exposed through this module are not supported by Microsoft and it is therefore not intended to be used in production environments. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.
"@
# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '3.0'
# Minimum version of Microsoft .NET Framework required by this module
DotNetFrameworkVersion = '4.7.2' # This requirement is not enforced by older versions of PS.
# Minimum version of the common language runtime (CLR) required by this module
CLRVersion = '4.0.30319.42000' # Corresponds to .NET Framework 4.6 and later
# Processor architecture (None, X86, Amd64, ARM64) required by this module
ProcessorArchitecture = 'None'
# Type files (.ps1xml) to be loaded when importing this module
TypesToProcess = @('DSInternals.types.ps1xml')
# Format files (.ps1xml) to be loaded when importing this module
FormatsToProcess = 'Views\DSInternals.AzureADUser.format.ps1xml',
'Views\DSInternals.Hash.format.ps1xml',
'Views\DSInternals.RoamedCredential.format.ps1xml',
'Views\DSInternals.Kerberos.format.ps1xml',
'Views\DSInternals.KeyCredential.format.ps1xml',
'Views\DSInternals.FidoKeyMaterial.format.ps1xml',
'Views\DSInternals.DSAccount.format.ps1xml',
'Views\DSInternals.DSAccount.ExportViews.format.ps1xml',
'Views\DSInternals.PasswordQualityTestResult.format.ps1xml',
'Views\DSInternals.KdsRootKey.format.ps1xml',
'Views\DSInternals.SamDomainPasswordInformation.format.ps1xml',
'Views\DSInternals.LsaPolicyInformation.format.ps1xml'
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
NestedModules = @('DSInternals.PowerShell.dll')
# Functions to export from this module
FunctionsToExport = @()
# Cmdlets to export from this module
CmdletsToExport = 'ConvertTo-NTHash', 'ConvertTo-LMHash', 'Set-SamAccountPasswordHash',
'ConvertFrom-UnicodePassword', 'ConvertTo-UnicodePassword',
'ConvertTo-OrgIdHash', 'ConvertFrom-GPPrefPassword',
'ConvertTo-GPPrefPassword', 'Add-ADDBSidHistory',
'Set-ADDBPrimaryGroup', 'Get-ADDBDomainController',
'Set-ADDBDomainController', 'Get-ADDBSchemaAttribute',
'Remove-ADDBObject', 'Get-ADDBAccount', 'Get-BootKey',
'Get-ADReplAccount', 'ConvertTo-Hex', 'ConvertTo-KerberosKey',
'ConvertFrom-ADManagedPasswordBlob',
'Get-ADDBBackupKey', 'Get-ADReplBackupKey', 'Save-DPAPIBlob',
'Set-ADDBBootKey', 'Test-PasswordQuality',
'Get-ADDBKdsRootKey', 'Get-SamPasswordPolicy', 'Get-ADSIAccount',
'Enable-ADDBAccount', 'Disable-ADDBAccount', 'Get-ADKeyCredential',
'Set-ADDBAccountPassword', 'Set-ADDBAccountPasswordHash', 'Get-LsaPolicyInformation',
'Set-LSAPolicyInformation', 'New-ADDBRestoreFromMediaScript','Get-LsaBackupKey',
'Add-ADReplNgcKey', 'Get-AzureADUserEx', 'Set-AzureADUserEx'
# Variables to export from this module
VariablesToExport = @()
# Aliases to export from this module
AliasesToExport = 'Set-WinUserPasswordHash', 'Set-ADAccountPasswordHash',
'ConvertFrom-UnattendXmlPassword', 'ConvertTo-AADHash',
'ConvertTo-MsoPasswordHash', 'Get-ADReplicationAccount',
'ConvertFrom-ManagedPasswordBlob', 'Get-SysKey', 'Set-ADDBSysKey',
'New-NTHashSet', 'Test-ADPasswordQuality',
'Test-ADDBPasswordQuality', 'Test-ADReplPasswordQuality',
'Get-ADPasswordPolicy', 'Get-ADDefaultPasswordPolicy', 'Get-KeyCredential',
'Get-KeyCredentialLink', 'Get-ADKeyCredentialLink', 'Get-LsaPolicy',
'Set-LsaPolicy', 'Get-SystemKey', 'Write-ADReplNgcKey', 'Write-ADNgcKey',
'Add-ADNgcKey', 'New-ADKeyCredential', 'New-ADKeyCredentialLink',
'New-ADNgcKey'
# List of assemblies that must be loaded prior to importing this module
RequiredAssemblies = @('DSInternals.Common.dll')
# List of all files packaged with this module
FileList = 'AutoMapper.dll',
'CBOR.dll',
'DSInternals.DataStore.dll',
'DSInternals.Replication.dll',
'DSInternals.Replication.Model.dll',
'DSInternals.SAM.dll',
'Esent.Interop.dll',
'Esent.Isam.dll',
'License.txt',
'NDceRpc.Microsoft.dll',
'Newtonsoft.Json.dll',
'Numbers.dll',
'amd64\DSInternals.Replication.Interop.dll',
'arm64\DSInternals.Replication.Interop.dll',
'x86\DSInternals.Replication.Interop.dll',
'en-US\about_DSInternals.help.txt',
'en-US\DSInternals.PowerShell.dll-Help.xml'
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
Tags = 'ActiveDirectory', 'AzureAD', 'Security', 'SAM', 'LSA', 'PSModule', 'Windows', 'FIDO', 'NTDS'
# A URL to the license for this module.
LicenseUri = 'https://github.com/MichaelGrafnetter/DSInternals/blob/master/Src/DSInternals.PowerShell/License.txt'
# A URL to the main website for this project.
ProjectUri = 'https://github.com/MichaelGrafnetter/DSInternals'
# A URL to an icon representing this module.
IconUri = 'https://raw.githubusercontent.com/MichaelGrafnetter/DSInternals/master/Src/Icons/module_black.png'
# ReleaseNotes of this module
ReleaseNotes = @"
- The Test-PasswordQuality cmdlet now checks if a user's password is equal to their SamAccountName attribute.
- Added support for the ARM64 platform (tested on Windows Dev Kit 2023 / Project Volterra).
- Fixed a rare security descriptor parsing issue.
- Parallel reading of multiple databases is now supported.
"@
} # End of PSData hashtable
} # End of PrivateData hashtable
}
md5: 058DD0C165C6DEA6BB9BBC2AE7B45EE9 | sha1: 21C80EE60D72543EBF338D17C2674B929D09CAF3 | sha256: 50E0C445AC2A0176724B4FB58F378B95A658F6509B19044028AC36ACB90B20DF | sha512: 58AD66C7CC042F0A08A1BCE9162C0FB03035F3448F67CAE8E108AD5E3B9DDBA57E8958F651C162EB45631AA5163B3FA639B9A8884E59AE242ADAB5689A40D56A
md5: FC4B71B71B3DD323D54E7B1314492865 | sha1: F9C59EBF826157B6D61FE0701D866C3854810D5C | sha256: 26D151FD9A6FFF90CEC8A13162F5BDCD60C3DD769E6BE0773BC99059F048871F | sha512: 4934E03F65FD60802A57083F2DC7D29C35971C39739D8F26EE4A013B57E1348882C2475678AA3FE9EC69A7CB4643E2BB5BF7C3A070FF8BE5F0E173240E43BADD
md5: 0F891A43F9109DE5605EA33CA7A5FF15 | sha1: EE1018A5DBE5504C2FB6B9401A94B513AEF61302 | sha256: 6F2B7AFA4BBB00D326693FB4CD18506C736936D74AEB2DBA7F8BB1CC156BF4CB | sha512: A7871DA469AF02FE6B79DE74526E9DA577781F269224502FCB62068F914917428940CC5F9EA65DE2E085072C8933A82FB9AA7AD215E599984F58A61A4AC290EA
md5: B161C6BA19C15341FD61B9253E8B7D8D | sha1: 7145A51A170EB4CD7A17FA459212750FB94B5AC1 | sha256: 41A6C961781497B40549A627F608C76CEF951105BC9959696B2AC396A77D069B | sha512: 66FD3B26F4E5DD50D549ED059E5DD28CCBD1C004331B44BA78CA9BC88E09CDF974A2E9091FDB5CAAEEB907B516AC7FE7CC500BC223BF793F3D69E0E1F64E6FB3
md5: 49E10814F6A9C17F2E1D225E5C9D7BCD | sha1: BF17F9759A3F95B9E53983F312F7682E94FD27F0 | sha256: 7FDD56BEA3D8898921E581806660786CF46D9FA382C2203B7DCE71B4682BBA1D | sha512: E1B2460347520BF93C9756FC42C3474D47CC0B4C68F5A067BE595DFAD9037263EE2DD6DF6A9891A7880C41B0C685BF6E7846DDE133B9078644F3E16590C25B1C
The binary distribution of the DSInternals PowerShell Module contains the following software products:
-------------------------------------------
DSInternals PowerShell Module and Framework
-------------------------------------------
(License updated on 3/17/2020 from https://raw.githubusercontent.com/MichaelGrafnetter/DSInternals/master/LICENSE.md.)
The MIT License (MIT)
Copyright (c) 2015-2023 Michael Grafnetter
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
---------------------
ESENT Managed Interop
---------------------
(License updated on 7/7/2019 from https://raw.githubusercontent.com/microsoft/ManagedEsent/master/LICENSE.md.)
The MIT License (MIT)
Copyright (c) Microsoft Corporation
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
----------
AutoMapper
----------
(License updated on 7/7/2019 from https://raw.githubusercontent.com/AutoMapper/AutoMapper/master/LICENSE.txt.)
The MIT License (MIT)
Copyright (c) 2010 Jimmy Bogard
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
----------------------------------------------------------------------
NDceRpc (.NET Distributed Computing Environment Remote Procedure Call)
----------------------------------------------------------------------
(License updated on 7/7/2019 from https://raw.githubusercontent.com/OpenSharp/NDceRpc/master/license.txt.)
CC0 1.0 Universal (CC0 1.0) Public Domain Dedication
http://creativecommons.org/publicdomain/zero/1.0/
Other codes, if any used, are under MIT, CPOL, BSD, Apache, MS-PL.
----------
PBKDF2.NET
----------
(License updated on 7/7/2019 from https://raw.githubusercontent.com/therealmagicmike/PBKDF2.NET/master/License.txt.)
Copyright (c) 2013 Michael Johnson
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
-------------
Bouncy Castle
-------------
(License updated on 7/7/2019 from https://raw.githubusercontent.com/bcgit/bc-csharp/master/crypto/License.html.)
Copyright (c) 2000-2019 The Legion of the Bouncy Castle Inc.
(https://www.bouncycastle.org)
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"), to deal in the
Software without restriction, including without limitation the rights to use, copy, modify, merge,
publish, distribute, sub license, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS",
WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO
EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
--------
Json.NET
--------
(License updated on 7/7/2019 from https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/master/LICENSE.md.)
The MIT License (MIT)
Copyright (c) 2007 James Newton-King
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
---------------------
Peter O. CBOR Library
---------------------
(License updated on 7/7/2019 from https://raw.githubusercontent.com/peteroupc/CBOR/master/LICENSE.md.)
Written by Peter O. in 2013-2015. In the public domain.
Public domain dedication: [http://creativecommons.org/publicdomain/zero/1.0/](http://creativecommons.org/publicdomain/zero/1.0/)
md5: 38616DDB22D15C169FD3479F9CF3F828 | sha1: FD2ED612BAB7AD10FFE66A18A7E4CEC99309F36E | sha256: 0EB0EFD4AE9066BF66E1831C6BB357FA707E8320B88407979F7BF52CC02D5425 | sha512: B14B1F75BBEDB1C3A6308A25FAB02489B11395985C05808BBA5CBF4CD5A8D6D1D98FF066ABDE9C1B6BBF15C4C42D99ECFED7056E7267C9B22A02A57921F3EF73
md5: 715A1FBEE4665E99E859EDA667FE8034 | sha1: E13C6E4210043C4976DCDC447EA2B32854F70CC6 | sha256: C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E | sha512: BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
md5: 39D370F850D234CF73DA822A7F2121BD | sha1: 379960EF969DEF2B0A563C829BE3F413B52F49F5 | sha256: CF57674E763AD6F47F330AD21B2B663616AF053D6C5072540DD99879261FC6D3 | sha512: 17F15A4C972DFE83DF07D321295C7C312D38569FE2DB19B45DF84C11890133B3542924343BB5B2838ADB2CEE1FEA47B3D214B6EA4C5801DF02B30C947F7E9CF6
md5: B4C9E325DFD7E3CD5D1D068473FD6DDC | sha1: A96CAE4C332D0CCC51F373C3E7C32BC6255F9F57 | sha256: 2554378D5CEE28990F6220600615CE43BF77C2187C44AC09C9CC44A1B2B30028 | sha512: 150025B0A82C359A43A0AF298512A296D2E7397F50CEFE06CA2E355222A52BACFC5AC7F402D4376B2F467DA1C7BAB5C703C52F3B4C157FD8270D8BDD06F8285A
md5: 05771C0BF6024498C02D069666460CE4 | sha1: 266EAB11D6A914FA569D80C022AE3237D9261F12 | sha256: 4AF95B595A96A0099683596834BD5C2CAE7D6FF0A705817B82C4C23C66D43AF0 | sha512: 347902BE19A13886A232178FA330CE30887E586BC01B90FFD1F010A7D33E2ED79EDE4938B16D97E3BAEAF03542702D5DAE175BE97BF77C449937362FEF14C982
md5: 37DCBBA718886E5C24703B1268CE10B9 | sha1: 441738A1EA802C266CB0A84789ACE62E40010335 | sha256: 968BBD2A36B04CC5795C6FC99AFE85E4D294FF9C28032CE0E870463827181799 | sha512: 00AB4CFE4B5BB989F2931CC8928982819A99DF027B118C731957FC84C58CC8D636687FF39CF90DAC313E3FE7C7738A4899FBA98EBAB5B6ED4CBFA372B0EB2561
md5: A62A22C33ED01A2CF362D3890FFA70E1 | sha1: EA3F55D92CDCB788876D689D394EC3225B1D222C | sha256: 003DA4807ACDC912E67EDBA49BE574DAA5238BB7ACFF871D8666D16F8072FF89 | sha512: 7DA909A6C5DC26631FEC8A382D5CB677D3AABF5B5C4E98B545C120685F879ADCEF8CC98E7BF74D37F7FC24B0F18999780D70AA28061F50ADF6B28F19CE06930A
md5: 81B11024A8ED0C9ADFD5FBF6916B133C | sha1: C87F446D9655BA2F6FDDD33014C75DC783941C33 | sha256: EB6A3A491EFCC911F9DFF457D42FED85C4C170139414470EA951B0DAFE352829 | sha512: E4B1C694CB028FA960D750FA6A202BC3A477673B097B2A9E0991219B9891B5F879AA13AA741F73ACD41EB23FEEE58E3DD6032821A23E9090ECD9CC2C3EC826A1
md5: 4585A96CC4EEF6AAFD5E27EA09147DC6 | sha1: 489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB | sha256: A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736 | sha512: D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
md5: 7E668AB8A78BD0118B94978D154C85BC | sha1: DBAC42A02A8D50639805174AFD21D45F3C56E3A0 | sha256: E4B533A94E02C574780E4B333FCF0889F65ED00D39E32C0FBBDA2116F185873F | sha512: 72BB41DB17256141B06E2EAEB8FC65AD4ABDB65E4B5F604C82B9E7E7F60050734137D602E0F853F1A38201515655B6982F2761EE0FA77C531AA58591C95F0032
Log in or click on link to see number of positives.
- NDceRpc.Microsoft.dll (0eb0efd4ae90) - ## / 70
- AutoMapper.dll (0a2e8408c053) - ## / 70
- CBOR.dll (442add0037ff) - ## / 71
- Newtonsoft.Json.dll (c5c83bbc1741) - ## / 70
- Numbers.dll (cf57674e763a) - ## / 70
- msvcp140.dll (003da4807acd) - ## / 71
- VCRUNTIME140.dll (a8f950b4357e) - ## / 67
- VCRUNTIME140_1.dll (e4b533a94e02) - ## / 67
- msvcp140.dll (968bbd2a36b0) - ## / 70
- vcruntime140.dll (eb6a3a491efc) - ## / 71
- dsinternals-psmodule.4.10.0.nupkg (04861d2a7aa2) - ## / 65
- DSInternals.Common.dll (6d578f59467d) - ## / 70
- DSInternals.DataStore.dll (11f7d777493d) - ## / 69
- DSInternals.PowerShell.dll (29e0bea840a5) - ## / 70
- DSInternals.Replication.dll (50e0c445ac2a) - ## / 70
- DSInternals.Replication.Model.dll (26d151fd9a6f) - ## / 70
- DSInternals.SAM.dll (6f2b7afa4bbb) - ## / 70
- Esent.Interop.dll (41a6c9617814) - ## / 70
- Esent.Isam.dll (7fdd56bea3d8) - ## / 70
- DSInternals.Replication.Interop.dll (4af95b595a96) - ## / 69
- DSInternals.Replication.Interop.dll (aa8fe57f3949) - ## / 69
- msvcp140.dll (ae29faccaeb2) - ## / 70
- vcruntime140.dll (751ec49ba459) - ## / 69
- vcruntime140_1.dll (f979846e7636) - ## / 67
- DSInternals.Replication.Interop.dll (2554378d5cee) - ## / 70
In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).
Chocolatey Pro provides runtime protection from possible malware.
Add to Builder | Version | Downloads | Last Updated | Status |
---|---|---|---|---|
DSInternals PowerShell Module 4.14.0 | 4425 | Saturday, April 13, 2024 | Approved | |
DSInternals PowerShell Module 4.13.0 | 894 | Wednesday, December 20, 2023 | Approved | |
DSInternals PowerShell Module 4.12.0 | 629 | Friday, October 6, 2023 | Approved | |
DSInternals PowerShell Module 4.11.0 | 239 | Sunday, October 1, 2023 | Approved | |
DSInternals PowerShell Module 4.10.0 | 512 | Saturday, September 16, 2023 | Approved | |
DSInternals PowerShell Module 4.9 | 3843 | Saturday, February 25, 2023 | Approved | |
DSInternals PowerShell Module 4.8 | 2300 | Tuesday, December 6, 2022 | Approved | |
DSInternals PowerShell Module 4.7 | 9025 | Saturday, October 30, 2021 | Approved | |
DSInternals PowerShell Module 4.6 | 536 | Tuesday, October 19, 2021 | Approved | |
DSInternals PowerShell Module 4.5 | 378 | Wednesday, October 13, 2021 | Approved | |
DSInternals PowerShell Module 4.4.1 | 9264 | Saturday, July 18, 2020 | Approved | |
DSInternals PowerShell Module 4.4 | 815 | Friday, July 3, 2020 | Approved | |
DSInternals PowerShell Module 4.3 | 3496 | Thursday, April 2, 2020 | Approved | |
DSInternals PowerShell Module 4.2 | 863 | Wednesday, March 18, 2020 | Approved | |
DSInternals PowerShell Module 4.1 | 1030 | Thursday, December 12, 2019 | Approved | |
DSInternals PowerShell Module 4.0 | 320 | Wednesday, December 4, 2019 | Approved | |
DSInternals PowerShell Module 3.6.1 | 301 | Saturday, August 10, 2019 | Approved | |
DSInternals PowerShell Module 3.6 | 285 | Thursday, June 27, 2019 | Approved | |
DSInternals PowerShell Module 3.5.1 | 324 | Thursday, May 23, 2019 | Approved | |
DSInternals PowerShell Module 3.5 | 276 | Sunday, May 12, 2019 | Approved | |
DSInternals (Install) 3.3 | 232 | Sunday, March 31, 2019 | Approved | |
DSInternals (Install) 3.1 | 236 | Wednesday, January 2, 2019 | Approved | |
DSInternals (Install) 2.23 | 274 | Wednesday, August 29, 2018 | Approved | |
DSInternals (Install) 2.22 | 1635 | Friday, February 2, 2018 | Approved |
(c) 2015-2023 Michael Grafnetter. All rights reserved.
- The Test-PasswordQuality cmdlet now checks if a user's password is equal to their SamAccountName attribute.
- Added support for the ARM64 platform (tested on Windows Dev Kit 2023 / Project Volterra).
- Fixed a rare security descriptor parsing issue.
- Parallel reading of multiple databases is now supported.
-
- powershell (≥ 3.0.20121027)
- kb2999226 (≥ 1.0.20181019)
- dotnetfx (≥ 4.7.2)
Ground Rules:
- This discussion is only about DSInternals PowerShell Module and the DSInternals PowerShell Module package. If you have feedback for Chocolatey, please contact the Google Group.
- This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
- The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
- Tell us what you love about the package or DSInternals PowerShell Module, or tell us what needs improvement.
- Share your experiences with the package, or extra configuration or gotchas that you've found.
- If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.