Directory Services Internals (DSInternals) PowerShell Module and Framework
MIT License
Bot releases are hidden (Show)
Published by MichaelGrafnetter 10 months ago
This is a bugfix release. The Set-LsaPolicyInformation cmdlet now generates the UNICODE_STRING structure with the trailing null character, to improve compatibility with NETLOGON. This issue mainly affects the functionality of the New-ADDBRestoreFromMediaScript cmdlet. Thanks, Christoffer Andersson, for reporting this issue. And sorry, Microsoft support escalation engineers, for the trouble this bug has caused.
If you ever restored a DC from an IFM backup using DSInternals, you need to re-run the Set-LsaPolicyInformation cmdlet with the right parameters on that DC.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter about 1 year ago
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter about 1 year ago
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter about 1 year ago
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter over 1 year ago
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter almost 3 years ago
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter about 3 years ago
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter about 3 years ago
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter over 4 years ago
This is a bugfix release. Version 4.4 was missing the vcruntime140_1.dll
file, which prevented the DSInternals.Replication.Interop.dll
file from being loaded.
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Published by MichaelGrafnetter over 4 years ago
The new Set-AzureADUserEx cmdlet enables administrative FIDO2 security key revocation in Azure Active Directory. This allows Global Admins to unregister stolen or lost security keys and thus prevent their potential misuse:
<#
This script will revoke all FIDO2 keys with display name containing "YubiKey"
that were registered by user "[email protected]".
#>
Install-Module -Name AzureAD,DSInternals -Force
Connect-AzureAD
$token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
$user = Get-AzureADUserEx -UserPrincipalName '[email protected]' -AccessToken $token
$newCreds = $user.KeyCredentials | where { $PSItem.FidoKeyMaterial.DisplayName -notlike '*YubiKey*' }
Set-AzureADUserEx -UserPrincipalName '[email protected]' -KeyCredential $newCreds -Token $token
This feature is unique to DSInternals and there is currently no other way of achieving the same goal.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter over 4 years ago
The new Get-AzureADUserEx cmdlet can be used to retrieve FIDO and NGC keys from Azure Active Directory, as the first tool on the market:
PS C:\> Get-AzureADUserEx -All -Token $token |
Where-Object Enabled -eq $true |
Select-Object -ExpandProperty KeyCredentials |
Where-Object Usage -eq FIDO |
Format-Table -View FIDO
<# Sample Output:
DisplayName AAGUID Alg Counter Created Owner
----------- ------ --- ------- ------- -----
YubiKey 5 cb69481e-8ff7-4039-93ec-0a2729a154a8 ES256 25 2019-12-12 [email protected]
Feitian All-In-Pass 12ded745-4bed-47d4-abaa-e713f51d6393 ES256 1398 2020-03-31 [email protected]
eWMB Goldengate G320 87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256 37 2019-08-29 [email protected]
eWBM Goldengate G310 95442b2e-f15e-4def-b270-efb106facb4e ES256 48 2019-08-29 [email protected]
#>
See the Examples section for more details on the usage of this new cmdlet.
Both lastLogon and lastLogonTimestamp user account attributes are now exposed. And the new LastLogonDate property returns whichever of these 2 values is available.
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter over 4 years ago
The Test-PasswordQuality cmdlet now supports cross-domain and cross-forest duplicate password discovery and offline password hash comparison against HaveIBeenPwned:
$contosoAccounts = Get-ADReplAccount -All -Server $env:LOGONSEVER
$adatumCred = Get-Credential -Message 'Admin credentials for the adatum.com domain:'
$adatumAccounts = Get-ADReplAccount -All -Server 'nyc-dc1.adatum.com' -Credential $adatumCred
$contosoAccounts + $adatumAccounts | Test-PasswordQuality -WeakPasswordHashesSortedFile 'pwned-passwords-ntlm-ordered-by-hash-v5.txt'
The output of the previous script might look like this (with some parts omitted):
Active Directory Password Quality Report
----------------------------------------
...
Passwords of these accounts have been found in the dictionary:
ADATUM\larry_admin
CONTOSO\harry
...
These groups of accounts have the same passwords:
Group 1:
ADATUM\smith
ADATUM\srv_sql01
Group 2:
ADATUM\Administrator
ADATUM\joe_admin
CONTOSO\Administrator
CONTOSO\joe_admin
...
The example above uses the MS-DRSR protocol. Similar results can be achieved by using the Get-ADDBAccount cmdlet to read account information directly from a ntds.dit
file.
The Get-ADReplAccount, Get-ADReplBackupKey and Add-ADReplNgcKey cmdlets no longer require the Domain
and NamingContext
parameters to be specified, as their proper values are automatically retrieved from the target DC.
DSInternals is probably the only tool that detects the domain information just by using the MS-DRSR protocol itself.
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available.
Official binary packages are available at NuGet Gallery.
Special thanks goes to @aseigler for his code contribution to this release.
Published by MichaelGrafnetter almost 5 years ago
Features added in this release were presented during the Black Hat Europe 2019 talk called Exploiting Windows Hello for Business.
See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the
Installation Notes before proceeding.
The PowerShell module is also available on Microsoft's PowerShell Gallery.
An official Chocolatey package of the DSInternals PowerShell Module is also available.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter about 6 years ago
Set-ADDBAccountPassword
and Set-ADDBAccountPasswordHash
cmdlets for offline password modification.Test-PasswordQuality
cmdlet now supports NTLM hash list from Have I Been Pwned.Get-ADDBAccount
, Get-ADReplAccount
and Get-ADSIAccount
cmdlets now display Windows Hello for Business credentials.Save-DPAPIBlob
now generates mimikatz scripts for the decryption of roamed credentials.See the Changelog for a more detailed list of new features.
Standalone module for offline installation and for legacy PowerShell versions is attached. See the
Installation Notes before proceeding.
For convenience, the DSInternals PowerShell module is also available on Microsoft's PowerShell Gallery.
Official binary packages are available at NuGet Gallery.
Published by MichaelGrafnetter about 8 years ago
Private preview of this release has been used by Paula Januszkiewicz during her Microsoft Ignite session to decrypt a SID-protected PFX file. Very cool stuff!
For convenience, the DSInternals PowerShell module is also available on Microsoft's PowerShell Gallery.
Official binary packages are available at NuGet Gallery.