ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
Method 2: Windows "net" Command<br />
a. Open a Command Prompt window (“Start”, “Run…”, “cmd.exe”).<br />
b. Enter “net group "domain controllers"”.<br />
c. Each domain controller will be listed as a member of the OU.<br />
Notes: This method assumes that domain controller computers are members of the Domain<br />
Controllers OU. This is the default AD configuration and Microsoft recommends strongly<br />
against changing it.<br />
Method 3: Windows Server 2003 "dsquery" command<br />
a. Open a Command Prompt window (“Start”, “Run…”, “cmd.exe”).<br />
b. Enter “dsquery server”<br />
c. The distinguished name of each domain controller will be listed.<br />
Method 4: Windows Support Tools "netdom" command<br />
a. Open a Command Prompt window (“Start”, “Run…”, “cmd.exe”).<br />
b. Enter “netdom query dc”<br />
c. The host name for each domain controller will be listed.<br />
D.1.2 Determining “Immediate” Domain Structure<br />
The following are methods to determine the name of the “current” domain and the forest root<br />
domain. The “current” domain is the AD domain to which the logged-on user has been<br />
authenticated. Information is obtained by querying the AD database on the domain controller.<br />
Method 1: Microsoft Management Console<br />
a. Start the Active Directory Users and Computers console (“Start”, “Run…”, “dsa.msc”).<br />
b. By default the current domain will be listed in the left pane.<br />
c. Start the Active Directory Domains and Trusts console (“Start”, “Run…”, “domain.msc”).<br />
d. The left pane will contain an icon for each domain that represents the root of an item in the<br />
AD hierarchy. Expand each node in the left pane to locate the domain name obtained from<br />
the Active Directory Users and Computers console. This will display the relationship of the<br />
current domain to its root domain.<br />
Method 2: Script<br />
a. Create a script file (optionally named dir\AD_List_DomNames.vbs) with the following<br />
contents:<br />
'List AD Domain Names - "Current" \ Forest Root<br />
'<br />
Option Explicit<br />
Dim strAD_objdata<br />
Dim objRootDSE<br />
Dim strDefNC, strRootNC<br />
Dim strdnsHostName<br />
Dim strCurrDom, strRootDom<br />
'<br />
UNCLASSIFIED<br />
D-2