Data
Reader small image

You're reading from  Active Directory Administration Cookbook - Second Edition

Product typeBook
Published inJul 2022
PublisherPackt
ISBN-139781803242507
Edition2nd Edition
Concepts
Identity Management
Right arrow
Author (1)
Sander Berkouwer
Sander Berkouwer
author image
Sander Berkouwer

Sander Berkouwer calls himself an Active Directory aficionado; he's done everything with Active Directory and Azure AD, including decommissioning. He has been MCSA, MCSE, and MCITP-certified for ages, an MCT for the past 5 years and a Microsoft Most Valuable Professional (MVP) on Directory Services and Enterprise Mobility for over a decade. Sander is also decorated with Veeam Vanguard and VMware vExpert awards for his international cross-platform knowledge, experience and passion. As the CTO at SCCT, Sander leads a team of architects performing many projects, most of them identity-related, throughout Europe.
Read more about Sander Berkouwer

Right arrow

Decommissioning a compromised read-only domain controller

One of the benefits of deploying read-only domain controllers is their ability to recover quickly from an information security breach.

Since only the passwords for a subset of users are cached on the read-only domain controller when these users signed on through the read-only domain controller and the passwords for really sensitive accounts weren't allowed to be cached on the read-only domain controller, the impact of a stolen read-only domain controller is small, compared to a fully writable domain controller.

How to do it...

To render the read-only domain controller useless to an attacker or thief, perform these steps:

  1. Press Start.
  2. Search for Active Directory Users and Computers and click its corresponding search result, or run dsa.msc. The Active Directory Users and Computers window appears.
  3. In the left navigation pane, expand the domain name.
  4. In the left navigation pane, expand the Domain Controllers OU.
  5. Right-click the compromised read-only domain controller and select Delete:
Figure 2.21 – Deleting a read-only domain controller in Active Directory Users and Computers

Figure 2.21 – Deleting a read-only domain controller in Active Directory Users and Computers

  1. In the Active Directory Domain Services pop-up window, click Yes to answer the Are you sure you want to delete the Computer? question.
  2. On the Deleting Domain Controller screen, select the Reset all passwords for user accounts that were cached on this Read-only Domain Controller option:
Figure 2.22 – The Deleting Domain Controller window

Figure 2.22 – The Deleting Domain Controller window

  1. Since the persons associated with the user accounts will be forced to have their passwords reset by service desk personnel, it's a recommended practice to also check the Export the list of accounts that were cached on this Read-only Domain Controller to this file option and to specify a file. This way, the service desk may proactively approach affected colleagues.
  2. Click Delete.
  3. In the Delete Domain Controller pop-up window, click OK.
  4. In the Delete Domain Controller pop-up window, click Yes to continue with this deletion.

How it works...

Each read-only domain controller caches the hashes of the passwords for users signing in through the read-only domain controller. For this functionality, the read-only domain controller contacts a writable domain controller.

When a user account is denied having its password cached, the password is not cached. For accounts on which the passwords have been cached, the best remedy is to reset these passwords.

Every Kerberos ticket that is given to devices or user accounts is encrypted using the separate krbtgt account for the read-only domain controller. These tickets are bound to the read-only domain controller. When the read-only domain controller is removed from the Active Directory domain, these Kerberos tickets become useless.

Previous Page
Chapter 3 of 18, Page 11
Next Chapter
You have been reading a chapter from
Active Directory Administration Cookbook - Second Edition
Published in: Jul 2022Publisher: PacktISBN-13: 9781803242507
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Sander Berkouwer

Sander Berkouwer calls himself an Active Directory aficionado; he's done everything with Active Directory and Azure AD, including decommissioning. He has been MCSA, MCSE, and MCITP-certified for ages, an MCT for the past 5 years and a Microsoft Most Valuable Professional (MVP) on Directory Services and Enterprise Mobility for over a decade. Sander is also decorated with Veeam Vanguard and VMware vExpert awards for his international cross-platform knowledge, experience and passion. As the CTO at SCCT, Sander leads a team of architects performing many projects, most of them identity-related, throughout Europe.
Read more about Sander Berkouwer

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages