filmov
tv
Potential Trouble with LDAP Looms with the March 2020 Patch
Показать описание
Potential Trouble with LDAP Looms with the March 2020 Patch
LDAP has been a problem for some time in Windows Active Directory. Microsoft delayed the latest patch for it until March. If you haven't started looking at this, there is not much time. You can evaluate and mitigate your affected clients before the patch comes out. This video will get you started with understanding the current state of your supported and patched clients, servers and domain controllers. See what will happen next. Are you ready?
References:
Sway Presentation:
Bonus script
import-module activedirectory
$out = "ldapserver,timegenerated,withoutsigning,simplebinds"
$out
$forest = get-adforest
$ErrorActionPreference = "SilentlyContinue"
$dcs = (Get-ADdomain -server $domain).ReplicaDirectoryServers
$dcs = $dcs + (Get-ADdomain -server $server).ReadOnlyReplicaDirectoryServers
$dcs = $dcs | sort-object
foreach($dc in $dcs){
$dc
$events = ""
$events = get-eventlog -logname "Directory Service" -computername $dc -newest 7 -instanceid 2147486535
foreach($event in $events){
$withoutsigning = "";$simplebinds = ""
$message = $message -split "\r\n"
$withoutsigning = $message[$upper]
$withoutsigning = $withoutsigning.Substring($withoutsigning.IndexOf(":")+1)
#$withoutsigning
$simplebinds = $message[$upper-2]
$simplebinds = $simplebinds.Substring($simplebinds.IndexOf(":")+1)
#$simplebinds
$out
}#Each event
}#Each DC
}#Each domain
LDAP has been a problem for some time in Windows Active Directory. Microsoft delayed the latest patch for it until March. If you haven't started looking at this, there is not much time. You can evaluate and mitigate your affected clients before the patch comes out. This video will get you started with understanding the current state of your supported and patched clients, servers and domain controllers. See what will happen next. Are you ready?
References:
Sway Presentation:
Bonus script
import-module activedirectory
$out = "ldapserver,timegenerated,withoutsigning,simplebinds"
$out
$forest = get-adforest
$ErrorActionPreference = "SilentlyContinue"
$dcs = (Get-ADdomain -server $domain).ReplicaDirectoryServers
$dcs = $dcs + (Get-ADdomain -server $server).ReadOnlyReplicaDirectoryServers
$dcs = $dcs | sort-object
foreach($dc in $dcs){
$dc
$events = ""
$events = get-eventlog -logname "Directory Service" -computername $dc -newest 7 -instanceid 2147486535
foreach($event in $events){
$withoutsigning = "";$simplebinds = ""
$message = $message -split "\r\n"
$withoutsigning = $message[$upper]
$withoutsigning = $withoutsigning.Substring($withoutsigning.IndexOf(":")+1)
#$withoutsigning
$simplebinds = $message[$upper-2]
$simplebinds = $simplebinds.Substring($simplebinds.IndexOf(":")+1)
#$simplebinds
$out
}#Each event
}#Each DC
}#Each domain
Комментарии