Etki Alanı Denetimleri için Windows Komut Satırı İşlemleri

0
87
views
Etki alanı denetimleri sırasında bir Windows işletim sisteminde ve etki alanı denetleyicisinde (DC) komut satırı ile bazı kontrollerin yapılması gerekebilmektedir. Bu yazıda, etki alanı denetimlerinde Windows komut satırında çalıştırılabilecek temel komutlar çeşitli başlıklar altında incelenecektir.

 

Denetimler için farklı bir etki alanı (SIRKET / sirket.local) ve etki alanı denetleticisi üzerinde (DC01.sirket.local) kontroller yapılacaksa, bu etki alanındaki kimlik bilgileri (Denetci & Dd123456) ile kontrol yapılması gerekir. Kullanılabilecek örnek komut aşağıdaki gibidir.

$KullaniciAdi = “Sirket\Denetci”
$Parola = ConvertTo-SecureString Dd123456 -AsPlainText -force
$KimlikBilgisi = New-Object System.Management.Automation.PSCredential -ArgumentList $KullaniciAdi, $Parola
Get-ADUser -Credential $KimlikBilgisi -Server DC01.sirket.local -Filter * -Properties * | sort-object -property name | Format-Table -Property Name, SamAccountName, Enabled, PasswordLastSet, Description -AutoSize –Wrap

 

Nesneleri Filtreleme

([adsisearcher]'(OperatingSystem=Windows Server 20*)’).FindAll() | ForEach { $_.Properties }

 

Hesap Denetimleri

  • Get-ADUser -Filter * -Properties “LastLogonDate” | sort-object -property lastlogondate -descending | Format-Table -property name, lastlogondate -AutoSize
  • Get-ADUser -Filter ‘PasswordNeverExpires -eq $true’ -Server DCMakinesi | select name
  • Search-ADAccount -PasswordNeverExpires -UsersOnly | FT Name,ObjectClass -A
  • Get-ADUser -filter {(Description -notlike “Service*”) -and (Enabled -eq “True”) -and (PasswordNeverExpires -eq “True”)} -properties *) | select samaccountname,description
  • dsquery user -samid SIRKETGalip.Tekinli | dsget user -office -desc -display > Galip.TekinliBilgileri.txt
  • dsquery * domainroot -limit 800 -filter “(&(objectClass=user) (userAccountControl>=65536))” -attr sAMAccountName userPrincipalName userAccountControl -d sirket.local
  • dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0
  • Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 90 | ?{$_.enabled -eq $True} | where {$ _.ObjectClass -eq ‘user’}
  • dsquery user “OU=Kullanicilar,DC=sirket,DC=local” -disabled -limit 0 | dsget user -samid > DevreDisiKalmisHesaplar.txt
  • Search-ADaccount AccountDisabled UsersOnly > DevreDisiKalmisHesaplar.txt
  • Search-ADaccount AccountInactive Timespan (New-TimeSpan Days 180) UsersOnly > AktifOlmayanHesaplar.txt
  • Get-ADUser -Properties EmailAddress, DisplayName, Name, sn, lastlogondate, passwordlastset -Filter * | Select EmailAddress, Name, lastlogondate, passwordlastset
  • $AyAdedi = (Get-Date).AddMonths(-6)
    Search-ADAccount -accountinactive -usersonly -datetime “$AyAdedi”
  • dsquery user “OU=Kullanicilar,dc=sirket,dc=local” -stalepwd 60 > 60GundurParolasiniDegistirmeyenHesaplar.txt
  • dsquery user “OU=Kullanicilar,dc=sirket,dc=local” -inactive 4 | dsmod user -disabled yes > 4HaftadirAktifOlmayanHesaplar.txt
  • wmic useraccount where PasswordExpires=’False’ get Name, FullName, Domain, Lockout, Disabled, PasswordChangeable, PasswordExpires, PasswordRequired, SID, Status

 

Grup Denetimleri

  • Get-ADGroup -Filter {GroupCategory -eq ‘Security’} | ?{@(Get-ADGroupMember $_).Length -eq 0} | select DistinguishedName > BosGruplar
  • Get-ADGroupMember -Identity “Domain Admins” -Recursive | select samaccountname,name

 

Bilgisayar Denetimleri

  • Get-ADComputer -Filter {OperatingSystem -Like “Windows Server*2008*”} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
  • Get-ADComputer -filter * -Properties * | where{$_.lastlogondate -lt (get-date).adddays(-30)} > 30GundurOturumAcilmamisBilgisayarlar
  • Get-ADComputer -Filter * -Property * | Select-Object Name,IPv4Address,Enabled,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion,Created,LastLogonDate,SID,GUID
  • Get-ADComputer Filter {OperatingSystem -Like *2003* -or OperatingSystem -Like *XP*} Property *

 

OU Denetimi

Get-ADOrganizationalUnit -Filter * -Property * | Select-Object DistinguishedName , Name, ProtectedFromAccidentalDeletion, CanonicalName,SID,GUID

Get-ADOrganizationalUnit -Filter * | Where-Object {-not ( Get-ADObject -Filter * -SearchBase $_.Distinguishedname -SearchScope OneLevel -ResultSetSize 1 )} > BosOUListesi

 

Güven İlişkileri

[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().GetAllTrustRelationships()

[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().GetAllTrustRelationships()

Get-ADObject -Filter {objectClass -eq “trustedDomain”} -Properties TrustPartner,TrustDirection,trustType,trustAttributes

 

LAPS Mevcudiyeti

Get-ADObject CN=ms-Mcs-AdmPwd,CN=Schema,CN=Configuration,$((Get-ADDomain).DistinguishedName) ErrorAction Stop | Out-Null

 

Parola Politikası

Get-ADDefaultDomainPasswordPolicy

Get-ADFineGrainedPasswordPolicy Filter *

 

Grup İlkeleri

Get-GPOReport -All -ReportType HTML -Path TumGrupIlkeleriListesi.html

Get-ADObject -Identity (Get-ADDomain).distinguishedName -Properties name, distinguishedName, gPLink, gPOptions | Select-Object name, distinguishedName, gPLink, gPOptions, @{name=’Depth’;expression={0}} > EtkiAlani-GPO-EslesmeListesi

Get-ADOrganizationalUnit -Filter * -Properties name, distinguishedName, gPLink, gPOptions | Select-Object name, distinguishedName, gPLink, gPOptions, @{name=’Depth’;expression={($_.distinguishedName -split ‘OU=’).count – 1}} > OU-GPO-EslesmeListesi

Get-GPO -All | Select-Object Path, DisplayName, GPOStatus, WMIFilter | Format-Table -autosize > OU-GPO-EslesmeListesi

Get-ADObject -LDAPFilter ‘(objectClass=site)’ -SearchBase “CN=Sites,$((Get-ADRootDSE).configurationNamingContext)” -SearchScope OneLevel -Properties name, distinguishedName, gPLink, gPOptions | Select-Object name, distinguishedName, gPLink, gPOptions, @{name=’Depth’;expression={0}} > Site-GPO-EslesmeListesi

 

Önemli Özellikler

  • adminCount
  • badPwdCount
  • comment
  • description
  • lastLogon
  • msDS-AllowedToDelegateTo
  • objectSid
  • pwdLastSet
  • sIDHistory
  • title
  • userAccountControl

 

 

CEVAP VER

Yorumunuzu giriniz
İsminizi giriniz