DSInternals

3.0

The DSInternals PowerShell Module exposes several internal features of Active Directory.

DISCLAIMER: Features exposed through this module are not supported by Microsoft and it is therefore not intended to be used in production environments. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.

Minimum PowerShell version

3.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name DSInternals

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Michael Grafnetter

Copyright

(c) 2015-2018 Michael Grafnetter. All rights reserved.

Owners

Tags

ActiveDirectory Security

Cmdlets

ConvertTo-NTHash ConvertTo-LMHash Set-SamAccountPasswordHash ConvertFrom-UnicodePassword ConvertTo-UnicodePassword ConvertTo-OrgIdHash ConvertFrom-GPPrefPassword ConvertTo-GPPrefPassword Add-ADDBSidHistory Set-ADDBPrimaryGroup Get-ADDBDomainController Set-ADDBDomainController Get-ADDBSchemaAttribute Remove-ADDBObject Get-ADDBAccount Get-BootKey Get-ADReplAccount ConvertTo-Hex ConvertTo-KerberosKey ConvertFrom-ADManagedPasswordBlob Get-ADDBBackupKey Get-ADReplBackupKey Save-DPAPIBlob Set-ADDBBootKey Test-PasswordQuality Get-ADDBKdsRootKey Get-SamPasswordPolicy Get-ADSIAccount Enable-ADDBAccount Disable-ADDBAccount Get-ADKeyCredential Set-ADDBAccountPassword Set-ADDBAccountPasswordHash

Dependencies

This module has no dependencies.

Release Notes

- Added the Set-ADDBAccountPassword and Set-ADDBAccountPasswordHash for offline password modification.
- The Test-PasswordQuality cmdlet now supports NTLM hash list from haveibeenpwned.com.
- Added the Get-ADKeyCredential for linked credential generation (AKA Windows Hello for Business).
- The Get-ADDBAccount, Get-ADReplAccount and Get-ADSIAccount cmdlets now display linked credentials.
- Databases from Windows Server 2016 can now be read on non-DCs.
- Added the ConvertTo-KerberosKey cmdlet for key generation.
- The Save-DPAPIBlob now generates scripts for mimikatz.
- The Save-DPAPIBlob cmdlet now accepts pipeline input from both Get-ADDBBackupKey and ADDBAccount cmdlets.
- Added Views JohnNTHistory, HashcatNTHistory and NTHashHistory.
- The Get-ADDBDomainController cmdlet now displays domain and forest functional levels.
- The Set-ADDBDomainController cmdlet can now be used to modify backup expiration.
- The Get-ADDBAccount cmdlet now reports progress when retrieving multiple accounts.

Version History

Version Downloads Last updated
3.0 (current version) 562 9/29/2018
2.23 1,287 7/7/2018
2.22 4,907 5/1/2017
2.21.2 113 4/19/2017
2.21.1 47 4/14/2017
2.21 230 3/25/2017
2.20 1,637 11/15/2016
2.19 259 10/21/2016
2.18 171 10/2/2016
2.17 124 9/16/2016
2.16.1 291 8/8/2016
2.16 27 8/7/2016
2.15 252 6/18/2016
2.14 216 4/30/2016
2.13.1 229 2/25/2016
2.13 42 2/21/2016
2.12 62 2/7/2016
2.11.1 28 2/3/2016
2.10 74 1/14/2016
2.9 49 12/27/2015
2.8 156 10/20/2015
2.7 99 9/30/2015
2.6 33 9/21/2015
2.5 38 9/14/2015
2.4 22 9/5/2015