我想了解如何在获得其他域名的信任的情况下获取其信息?
外汇:- a.com 信任 b.com 并且 b.com 信任 a.com 并且我危害了 a.com 那么我是否可以从 a.com 检索有关 b.com 的信息?
如果可能的话关键要求是什么?
我试过了Get-NetGroupMember "Domain Admins" -Domain Other.domain
,但我只得到了本地域的成员。
注意:- 我正在使用 PowerView。
答案1
如果域信任已建立,则 a.com 中经过身份验证的用户可以查询有关 b.com 的 AD 信息,例如域管理员组中的成员身份。此 VBScript 演示了这一点:
' VBScript group membership program.
'
' ----------------------------------------------------------------------
' Portions from sample code provided by Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
Option Explicit
Const adUseClient = 3
Dim oConnection, oCommand, sQuery, oResults
Dim sAdsPath, oGroup
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOObject"
oConnection.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConnection
sQuery = "<LDAP://b.com>;(&(ObjectCategory=group)(cn=Domain Admins));DistinguishedName;subtree"
oCommand.CommandText = sQuery
oCommand.Properties("Page Size") = 1000
oCommand.Properties("Timeout") = 30
oCommand.Properties("Cache Results") = False
Set oResults = CreateObject("ADODB.Recordset")
oResults.CursorLocation = adUseClient
oResults.Sort = "distinguishedname"
Set oResults = oCommand.Execute
If oResults.EOF Then
Wscript.Echo "Not found"
Wscript.Quit
End If
Do Until oResults.EOF
sAdsPath = oResults.Fields("DistinguishedName")
Set oGroup = GetObject("LDAP://" & sAdsPath)
wScript.Echo
Wscript.Echo oGroup.sAMAccountName
Call GetMembers(oGroup,1)
oResults.MoveNext
Loop
wScript.echo
' Clean up.
If (IsObject(oConnection) = True) Then
oConnection.Close
Set oCommand = Nothing
Set oConnection = Nothing
End If
Sub GetMembers(oObject,n)
Dim oMember
For Each oMember In oObject.Members
Wscript.Echo "Member: " & oMember.cn
Next
End Sub