如何获取活动目录中其他域的信息?

如何获取活动目录中其他域的信息?

我想了解如何在获得其他域名的信任的情况下获取其信息?

外汇:- a.com 信任 b.com 并且 b.com 信任 a.com 并且我危害了 a.com 那么我是否可以从 a.com 检索有关 b.com 的信息?

如果可能的话关键要求是什么?

我试过了Get-NetGroupMember "Domain Admins" -Domain Other.domain,但我只得到了本地域的成员。

注意:- 我正在使用 PowerView。

答案1

如果域信任已建立,则 a.com 中经过身份验证的用户可以查询有关 b.com 的 AD 信息,例如域管理员组中的成员身份。此 VBScript 演示了这一点:

' VBScript group membership program.
'
' ----------------------------------------------------------------------
' Portions from sample code provided by Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net

Option Explicit 
Const adUseClient = 3

Dim oConnection, oCommand, sQuery, oResults 
Dim sAdsPath, oGroup 

Set oConnection = CreateObject("ADODB.Connection") 
Set oCommand = CreateObject("ADODB.Command") 
oConnection.Provider = "ADsDSOObject" 
oConnection.Open "Active Directory Provider" 
Set oCommand.ActiveConnection = oConnection 

sQuery = "<LDAP://b.com>;(&(ObjectCategory=group)(cn=Domain Admins));DistinguishedName;subtree" 

oCommand.CommandText = sQuery 
oCommand.Properties("Page Size") = 1000 
oCommand.Properties("Timeout") = 30 
oCommand.Properties("Cache Results") = False 

Set oResults = CreateObject("ADODB.Recordset")
oResults.CursorLocation = adUseClient
oResults.Sort = "distinguishedname"
Set oResults = oCommand.Execute 

If oResults.EOF Then 
  Wscript.Echo "Not found" 
  Wscript.Quit 
End If 

Do Until oResults.EOF 
  sAdsPath = oResults.Fields("DistinguishedName") 
  Set oGroup = GetObject("LDAP://" & sAdsPath) 
  wScript.Echo
  Wscript.Echo oGroup.sAMAccountName 
  Call GetMembers(oGroup,1) 
  oResults.MoveNext 
Loop 
wScript.echo

' Clean up.
If (IsObject(oConnection) = True) Then
    oConnection.Close
    Set oCommand = Nothing
    Set oConnection = Nothing
End If

Sub GetMembers(oObject,n) 
  Dim oMember
  For Each oMember In oObject.Members 
    Wscript.Echo "Member: " & oMember.cn
  Next 
End Sub 

相关内容