๐Secure Bits๐ก
Do you know ๐๐ต๐ฎ๐ ๐๐ฑ๐บ๐ถ๐ป๐ฆ๐๐๐ผ๐น๐ฑ๐ฒ๐ฟ ๐ถ๐ย ?
If you are responsible for Active Directory, you should know this crucial component.
The purpose of this component is to provide a permission template for privileged accounts and groups. As you can also see in the picture, privileged users and groups have the same ACL as AdminSDHolder container.
๐๐ผ๐ ๐ฑ๐ผ๐ฒ๐ ๐ถ๐ ๐๐ผ๐ฟ๐ธ ?
There is a process of AdminSDHolder, that runs every 60 minutes (can be changed) and it compares the permissions on the protected accounts and groups with the container. If they do not match, process resets them.
It is important to monitor AdminSDHolder container, as it can be abused to gain permissions over your privileged accounts and groups, without actually being member of any privileged group. As you can see in the example, Badguy can basically become a highly privileged account at any time.
There are other important things about AdminSDHolder, but I will separate it into more posts. 1/2
๐๐ผ๐น๐น๐ผ๐ ๐๐ for more insights and free courses.
