Wednesday, June 28, 2017

Security Vulnerability in Azure AD Connect

If you have recently upgraded your DirSync synchronization tool to Azure AD Connect to get your contacts up to Office 365, you will need to do it again.

An exploit in the new Microsoft cloud synchronization tool has just been discovered which allows elevation of permissions.  This exploit allows an attacker to reset the password to an on-premises Active Directory account and gain privileged access such as Domain Admin over a companies domain.

The exploit is in the "Password write back is a component of Azure AD Connect" which needs to be enabled for this exploit to work.

A write-up of this security vulnerability can be found here:

https://technet.microsoft.com/library/security/4033453.aspx?f=255&MSPPError=-2147217396

Luckily most my customers are still using DirSync and are not affected by this vulnerability.

For a comparison between DirSync and Azure AD Connect please see:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-hybrid-identity-design-considerations-tools-comparison

Sunday, June 18, 2017

For Each Line in Text File Do - Batch Script

Below is a simple batch script which takes each line of a text file and lets you use it in a script.  I have provided an example of this below.

I have needed FOR EACH, DO batch scripts numerous times over the years and its always hard to find a good one on the Internet.

@ECHO OFF
For /f %%i in (c:\computerlist.txt) do (
Echo ************************
Echo %%i
Echo ************************
psexec \\%%i -h -u domain\username -p password "\\domain\netlogon\mybatchscript.bat"
)
pause

Very handy during day to day sysadmin tasks!