May 2019
Intermediate to advanced
620 pages
21h 41m
English
Content preview from Active Directory Administration Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How it works...
Each Active Directory domain in a multi-domain environment has its own KRBTGT account used by all fully-writable domain controllers. Each read-only domain controller has its own KRBTGT_* account.
The password hash for the KRBTGT account is used as the secret to encrypt all Kerberos tickets.
The password for KRBTGT is set during the creation of an Active Directory domain. Microsoft only automatically reset the secret on the KRBTGT account for Active Directory domains when the Domain Functional Level was upgraded to Windows Server 2008.
A malicious person would not just be able to read all Kerberos authentication traffic. When a malicious person wants to attain a foothold in an Active Directory, the most common way to do so ...