en-US/about_DSInternals.help.txt

TOPIC
    about_DSInternals
 
SHORT DESCRIPTION
    The DSInternals PowerShell Module exposes several internal
    and undocumented features of Active Directory.
 
LONG DESCRIPTION
     
    LIST OF CMDLETS
 
    Offline operations with the Active Directory database
 
        Get-ADDBAccount
        ---------------
         
        Reads one or more accounts from a ntds.dit file, including secret attributes.
         
        Get-BootKey
        -----------
         
        Reads the BootKey/SysKey from an offline SYSTEM registry hive.
 
        Set-ADDBBootKey
        ---------------
 
        Re-encrypts a ntds.dit with a new BootKey. Highly experimental!
         
        Get-ADDBBackupKey
        -----------------
 
        Reads the DPAPI backup keys from a ntds.dit file.
 
        Get-ADDBKdsRootKey
        ------------------
 
        Reads KDS Root Keys from a ntds.dit. file. Can be used to aid DPAPI-NG decryption,
        e.g. SID-protected PFX files.
         
        Add-ADDBSidHistory
        ------------------
         
        Adds one or more values to the sIDHistory attribute of an object in a ntds.dit file.
         
        Set-ADDBPrimaryGroup
        --------------------
         
        Modifies the primaryGroupId attribute of an object to a ntds.dit file.
         
        Get-ADDBDomainController
        ------------------------
         
        Reads information about the originating DC from a ntds.dit file,
        including domain name, domain SID, DC name and DC site.
         
        Set-ADDBDomainController
        ------------------------
 
        Writes information about the DC to a ntds.dit file,
        including the highest commited USN and database epoch.
         
        Get-ADDBSchemaAttribute
        -----------------------
         
        Reads AD schema from a ntds.dit file, including datatable column names.
         
        Remove-ADDBObject
        -----------------
         
        Physically removes specified object from a ntds.dit file,
        making it semantically inconsistent. Highly experimental!
     
    Online operations with Active Directory database
         
        Get-ADReplAccount
        -----------------
         
        Reads one or more accounts through the DRSR protocol, including secret attributes.
 
        Get-ADReplBackupKey
        -------------------
         
        Reads the DPAPI backup keys through the DRSR protocol.
         
        Set-SamAccountPasswordHash
        --------------------------
         
        Sets NT and LM hashes of an account through the SAMR protocol.
 
    Hash calculation
         
        ConvertTo-NTHash
        ----------------
         
        Calculates NT hash of a given password.
 
        ConvertTo-NTHashDictionary
        --------------------------
         
        Creates a hash->password dictionary for use with the Test-PasswordQuality cmdlet.
         
        ConvertTo-LMHash
        ----------------
         
        Calculates LM hash of a given password.
         
        ConvertTo-OrgIdHash
        -------------------
         
        Calculates OrgId hash of a given password. Used by Azure Active Directory Sync.
 
    Password decryption
         
        ConvertFrom-GPPrefPassword
        --------------------------
         
        Decodes a password from the format used by Group Policy Preferences.
         
        ConvertTo-GPPrefPassword
        ------------------------
         
        Converts a password to the format used by Group Policy Preferences.
         
        ConvertFrom-UnattendXmlPassword
        -------------------------------
 
        Decodes a password from the format used in unattend.xml files.
         
        ConvertTo-UnicodePassword
        -------------------------
 
        Converts a password to the format used in unattend.xml or *.ldif files.
 
        ConvertFrom-ADManagedPasswordBlob
        ---------------------------------
 
        Decodes the value of the msDS-ManagedPassword attribute of a Group Managed Service Account.
 
    Misc
         
        Test-PasswordQuality
        --------------------
         
        Performs AD audit, including checks for weak, duplicate, default and empty passwords.
         
        Save-DPAPIBlob
        --------------
         
        Saves the output of the Get-ADReplBackupKey and Get-ADDBBackupKey cmdlets to a file.
 
        ConvertTo-Hex
        -------------
         
        Helper cmdlet that converts binary input to hexadecimal string.
 
SEE ALSO
    about_ActiveDirectory