8 Posts

SSH with Duo MFA and Active Directory

August 30, 2017 0 Comments duo, mfa, ubuntu, active-directory

Duo has thorough documentation for adding MFA to your SSH sessions, but there are a couple additional steps needed to also integrate with Active Directory. This post will go through the installation for both Duo and Active Directory for Ubuntu 16.04. For other Linux distros, the Duo documentation linked above has you covered.

System components:

  • Ubuntu 16.04 server

Active Directory Powershell

August 04, 2017 0 Comments powershell, active-directory, windows

Using this page to keep track of all the useful powershell "mini-scripts" I've used:

Copy users from one security group to another security group

Add-ADGroupMember -Identity destination-group-name -Members (Get-ADGroupMember -Identity source-group-name -Recursive)

Add enabled users from an OU to a security group

Get-ADUser -SearchBase 'OU=Your-OU,DC=corp,DC=company,DC=com' -Filter {Enabled -eq $true} | ForEach-Object {Add-ADGroupMember

Windows SSL Certificate Installation

December 01, 2015 0 Comments windows, active-directory

The Digicert cert utility for Windows make the process so much easier:

To generate the CSR:

To install the Cert:

For LDAPS on a domain controller, I did not have to import the cert file into the AD DS personal store.

Active Directory Health Check

July 22, 2015 0 Comments active-directory, windows

Migrated a DC and wanted to do some basic AD health checks.

From the cmd prompt (domain joined pc with sufficient privileges or on the DC):

Replication Info:

repadmin /replsummary
repadmin /showrepl

Query FSMO role holders, which should confirm that they are online:

netdom query fsmo

General Server Diagnosis:

dcdiag /a /s:<DC server name>

If you want

Active Directory Delegating Permissions

September 30, 2014 0 Comments active-directory

I needed to delegate permissions to helpdesk (instead of making them domain admins) to create and modify users, and modify group membership.  This is slightly different from some of the built in permission groups, since we didn't want helpdesk to delete users.  Permissions are delegated at the OU level, and remember that permissions are pushed down and inherited.

This is

Palo Alto Firewall AD Group Mapping

September 29, 2014 0 Comments palo alto networks, active-directory

These commands will help troubleshoot and resolve issues with Active Directory groups on your PAN firewall.

1. Shows every AD group added to the PAN firewall:

show user group list

2. Shows the user and IP address mapping (or specific user):

show user ip-user-mapping all

3. Gives more detailed statistics of the command above:

show user group-mapping state all