Archive

Posts Tagged ‘AD’

ATA: Recorded security eventlog events

To enhance detection capabilities, ATA needs the following Windows events: 4776, 4732, 4733, 4728, 4729, 4756, 4757

https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection

For ATA versions 1.8 and higher, event collection configuration is no longer necessary for ATA Lightweight Gateways. The ATA Lightweight Gateway can now read events locally, without the need to configure event forwarding.

 

ATA Auditing (AuditPol, Advanced Audit Settings Enforcement, Lightweight Gateway Service discovery):

https://blogs.technet.microsoft.com/positivesecurity/2017/08/18/ata-auditing-auditpol-advanced-audit-settings-enforcement-lightweight-gateway-service-discovery/

Active Directory Powershell: Quick tip LastLogonTimeStamp and pwdLastSet

Advanced AAD Connect Permissions Configuration

AD: Scripting Tips & Tricks: RegEx for OU Name & Path

AD: SAMBA, NTLM SSP, and A Gap in Enterprise Configuration Control

AADConnect – Multi Forest Synchronisation Planning

Exchange: Create a Dynamic Distribution Group

https://technet.microsoft.com/en-us/library/bb123722(EXCHG.140).aspx

Configure Dynamic Distribution Group Properties:

https://technet.microsoft.com/en-us/library/bb124560(v=exchg.140).aspx

New-DynamicDistributionGroup -IncludedRecipients MailboxUsers -Name "Mailbox Users DDG" -OrganizationalUnit Users

View Members of a Dynamic Distribution Group:

https://technet.microsoft.com/en-us/library/bb232019(v=exchg.140).aspx

$MarketingDepartment = Get-DynamicDistributionGroup -Identity "Marketing Department" Get-Recipient -RecipientPreviewFilter $MarketingDepartment.RecipientFilter

Get-DynamicDistributionGroup:

https://technet.microsoft.com/en-us/library/bb124762(v=exchg.140).aspx