Solved

Extracting Active Directory information without login into Domain

Posted on 2011-09-22
5
206 Views
Last Modified: 2012-05-12
Hi,

We are setting up a new network with  Windows Server 2008 and about 10 PCs. They have an existing network which we are migrating over. The existing network has two Widows server 2003 servers, however as they are leased from old IT company, they are not giving us admin access so we can't even see AD.

We have been given a user that has admin rights we are told and we are able to log into application server, but only the actual server, we cannot log into the domain from the server.

What I want to know is information such as their existing security groups that exist.

What is the best things I could do to extra as much information as possible.

Note that they do not have Exchange installed on these servers. They used and will continue to use hosted exchange.
Thanks in advnace
0
Comment
Question by:afflik1923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 36581465
You can try tools like adinfo   http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html  or adfind to query the AD with that admin account.  By default a normal user has read access to most of AD.

Thanks

Mike
0
 
LVL 40

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 36581510
If you have a Domain User account, and a local admin account on one of the servers connected to the network, you should be able to install the Windows 2003 Resource Kit http://www.microsoft.com/download/en/details.aspx?id=17657 to get a view of Active Directory. You would only need read access to AD to get the information you need, which is granted to all users by default, unless they've changed things, you should be able to get what you need to by doing that.
0
 
LVL 2

Expert Comment

by:temores
ID: 36586806
Use DSQUERY (from the 2003 reource kit)

"dsquery group -limit 0" will list all your groups in AD.
0
 
LVL 2

Expert Comment

by:satishpeta
ID: 36591109
Check this tool, even this can be used by a domain account. Also, this gives information about group membership. This is all in one tool:

http://www.systemtools.com/hyena/

0
 

Author Closing Comment

by:afflik1923
ID: 36938302
Thanks for all the info. In the end got the information from the previous administrators but this was all very useful
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question