Solved

Encryption Type question for Windows Active Directory domain

Posted on 2012-03-27
2
1,029 Views
Last Modified: 2012-04-05
I'm working on a domain that has two Windows 2003 domain controllers and one Windows 2008 domain controller. The dev team needs to sync ldap info with another system and they requested SHA or MD5 encryption for this sync.

I discovered that the domain is running on functional level Windows 2000, with two 2003 DC's and one Windows 2008 DC.

SHA is part of AES correct? Since I have a 2008 box, will the domain accept authentication tickets using SHA? Is there a way to check which etypes are currently supported by the DC's?

Thanks
0
Comment
Question by:bvanoc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 37776027
The SHA algorithms existed way before AES(rijndael) I am not understanding the sync using md5/sha/aes etc... I assume you mean the Kerberos tickets the clients each use to talk to the GC's? http://blogs.technet.com/b/instan/archive/2009/10/12/changes-in-default-encryption-type-for-kerberos-pre-authentication-on-vista-and-windows-7-clients-cause-security-audit-events-675-and-680-on-windows-server-2003-dc-s.aspx
The links at the end of that article may also be of some help.
-rich
0
 
LVL 64

Assisted Solution

by:btan
btan earned 250 total points
ID: 37777303
There is some info of the crypto supported in mixed environment.

 http://support.microsoft.com/kb/942564

Also shall is for integrity checks using hash while aesthetically is a form of symmetric encryption For data confidentiality. Typically they go together for kerberos or .sl tis supported in server channel security. This also bring up selective authentication for forest trust
 http://technet.microsoft.com/en-us/library/cc816580(v=ws.10).aspx
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question