Solved

Encryption Type question for Windows Active Directory domain

Posted on 2012-03-27
2
1,020 Views
Last Modified: 2012-04-05
I'm working on a domain that has two Windows 2003 domain controllers and one Windows 2008 domain controller. The dev team needs to sync ldap info with another system and they requested SHA or MD5 encryption for this sync.

I discovered that the domain is running on functional level Windows 2000, with two 2003 DC's and one Windows 2008 DC.

SHA is part of AES correct? Since I have a 2008 box, will the domain accept authentication tickets using SHA? Is there a way to check which etypes are currently supported by the DC's?

Thanks
0
Comment
Question by:bvanoc
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 37776027
The SHA algorithms existed way before AES(rijndael) I am not understanding the sync using md5/sha/aes etc... I assume you mean the Kerberos tickets the clients each use to talk to the GC's? http://blogs.technet.com/b/instan/archive/2009/10/12/changes-in-default-encryption-type-for-kerberos-pre-authentication-on-vista-and-windows-7-clients-cause-security-audit-events-675-and-680-on-windows-server-2003-dc-s.aspx
The links at the end of that article may also be of some help.
-rich
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 37777303
There is some info of the crypto supported in mixed environment.

 http://support.microsoft.com/kb/942564

Also shall is for integrity checks using hash while aesthetically is a form of symmetric encryption For data confidentiality. Typically they go together for kerberos or .sl tis supported in server channel security. This also bring up selective authentication for forest trust
 http://technet.microsoft.com/en-us/library/cc816580(v=ws.10).aspx
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now