Announcement

Collapse
No announcement yet.

Active Directory is readable by anyone?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory is readable by anyone?

    Well, I wouldn't say "anyone in the world" but still,

    Example,
    I create a local account on windows 7, that has the same "username and password" that's on the active directory... install Active Directory Users and Computers tool

    When I first open AD Users and Computers, it says "to manage users and groups, use local users and groups. To manage users, groups and computers in a domain, log in as a user with domain admin rights"

    So I click OK, and then right click "AD users and computers" and click change domain, so I put my domain in it, and I can read all information....

    Isnt this security flaw/loophole???
    and how can I stop this?

    But, should all active directory accounts read AD? if not, can I deny access for this?

    thanks
    Pete
    Last edited by plawlor; 23rd April 2015, 14:50.

  • #2
    Re: Active Directory is readable by anyone?

    AD users need to be able to read AD, otherwise AD wouldn't work. They don't have the permissions to create, delete or modify anything except for a limited subset of attributes, like changing their password.

    How do you see this a s security flaw or loophole? Don't make generalized statements like "My users can read AD and that's a security flaw", specifically explain what you think the risks are.

    Comment


    • #3
      Re: Active Directory is readable by anyone?

      Hi

      Thanks for replying. But if we have address in all staff accounts then all students find it.... Don't they??? And emails....
      But since I used a "local account" that did read... How come that didn't use domain/username to read it...

      And anyone can find any usernames and domain admins usernames too....

      Thanks

      Comment


      • #4
        Re: Active Directory is readable by anyone?

        I always assumed the address and email info for Active Directory user accounts was for work addresses and work email accounts, not personal/private information.
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: Active Directory is readable by anyone?

          Yeah true.

          if hacker users can find domain admins and try to hack the passwords?

          Comment


          • #6
            Re: Active Directory is readable by anyone?

            That's a whole different kettle of fish
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              Re: Active Directory is readable by anyone?

              Ah great,

              I went on login and read the "campus" active directory and find that they have 50k students, and 20k staff, and my active directory only have 2k students and 200 staff! haha, and found 20 admin accounts on their AD! wow!

              but anyway thanks, if this all readonly for all accounts.

              Comment

              Working...
              X