LDAP queries
- Click Explorer > Network > Search Active Directory (in toolbar)
- Find: Custom Search Click the “Advanced” tab
- AD Search for:
Readable LAPS passwords:
(ms-Mcs-AdmPwd=*)
Users with “userPassword” attribute set:
(userPassword=*)
Cleartext passwords for Unix authentication:
(unixUserPassword=*)
Unicode passwords (I’m guessing):
(unicodePwd=*)
Distribution lists that anyone can send email to (I think):
- I don’t remember where I saw this. Maybe someone’s report. I’m not sure how it would be useful, but it’s a good way to at least confirm that your LDAP searches actually work. 🤷♂️
(msExchRequireAuthToSendTo=FALSE)