Active Directory Service Interfaces (ADSI) – A set of Component Object Model (COM) interfaces for managing Active Directory services. It can be utilized in several scripting and programming languages.
- Enables reading, adding and managing Active Directory Objects
- Part of .NET framework:
- System.DirectoryServices.DirectoryEntry (ADSI)
- System.DirectoryServices.DirectorySearcher (ADSISearcher)
- Can be accessed via PowerShell by creating objects for above classes
- Example:
- $domain = New-Object –TypeName System.DirectoryServices.DirectoryEntry
OR
-
- $domain2 = [System.DirectoryServices.DirectoryEntry]”LDAP://dc=ycsccorp,dc=local”
OR
-
- $domain3 = [ADSI]”LDAP://dc=ycsccorp,dc=local”
Using ADSI
- Creating OU
- $domainOU = $domain1.Create(“organizationalUnit”,”ou=YCSCTest”)
- $domainOU.SetInfo()
- Creating User
- $domainUser = $domain1.Create(“user”,”cn=YCSCUser”)
- $domainOU.SetInfo()
Pros and Cons
- Pros
- It is available on most Windows machines by default
- Does not require AD-Module, RSAT or any other special libraries
- Not easily detected
- Can be used to create custom tools leveraging ADSI and ADSISearcher
- Cons
- Takes some time to learn
- Lack of documentation
To learn about the Active Directory architecture used in this lab click here.
Watch the video
Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.