Photo by Jan Huber / Unsplash
Creating dynamic AD objects

Creating dynamic AD objects

Published on 26 Sep 2023

Bastien Perez
Bastien Perez

Clap

Create AD dynamic user

# L'objet sera supprimé dans une heure (3600 secondes)
$TTLSeconds = 3600
$objectType = 'user'
$objectName= 'DynamicUser01'
# Choisir l'OU
$destinationOu="OU=Users,OU=Dynamic,DC=ad,DC=itprotips,DC=com"
$destinationOuObject = [ADSI]("LDAP://$destinationOu")

$dynamicObject = $destinationOuObject.Create($objectType,"CN=$objectName")
# On ajoute la classe dynamicObject et la classe de l'objet
$dynamicObject.PutEx(2,'objectClass',@('dynamicObject',$objectType))
$dynamicObject.Put('entryTTL', $TTLSeconds)
$dynamicObject.Put('sAMAccountName', $objectName)
# on ajoute un nom d'affichage et une description (facultatif)
$dynamicObject.Put('displayName', $objectName)
$removalTime = (Get-Date).AddSeconds($TTLSeconds)
$dynamicObject.Put('description',"This object will be deleted on $removalTime")
$dynamicObject.SetInfo()
# On ajoute un mot de passe 
$dynamicObject.SetPassword('CHANGEYOURPASSWORD')
# et on active le compte
$dynamicObject.Put('userAccountcontrol','512')
$dynamicObject.SetInfo()

Create AD dynamic group

# L'objet sera supprimé dans une heure (3600 secondes)
$TTLSeconds = 3600
$objectType = 'group'
$objectName= 'DynamicGroup02'
# Choisir l'OU
$destinationOu="OU=Groups,OU=Dynamic,DC=ad,DC=itprotips,DC=com"
$destinationOuObject = [ADSI]("LDAP://$destinationOu")

$dynamicObject = $destinationOuObject.Create($objectType,"CN=$objectName")
# On ajoute la classe dynamicObject et la classe de l'objet
$dynamicObject.PutEx(2,'objectClass',@('dynamicObject',$objectType))
$dynamicObject.Put('entryTTL', $TTLSeconds)
$dynamicObject.Put('sAMAccountName', $objectName)
# on ajoute un nom d'affichage et une description (facultatif)
$dynamicObject.Put('displayName', $objectName)
$removalTime = (Get-Date).AddSeconds($TTLSeconds)
$dynamicObject.Put('description',"This object will be deleted on $removalTime")
$dynamicObject.SetInfo()

Detect the creation of AD dynamic objects

Monitoring creation events is important to ensure that these objects are not used for malicious activities. See this article for a detection method using Windows logs.

Comments

banner-Bastien Perez
Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France