Created
November 13, 2023 17:32
-
-
Save joshfinley/48fd19724381a805b30db50d52126068 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Import the Active Directory module | |
| Import-Module ActiveDirectory | |
| # Search for all AD objects with SPNs | |
| $objectsWithSPN = Get-ADObject -Filter 'ServicePrincipalName -like "*"' -Properties ServicePrincipalName, msDS-SupportedEncryptionTypes | |
| # Iterate through each object and check for RC4 encryption | |
| foreach ($obj in $objectsWithSPN) { | |
| $name = $obj.Name | |
| $spns = $obj.ServicePrincipalName | |
| $encryptionTypes = $obj."msDS-SupportedEncryptionTypes" | |
| # Check if RC4 is enabled (bit flag 0x4) | |
| $isRC4Enabled = $encryptionTypes -band 0x4 | |
| # Output the results | |
| if ($isRC4Enabled) { | |
| Write-Host "Object: $name has RC4 enabled. SPNs: $spns" | |
| } else { | |
| Write-Host "Object: $name does not have RC4 enabled. SPNs: $spns" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment