Skip to content

Instantly share code, notes, and snippets.

@joshfinley
Created November 13, 2023 17:32
Show Gist options
  • Save joshfinley/48fd19724381a805b30db50d52126068 to your computer and use it in GitHub Desktop.
Save joshfinley/48fd19724381a805b30db50d52126068 to your computer and use it in GitHub Desktop.
# Import the Active Directory module
Import-Module ActiveDirectory
# Search for all AD objects with SPNs
$objectsWithSPN = Get-ADObject -Filter 'ServicePrincipalName -like "*"' -Properties ServicePrincipalName, msDS-SupportedEncryptionTypes
# Iterate through each object and check for RC4 encryption
foreach ($obj in $objectsWithSPN) {
$name = $obj.Name
$spns = $obj.ServicePrincipalName
$encryptionTypes = $obj."msDS-SupportedEncryptionTypes"
# Check if RC4 is enabled (bit flag 0x4)
$isRC4Enabled = $encryptionTypes -band 0x4
# Output the results
if ($isRC4Enabled) {
Write-Host "Object: $name has RC4 enabled. SPNs: $spns"
} else {
Write-Host "Object: $name does not have RC4 enabled. SPNs: $spns"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment