Skip to content

Instantly share code, notes, and snippets.

@joshfinley
Created November 13, 2023 17:25
Show Gist options
  • Save joshfinley/dd3ea1b03d188554e67ed2eecd0e29ca to your computer and use it in GitHub Desktop.
Save joshfinley/dd3ea1b03d188554e67ed2eecd0e29ca to your computer and use it in GitHub Desktop.
# Import the Active Directory module
Import-Module ActiveDirectory
# Enumerate all user accounts with SPNs
$usersWithSPN = Get-ADUser -Filter {ServicePrincipalName -ne "$null"} -Properties ServicePrincipalName, msDS-SupportedEncryptionTypes
# Iterate through each user and check for RC4 encryption
foreach ($user in $usersWithSPN) {
$userName = $user.SamAccountName
$spns = $user.ServicePrincipalName
$encryptionTypes = $user."msDS-SupportedEncryptionTypes"
# Check if RC4 is enabled (bit flag 0x4)
$isRC4Enabled = $encryptionTypes -band 0x4
# Output the results
if ($isRC4Enabled) {
Write-Host "User: $userName has RC4 enabled. SPNs: $spns"
} else {
Write-Host "User: $userName does not have RC4 enabled. SPNs: $spns"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment