[cifs-protocol] [EXTERNAL] [MS-ADTS] Procedure for setting msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
Jeff McCashland (He/him)
jeffm at microsoft.com
Wed Nov 29 18:34:43 UTC 2023
Hi Joseph,
I found a couple of online resources that appear to describe how to generate the msDS-ManagedPasswordId attribute:
Introducing the Golden GMSA Attack
https://securityboulevard.com/2022/03/introducing-the-golden-gmsa-attack/
How to recover from a Golden gMSA attack
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/recover-from-golden-gmsa-attack
Please let me know if these help any.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
From: Jeff McCashland (He/him)
Sent: Tuesday, November 28, 2023 8:28 AM
To: Joseph Sutton <jsutton at samba.org>
Cc: Microsoft Support <supportmail at microsoft.com>; cifs-protocol at lists.samba.org
Subject: RE: [EXTERNAL] [MS-ADTS] Procedure for setting msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
[try again- Kristian to BCC
From: Jeff McCashland (He/him)
Sent: Tuesday, November 28, 2023 8:27 AM
To: Kristian Smith <Kristian.Smith at microsoft.com<mailto:Kristian.Smith at microsoft.com>>; Joseph Sutton <jsutton at samba.org<mailto:jsutton at samba.org>>; cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>
Cc: Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: RE: [EXTERNAL] [MS-ADTS] Procedure for setting msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
[Kristian to BCC]
Hi Joseph,
I will look into your question and let you know what I find.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
From: Kristian Smith <Kristian.Smith at microsoft.com<mailto:Kristian.Smith at microsoft.com>>
Sent: Monday, November 27, 2023 6:39 PM
To: Joseph Sutton <jsutton at samba.org<mailto:jsutton at samba.org>>; cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>
Cc: Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: Re: [EXTERNAL] [MS-ADTS] Procedure for setting msDS-ManagedPasswordId attribute - TrackingID#2311280040000920
[DocHelp to Bcc]
[Case mail to Cc]
Hi Joseph,
Thank you for your request. The case number 2311280040000920 has been created for this inquiry. One of our team members will follow up with you soon.
Regards,
Kristian Smith
Support Escalation Engineer | Azure DevOps, Windows Protocols | Microsoft(r) Corporation
Office phone: +1 425-421-4442
Email: kristian.smith at microsoft.com<mailto:kristian.smith at microsoft.com>
Working hours: 8:00 am - 5:00 pm PST, Monday - Friday
Team Manager: Gary Ranne garyra at microsoft.com<mailto:garyra at microsoft.com>
ServiceHub: https://serviceshub.microsoft.com/support/contactsupport_
In case you don't hear from me, please call your regional number here: https://support.microsoft.com/help/13948/global-customer-service-phone-numbers.
If you need assistance outside my normal working hours, please reach out to devbu at microsoft.com<mailto:devbu at microsoft.com>. One of my colleagues will gladly continue working on this issue.devbu at microsoft.com<mailto:devbu at microsoft.com>. One of my colleagues will gladly continue working on this issue.
________________________________
From: Joseph Sutton <jsutton at samba.org<mailto:jsutton at samba.org>>
Sent: Monday, November 27, 2023 2:53 PM
To: cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org> <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>; Interoperability Documentation Help <dochelp at microsoft.com<mailto:dochelp at microsoft.com>>
Subject: [EXTERNAL] [MS-ADTS] Procedure for setting msDS-ManagedPasswordId attribute
Hi dochelp,
The calculation of the msDS-ManagedPassword attribute depends upon the
values of two other important attributes, namely msDS-ManagedPasswordId
and msDS-ManagedPasswordPreviousId. I can't find any documentation on
how these two attributes are to be set initially (on the creation of a
Group Managed Service Account), nor on how and when they are
subsequently to be updated.
Are you able to give me any information on the procedure by which these
attributes are assigned values? - Are they supposed to be updated
periodically?
Regards,
Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20231129/2a3c8cd5/attachment.htm>
More information about the cifs-protocol
mailing list