Category: Software

The topic hook here, is redesigning the Active Directory Object Units of an existing network. Really, OUs are like Subfolders of a Windows User and Computer tree / list. I am working with a live domain structure, so more important before making any changes, is knowing and documenting how it was / currently is. This being in case you move something and it breaks.
Especially 3rd party applications linked into Active Directory, and the OU path is like a network or folder path, if the lookup is where it assigns user permissions via the AD / LDAP (Lightweight Directory Access Protocol) / Windows Challenge/Response (NTLM) mechanisms. Point here being, if you assign permissions to a user as below, moving them to a new OU and not updating that lookup in an app can break it, unless it verifies the current path of that user account in its NTLM-esc lookup.

DomainTree.localOU_NameObject_UserAccount

Point being, if I move the Object_UserAccount into a different OU or a deeper subfolder / OU on that domain, that lookup may very well be broken for the 3rd party app, using AD for it’s lookup.

That is kind of long in the teeth, but in Windows land, especially when changing domain structure around, you can get some nasty snags. Documenting is as it was, lets you see if the old path is defined in whatever 3rd party app or device you are working with.  Also applicable, are Group Policies and where they apply.  Group Policy Editor on a domain controller will let you see what ones are applied and what OU they are nested under.  Group Policies are a step of this, but I am not focusing on these for this thread.  Knowing the old policies they apply to, will be helpful on your rollout, as in my case, some departments have printers autoinstall, based on their location.  I note this to troubleshoot or recreate that behavior on the new side of domain OUs.

Tools:
csvde.exe: This C(ommand L(ine) I(nterface) tool will let you connect to your domain.local, while picking a root OU, to then export all those details to a CSV file.  Along with some screenshots of the tree structure, this is a great method to know what OU path a user was in, before you redesigned the trees and moved users around.  This in especially the case, of someone’s windows or other app, stopping to work, upon you moving their account or machine around in the domain tree.

Excel or Libre based office spreadsheet program:  I use these especially in migrating a live domain to a new server.  You have to clean the AD export up to 8 relevant columns, as the rest of the data is made by the new domain controller, thus importing the old stuff will just fail.  Rambling point here, is that when you import a new domain controller to an existing domain, it will inherit the security level of the prior domain.  Server 2012 running on a Windows 2003 Domain Forrest level?  No thank you, please don’t even.
You can and likely will use the spreadsheet program for reference in the future, either to make sure you moved the user from old to new, correct path, or to debug why an app may have stopped working, and trend a fix for anyone else who may have the same issue.

Great.  We have a dump of users with their original path (in my case, over 100 sub-OUs for maybe 20 different business units.).  Sometimes, people over-design systems.  It can be intentionally confusing to dissuade others from making changes, or simply be over-designed for some fantasy scope projection of future growth, instead of something that works with their current, yet is still scaleable for later add-ons.  In my opinion, empty folders are a BAD design call, especially in OUs.  Sometimes the path is limited to a certain amount of characters, so 50 of them characters being empty sub-folder paths, is just a shitty design call.

Real quick and dirty, I wanted to note this Chart of Windows Powershell supported operating systems. If you run into some Server 2008 instances, you will want to enable Powershell in Programs | Add Features of your control panel.

Server 2008 R2 ships with Powershell, but Non-R2 versions look to need having it enabled for support. Be warned, some installers just presume powershell is installed, and will error out when that package is running. Happy Admining.

So I did a reinstall and forgot to run MozBackup on my old OS before I wiped it. I did however get a drive backup and copy of my C:Users folder.

Turns out with Mozilla (browsers and email clients) you can copy the contents of the profile folder, into the new one. The folder name should remain the same on the new PC, so copy the contents of the old profile into the new one.

C:Users$Username$AppDataRoamingMoonchild ProductionsPale MoonProfiles$string$.default

This will restore all your history, logged in sessions and likely saved password, if you do the saved password thing.

I found it amusing that a new machine with the folder contents copied over, registered as the same machine. Interesting vector if you are an exploiter or hand lots of system deployments with data migration.

Remember, what is nefarious for one person, can be used to help someone else out.

Replace the Pale Moon path with a relevant Firefox install directory. It will also live in the Roaming portion of your profile AppData folders. Pale Moon is a forked browser based off Firefox.

Quick info as I forgot my Windows password and was going to fetch it from a saved Remote Desktop Protocol connection file (RDP). I have done this in the past to grab saved credentials from Windows Services using Run As User credentials. Theoretically, you could find the same for stored network shares too. I presume this still works for Windows 7 to 11 but now a days, this NirSoft recovery tool from 2014 flags as “malware”.

You can grab Remote Desktop PassView from NirSoft but you will likely need to disable defender to make it run. I made this thread as it followed my mental rule for making a note of something handy I used in the past.
In my recent Windows 11 case this week, I forgot my main user password but logged in from another PC with saved RDP credentials, changed the password on a second local admin ( You can change another user’s password without their old one, but while logged in locally as the same user, you need the current ( forgotten temporarily ) to change the current pass.
Logging in as second admin, I could then reset local admin password to something new, without the existing pass being needed.

I just made a crabby twitter comment ( as opposed to any other kind on there? ) about many No-CD fixes getting spirited away from Windows 7 onward and Defender’s choice for ‘bad files’. Typically removed with no notification or direct logging either. If you like it and want to archive it, store it on a Non-Windows based file server.

Bonus random note of old: If you are logging into another device without a domain, you can set your username and password to the same on local and your network share or what have you. Most all the time, you will be able to connect without being prompted for a password, since they are already the same.

Fun WiFi migration? Set your Access Point ( AP Network Name ) and password to be the same as a Wifi network you have already connected to. Your devices will be on the new access point without issue, most of the time. There are extra settings that could handle this change but the likelihood of them being a factor are very low. Save time migrating off access points and testing things or pretending to be an existing network,

Auto-connect being a client default makes this extra handy based on whatever you may be working on or with.

I dropped some FB links on this software, but since the vendor attempted to shut down the researchers info, I feel it necessary to share more info about this malware, and it’s auditing functions.  Let’s not mash words here, this is certainly some nasty rootkit action on android devices (and who knows what else).

Video of Rootkit in action.

Original info list with debug list of features can be found here.

For anyone who thinks of their phone as more secure than a regular PC, please think again.