{"id":5,"date":"2004-11-01T09:10:01","date_gmt":"2004-11-01T14:10:01","guid":{"rendered":"https:\/\/www.zubairalexander.com\/stage\/?p=5"},"modified":"2007-05-08T16:27:13","modified_gmt":"2007-05-08T21:27:13","slug":"hidden-alternate-suffix-in-active-directory-2","status":"publish","type":"post","link":"https:\/\/www.zubairalexander.com\/blog\/hidden-alternate-suffix-in-active-directory-2\/","title":{"rendered":"Hidden Alternate Suffix in Active Directory?"},"content":{"rendered":"<p>I was working with Active Directory a couple of days ago and discovered something very interesting. I created a user account using a VB script. I mistyped the domain name in the UPN, which led to this discovery. First of all, here&#8217;s what the script looks like:<\/p>\n<p>Set objOU=GetObject(&#8220;LDAP:\/\/OU=Executives,DC=nwtraders,DC=msft&#8221;)<br \/>\nSet objUser=objOU.Create(&#8220;User&#8221;, &#8220;cn=BillG&#8221;)<br \/>\nobjUser.Put &#8220;sAMAccountName&#8221;, &#8220;BillG&#8221;<br \/>\nobjUser.SetInfo<br \/>\nobjUser.AccountDisabled=FALSE<br \/>\nobjUser.ChangePassword &#8220;&#8221;, &#8220;P@ssw0rd&#8221;<br \/>\nobjUser.Put &#8220;userPrincipalName&#8221;, &#8220;BillG@bogus.com&#8221;<br \/>\nobjUser.Setinfo<\/p>\n<p>Notice the domain I used in the UPN &#8220;BillG@<b>bogus.com<\/b>&#8220;. When I created the account, I was able to logon as that account. The user account Properties showed that the UPN is BillG@bogus.com. It looked like bogus.com was an alternate suffix because the dropdown box listed both the nwtraders.msft domain and the bogus.com domain. However, I verified that bogus.com was NOT listed as an alternate suffix in AD Domains and Trusts.<\/p>\n<p>What&#8217;s interesting is that I can logon as the UPN BillG@bogus.com and continue to work fine but as soon as I logon with the UPN BillG@nwtraders.msft once, it deletes the bogus.com entry in the user&#8217;s Property (account tab).<\/p>\n<p>I am wondering if there&#8217;s a way to take advantage of this &#8220;hidden&#8221; alternate suffix as far as security is concerned. If you have any thoughts, I&#8217;ll love to hear them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was working with Active Directory a couple of days ago and discovered something very interesting. I created a user account using a VB script. I mistyped the domain name in the UPN, which led to this discovery. <\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[6,38],"tags":[],"class_list":["post-5","post","type-post","status-publish","format-standard","hentry","category-active-directory","category-windows-2003"],"aioseo_notices":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/5","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/comments?post=5"}],"version-history":[{"count":0,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/5\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/media?parent=5"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/categories?post=5"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/tags?post=5"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}