1
00:00:00,150 --> 00:00:06,480
So in this video, we'll be seeing how to write the Shihab Culpa ahead of ourselves to the admin, as

2
00:00:06,580 --> 00:00:06,860
you heard.

3
00:00:07,170 --> 00:00:08,670
So I did this admin as do.

4
00:00:09,180 --> 00:00:10,470
So it's a container.

5
00:00:11,160 --> 00:00:16,310
So there are some Microsoft documentation you can see here.

6
00:00:16,320 --> 00:00:20,550
It provide solutions for the content groups in their domain.

7
00:00:20,820 --> 00:00:24,510
So whatever you write EC2 so.

8
00:00:26,790 --> 00:00:29,580
You can see the C in admin is dura system.

9
00:00:30,060 --> 00:00:34,590
And this is your domain name technician.

10
00:00:34,630 --> 00:00:45,660
And so what this does is this actually tries to replicate all of these access control entries in this

11
00:00:45,660 --> 00:00:48,090
administrative order for 60 minutes.

12
00:00:48,630 --> 00:00:57,060
So if we add ourself the full control over this admin is do holder object so on that will be replicated

13
00:00:57,060 --> 00:00:59,520
for every 60 minutes by default.

14
00:01:00,670 --> 00:01:05,650
We can also manually trigger this propagation.

15
00:01:07,230 --> 00:01:10,030
So we'll be doing that after reading this call.

16
00:01:10,350 --> 00:01:15,810
We can also do with the poverty view by using this add objectives here.

17
00:01:24,060 --> 00:01:30,420
So here you can see we are adding the is here to this object that is the holder and the Saramago name

18
00:01:30,420 --> 00:01:33,180
is page one and the right side.

19
00:01:33,180 --> 00:01:41,180
And so we are giving the generic our permissions to this based on an account on this jihad.

20
00:01:42,240 --> 00:01:49,730
So we were doing that in the future because sometimes partial, the same as, say, our country language

21
00:01:49,740 --> 00:01:51,180
more in the case.

22
00:01:51,420 --> 00:01:58,380
We cannot exclude our import PowerShell so it will be easier do.

23
00:02:07,050 --> 00:02:09,180
So let's start with that.

24
00:02:09,180 --> 00:02:14,550
Train through the years equals two new train drills.

25
00:02:14,730 --> 00:02:20,960
So here we'll be giving this distinguished name and ed.

26
00:02:23,900 --> 00:02:25,070
And is equal to.

27
00:02:27,620 --> 00:02:27,910
Edwin.

28
00:02:28,190 --> 00:02:31,550
Do hold out and see an easy Kirsten system.

29
00:02:34,840 --> 00:02:37,060
And then what we're going to do is.

30
00:02:38,450 --> 00:02:44,630
We are going to say Deeks equals to take 69 and these use equals to rocker.

31
00:02:45,110 --> 00:02:52,340
So you can also configure this to receive the command line arguments and divide that according to this

32
00:02:52,340 --> 00:02:53,360
command, Reynolds.

33
00:02:53,690 --> 00:02:54,920
So you can do that as well.

34
00:02:56,510 --> 00:03:02,220
And we're using better trees to be as equals to new researcher.

35
00:03:03,170 --> 00:03:07,250
So this the first large search root is equal to the.

36
00:03:07,250 --> 00:03:11,840
So it should start from the root of this object.

37
00:03:16,570 --> 00:03:18,310
So far each.

38
00:03:20,230 --> 00:03:24,250
So we'll be using the start finder to find all the objects.

39
00:03:24,700 --> 00:03:30,760
Of course, we'll be getting only one object from this because we are not giving any filters and rewinding

40
00:03:30,760 --> 00:03:31,360
to this one.

41
00:03:33,560 --> 00:03:40,640
Search results show the return type is the search result and SA in B is not find out so D is not find.

42
00:03:40,640 --> 00:03:42,980
I use the search result collection.

43
00:03:45,100 --> 00:03:51,850
So in this part we're going to do is if we found any object that is matching to this administrative

44
00:03:51,850 --> 00:03:55,740
order, we want to see a Saadat get buried three and three.

45
00:03:56,080 --> 00:03:59,740
So we are searching the entry object for this one.

46
00:04:01,390 --> 00:04:04,780
So we're going to treat and treat.

47
00:04:06,890 --> 00:04:07,360
Florida.

48
00:04:09,990 --> 00:04:14,460
So we got this whole project now to add the ad to the three actors roles.

49
00:04:14,700 --> 00:04:18,660
We you to get the add to the security object from this material into it.

50
00:04:18,900 --> 00:04:23,360
So it's very simple arbitrary order dot object security.

51
00:04:23,400 --> 00:04:26,040
So this will return the activity to security.

52
00:04:26,640 --> 00:04:28,410
As you can see gets done.

53
00:04:29,620 --> 00:04:30,130
Object.

54
00:04:30,400 --> 00:04:31,990
So act to.

55
00:04:35,340 --> 00:04:37,410
Directory security.

56
00:04:38,750 --> 00:04:42,650
So we can say year to year, is it going to hurt a lot of the security?

57
00:04:42,650 --> 00:04:44,030
So we got this radius.

58
00:04:44,330 --> 00:04:46,870
So radius not we can see our access route.

59
00:04:46,910 --> 00:04:49,850
So we can add the access road radius.

60
00:04:50,450 --> 00:04:58,460
Before that, we need to create an axis so we can see, we can say, I do not attract this rule.

61
00:04:58,490 --> 00:04:59,810
It is equals to.

62
00:05:01,440 --> 00:05:02,620
New accurate.

63
00:05:03,270 --> 00:05:04,980
So we need to pass some.

64
00:05:07,110 --> 00:05:07,770
Parameters.

65
00:05:07,770 --> 00:05:13,380
Fashion is a reference identity that is you can pass as an entire order by the seed.

66
00:05:13,560 --> 00:05:15,510
So here we'll be passing the seed.

67
00:05:16,200 --> 00:05:18,240
So we need to find the seed of how to user.

68
00:05:20,110 --> 00:05:21,340
So let's, uh.

69
00:05:22,480 --> 00:05:25,300
User principal will be using this user principal.

70
00:05:25,600 --> 00:05:31,250
So this is a similar way how we found that you've or the recursive groups user builds per user is equals

71
00:05:31,270 --> 00:05:32,710
to new user principal.

72
00:05:33,880 --> 00:05:35,110
So for context.

73
00:05:35,110 --> 00:05:38,080
So we need to create a principal context object.

74
00:05:40,830 --> 00:05:47,190
X equals to buddies for a context of context time domain.

75
00:05:49,330 --> 00:05:57,220
So we sent in the whole domain and we can pass specie comma Saramago name so the Saramago never gets

76
00:05:57,370 --> 00:05:58,300
said best one.

77
00:06:02,020 --> 00:06:04,710
And we need to pass this user.

78
00:06:05,020 --> 00:06:05,650
Dodd said.

79
00:06:05,770 --> 00:06:13,750
So you've got to have this property to return to normal.

80
00:06:14,560 --> 00:06:22,330
So the simplicity you can outsource and be a piece of paper.

81
00:06:22,690 --> 00:06:27,760
The domains trash the username, so you can also pass that as well as identity reference.

82
00:06:28,270 --> 00:06:30,330
And the next one is actually rights.

83
00:06:30,490 --> 00:06:31,190
So we can say I.

84
00:06:32,650 --> 00:06:33,760
Three rates dark.

85
00:06:34,540 --> 00:06:36,490
So now we need to generate.

86
00:06:38,480 --> 00:06:38,860
Are.

87
00:06:46,940 --> 00:06:48,650
An access control tape?

88
00:06:48,660 --> 00:06:49,400
Not a lot.

89
00:06:49,490 --> 00:06:52,370
So we are allowing our services for the full control.

90
00:07:04,120 --> 00:07:06,500
Now we can say he has not had access.

91
00:07:06,640 --> 00:07:06,970
Love.

92
00:07:07,330 --> 00:07:09,430
Yeah, this one.

93
00:07:16,680 --> 00:07:17,190
Okay.

94
00:07:18,140 --> 00:07:18,680
This one.

95
00:07:18,750 --> 00:07:20,490
So we need to find our user.

96
00:07:20,490 --> 00:07:20,790
Right?

97
00:07:20,790 --> 00:07:21,300
So.

98
00:07:39,200 --> 00:07:43,070
So user consultant fined by an entity of Queen's for a conviction.

99
00:07:45,840 --> 00:07:47,090
So sorry for this.

100
00:07:47,100 --> 00:07:48,570
I just got confused.

101
00:07:48,900 --> 00:07:49,620
So I got this.

102
00:07:49,620 --> 00:07:50,590
And here.

103
00:07:51,980 --> 00:07:55,370
So this will return this user object and so users not.

104
00:07:59,680 --> 00:08:04,990
Successfully positioned for this function.

105
00:08:06,010 --> 00:08:14,780
So after adding these actors, you need to commit changes for this entry so you can do this using harder.

106
00:08:16,340 --> 00:08:17,480
Commit changes.

107
00:08:17,660 --> 00:08:20,500
Otherwise you won't see the changes.

108
00:08:20,520 --> 00:08:22,530
No, the general.

109
00:08:22,940 --> 00:08:23,450
So.

110
00:08:25,260 --> 00:08:25,980
So let's go.

111
00:08:25,980 --> 00:08:28,800
And there's this on our network.

112
00:08:36,850 --> 00:08:37,120
Okay.

113
00:08:37,120 --> 00:08:38,670
Let's test this on.

114
00:08:38,680 --> 00:08:40,660
Throwback from pre acme.

115
00:08:42,410 --> 00:08:47,900
And we have a user access that is played here for their net user.

116
00:08:50,470 --> 00:08:51,880
Related domain.

117
00:08:52,810 --> 00:08:56,350
Now you can see we are only part of doing this, not domain.

118
00:08:56,350 --> 00:09:00,490
It sort of go and add ourselves.

119
00:09:00,880 --> 00:09:01,930
Domain admins.

120
00:09:03,020 --> 00:09:09,090
Crew, Sir Bernard Bien, Brigadier.

121
00:09:09,860 --> 00:09:11,220
Air crash domain.

122
00:09:11,270 --> 00:09:15,980
So we are attempting to add ourselves to the development group.

123
00:09:19,460 --> 00:09:24,050
Now we can see we've got the Axis DNA sort of copy or binary.

124
00:09:26,230 --> 00:09:29,170
And before that we need to change some settings.

125
00:09:30,970 --> 00:09:39,370
That is the domain name you throw back, Dr. Rocker, and also the user account name is related to.

126
00:09:42,670 --> 00:09:43,480
And it's better.

127
00:09:43,490 --> 00:09:43,940
This one.

128
00:09:45,930 --> 00:09:46,890
And you can also

129
00:09:50,000 --> 00:09:53,040
put into these ideas that get access for us.

130
00:09:53,310 --> 00:09:56,880
So this will give this other broad collection.

131
00:10:00,370 --> 00:10:02,170
Let's say our equals two.

132
00:10:02,440 --> 00:10:11,800
We are getting the access rules now if we go and for each of our obligations here in our I'm going to

133
00:10:11,800 --> 00:10:16,030
just say I put into this identity friends.

134
00:10:16,210 --> 00:10:19,090
So this identity to friends not to string.

135
00:10:19,960 --> 00:10:27,700
So deciding differences which object has the access control entry on that particular object.

136
00:10:40,930 --> 00:10:41,700
So it's going better.

137
00:10:41,710 --> 00:10:42,190
This one.

138
00:11:11,110 --> 00:11:13,300
And it's down to our desktop.

139
00:11:39,430 --> 00:11:42,310
Let's say this says ad is here not be.

140
00:11:44,970 --> 00:11:47,250
Let me verify the file name.

141
00:11:48,030 --> 00:11:48,750
Here it is.

142
00:11:48,750 --> 00:11:49,050
Here.

143
00:12:03,770 --> 00:12:04,040
Okay.

144
00:12:04,130 --> 00:12:05,060
We got this.

145
00:12:05,810 --> 00:12:10,550
Now we need to we need to have the administrative procedures to arrange this.

146
00:12:11,000 --> 00:12:12,980
So that's certain as.

147
00:12:15,370 --> 00:12:18,310
I already have this administrator access.

148
00:12:23,070 --> 00:12:24,810
So this is administrator password.

149
00:12:27,670 --> 00:12:29,350
I'm willing to open the door.

150
00:12:44,470 --> 00:12:47,430
We need to add that domain name as well.

151
00:13:12,860 --> 00:13:13,160
Okay.

152
00:13:13,160 --> 00:13:16,910
And now we got this, uh, administrator from.

153
00:13:31,440 --> 00:13:31,630
Now.

154
00:13:31,650 --> 00:13:32,820
Let's go and run this one.

155
00:13:38,630 --> 00:13:42,250
Also that open this door administrator user.

156
00:13:42,550 --> 00:13:46,960
And here you can see all the identity references.

157
00:13:48,540 --> 00:13:49,640
On the windows.

158
00:13:49,680 --> 00:13:50,480
Do hold up object.

159
00:14:16,300 --> 00:14:16,910
No.

160
00:14:16,930 --> 00:14:21,490
We need to change the timing of 60 Minutes.

161
00:14:22,480 --> 00:14:30,070
And what we're going to do is we are going to change the registry to let's a one off.

162
00:14:34,780 --> 00:14:35,800
So copy this one.

163
00:14:37,440 --> 00:14:38,460
And based here.

164
00:14:58,460 --> 00:15:00,470
So long for everyone in our community.

165
00:15:01,340 --> 00:15:07,190
The genius replication takes place, but still we we'll be getting some errors.

166
00:15:09,880 --> 00:15:10,840
So.

167
00:15:13,330 --> 00:15:19,330
Let's try to add ourselves to that the management group and still we are getting this accident.

168
00:15:19,900 --> 00:15:22,610
So bu immediately, uh.

169
00:15:25,820 --> 00:15:35,300
We make this changes to get affected immediately, we need to open it up at sea so that we will be binding

170
00:15:35,300 --> 00:15:38,060
to this our domain and we'll be

171
00:15:40,640 --> 00:15:42,620
modifying this fixed up inheritance.

172
00:15:43,400 --> 00:15:44,840
So let's copy this one.

173
00:15:52,620 --> 00:15:54,810
Also you can go to the server manager.

174
00:16:13,310 --> 00:16:16,160
So we'll be connecting to our.

175
00:16:17,700 --> 00:16:18,510
Ruckelshaus.

176
00:16:22,280 --> 00:16:26,470
So we will be binding as it currently is at Google, Nokia.

177
00:16:26,540 --> 00:16:29,750
Now you can see I don't get it as my research.

178
00:16:35,380 --> 00:16:38,110
So you can go to the windows and computers.

179
00:16:42,230 --> 00:16:43,610
And here in the system.

180
00:16:45,050 --> 00:16:47,880
So click on view and click on advanced features.

181
00:16:47,900 --> 00:16:54,470
Here in the system we can see it as a folder or you and click on properties.

182
00:16:54,470 --> 00:16:56,120
And now here you can see security.

183
00:16:56,510 --> 00:17:01,280
We have this manager, we have the full access.

184
00:17:01,280 --> 00:17:04,340
So we're going to see the tick marks on the yellow.

185
00:17:08,980 --> 00:17:12,970
Also when you go to the run, which is our actual users.

186
00:17:15,120 --> 00:17:16,940
And go to this blade.

187
00:17:16,990 --> 00:17:25,440
Here we are not I mean, now, if you go back to the letter and here you can see there is no I don't

188
00:17:25,860 --> 00:17:27,000
know what we are going to lose.

189
00:17:27,000 --> 00:17:30,120
You are going to make this changes.

190
00:17:31,110 --> 00:17:32,490
So click on Modify.

191
00:17:34,980 --> 00:17:38,160
And click on value and precious.

192
00:17:39,300 --> 00:17:41,070
So press this.

193
00:17:41,070 --> 00:17:42,870
Enter now run this one.

194
00:17:43,410 --> 00:17:45,300
Now here you can see the output.

195
00:17:47,180 --> 00:17:49,680
So we tried to perform this operation.

196
00:17:49,700 --> 00:17:50,270
Okay.

197
00:17:50,280 --> 00:17:50,810
So.

198
00:17:52,620 --> 00:17:53,100
I think.

199
00:17:56,550 --> 00:17:58,200
Randy says administrator.

200
00:18:09,180 --> 00:18:10,790
Ah, that's.

201
00:18:10,950 --> 00:18:14,990
I think we should currently throw a bear.

202
00:18:15,390 --> 00:18:19,110
Do you see July one dot throwback dot rocker.

203
00:18:28,540 --> 00:18:29,680
In order to go and modify.

204
00:18:38,170 --> 00:18:43,240
And now we can see there is a modification.

205
00:18:43,360 --> 00:18:45,070
No, let's go and grill this one.

206
00:18:47,860 --> 00:18:50,240
Now let's go and try to add ourselves.

207
00:18:50,980 --> 00:18:54,490
Now we can see the command successfully executed.

208
00:18:54,850 --> 00:18:57,550
Now let's group domain admins.

209
00:18:59,510 --> 00:19:00,050
Well, I'm sorry.

210
00:19:00,570 --> 00:19:01,850
I don't know.

211
00:19:01,850 --> 00:19:04,820
We can see ourselves here as the winner.

212
00:19:06,290 --> 00:19:08,150
So this is a position technique.

213
00:19:08,300 --> 00:19:13,790
So if you go to this red John Blair.

214
00:19:15,070 --> 00:19:17,110
And go there to read and here.

215
00:19:17,530 --> 00:19:19,950
So this should have been council acting.

216
00:19:21,600 --> 00:19:22,350
Refresh.

217
00:19:32,390 --> 00:19:35,410
So when you do so, there should be one.

218
00:19:35,960 --> 00:19:38,330
So I don't know why.

219
00:19:38,330 --> 00:19:39,140
It's not truly.

220
00:19:42,350 --> 00:19:44,180
And you can see all the access.

221
00:19:50,780 --> 00:19:51,140
Okay.

222
00:19:51,200 --> 00:19:52,700
So that's going to promote this one.

223
00:19:54,960 --> 00:20:00,780
Remove the blade here can apply and knock it.

224
00:20:05,800 --> 00:20:06,500
So we are still.

225
00:20:06,530 --> 00:20:08,170
That means we can also.

226
00:20:09,840 --> 00:20:12,600
Net grou domain admins.

227
00:20:25,980 --> 00:20:28,390
Now three more answers from the government's.

228
00:20:31,460 --> 00:20:35,160
And we can see we are not the government.

229
00:20:36,500 --> 00:20:38,810
So let's try to add ourselves again.

230
00:20:51,060 --> 00:21:01,170
And here you can see we can shoot at ourselves to this moment at once because this passes across this

231
00:21:01,470 --> 00:21:01,950
time frame.

232
00:21:01,950 --> 00:21:07,950
And so that we found out that the blade is in that measured room, he simply removes that.

233
00:21:08,160 --> 00:21:11,550
But still we will have this admin count is equal to one.

234
00:21:11,760 --> 00:21:12,170
I don't know.

235
00:21:12,210 --> 00:21:14,040
It's not showing here.

236
00:21:17,800 --> 00:21:20,140
So it will be showing that in control.

237
00:21:21,040 --> 00:21:27,220
So even the admin should promote ourselves from they're doing admin so we can still add on ourselves

238
00:21:27,250 --> 00:21:28,100
to the admin.