There are several tools/script available for extracting all user information from AD. Any domain users can access this information by default.
For an example, using following attached .vbs script, we can dump entire AD users base to a excel file with following fields.
ADExport Script (1.8 KiB, 383 hits)
I think, it is kind of security risk.
This can be block, you just have to follow few steps:
1. You have to create a security group. Here we create blockinfo group
2. Now you have to restrict List Content and Read All Properties on OU where all users are stored and add the normal users into this group.
3. To test, run the above script again, and you will get no output.
With this you can prevent block any reporting tool/script.. 🙂
Disclaimer: All posts and opinions on this site are provided AS IS with no warranties. These are our own personal opinions and do not represent our employer’s view in any way.
This article currently have 4,188 views
I am an IT Professional with 12+ years of experience in Windows, Storage, Backup, AWS and Azure. I love writing scripts using PowerShell. I loved to share my experience with rest of the world via this blog. I love my Echo Dot (3G). I love playing PUBG on my mobile.
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.