There are several tools/script available for extracting all user information from AD. Any domain users can access this information by default.
For an example, using following attached .vbs script, we can dump entire AD users base to a excel file with following fields.
ADExport Script (1.8 KiB, 650 hits)
SamAccountName
CN
FirstName
LastName
Initials
Descrip
Office
Telephone
Email
WebPage
Addr1
City
State
ZipCode
Title
Department
Company
Manager
Profile
LoginScript
HomeDirectory
HomeDrive
Adspath
LastLogin
Primary
SMTP
I think, it is kind of security risk.
This can be block, you just have to follow few steps:
1. You have to create a security group. Here we create blockinfo group
2. Now you have to restrict List Content and Read All Properties on OU where all users are stored and add the normal users into this group.
3. To test, run the above script again, and you will get no output.
With this you can prevent block any reporting tool/script.. 🙂
Licensed under CC BY-ND 4.0 International
How to Automate GPO Tasks in Active Directory: PowerShell Techniques with Practical Examples
Automating Group Policy Object (GPO) tasks in Active Directory is critical for…
S3 Bucket Audit Report using AWS PowerShell Script – Secure your S3 Buckets
If you are working on AWS environment and if you follow…
When an Upgrade Breaks the Network: Windows 11 23H2→25H2 and the 802.1X Policy Wipe
A quietly persistent bug in in-place Windows upgrades has resurfaced across recent…
OpenAI for India: Building AI Infrastructure, Skills, and Sovereign Capability
Today marks a pivotal moment for India’s AI journey as a major…