Tag
#active-directory
6 posts tagged #active-directory.
-
Field Note · Jul 8, 2026 · Colten Anderson
Turn on DNS scavenging without deleting records you still need
Windows DNS zones fill up with A and PTR records for servers you retired years ago. Aging and scavenging cleans them out, but a wrong interval deletes live records. Here is the careful way to enable it.
-
Field Note · Jul 8, 2026 · Colten Anderson
Find the service accounts nobody has rotated
The Commvault Metallic breach ended with CISA telling customers to rotate static application secrets. Your Active Directory is full of the same thing: service accounts whose passwords were set once, years ago, and never touched. Here is the PowerShell to find them and put them on a cadence.
-
Analysis · Jul 7, 2026 · Colten Anderson
Your backup server is joined to the domain it exists to recover
Joining your backup server to the production Active Directory domain puts your last line of recovery inside the same trust boundary as the systems it protects, so one Domain Admin compromise reaches the backups too. Here is the evidence and what to change.
-
Analysis · Jul 7, 2026 · Colten Anderson
One in ten AD accounts is dormant. Here is the blast radius.
More than one in ten Active Directory user accounts is dormant, per Microsoft. Each one keeps its rights while nobody watches. The math, the queries to find them, and how to reap them without breaking a service.
-
Analysis · Jun 2, 2026 · Colten Anderson
One CERT says it's exploited, Microsoft says it isn't, and you patch anyway
A pre-auth SYSTEM RCE on every domain controller doesn't need an exploitation rumor to earn the top of your patch queue. The interesting part is why the alarm and the data disagree, and why that disagreement shouldn't change your call.
-
Field Note · May 15, 2026 · Colten Anderson
Nine PowerShell checks before you trust a Windows host
A short, native-PowerShell audit a Windows admin can run on any host in about ten minutes. The bad answers are unambiguous and the fixes are cheap.