|Module Name||Module Guid||Download Help Link||Help Version||Locale|
The DSInternals PowerShell Module exposes several internal and undocumented features of Active Directory.
Adds one or more values to the sIDHistory attribute of an object in a ntds.dit file.
Decodes the value of the msDS-ManagedPassword attribute of a Group Managed Service Account.
Decodes a password from the format used by Group Policy Preferences.
Decodes a password from the format used in unattend.xml files.
Converts a password to the format used by Group Policy Preferences.
Helper cmdlet that converts binary input to hexadecimal string.
Computes Kerberos keys from a given password using Kerberos version 5 Key Derivation Functions.
Calculates LM hash of a given password.
Calculates NT hash of a given password.
Calculates OrgId hash of a given password. Used by Azure Active Directory Sync.
Converts a password to the format used in unattend.xml or *.ldif files.
Disables an Active Directory account in an offline ntds.dit file.
Enables an Active Directory account in an offline ntds.dit file.
Reads one or more accounts from a ntds.dit file, including secret attributes.
Reads the DPAPI backup keys from a ntds.dit file.
Reads information about the originating DC from a ntds.dit file, including domain name, domain SID, DC name and DC site.
Reads KDS Root Keys from a ntds.dit. file. Can be used to aid DPAPI-NG decryption, e.g. SID-protected PFX files.
Reads AD schema from a ntds.dit file, including datatable column names.
Creates an object representing Windows Hello for Business credentials from its binary representation or an X.509 certificate.
Reads one or more accounts through the DRSR protocol, including secret attributes.
Reads the DPAPI backup keys through the DRSR protocol.
Gets all Active Directory user accounts from a given domain controller using ADSI.
Reads the Boot Key (AKA SysKey or System Key) from an online or offline SYSTEM registry hive.
Reads the DPAPI backup keys from a domain controller through the LSARPC protocol.
Retrieves AD-related information from the Local Security Authority Policy of the local computer or a remote one.
Queries Active Directory for the default password policy.
Generates a PowerShell script that can be used to restore a domain controller from an IFM-equivalent backup (i.e. ntds.dit + SYSVOL).
Physically removes specified object from a ntds.dit file, making it semantically inconsistent. Highly experimental!
Saves the output of the Get-ADReplBackupKey and Get-ADDBBackupKey cmdlets to a file.
Sets the password for a user, computer, or service account stored in a ntds.dit file.
Sets the password hash for a user, computer, or service account stored in a ntds.dit file.
Re-encrypts a ntds.dit with a new BootKey. Highly experimental!
Writes information about the DC to a ntds.dit file, including the highest commited USN and database epoch.
Modifies the primaryGroupId attribute of an object to a ntds.dit file.
Configures AD-related Local Security Authority Policies of the local computer or a remote one.
Sets NT and LM hashes of an account through the SAMR protocol.
Performs AD audit, including checks for weak, duplicate, default and empty passwords.