Detections
Analytics

Domain Controllers Managed by Illegitimate Users

critical

Language:

Description

Despite the number of Active Directory assets, the Domain Controllers are the most sensitive as they store all of these assets data (including authentication secrets like the users' passwords).
Only legitimate administrative accounts should be able to manage them.

Solution

The Domain Controllers (DCs) require strict access rights. Allow only highly privileged user accounts to manage DC objects or link new group policies.

See Also

Securing Active Directory Administrative Groups and Accounts

Technical description of an nTDSDSA Object

Indicator Details

Name: Domain Controllers Managed by Illegitimate Users

Codename: C-DC-ACCESS-CONSISTENCY

Severity: Critical

MITRE ATT&CK Information:

Tactics: TA0004, TA0003

Techniques: T1078, T1098