Created
November 13, 2023 17:25
-
-
Save joshfinley/dd3ea1b03d188554e67ed2eecd0e29ca to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Import the Active Directory module | |
Import-Module ActiveDirectory | |
# Enumerate all user accounts with SPNs | |
$usersWithSPN = Get-ADUser -Filter {ServicePrincipalName -ne "$null"} -Properties ServicePrincipalName, msDS-SupportedEncryptionTypes | |
# Iterate through each user and check for RC4 encryption | |
foreach ($user in $usersWithSPN) { | |
$userName = $user.SamAccountName | |
$spns = $user.ServicePrincipalName | |
$encryptionTypes = $user."msDS-SupportedEncryptionTypes" | |
# Check if RC4 is enabled (bit flag 0x4) | |
$isRC4Enabled = $encryptionTypes -band 0x4 | |
# Output the results | |
if ($isRC4Enabled) { | |
Write-Host "User: $userName has RC4 enabled. SPNs: $spns" | |
} else { | |
Write-Host "User: $userName does not have RC4 enabled. SPNs: $spns" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment