Skip to content

Latest commit

 

History

History
 
 

NTDSdiff

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
ntds.dit
ntds.dit
 
 
ntds_old.dit
ntds_old.dit
 
 
ntdsdiff.ps1
ntdsdiff.ps1
 
 
resultJSON.txt
resultJSON.txt
 
 

README.md

The script analyzes 2 pieces of ntds.dit and saves the result as JSON. It does not rely on AD/LDAP/Whatever, but reads ntds.dit files direcly as Jet Blue database.

Some things may be a bit better, but it is about cosmetics, not the forensics value.

Todo

  • clean mess. the code is still not beautiful, but ok for now.
  • Generate human readable (diff highlighting!) report and not only JSON.
  • SDDL for deleted records
  • More translations column-attribute and array-value
  • Take look at sids
  • Improve way "MemberOf" is presented