zokissima
11-13-2007, 01:59 PM
HI everyone
Well, I tried searching the forums, and have been lurking for some time, but I'm at my wits end, and I thought I would post in hopes that I may be able to find some assistance.
I'll explain the full situation; I recently joined my company's Active Directory infrastructure team. Unfortunately, it is at a time where we are in the middle of an internal company audit. ANyways, there is an application that was custom built by a contractor who no longer works for the company. It is a tool written exclusively in ASP and is used to manage simple Active Directory operations, from creating users, groups, etc. My problem is that it is apparently using an account with Domain Admin credentials, and it is a fixed account with a password that never expires. Unfortunately, no one seems to be able to remember this password, nor how or where the account was defined within this application. So, that is my problem. I need to completely deconstruct this application to see how and where this developer has hardcoded this userID to authenticate and have rights to do all these operations. I am ok with posting code, screenshots, whatever you may need to help me out. I'd appreciate any kind of assistance and/or guidance through this endeavor...
Well, I tried searching the forums, and have been lurking for some time, but I'm at my wits end, and I thought I would post in hopes that I may be able to find some assistance.
I'll explain the full situation; I recently joined my company's Active Directory infrastructure team. Unfortunately, it is at a time where we are in the middle of an internal company audit. ANyways, there is an application that was custom built by a contractor who no longer works for the company. It is a tool written exclusively in ASP and is used to manage simple Active Directory operations, from creating users, groups, etc. My problem is that it is apparently using an account with Domain Admin credentials, and it is a fixed account with a password that never expires. Unfortunately, no one seems to be able to remember this password, nor how or where the account was defined within this application. So, that is my problem. I need to completely deconstruct this application to see how and where this developer has hardcoded this userID to authenticate and have rights to do all these operations. I am ok with posting code, screenshots, whatever you may need to help me out. I'd appreciate any kind of assistance and/or guidance through this endeavor...