Detections
Analytics

Ensure SDProp Consistency

critical

Language:

Description

Active Directory offers protection for critical objects, such as Domain Administrators, by periodically applying default access control rules to these objects. It's essential to check these default rules for consistency since they affect the security of the most important objects in Active Directory.

Solution

Permissions set on the AdminSDHolder container should only allow privileged access to administrative accounts.

See Also

Reducing the Active Directory Attack Surface

Securing Active Directory Administrative Groups and Accounts

Sneaky Active Directory Persistence #15: Leverage AdminSDHolder & SDProp to (Re)Gain Domain Admin Rights

Indicator Details

Name: Ensure SDProp Consistency

Codename: C-SDPROP-CONSISTENCY

Severity: Critical

Type: Active Directory Indicator of Exposure

MITRE ATT&CK Information: