In Active Directory there are some very confusing value formats. The title of "Most Confusing" should probably be awarded to the NtSecurityDescriptor attribute. It exists on LDAP objects in Active Directory and describes permissions against the object in Security Descriptor (binary) form. It contain...

Continue reading...

A while back I was looking for a simple way of decoding an objectSid value from Active Directory into the readable string name you typically see it in. There are some examples of doing this out there, but many are incomplete or don't account for edge-cases for all the different type of SIDs. By usin...

Continue reading...