3. ADFSdump.exe
Last updated
Last updated
νλ κΈ°μ
LDAP Query κ²½λ‘: CN=ADFS, CN=Microsoft, CN=Program Data, DC=example, DC=com
DirectorySearcher(entry).Filter = (LdapFilter)
DirectorySearcherλ₯Ό μ¬μ©νμ¬ ADμμ thumbnailPhoto μμ±μ΄ μλ κ°μ²΄λ₯Ό κ²μ.
thumbnailPhotoλ μλ μ¬μ©μ νλ‘ν μ¬μ§μ μ μ₯νλ μμ±μ΄μ§λ§, μ΄ μ½λμμλ ADFSμ κ°μΈ ν€κ° μ μ₯λμ΄ μμ κ°λ₯μ±μ κ°μ νκ³ μ΄λ₯Ό μΆμΆνλ€.
λ‘κΉ - LDAP Query μν
[AD DS] Event ID 1644 (LDAP Query Latency)
(&(thumbnailphoto=*)(objectClass=contact)(!(cn=CryptoPolicy))) νν°κ° λνλλ€.
νλ κΈ°μ
ReadConfigurationDb() ν¨μμμ νμ¬ OS λ²μ μ νμΈνκ³ AD FS κ΅¬μ± DBμ μ κ·Όν¨.
Windows Internal Database(WID) λλ νΉμ SQL Server μΈμ€ν΄μ€(MICROSOFT##WID)λ₯Ό μ¬μ©νμ¬ AD FS μ€μ μ 보λ₯Ό μ‘°νν¨.
ServiceSettingsData ν
μ΄λΈμμ μνΈνλ PFX(μΈμ¦μ ν€) λ₯Ό μ‘°ννμ¬ μΆλ ₯ν¨.
Scopes ν
μ΄λΈμμ AD FSμ Relying Party Trust μ€μ μ μ‘°ννκ³ , κ΄λ ¨λ μ μ±
μ μμ§ν¨.
μ΅μ’
μ μΌλ‘ PolicyTypeμ κΈ°μ€μΌλ‘ μΈμ¦ λ° μΈκ° μ μ±
μ λΆμνμ¬ μΆλ ₯ν¨.
λ‘κΉ - SQL Query μν
[AD FS] Event ID 33205 (SQL Query)
`SELECT PropertyName, PropertyValue FROM [IdentityServerPolicy].[SyncProperties] additional_information:<tsql_stack><frame nest_level = '1' database_name = 'AdfsConfigurationV4' schema_name = 'IdentityServerPolicy' object_name = 'GetSyncProperties'/></tsql_stack>
