locked
ATA - Kerberos detection prior to 2003 FFL Upgrade RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Has anyone used or is it technically possible to use ATA to look at Kerberos interactions with domain controllers ahead of a forest functional upgrade from 2003?

    Our AD has been in-place since around ~2004, although the DC are now running Windows 2008 R2 the FFL for Forest and Domain is 2003. We want to upgrade but are aware that upgrade from 2003 resets the krbtgt password and shifts from HMAC-RC4 to AES-256. Whilst Windows clients should deal with this, non-Windows servers and apps will need to be tested and a plan put together. The first issue is identifying non-Windows clients that are using Kerberos, aggregating and reporting. Whilst trawling for Kerberos activity it makes sense to also look at who is still using NTLM as well as LDAP.

    I'm aware that this isn't really the purpose of ATA but based on the information it captures is the requirement outlined above something that ATA could be used to fulfil?

    Paul Bendall

    Monday, January 16, 2017 11:24 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hello Paul,

    ATA is an on-premises platform that detects multiple suspicious activities, and helps protect your enterprise from attacks. I think it can't totally fulfill your requirements.

    However, ATA builds a profile for each user and computer in the network. you can leverage it for collecting the required  information.

    In the user profile ATA displays general information, such as group membership, recent logins, and recently accessed resources.


    In the computer profile, ATA displays general information, such as recently logins and recently accessed resources.



    You can search for a specific user, computer or groups from the search bar in ATA Console.

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 17, 2017 6:57 AM