Using Active Directory Users and Computers to find malicious accounts disguised as legitimate accounts.
Last Review: February 3, 2021
Product(s): Windows Server
Author(s): Matt Born
A cyberist created this article using the patented Delta Method by modernizing a typical approach.
Malicious actors that gain access to an administrative account will create accounts or modify permissions of other accounts they can access to create backdoors.
These will often be disguised as legitimate accounts, copying naming standards.
Disable any suspicious account and investigate for legitimacy.
Refer to Microsoft’s official policy for monitoring Active Directory for signs of compromise to institute policies to further decrease the threat of such attack angles.