DCSyncing a RODC using secretsdump and the default method DRSUAPI fails

Question

DCSyncing a RODC using secretsdump and the default method DRSUAPI fails

jsdhasfedssad opened this issue a year ago · 0 comments

Configuration

impacket version: 0.10.0
Python version: 3.11.2
Target OS: Server 2019

DCSyncing a RODC using secretsdump with the default method DRSUAPI fails. Using the VSS method the attack works. The account used is a member of a domain group that is listed in the ManagedBy attribute of the RODC and therefore has local administrative access.