Passwords for Kerberoasting conflicts with AD password settings

Question

Passwords for Kerberoasting conflicts with AD password settings

DotDotSlashRepo opened this issue 4 years ago · 2 comments

It looks like script is not configuring password policy for the domain.

I got below error on "VulnAD-Kerberoasting" function. I am using "Windows Server 2016 Standard Evaluation"

[+] Kerberoasting Done
Set-AdAccountPassword : The password does not meet the length, complexity, or history requirement of the domain.
At line:5 char:9
+         Set-AdAccountPassword -Identity $randomuser -Reset -NewPasswo ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidData: (annadiane.genni:ADAccount) [Set-ADAccountPassword], ADPasswordComplexityException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1325,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPassword

Answer 1 · 2020-08-31T22:00:38.000Z

i believe is cuz of password length, however, it should be fixed now

Answer 2 · 2020-09-01T06:45:46.000Z

Awesome. Works like a charm :)