# DSInternals
## about_DSInternals

# SHORT DESCRIPTION

The Directory Services Internals (DSInternals) PowerShell Module exposes several internal
and undocumented features of Active Directory.

# LONG DESCRIPTION

The main features of the DSInternals PowerShell Module include:

- Offline ntds.dit file manipulation, including hash dumping, password resets, group membership changes, SID History injection and enabling/disabling accounts.
- Online password hash dumping through the Directory Replication Service Remote Protocol (MS-DRSR).
- Active Directory password auditing that discovers accounts sharing the same passwords or having passwords in a public database like HaveIBeenPwned or in a custom dictionary.
- Domain or local account password hash injection through the Security Account Manager Remote Protocol (MS-SAMR) or directly into the database.
- LSA Policy modification through the Local Security Authority Remote Protocol (MS-LSAD / LSARPC).
- Extracting credential roaming data and DPAPI domain backup keys, either online through MS-DRSR and LSARPC or offline from ntds.dit.
- Bare-metal recovery of domain controllers from just IFM backups (ntds.dit + SYSVOL).
- Password hash calculation, including NT hash, LM hash and kerberos keys.

# NOTE
Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.

# SEE ALSO

[Get-ADDBAccount](Get-ADDBAccount.md)
[Get-ADReplAccount](Get-ADReplAccount.md)
[Test-PasswordQuality](Test-PasswordQuality.md)
[New-ADDBRestoreFromMediaScript](New-ADDBRestoreFromMediaScript.md)
[ConvertTo-NTHash](ConvertTo-NTHash.md)