文章介绍了Active Directory中的Foreign Security Principals(FSP),即来自其他森林的账户或组,具有当前AD森林的权限。这些FSP可能拥有高权限,需严格审查并删除不必要的账户以防止潜在风险。 2025-10-9 00:3:0 Author: adsecurity.org(查看原文) 阅读量:17 收藏
Oct 08 2025
Review the membership of groups for accounts and groups from another Active Directory forest (technically another domain, but using forest here). These are called “Foreign Security Principals” (FSPs) like the ones highlighted in the image. These FSPs are accounts that exist in another forest but have rights in the AD forest.
Any FSPs should be scrutinized and removed if not required. It’s important to review and strictly control these since they may be highly privileged. In this example, compromise of another AD forest (TRDNET) would result in compromise of the current AD forest (Trd.com).
PowerShell script to scan privileged groups for FSPs:
https://github.com/PyroTek3/Misc/blob/main/Invoke-FindPrivilegedFSPs.ps1
(Visited 18 times, 18 visits today)
Sean Metcalf
I improve security for enterprises around the world working for TrustedSec & I am @PyroTek3 on Twitter.
Read the About page (top left) for information about me. :)
https://adsecurity.org/?page_id=8
如有侵权请联系:admin#unsafe.sh