Active Directory Service Interfaces (ADSI) – A set of Component Object Model (COM) interfaces for managing Active Directory services. It can be utilized in several scripting and programming languages.

• Enables reading, adding and managing Active Directory Objects

• Part of .NET framework:

  • System.DirectoryServices.DirectoryEntry (ADSI)

  • System.DirectoryServices.DirectorySearcher (ADSISearcher)

• Can be accessed via PowerShell by creating objects for above classes

• Example:

  • $domain = New-Object –TypeName System.DirectoryServices.DirectoryEntry

  • $domain2 = [System.DirectoryServices.DirectoryEntry]”LDAP://dc=ycsccorp,dc=local”

  • $domain3 = [ADSI]”LDAP://dc=ycsccorp,dc=local”

Using ADSI

• Creating OU

  • $domainOU = $domain1.Create(“organizationalUnit”,”ou=YCSCTest”)

  • $domainOU.SetInfo()

• Creating User

  • $domainUser = $domain1.Create(“user”,”cn=YCSCUser”)

  • $domainOU.SetInfo()

Pros and Cons

• Pros

  • It is available on most Windows machines by default

  • Does not require AD-Module, RSAT or any other special libraries

  • Not easily detected

  • Can be used to create custom tools leveraging ADSI and ADSISearcher

• Cons

  • Takes some time to learn

  • Lack of documentation

Watch the video