Private preview of this release has been used by Paula Januszkiewicz during her Microsoft Ignite session to decrypt a SID-protected PFX file. Very cool stuff!
Notable Changes
- [Module] Added the Get-ADDBKdsRootKey cmdlet that can dump KDS Root Keys from ntds.dit files. These can then be used for DPAPI-NG decryption, e.g. SID-protected PFX files.
- [Module] The Get-ADReplAccount cmdlet now correctly reports the access denied error.
- [Module] Fixed a bug in progress reporting of the Get-ADReplAccount cmdlet.
- [Framework] Added support for KDS Root Key retrieval.
- [Framework] Replication errors are now reported using more suitable exception types.
PowerShell Gallery
For convenience, the DSInternals PowerShell module is also available on Microsoft's PowerShell Gallery.
NuGet Gallery
Official binary packages are available at NuGet Gallery.
Known Issues
- .NET Framework 4.5.1 is required for the module to be fully functional. Unfortunately, PowerShell versions prior to 5 ignore this prerequisite.