upvote

points

by EvanAnderson9 hours ago |
comments
upvoteby holowoodman8 hours ago|
[-]
Corporate IT just forklifted out tons and tons of workstations and laptops for the windows 10 to 11 migration.

Active Directory is just not developed anymore, its basically abandonware that everyone still uses. The new hot stuff is the Azure AD/Entra ID bastardization of Web Auth plus AD that they try to upsell people to.

reply
upvoteby p_ing8 hours ago|
parent|
next
[-]
Active Directory got some major major major updates in Server 2025.

https://learn.microsoft.com/en-us/windows-server/get-started...

Including the relevant:

> Kerberos changes for Algorithms used for Ticket Granting Tickets: The Kerberos Distribution Center will no longer issue Ticket Granting Tickets using RC4 encryption, such as RC4-HMAC(NT).

reply
upvoteby mr_mitm7 hours ago|
parent|
[-]
Kerberoasting specifically targets service tickets, not TGTs. I wonder if the change really only applies to TGTs or if they simply neglected to mention service tickets.
reply
upvoteby EvanAnderson8 hours ago|
parent|
prev|
[-]
> Corporate IT just forklifted out tons and tons of workstations and laptops for the windows 10 to 11 migration.

That's just client computer replacement, though. That's a known quantity and is on most IT orgs. roadmaps. We've been replacing computers regularly since we got PCs.

Moving to new AD functional levels, even when the actual risk is minimal, is something I've seen IT orgs. drag their feet on out of fear.

reply
upvoteby doubled1124 hours ago|
parent|
[-]
> new AD functional levels

Fear of change is real in more areas than this.

I can't wait to decom our last 2012 R2 DCs and upgrade to something from this decade "soon".

reply