Hey everyone! I'm about to assess my client's Active Directory using Purple Knight for the first time, but I'm running into some challenges. The documentation is quite sparse and doesn't really address all my questions. The Active Directory team is really concerned about the tool crashing our infrastructure, even though most sources suggest it doesn't generate much traffic.
They want us to conduct the assessment on a pre-production domain controller, but I'm unsure if I can specify which DC to scan with Purple Knight. I tried entering the specific DC name in the AD environment field, but it just reverts to the domain name. Is there a way to target a specific DC, perhaps by changing the LOGONSERVER variable on the machine with the tool? Any insights would be hugely appreciated, as I'm feeling a bit stuck right now!
5 Answers
I haven’t used Purple Knight in a while since I usually go for PingCastle, but I believe you can specify a DC through command line options. Also, what do you mean by ‘pre-prod?’ Is that a staging environment?
You don’t need to worry about Purple Knight crashing your AD. It’s been tested in all sorts of environments, and it's designed with safe options enabled by default. If you want to restrict it to a specific DC, consider controlling access through your network setup.
Purple Knight’s default settings are safe, and only a few options could be risky, but they're not enabled unless you choose them explicitly. Your AD team might want to look into that.
If your team is really worried, one option is to install the tool on a DC and then run it in a controlled environment like VMware Workstation with no network access. That way, you can see how it impacts the server without affecting the wider network. Better safe than sorry, right?
I've used Purple Knight in various environments with no issues. If a non-privileged user can crash your infrastructure just by running this tool, then there’s a bigger issue at hand since they could easily do the same with PowerShell. Just saying!
Exactly! It sounds like there's a deeper security concern here.