DOMAINS
The DOMAINS plugin retrieves information about ActiveDirectory Domain(s) that this Mac is connected to, from the file, the path, "*/Library/Preferences/OpenDirectory/Configurations/Active Directory/". The output of running this plugin is the "Domain_ActiveDirectory" file with Active Directory Domain information, in addition to an "Export" folder containing plists of User and Domain information. If the "/Active Directory" folder does not exist, the plugin does not output the "Domain_ActiveDirectory" file nor the "DOMAIN" plists.
This plugin supports standalone mode.
$ python mac-apt.py -x -o ~/Case_Output E01 ~/Acquisition.E01 DOMAINS
| Field Name | Notes |
|---|---|
| node name | Name/Directory of the Domain |
| trustaccount | Hostname of the Trust Account used to verify security credentials |
| trustkerberosprincipal | Kerberos server principal name if Kerberos authentication is enabled |
| trusttype | Type of trust established; authenticated, anonymous, joined |
| allow multi-domain | (Boolean) Whether or not multi-domain authorization is allowed |
| cache last user logon | (Boolean) ("Cache Last User Logon for Offline Operation") Whether or not Mac user has ability to use his or her Active Directory domain credentials to log on to the Macintosh computer when the computer is not physically connected to the domain as a local machine |
| domain | Name of the domain |
| forest | Name of the associated forest |
| trust domain | Name of the domain associated with the trust |
| source | Source file from which the Active Directory information was retrieved |