Description
Running the "Test-MdiReadiness.ps1" on a local DC creates the following error message:
- "Unable to get the advanced auditing settings remotely."
Reproduction steps
- Log onto DC locally then launch PowerShell and run "Test-MdiReadiness.ps1."
Logs (from .JSON output)
{ "DomainSchemaVersion": { "schemaVersion": 88, "details": "Windows Server 2019 / 2022" }, "DomainAdfsAuditing": { "details": "Microsoft ADFS Program Data container not found", "isAdfsAuditingOk": true }, "Domain": “XXX”, "DomainControllers": { "OS": "Windows Server 2016 Standard", "CapturingComponent": "Npcap (1.70), WinPcap 4.1.3 (4.1.0.2980)", "IP": “xx”x, "NtlmAuditing": true, "PowerSettings": false, "ServerRequirements": true, "RootCertificates": true, "FQDN": “XXX, "OSVersion": true, "Details": { "ServerRequirementsDetails": { "NumberOfLogicalProcessors": 2, "TotalPhysicalMemory": 8588820480, "OsDiskDeviceID": "C:", "OsDiskFreeSpace": 65774243840 }, "PowerSettingsDetails": null, "AdvancedAuditingDetails": "Unable to get the advanced auditing settings remotely", "NtlmAuditingDetails": [ { "regKey": "System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\AuditReceivingNTLMTraffic", "value": 2 }, { "regKey": "System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\RestrictSendingNTLMTraffic", "value": 1 }, { "regKey": "System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\AuditNTLMInDomain", "value": 7 } ], "RootCertificatesDetails": [ { "Thumbprint": "DF3C24F9BFD666761B268073FE06D1CC8D4F82A4", "Subject": "CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US", "Issuer": "CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US", "NotBefore": "\/Date(1375358400000)\/", "NotAfter": "\/Date(2147169600000)\/" }, { "Thumbprint": "D4DE20D05E66FC53FE1A50882C78DB2852CAE474", "Subject": "CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE", "Issuer": "CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE", "NotBefore": "\/Date(958157160000)\/", "NotAfter": "\/Date(1747094340000)\/" }, { "Thumbprint": "A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436", "Subject": "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "Issuer": "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "NotBefore": "\/Date(1163116800000)\/", "NotAfter": "\/Date(1952035200000)\/" } ], "OSVersionDetails": { "Caption": "Microsoft Windows Server 2016 Standard", "Version": "10.0.14393" } }, "MachineType": "Hyper-V", "SensorVersion": "2.215.17148.48037", "AdvancedAuditing": false }, "DomainExchangeAuditing": { "details": [ { "ObjectAceFlags": 1, "ObjectAceType": "45ec5156-db7e-47bb-b53f-dbeb2d03c40f", "InheritedObjectAceType": "00000000-0000-0000-0000-000000000000", "BinaryLength": 40, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 256, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 7, "AceFlags": 64, "IsInherited": false, "InheritanceFlags": 0, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "ExtendedRight", "AuditFlagsValue": 1, "AceFlagsValue": 64 }, { "BinaryLength": 36, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 256, "SecurityIdentifier": { "BinaryLength": 28, "AccountDomainSid": { "BinaryLength": 24, "AccountDomainSid": "S-1-5-21-1929213017-1124552077-618671499", "Value": "S-1-5-21-1929213017-1124552077-618671499" }, "Value": "S-1-5-21-1929213017-1124552077-618671499-513" }, "AceType": 2, "AceFlags": 64, "IsInherited": false, "InheritanceFlags": 0, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "ExtendedRight", "AuditFlagsValue": 1, "AceFlagsValue": 64 }, { "BinaryLength": 24, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 256, "SecurityIdentifier": { "BinaryLength": 16, "AccountDomainSid": null, "Value": "S-1-5-32-544" }, "AceType": 2, "AceFlags": 64, "IsInherited": false, "InheritanceFlags": 0, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "ExtendedRight", "AuditFlagsValue": 1, "AceFlagsValue": 64 }, { "BinaryLength": 20, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 786464, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 2, "AceFlags": 64, "IsInherited": false, "InheritanceFlags": 0, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "WriteProperty, WriteDacl, WriteOwner", "AuditFlagsValue": 1, "AceFlagsValue": 64 } ], "isExchangeAuditingOk": false }, "CAServers": { "OS": "Windows Server 2016 Standard", "CapturingComponent": "", "IP": “xx”x, "PowerSettings": false, "ServerRequirements": true, "RootCertificates": true, "FQDN": “XX”X, "CAAuditing": true, "OSVersion": true, "Details": { "ServerRequirementsDetails": { "NumberOfLogicalProcessors": 2, "TotalPhysicalMemory": 8588869632, "OsDiskDeviceID": "C:", "OsDiskFreeSpace": 13454467072 }, "PowerSettingsDetails": null, "AdvancedAuditingCADetails": "Unable to get the advanced auditing settings remotely", "CAAuditingDetails": { "regKey": "System\\CurrentControlSet\\Services\\CertSvc\\Configuration\\XXX\\AuditFilter", "value": 127 }, "RootCertificatesDetails": [ { "Thumbprint": "DF3C24F9BFD666761B268073FE06D1CC8D4F82A4", "Subject": "CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US", "Issuer": "CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US", "NotBefore": "\/Date(1375358400000)\/", "NotAfter": "\/Date(2147169600000)\/" }, { "Thumbprint": "D4DE20D05E66FC53FE1A50882C78DB2852CAE474", "Subject": "CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE", "Issuer": "CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE", "NotBefore": "\/Date(958157160000)\/", "NotAfter": "\/Date(1747094340000)\/" }, { "Thumbprint": "A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436", "Subject": "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "Issuer": "CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US", "NotBefore": "\/Date(1163116800000)\/", "NotAfter": "\/Date(1952035200000)\/" } ], "OSVersionDetails": { "Caption": "Microsoft Windows Server 2016 Standard", "Version": "10.0.14393" } }, "MachineType": "Hyper-V", "SensorVersion": "N/A", "AdvancedAuditingCA": false }, "DomainObjectAuditing": { "isObjectAuditingOk": true, "details": [ { "ObjectAceFlags": 3, "ObjectAceType": "f30e3bbe-9ff0-11d1-b603-0000f80367c1", "InheritedObjectAceType": "bf967aa5-0de6-11d0-a285-00aa003049e2", "BinaryLength": 56, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 32, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 7, "AceFlags": 66, "IsInherited": false, "InheritanceFlags": 1, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "WriteProperty", "AuditFlagsValue": 1, "AceFlagsValue": 66 }, { "ObjectAceFlags": 3, "ObjectAceType": "f30e3bbf-9ff0-11d1-b603-0000f80367c1", "InheritedObjectAceType": "bf967aa5-0de6-11d0-a285-00aa003049e2", "BinaryLength": 56, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 32, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 7, "AceFlags": 66, "IsInherited": false, "InheritanceFlags": 1, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "WriteProperty", "AuditFlagsValue": 1, "AceFlagsValue": 66 }, { "ObjectAceFlags": 2, "ObjectAceType": "00000000-0000-0000-0000-000000000000", "InheritedObjectAceType": "ce206244-5827-4a86-ba1c-1c0c386c1b64", "BinaryLength": 40, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 852331, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 7, "AceFlags": 74, "IsInherited": false, "InheritanceFlags": 1, "PropagationFlags": 2, "AuditFlags": 1, "AccessMaskDetails": "CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, ExtendedRight, Delete, WriteDacl, WriteOwner", "AuditFlagsValue": 1, "AceFlagsValue": 74 }, { "ObjectAceFlags": 2, "ObjectAceType": "00000000-0000-0000-0000-000000000000", "InheritedObjectAceType": "bf967a86-0de6-11d0-a285-00aa003049e2", "BinaryLength": 40, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 852331, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 7, "AceFlags": 74, "IsInherited": false, "InheritanceFlags": 1, "PropagationFlags": 2, "AuditFlags": 1, "AccessMaskDetails": "CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, ExtendedRight, Delete, WriteDacl, WriteOwner", "AuditFlagsValue": 1, "AceFlagsValue": 74 }, { "ObjectAceFlags": 2, "ObjectAceType": "00000000-0000-0000-0000-000000000000", "InheritedObjectAceType": "7b8b558a-93a5-4af7-adca-c017e67f1057", "BinaryLength": 40, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 852331, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 7, "AceFlags": 74, "IsInherited": false, "InheritanceFlags": 1, "PropagationFlags": 2, "AuditFlags": 1, "AccessMaskDetails": "CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, ExtendedRight, Delete, WriteDacl, WriteOwner", "AuditFlagsValue": 1, "AceFlagsValue": 74 }, { "ObjectAceFlags": 2, "ObjectAceType": "00000000-0000-0000-0000-000000000000", "InheritedObjectAceType": "bf967a9c-0de6-11d0-a285-00aa003049e2", "BinaryLength": 40, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 852331, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 7, "AceFlags": 74, "IsInherited": false, "InheritanceFlags": 1, "PropagationFlags": 2, "AuditFlags": 1, "AccessMaskDetails": "CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, ExtendedRight, Delete, WriteDacl, WriteOwner", "AuditFlagsValue": 1, "AceFlagsValue": 74 }, { "ObjectAceFlags": 2, "ObjectAceType": "00000000-0000-0000-0000-000000000000", "InheritedObjectAceType": "bf967aba-0de6-11d0-a285-00aa003049e2", "BinaryLength": 40, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 852331, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 7, "AceFlags": 74, "IsInherited": false, "InheritanceFlags": 1, "PropagationFlags": 2, "AuditFlags": 1, "AccessMaskDetails": "CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, ExtendedRight, Delete, WriteDacl, WriteOwner", "AuditFlagsValue": 1, "AceFlagsValue": 74 }, { "BinaryLength": 36, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 256, "SecurityIdentifier": { "BinaryLength": 28, "AccountDomainSid": { "BinaryLength": 24, "AccountDomainSid": "S-1-5-21-1929213017-1124552077-618671499", "Value": "S-1-5-21-1929213017-1124552077-618671499" }, "Value": "S-1-5-21-1929213017-1124552077-618671499-513" }, "AceType": 2, "AceFlags": 64, "IsInherited": false, "InheritanceFlags": 0, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "ExtendedRight", "AuditFlagsValue": 1, "AceFlagsValue": 64 }, { "BinaryLength": 24, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 256, "SecurityIdentifier": { "BinaryLength": 16, "AccountDomainSid": null, "Value": "S-1-5-32-544" }, "AceType": 2, "AceFlags": 64, "IsInherited": false, "InheritanceFlags": 0, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "ExtendedRight", "AuditFlagsValue": 1, "AceFlagsValue": 64 }, { "BinaryLength": 20, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 786464, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 2, "AceFlags": 64, "IsInherited": false, "InheritanceFlags": 0, "PropagationFlags": 0, "AuditFlags": 1, "AccessMaskDetails": "WriteProperty, WriteDacl, WriteOwner", "AuditFlagsValue": 1, "AceFlagsValue": 64 }, { "BinaryLength": 20, "AceQualifier": 2, "IsCallback": false, "OpaqueLength": 0, "AccessMask": 32, "SecurityIdentifier": { "BinaryLength": 12, "AccountDomainSid": null, "Value": "S-1-1-0" }, "AceType": 2, "AceFlags": 194, "IsInherited": false, "InheritanceFlags": 1, "PropagationFlags": 0, "AuditFlags": 3, "AccessMaskDetails": "WriteProperty", "AuditFlagsValue": 3, "AceFlagsValue": 194 } ] } }
Some Additional Context:
https://learn.microsoft.com/en-us/answers/questions/1377287/defender-for-identity-directory-services-advanced?comment=question#newest-question-comment