May 20 2021 08:19 AM
Hi everyone,
In MCAS Activity log we have many "back and forth" entries regarding the property "Computer Operating System" & "AccountSupportedEncryptionTypes" changed from N/A to a value and 3 minutes later the property changed back from a value to N/A.
Examples:
5/15/21 3:20 AM
property: Computer Operating System device AWxxxxx001 from property Windows Server 2019 Datacenter, 10.0 (17763) to property N/A
5/15/21 3:23 AM
property: Computer Operating System device AWxxxxx001 from property N/A to property Windows Server 2019 Datacenter, 10.0 (17763)
5/15/21 3:20 AM
Set property: AccountSupportedEncryptionTypes device AWxxxxx001 from property Rc4,Aes128,Aes256 to property N/A
5/15/21 3:23 AM
Set property: AccountSupportedEncryptionTypes device AWxxxxx001 from property N/A to property Rc4,Aes128,Aes256
5/15/21 3:24 AM
Set property: AccountSupportedEncryptionTypes device AWxxxxx001 from property Rc4,Aes128,Aes256 to property N/A
I suppose these property changes are detected by MDI on the AD computer attribute object.
We have many similar cases, in this example the device is a Domain Controller, created one year ago.
We do not touch the attributes msDS-SupportedEncryptionTypes, operatingSystem or operatingSystemVersion in AD.
Any idea who detected these property changes (MDI?) and why?
Best regards,
Danny
May 23 2021 03:19 AM