I read your post in http://blog.netspi.com/exploiting-adidns/#comment-218988, and I have a little question

[qwgrsftewg]

in the post, you said we can find DomainDNSZones in LDAP:

but in fact, here in my domain environment, I can't find that after searching every corner, and this is really wired, so I open this issue to ask you why is that, thanks

[Kevin-Robertson]

Get-ADIDNSZone from Powermad should find it. It's probably in DC=DomainDnsZones,DC=matric,DC=loc. You'll need to connect directly to that distinguished name to see it.

[qwgrsftewg]

Get-ADIDNSZone from Powermad should find it. It's probably in DC=DomainDnsZones,DC=matric,DC=loc. You'll need to connect directly to that distinguished name to see it.

still nothing, I just don't have this container, but still thanks the reply.

[Kevin-Robertson]

No results from Get-ADIDNSZone? If you have access to the DNS manager you can go into security/advanced for the zone and you should see the distinguished name listed in the "Inherited from" column.

[Kevin-Robertson]

Here is a good video that covers zone storage and partitions:
https://www.youtube.com/watch?v=iKEbXBbG_VQ

[qwgrsftewg]

Here is a good video that covers zone storage and partitions:
https://www.youtube.com/watch?v=iKEbXBbG_VQ

It works, thanks a lot

but i'm still confusing about why can't I see it when I connect to dc=matrix,dc=loc

[qwgrsftewg]

Here is a good video that covers zone storage and partitions:
https://www.youtube.com/watch?v=iKEbXBbG_VQ

It works, thanks a lot

but i'm still confusing about why can't I see it when I connect to dc=matrix,dc=loc

and here I didn't see that distinguished name