addcomputer.py

Create machine accounts in Active Directory

TLDR

Add computer to Active Directory

$ addcomputer.py [domain]/[user]:[password] -computer-name [hostname]

Specify domain controller IP

$ addcomputer.py [domain]/[user]:[password] -dc-ip [192.168.1.1] -computer-name [hostname]

Use pass-the-hash authentication

$ addcomputer.py [domain]/[user] -hashes :[NTHASH] -computer-name [hostname]

Add computer with a specific password using LDAP method

$ addcomputer.py [domain]/[user]:[password] -computer-name [hostname] -computer-pass [password] -method LDAPS

SYNOPSIS

addcomputer.py domain/user:password -computer-name name [options]

addcomputer.py (also known as add-computer.py) is an Impacket script for creating machine accounts in Active Directory. It leverages the default AD permission that allows any authenticated user to add computer accounts to the domain.This capability is useful in penetration testing for setting up resource-based constrained delegation attacks or gaining additional footholds in the domain.

PARAMETERS

-dc-ip ip

IP address of the domain controller

-computer-name name

Name of the computer account to create

-computer-pass password

Password for the computer account

-method SAMR|LDAPS

Protocol to use for adding the computer (default: SAMR)

-hashes LMHASH:NTHASH

Authenticate using NT hash

-k, --kerberos

Use Kerberos authentication

-no-pass

Don't prompt for password

-dc-host hostname

Hostname of the domain controller

CAVEATS

For authorized security testing only. The default ms-DS-MachineAccountQuota of 10 can be modified or set to 0 by administrators. Computer accounts created this way are visible to domain administrators.

HISTORY

Part of the Impacket suite maintained by SecureAuth, this tool gained prominence in security testing as resource-based constrained delegation attacks became more widely understood after 2018.