All Episodes

July 11, 2025 5 mins

Welcome to Guardians of the Directory, the podcast where we break down real-world threats, best practices, and insights in Active Directory, Entra ID, and Microsoft identity security.

In today’s episode, Craig Birch dives into one of Active Directory’s oldest — and most quietly dangerous — features: the primaryGroupID. While originally designed for POSIX compatibility and legacy systems, this attribute can now be misused to grant hidden privileges, bypass group auditing, and create stealth admin access.

🔍 In this episode, you'll learn:

  • What the primaryGroupID attribute is and why it still exists

  • Why anything other than 513 (Domain Users) should raise red flags

  • How attackers can leverage this setting to hide elevated privileges

  • How to detect non-standard values using PowerShell

  • How to safely remediate misconfigured accounts

  • Why real-time detection with Cayosoft Guardians is a smarter defense

Craig walks you through not just how to fix the problem — but how to prevent it entirely with intelligent alerting, automation, and policy enforcement.

Mark as Played

Advertise With Us

Popular Podcasts

Stuff You Should Know
24/7 News: The Latest

24/7 News: The Latest

The latest news in 4 minutes updated every hour, every day.

Dateline NBC

Dateline NBC

Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com

Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

© 2025 iHeartMedia, Inc.