MSRPC

a communication system that lets one computer execute functions on another computer in a Windows/AD environment.

MSRPC is Microsoft’s implementation of Remote Procedure Call (RPC), an interprocess communication technique used for client-server model-based applications. Windows systems use MSRPC to access systems in Active Directory using four key RPC interfaces:

`lsarpc` Local Security Authority RPC

A set of remote commands that talk to Local Security Authority (LSA). LSA is the part of Windows that handles security rules and login rights on a computer or domain.

In plain English:

lsarpc lets you ask a Windows computer: What are the security policies? Who is allowed to do what?
Admins use it to manage security rules remotely.

`netlogon` Netlogon RPC

A Windows service that runs in the background and handles logins in a domain. Works with the domain controller to make sure a user or device is allowed to log in.

`samr` Security Account Manager RPC

RPC commands that let you interact with the database of users and groups (the SAM database in Windows/Active Directory). Allows reading info about accounts or changing them.

Admins use it to create users, delete users, or change group memberships.

`drsuapi` Directory Replication Service RPC

RPC commands that let one Domain Controller copy (replicate) the Active Directory database to another Domain Controller.

It contains all accounts, passwords, and groups, so it’s very powerful if someone abuses it.

MSRPC

lsarpc Local Security Authority RPC

In plain English:

netlogon Netlogon RPC

samr Security Account Manager RPC

drsuapi Directory Replication Service RPC

`lsarpc` Local Security Authority RPC

`netlogon` Netlogon RPC

`samr` Security Account Manager RPC

`drsuapi` Directory Replication Service RPC