Active Directory

What is active directory?

• Directory service developed by Microsoft to manage Windows Domain Networks.

• Stores Information related to objects, such as Computers, users, Printers, etc.

• Authenticates using kerberos tickets.

Why Active Directory?

Active Directory lets you create security groups, setting up which users can access which network assets, such as shared files and applications.

You can also organize your company’s network hierarchy. For example, it’s through AD that you determine which computers and printers belong on the network.

Active Directory is the most commonly used identity management service in the world.

Active Directory Physical Components

Domain Controller's

This is a server with AD DS server role installed that has specifically been promoted to a domain controller.

What it does?

• Host a copy of the AD DS directory store

• Provide authentication and authorization services

• Replicate Updates to other Domain Controllers in the Domain Forest

• Allow administrative access to manage user account and network resources

What the AD DS?

The Active Directory Data Store contains some database files, manage user information or even processes, services and application.

• Consist of the database file Ntds.dit (aka: The Most Famous DB File in Active Directory)

• Is store by default in the %Systemroot%\NTDS folder in the Domain Controllers

• The Ntds.dit file include a lot of sensitive information like, users, passwords, objects, etc.

Domains

Contains all the information about the objects of the Active directory. Domains are used to group and manage objects in organization.

• The objects of the directory are contained inside the domain. Inside a "forest" more than one domain can exist and each of them will have their own objects collection.

• Is just one domain (Example: enterprise.com)

Trees

Group of domains with the same root. (Example: dom.local, email.dom.local, www.dom.local)

Forest

Is just a collection of Trees, it could be more than one.

• Share a common configuration partition.

• Enable trust between all domains in the forest.

• Admins and Schema admin groups are shared.

Organizational Units (OU's)

Containers that can have, users, groups, computers etc.

• Apply Policies, delegate permissions to admin group of objects and manage.

Domain Trust

Microsoft considers that the domain isn't a Security Boundary, the Forest is the security Boundary. This means that if you compromise a domain inside a Forest, you might be able to compromise the entire Forest.

Objects

There are 7 objects that you need to know.

Printers

Simplify connecting and locating printers

Users

Network resource access

Groups

Simplify administrator control.

Shared Folder

User can search for shared folders based on the properties.

Contacts

Used to assign e-mail address to external users.

InetOrgPerson

Compatibility with other directory services.

Computers

Management of resources like, authentication, auditing users, access and resources.

Resources

• Microsoft: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-domain-services

• Hacktrickz Active Directory: https://book.hacktricks.xyz/windows-hardening/active-directory-methodology