🪟 Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It provides directory services for managing Windows-based computers on a network. AD stores information about objects such as users, groups, computers, and other resources, and provides authentication and authorization services.
- Data store
- Domain controllers
- Global catalog server
- Read-Only Domain Controller (RODC)
➡️ Domain Controller - a server with the Active Directory Domain Services (AD DS) server role, specifically promoted to a domain controller
- Host a copy of the AD DS directory store
- Provide authentication and authorization services
- Replicate updates to other domain controllers
- Allow administrative access to manage user accounts and network resources
➡️ AD DS Data store - database files and processes that store and manage directory information for users, services and apps
- Contains
Ntds.ditfile - very important file (contains password hashes, etc)- stored in the
%SystemRoot%\NTDSfolder on all domain controllers - accessible only through the domain controller processes and protocols
- stored in the
- Partitions
- Schema
- Domains
- Domain trees
- Forests
- Sites
- Organization units (OUs)
➡️ AD DS Schema - (like a rulebook) defines every type of object that can be stored in the directory, enforces object creation and configuration rules
- Class object - what objects can be created in the directory (user, computer, etc)
- Attribute object - information that can be attached to an object (display name, etc)
➡️ Domains - used to group and manage objects in an organization
- Administrative boundary for applying policies to groups of objects
- Replication boundary for replicating data between domain controllers
- Authentication and authorization boundary - to limit the scope of access to resources
➡️ Trees - a hierarchy of domains in AD DS, that can
- share a contiguous namespace with the parent domain
- can have additional child domains
- (by default) create a 2-way transitive trust with other domains
➡️ Forests - a collection of domain trees
- Forests share common
- schema
- configuration partition
- global catalog to enable searching
- Enable trusts between all domains in the forest
- Share the Enterprise Admins and Schema Admins groups
➡️ Organizational Units (OUs) - AD containers that can contain users, groups, computers, other OUs
- Represent the organization hierarchically and logically
- Manage a collection of objects in a consistent way
- Delegate permissions to administer groups of objects
- Apply policies
➡️ Trusts - provide a mechanism for users to gain access to resources in another domain
-
All domains in a forest trust all other domains in the forest
-
Trusts can extend outside the forest
-
Directional - the trust direction flows from trusting domain to the trusted domain
- trusting domain -> trusted domain
-
Transitive - the trust relationship is extended to include other trusted domains
➡️ Objects
- User - Enables network resource access for a user
- InetOrgPerson - Used for compatibility with other directory services
- Contacts - Used primarily to assign e-mail addresses to external users; no network access
- Groups - Used to simplify the administration of access control
- Computers - Enable authentication and auditing of computer access to resources
- Printers - Simplify the process of locating and connecting to printers
- Shared folders - Enables users to search for shared folders based on preperties
- Active Directory Lab
- AD - Initial Attack Vectors
- AD - Post-Compromise Enumeration
- AD - Post-Compromise Attacks
- AD - Additional Attacks
- AD - Case Studies