Active Directory Overview
Taken from the PEH course from TCM Academy
Active Directory is a directory service developed by Microsoft to manage Windows domain networks.
It stores information related to objects, such as computers, users, printers, etc.
It uses Kerberos tickets for authentication. Non-Windows devices, such as Linux machines, firewalls, etc. can also authenticate to Active Directory via RADIUS or LDAP.
Active Directory is the most commonly used identity management service in the world.
95% of Fortune 1000 companies implement the service in their networks.
Can be exploited without ever attacking patchable exploits. We can abuse features, trusts, components and more.
Physical Active Directory Components
Domain Controllers
A domain controller is a server with the AD DS server role installed that has specifically been promoted to a domain controller.
Host a copy of the AD DS directory store.
Provide authentication and authorization services.
Replicate updates to other domain controllers in the domain and forest.
Allow administrative access to manage user accounts and network resources.
AD DS Data Store
The AD DS data store contains the database file and processes that store and manage directory information for users, services and applications.
Consists of the NTDS dit file
Is stored by default in the %SystemRoot%\NTDS folder on all domain controllers
Is accessible only through the domain controller processes and protocols
Logical Active Directory Components
AD DS Schema
Defines every type of object that can be stored in the directory
Enforces rules regarding object creation and configuration
Object Types
Function
Examples
Class Object
What objects can be created in the directory
User
Computer
Attribute Object
Information that can be attached to an object
Display name
Domains
Domains are used to group and manage objects in an organization
An administrative boundary for applying policies to groups of objects
A replication boundary for replicating data between domain controllers
An authentication and authorization boundary that provides a way to limit the scope of access to resources
Trees
A domain tree is a heriarchy of domains in AD DS
All domains in the tree:
Share a contiguous namespace with the parent domain
Can have additional child domains
By default create a two-way transitive trust with other domains
Forests
A forest is a collection of one or more domain trees
Share a common schema
Share a common configuration partition
Share a common global catalog to enable searching
Enable trusts between all domains in the forest
Share the Enterprise Admins and Schema Admins groups
Organizational Units (Ous)
OUs are used to:
Represent your organization heriarchically and logically
Manage a collection of objects in a consistent way
Delegate permissions to administer groups of objects
Apply policies
Trusts
Truts provide a mechanism for users to gain access to resources in another domain
Types of trust:
Directional: The trust direction flows from trusting domaing to the trusted domain.
Transivite: The trust relationship is extended beyond a two-domain trust to include other trusted domains.
All domains in the forests trust all other domains in the forest.
Trusts can extend outside the forest
Objects
Obect
Description
User
Enables network resource access for a user
InetOrgPerson
Similar to a user account
Used for compatibility with other directory services
Contacts
Used primarily to assign e-mail addresses to external users
Does not enable network access
Groups
Used to simplify the administration of access control
Computers
Enables authentication and auditing of computer access to resources
Printers
Used to simplify the process of locating and connecting to printers
Shared Folders
Enables users to search for shared folders based on properties
Last updated
Was this helpful?