Active Directory Overview

Taken from the PEH course from TCM Academy

Active Directory is a directory service developed by Microsoft to manage Windows domain networks.

  • It stores information related to objects, such as computers, users, printers, etc.

  • It uses Kerberos tickets for authentication. Non-Windows devices, such as Linux machines, firewalls, etc. can also authenticate to Active Directory via RADIUS or LDAP.

  • Active Directory is the most commonly used identity management service in the world.

  • 95% of Fortune 1000 companies implement the service in their networks.

  • Can be exploited without ever attacking patchable exploits. We can abuse features, trusts, components and more.

Physical Active Directory Components

Domain Controllers

A domain controller is a server with the AD DS server role installed that has specifically been promoted to a domain controller.

  • Host a copy of the AD DS directory store.

  • Provide authentication and authorization services.

  • Replicate updates to other domain controllers in the domain and forest.

  • Allow administrative access to manage user accounts and network resources.

AD DS Data Store

The AD DS data store contains the database file and processes that store and manage directory information for users, services and applications.

  • Consists of the NTDS dit file

  • Is stored by default in the %SystemRoot%\NTDS folder on all domain controllers

  • Is accessible only through the domain controller processes and protocols

Logical Active Directory Components

AD DS Schema

  • Defines every type of object that can be stored in the directory

  • Enforces rules regarding object creation and configuration

Object Types

Function

Examples

Class Object

What objects can be created in the directory

  • User

  • Computer

Attribute Object

Information that can be attached to an object

  • Display name

Domains

Domains are used to group and manage objects in an organization

  • An administrative boundary for applying policies to groups of objects

  • A replication boundary for replicating data between domain controllers

  • An authentication and authorization boundary that provides a way to limit the scope of access to resources

Trees

A domain tree is a heriarchy of domains in AD DS

All domains in the tree:

  • Share a contiguous namespace with the parent domain

  • Can have additional child domains

  • By default create a two-way transitive trust with other domains

Forests

A forest is a collection of one or more domain trees

  • Share a common schema

  • Share a common configuration partition

  • Share a common global catalog to enable searching

  • Enable trusts between all domains in the forest

  • Share the Enterprise Admins and Schema Admins groups

Organizational Units (Ous)

OUs are used to:

  • Represent your organization heriarchically and logically

  • Manage a collection of objects in a consistent way

  • Delegate permissions to administer groups of objects

  • Apply policies

Trusts

Truts provide a mechanism for users to gain access to resources in another domain

Types of trust:

  1. Directional: The trust direction flows from trusting domaing to the trusted domain.

  2. Transivite: The trust relationship is extended beyond a two-domain trust to include other trusted domains.

  • All domains in the forests trust all other domains in the forest.

  • Trusts can extend outside the forest

Objects

Obect

Description

User

  • Enables network resource access for a user

InetOrgPerson

  • Similar to a user account

  • Used for compatibility with other directory services

Contacts

  • Used primarily to assign e-mail addresses to external users

  • Does not enable network access

Groups

  • Used to simplify the administration of access control

Computers

  • Enables authentication and auditing of computer access to resources

Printers

  • Used to simplify the process of locating and connecting to printers

Shared Folders

  • Enables users to search for shared folders based on properties

Last updated

Was this helpful?