What is Active Directory
Directory service developed by Microsoft to manage Windows domain networks.
Stores information related to objects, such as Computers, Users, Printers, etc.
Think about it as a phone book for Windows.
Authenticates using Kerberos tickets.
Non-Windows devices such as Linux machines, firewalls, etc. can also authenticate to Active Directory via RADIUS or LDAP
Active Directory is the
most commonly used
identity management service in the world
Can be exploited
without ever attacking
patchable exploits.
Instead, we abuse features, trusts, components and more
Components
Physical
Logical
Data Store
Partitions
Global Catalog Server
Schema
Read-Only Domain Controller (RODC)
Domains
Domain Trees
Forests
Sites
Organization Units (OUs)
Physical AD Components
AD DS: Active Directory Domain Services
