Active Directory Notes
Note keeping for Attacking Active Directory section of PEH course.
What is Active Directory ?
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralized domain management. However, Active Directory eventually became an umbrella title for a broad range of directory-based identity-related services. A server running the Active Directory Domain Service (AD DS) role is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network, assigning and enforcing security policies for all computers, and installing or updating software. [1]
https://en.wikipedia.org/wiki/Active_Directory
Physical Active Directory components:
◆ Domain Controller
A domain controller is a server with the AD DS server role installed that has specifically been promoted to a domain controller.
- Properties:
- Hosts a copy of the AD DS directory store.
- Provide authentication and authorization services.
- Replicate updates to other domain controllers in the domain and forest.
- Allow administrative access to manage user accounts and network resources.
◆ AD DS Data Store
The AD DS data store contains the database files and processes that store and manage directory information for users, services and applications.
- Properties:
- Consists of the Ntds.dit file (the file contains some sensitive data including password hashes of all the users in the domain).
- It is stored by default in the %SystemRoots%NTDS folder on all domain controllers.
- Is accessible only through the domain controller processes and protocols.
Logical Active Directory components:
◆ AD DS schema:
It defines every type of object that can be stored in the directory and enforces rules regarding object creation and configuration.
- Class object:
which objects can be created in the directory. example, User, Computer.
- Attribute object:
Information that can be attached to an object. example, Displaying name.
◆ Domains:
Domains are used to group and manage objects in an organization.
- An administrative boundary for applying policies to groups of objects.
- A replication boundary for replicating data between domain controllers.
- An authentication and authorization boundary that provides a way to limit the scope of access to resources.
◆ Trees:
A domain tree is a hierarchy of domains in AD DS. All domains in the tree:
- Share a contiguous namespace with the parent domain.
- Can have additional child domains.
- By default creates a two way transitive trust with other domains.
◆ Forests:
A forest is a collection of one or more domain trees. Forests:
- Share a common schema.
- Share a common global configuration partition.
- Share a common global catalog to enable searching domains in the forest.
- Enable trusts between all the domains of the forest.
- Share the enterprise admin and schema admin groups.
◆ Organizational Units (OUs):
Organizational units are Active directory containers that can contain users, groups, computers and other OUs.
OUs are used to:
- Represent your organization hierarchically and logically.
- Manage a collection of objects in a consistent way.
- Delegate permissions to administer groups of objects.
- Apply policies.
◆ Trusts:
Trusts provide a mechanism for users to gain access to resources in another domain.
- Directional Trust.
- Transitive Trust.
◆ Objects:
AD Lab Setup:
1 x Windows Server 2019.
2 x Windows 10 Enterprise.
- Requirements (minimum):
- 60 GB Disk space.
- 16 GB RAM.
Lab Build-Cloud Alternative (Azure):
Active Directory Lab Setup:
- Download necessary ISOs:
- Set up the Domain Controller.
- Set up the User machines.
- Set up Users, Groups, Policies.
- Join machines to Domain.
