# Active Directory ## Overview ### What is Active Directory? * Directory Service deployed by Microsoft to manage Windows domain networks * Stores information related to objects, such as: * Computers, Users, Printers * AD is like a phone book for windows * Authenticates using Kerberos tickets * Non-Windows devices, such as Linux machines and firewall can authenticate via RADIUS or LDAP ### Physical Active Directory Components #### Domain Controller (DC) * A server with the Active Directory Domain Service (AD DS) server role installed that has been specifically promoted to DC * Jobs: * Host a copy of the AD DS directory store * Provide authentication and authorization services * Replicate updates to other DCs in the domain and forest * Allow administrative access to manage user’s accounts and network resources #### AD DS Data Store * Contains the database files and processes that store and manage directory information for users, services, and applications * Consists of the ntds.dit file * stores all the domain users’ hashes * Is stored by default in the %SYSTEMROOT%\NTDS folder on all domain controllers * Is accessible only through the domain controller processes and protocols ### Logical Active Directory Components #### AD DS Schema * Defines every object that can be stored in the directory * Enforces rules regarding object creation and configuration * Object Types: * Class Object * What object can be created in the directory * ex: Users, Computers * Attribute Object * Information that can be attached to an object * ex: Display Name #### Domains * Used to group and manage objects in an organization * An administrative boundary for applying policies to groups of objects * A replication boundary for replicating data between DCs * An authentication and authorization boundary that provides a way to limit the scope of access resources *** ## Attacking Active Directory Strategies * Begin the day with `responder` or `mitm6` * Run scans to generate traffic * Look for websites in scope * Look for default creds on web logins * printers, jenkins, routers, etc. * Think outside of the box and enumerate everything