Active Directory Basics
We will try to understand some basics of Active Directory.
According to Microsoft Corporate Vice President Takeshi Numoto, Active Directory is used by 93% of the Fortune 1000.
Note: Do your own research as well for better understanding.
What is Active Directory?
In simple Words Active Directory is a directory service for Windows domain networks. Active Directory is a collection of machines and servers connected inside of domains, that are a collective part of a big forest of domains.
Various Pieces of Active Directory:
- Domain Controllers
- Forest, Trees, Domains
- Trusts
- Policies
- Users + Groups
- Domain Services
Why Large Enterprises Uses Active Directory?
Main thing is companies uses Active Directory because it allows for the control and monitoring of their user’s computers from a single domain controller. And Other tons of task as well like adding users to security groups, resetting a user’s password and moving Computer Objects.
Domain Controllers
Domain controllers are the backbone of active directory. Without a domain controller, you can’t have a directory. We can use upto 1200 domain controllers in a single domain.
Tasks Of a Domain Controller:
- Holds the AD DS data store
- Handles authentication and authorization services
- Replicates update from other domain controllers in the forest.
- Allows admin access to manage domain resources.
AD DS Data Store -
The Active Directory Data Store holds the databases and processes needed to store and manage directory information such as users, groups, and services.
Some of the contents and characteristics of the AD DS Data Store:
- Contains the NTDS.dit — a database that contains all of the information of an Active Directory domain controller as well as password hashes for domain users.
- Stored by default in %SystemRoot%\NTDS
- Accessible only by the domain controller.
Forests, Domains and Trusts
Forest is the top most logical container in an Active Directory Data Store(AD DS). A forest is made up of one or more domains and all of the objects in the domains. It is what categorizes the parts of the network as a whole.
Different Parts of Forest:-
Trees- A hierarchy of domains in active directory domain services.
Domains- A domain is the logical container that sits directly below the forest container and used to group and manage objects.
Organizational Units(OUs)- Containers for groups, Computers, users, printers and other units.
Trusts- A trust is a relationship between forest and domains. In a forest all the domains trust each other because a two-way transitive trust is created when each domain is added. This allow authentication to pass through from one domain to any other domain in the same forest.
Domain services- DNS servers, IPv6.
Domain Schema- Rules for Object creation.
Objects- Users, Groups, printers, computers, shares.
Group Policy
Group policy provides a method to centralize configuration settings and management of computer settings and management of computer settings and user settings in an environment.
These setting are managed by using Group Policy objects(GPOs), but GPOs cannot be applied directly to user or computer objects. A Group policy object must be applied to a domain, site or organizational unit.
Users & Groups
Users are the core to active directory without users why we have active directory in the first place?
By default when we create a domain controller it creates a default group and two users: Administrator and Guest. Mainly there are four types of users but can be more it solely depends on How a company manages the permission of its users.
- Domain Admins:- Controls the domain and the only one with access to the domain controller.
- Local Administrator:- These users can make changes to local machines as an administrator and can control other normal users but they cannot access domain controller.
- Service Accounts:- Used for service maintenance, they are required by windows services such as SQL to pair a service with a service account.
- Domain users:- Everyday users with rights provided by the organization.
Groups make it easier to give permissions to users and objects by organizing them into groups with specified permissions.
Active Directory Groups:-
- Security groups:- Specify permissions for a large number of users.
- Distribution groups:- These groups are used to specify email distribution groups. Not very much important with attcker perspective but can be used for enumeration.
Default Domain Services
- LDAP(Lightweight Directory Access Protocol):- Provides communication between application and directory services.
- Certificate Services:- Allows the domain controller to create, Validate and revoke public key certificate.
- DNS, LLMNR, NBT-NS :- Domain name services for identifying Ip hostnames.
Authentication
Now the thing is Authentication is the most vulnerable part in Active directory. Authentication is done by NTLM and Kerberos.
Kerberos- This is the default auth service for active directory which uses ticket-granting and service tickets to authenticate users and give users access to other resources in the domain.
NTLM:- Default windows authentication protocol which uses encrypted challenge/response protocol.
Now these days there is a push in companies for diverting over cloud because some of their safety features and hassle free deployment. In Active Directory here comes the best player which is Azure which works as a middle man between cloud and Internet. By default the Azure is far great secure rather than the physical Active directory in its default settings.
Here I am Attaching a link as well from HarmJoy in this link you have to view PowerView 3.0 tricks for enumeration purpose this is for attacker perspective.
