Open in app

Sign in

Write

Sign in

Active Directory Essentials: Core Basics Simplified

Jinendar Kothari
5 min readOct 3, 2024

--

Greetings Readers !!!

In this blog, we will be diving into the basics or core concepts of Active Directory. We all have heard that we need to learn to walk before running. So this blog acts as basic course to walking in the track of active Directory.

This blog will be primarily theory-focused, so I appreciate your patience as we delve into the details.

What is Active Directory and why you should give a damn ?

Img: Active Directory

Active Directory is a directory service for windows network environment which provides authentication & authorization function within a window domain environment.

A directory service, like Active Directory Domain Services (AD DS), provides the mechanisms for storing this data and making it accessible to network users and administrators.

For instance, AD DS holds details about user accounts, including names, passwords, and phone numbers, and allows authorized users within the same network to access this information.

But Why AD ? Why we should give a damn about it?

AD DS (Active Directory Directory Service) is the de facto standard for directory services in large organizations. It’s used by the vast majority of Fortune 500 companies to manage user identities, permissions, and network resources.

It is used across a wide range of industries, including government, healthcare, finance, education, and technology. Hence, it is a critical component in most enterprise networks, serving as the central hub for managing authentication, authorization, and user information.

Img: It’s Important

Delving into basics: Learn to walk before you run

So, the Active Directory has two major components: Physical and Logical

Image: Components of Active Directory

Physical Components

physical components refer to the infrastructure that ensures the directory service operates effectively within a network. These components are concerned with how Active Directory is distributed and replicated across multiple locations.

Now there are 2 major physical components in Active Directory which we are gonna discuss here.

1. Domain Controller

A domain Controller is a server with the AD DS server role installed that has specifically been promoted to a domain controller. It host our Active Directory and has all the info on the users, the computers, what printers are in network etc.

Importance of a Domain Controller within an AD environment

  1. It provides authentication and authorization.
  2. Its the third most common device within the AD domain. It allows you to manage the AD domain and allows Administrative Access to manage user account and network resources.
  3. Often deemed to be the most sensitive device within the network as they contain hashed password for all user accounts within the environment.

2. AD DS Data Store

The AD-DS data store contains the Database files and processes that store and manage directory information for user, services and applications. it consist of ntds.dit file.

Now what is NTDS.dit file ?

NTDS (NT Directory Services) is a key component of an Active Directory Environment. This file contains everything that is stored in AD Data and more importantly it contains password hashes for all users in that domain.

These password Hashes are used by the attacker to either crack them online, or doing pass the hash attacks, golden ticket attack with a hash. (Scary stuff !!)

It is stored by default in the %SystemRoot%\NTDS folder and all domain controllers are accessible only through the domain controller processes and protocols.

However, this file is encrypted using a BootKey (also known as the System Boot Key or SysKey) for added protection. The BootKey is derived from multiple sources within the system’s registry, particularly from HKEY_LOCAL_MACHINE\SYSTEM.

Logical Components

logical components defines how data is structured, managed, and organized. These logical components help organize users, computers, and other resources in a way that supports easy management and scalability in large environments. Let’s Dive right into it.

1. Schema

Schema is like a rule book or blueprint which defines every type of objects that can be stored in the directory.

It enforces rules regarding object creation and configuration.

2. Domain

Domains are used to group and manage objects in an organization. They are like an administrative boundary for applying policies to group of objects.

Its a replication boundary for replicating data between domain controllers; an authentication and authorization boundary that provides a way to limit the scope of access to resources.

3. Trees

A domain tree is a hierarchy of domain in AD DS.

All domain in the tree:

  1. Share a contiguous namespace with the parent Domain.
  2. Can have additional Domains.
  3. By default create a two-way transitive trust with other domain.

4. Forests

A forest is a collection of one or more domain trees which:

  1. Share a common schema
  2. shares a common configuration partition.
  3. shares a common global catalog to enable searching.
  4. enable trusts between all domain in the forest.
  5. Shares the enterprise admins & schema admins groups.

5. Organizational Units (OUs)

OU’s are active directory containers that can contain users, groups, computers and other OU’s.

OU’s are used to:

  1. Represent your organization hierarchically and logically.
  2. Manage a collection of objects in a consistent way.
  3. Delegate permissions to administer group of objects.
  4. Apply policies.

6. Trusts

Trusts provide a mechanism for user to gain access to resources in another domain.

Types of Trusts

  1. Directional : The trust direction flows from trusting domain to the trusted domain.
  2. Transitive : The trust relationship is extended beyond a two domain trust to include in other trusted domain.

7. Objects

Objects are like what is going to be inside of our OUs or organizational units. Some of the objects are as follows:

Users: Enables network resource access for a user.

InetOrgPerson: Similar to a user account, Used for compatibility with other directory services

Contacts: Used primarily to assign email address to external user. Does not enable network access

Groups: Used to simplify the administration of access control

Computers: Enables authentication and auditing of computer access to resources

Printers: Used to simplify the process of locating and connecting to printers.

Shared Printers: Enables users to search for shared folders based on properties.

To summarize it

Active Directory (AD) is a vital component in most enterprise networks, acting as the central system for managing authentication, authorization, and user information. AD is primarily composed of two key elements: Physical Components and Logical Components. Together, these elements form the structure of Active Directory.

Given the extensive nature of Active Directory, it is impossible to cover everything in a single blog. Therefore, we will explore more topics in upcoming posts. If you found this blog helpful, feel free to give it a clap (it keeps me motivated) and follow for more content like this.

Connect with me: https://linktr.ee/n1chr0x

Cybersecurity
Active Directory
Pentesting
Penetration Testing
Red Team

--

--

Jinendar Kothari

Written by Jinendar Kothari

34 Followers

eWPTv2 || eJPTv2 || C3SA

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams