Active Directory PenTesting

Last Updated : 22 Jul, 2022

Active Directory is a service from Microsoft which are being used to manage the services run by the Windows Server, in order to provide permissions and access to network resources. Active Directory is used by over 90% of the Fortune Companies in order to manage the resources efficiently. Active Directory is just like a phone book where we treat information as objects. In Active Directory we have objects like Computers, Users, Printers, etc. Following are some of the components of Active Directory –

Domain Controller –

Domain Controller is generally the Admin of the Active Directory that is used to set up the whole directory. The role of Domain Controller is to provide Authentication and Authorization to different services and users. Domain Controller also allows administrative access to manage user account and network resources. In Active Directory the Domain Controller has the topmost priority and has most Authority/privileges. In other words, we can say that Domain Controller is the Administrator of Active Directory.

Active Directory Data Store –

An Active Directory Data Store contains Database files and process that store and manages directory information for users, services, and applications. The active Directory Data Store contains “NTDS.DIT” file which the most critical file of the whole AD. It is stored in the “%SystemRoot%\NTDS” folder on all domain controllers. This NTDS.DIT file is only accessible only through DC Process and Protocols.

Logical Active Directory Components –

The following are the components that an Active Directory Data Store contains that defines rules to create an object in an AD environment.

Domain –

A Domain is used to group objects together and manage them. The domain provides an Authentication and Authorization boundary that provides a way to limit the scope of access to the resources of that domain. Consider abc.com as a domain.

Trees –

Trees are generally groups of the Domains in the Active Directory environment. Trees are used to share the contiguous namespace with the parent domain. Trees can additionally have child domains. By default, Trees create Transitive trust with other domains. Consider the below diagram Trees. Here in the image above ABC is the main domain and ca.abc.com, na.abc.com and au.abc.com represent the trees from different locations. Ca is for Canada, AU is for Australia, etc.

Forest –

Forest is said to be the collection of the Trees. Forest shares the common schema between its branches. The configuration remains the same in the partition of the branches of Forest. Trust between all domains is maintained in the forest. They are likely to share the Enterprise Admin and Schema Admin Concepts. Consider the below-given image in order to understand the concept graphically.

Organizational Units –

Organizational Units are often referred to as OU. Organizational Units are Active Directory containers that generally contain user groups, Computers, and other OU. OU represents your computer organization in a hierarchically and logically way.OU is used to manage a collection of the object in a consistent way. Organizational Units are being bound to delegate the permissions to the Administrator Group of Object. Lastly, Organizational units apply policy/rules all over the structure.

Trusts –

In layman language with regards to Active Directory, Trust can be defined as access between the resources in order to gain permission/access to resources in another domain. Trust in Active Directory are generally of two types i.e Directional Trust and Transitive Trust. 1. Directional Trust: The Trust Direction that flows from the Trusting domain to the Trusted domain. Consider the below diagram for better understanding. 2. Transitive: The Trust relationship is extended beyond a true domain trust to include other trusted domains. Consider the below diagram for better understanding.