Pysical Active Directory: servers and machines on-premise, domain-controllers, storage servers -everything needed for active direcotry environment except software Domain Controllers: windows server that has active directory domain service (AD DS) installed -center of active directory tasks of a domain controller: -holds the AD DS data store -handles authentication and authorization -replicate updates from other domain controllers in the forest -allow admin access to manage domain resources AD DS Data Store -holds the databases and processes needed to store and manage directory information -directory information: users, groups and services -contains the NTDS.dit: database that contains all the information of an Active Directory domain controller as well as pw hashes for domain users -stored by default in %SystemRoot%\NTDS -accessible only by the domain controller
The Forest -collection of one or more domain trees inside of an Active directory network -Parts of the forest Trees: A hierarchy of domains in Active Directory Domain Services Domains: used to group and manage objects Organizational Units(OUs): containers for groups, computers, users, printers and other OUs Trusts: Allow users to access resources in other domains Objects: user, group, printers, computers, shares Domain Service: DNS Server, LLMNR, IPv6 Domain Schema: Rules for object creation
Users + Groups -Users: core to Active Directory -types of users:
- Domain Admins: control domains and are the only ones with access to the domain controller
- Service Accounts: used for service maintenance, required by windows for services such as SQL to pair a service with a service account
- Local Admins: users can make changes to local machines, can’t access domain controller
- Domain users: everyday users, may have local administrator rights to machines depending on the organization Groups: makes it easier to give permissions to users and objects by organizing them into groups with specified permissions -Security Groups: used to specify permissions for a large number of users -Distribution Groups: specify email distribution lists (beneficial in enumeration) -Default security groups: Domain controllers: all domain controllers in the domain Domain guests: all domain guests Domain users: all domain users Domain computers: all workstations and servers joind to the domain Domain admins: designated administrators of the domain Enterprise admins: designated administrators of the enterprise Schema admins: designated adminstators of schema DNS admins: DNA administators group DNS update proxy: DNS clients who are permitted to perform dynamic updates on behalf of some other client (DHCP servers) Allowed RODC Password Replication Group: members in this group can have their passwords replicated to all read-only domain controller in the domain Group policy creator owners: members in this group can modify group policy for the domain Denied RODC password Replication Group: members cannot have their passwords replicated to any read-only domain controllers in the domain Protected Users: additional protections against authentication security threats Cert Publishers: members are permitted to publish certificates to the directory Read-only domain controllers: members are read-only domain controllers in the domain Enterprise read-only domain controllers: members are read-only domain controllers in the enterprise Key admins: members of this group can perform admin actions on key objects within the domain Enterprise key admins: can perform admin actions on key objects within the forest Clonable domain controllers: members that ar domain controllers that can be cloned RAS and IAS servers: can access remote access properties of users
Trusts & Policies -put the rules in place of how the domains inside of a forest can interact with each other -external forest interaction with forest -overall domain rules or policies Domain Trusts Overview -trusts are mechanisms in place for users in the network to gain access to other resources -outline the way the domains inside of a forest communicate to each other -can be extended to external domains and even forests Two types of trusts -Directional: trust flows from a trusting domain to a trusted domain -Transitive: trust relationship expands beyond just two domains to include other trusted domains Domain Policies Overview -policies dictate how the server operates and what rules it will and will not follow -policies apply to domain as a whole -rule book for active directory
Active Directory Domain Services & Authentication -AD DS: core functions of an active directory -allow for management of the domain, security certs, LDAPs and more Domain services overview -services that the domain controller provides to the rest of the domain or tree -Domain services: LDAP: lightweight directory access protocol; provides communication between applications and directory services Certificate services: allows the domain controller to create, validate and revoke public key certificates DNS, LLMNR, NBT-NS: domain name services for identifying IP hostnames Domain Authentication overview -Kerberos: default auth service for active directory uses ticket-granting tickets and service tickets to authenticate users and give users access to other resources across the domain -NTLM: default windows authentication protect uses an ecrypted challenge/response protocol -Active directory domain services are the main access point for attackers and contain some of the most vulnerable protocols for active directory
AD in the cloud -Recently there has been a shift in active directory pushing the companies to cloud networks for their companies Azure AD overview: -most notable -middle man between physical active directory and users sign on -secure transaction between domains Cloud Security Overview: Windows Server AD Azure AD LDAP Rest APIs NTLM OAuth/SAML Kerberos OpenID OU Tree Flat Structure Domains and Forests Tenants Trusts Guests