# active directory 101 ## TLDR; 1. Let's start with a domain; say **(kashz.com)** 2. Hierarchy of domains forms a tree. * **(kashz.com)** * **(writeups.kashz.com)** * **(jewels.kashz.com)** 1. Different trees together forms a forest. Inside a domain: 1. Organization Units (OUs) - collection of objects. 2. Objects can be any of the following: 1. User 2. Contact 3. Groups 4. Computers 5. Printers 6. Shared Folders ## Long Explanation Active Directory consists of 1. **1 or more** Domain Controller (mainly for fault tolerance) 2. **1 or more** storage servers / user workstations ### Domain Controller * has the AD domain services data store installed * promoted to a domain controller in the forest * center of Active Directory; controls the rest of the domain * handles authentication and authorization services * replicate updates from other domain controllers in the forest * allows admin access to manage domain resources #### AD DS data store * Contains the `NTDS.dit` well as password hashes for domain users * Stored by default in `%SystemRoot%\NTDS` * accessible only by the domain controller Default Paths * Database folder: `C:\Windows\NTDS` * Log files folder: `C:\Windows\NTDS` * SYSVOL folder: `C:\Windows\SYSVOL` ### Forest Collection of one or more domain trees inside an Active Directory network. It can contain: * Trees - A hierarchy of domains in Active Directory Domain Services **(collection of domains)** * Domains - Used to group and manage objects * Organizational Units (OUs) - Containers for groups, computers, users, printers and other OUs * Trusts - Allows users to access resources in other domains * Objects - users, groups, printers, computers, shares * Domain Services - DNS Server, LLMNR, IPv6 * Domain Schema - Rules for object creation ### User + Groups Default DC comes with default groups and two default users: Administrator and guest. #### Users Four main types of users: * Domain Admins - control the domains and are the only ones with access to the DC * Service Accounts - for service maintenance * Local Administrators - can login to local machines as administrators; cannot access the DC * Domain Users - Normal users who can log in to machines they have the authorization to access. #### Groups Allows giving permissions to users and objects by organizing them into groups. * Security Groups - specify perms for a large number of users * Distribution Groups - specify email distribution lists. **Default Security Groups** * Domain Controllers - All domain controllers in the domain * Domain Guests - All domain guests * Domain Users - All domain users * Domain Computers - All workstations and servers joined to the domain * Domain Admins - Designated administrators of the domain * Enterprise Admins - Designated administrators of the enterprise * Schema Admins - Designated administrators of the schema * DNS Admins - DNS Administrators Group * DNS Update Proxy - DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers). * Allowed RODC Password Replication Group - Members in this group can have their passwords replicated to all read-only domain controllers in the domain * Group Policy Creator Owners - Members in this group can modify group policy for the domain * Denied RODC Password Replication Group - Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain * Protected Users - Members of this group are afforded additional protections against authentication security threats. * Cert Publishers - Members of this group are permitted to publish certificates to the directory * Read-Only Domain Controllers - Members of this group are Read-Only Domain Controllers in the domain * Enterprise Read-Only Domain Controllers - Members of this group are Read-Only Domain Controllers in the enterprise * Key Admins - Members of this group can perform administrative actions on key objects within the domain. * Enterprise Key Admins - Members of this group can perform administrative actions on key objects within the forest. * Cloneable Domain Controllers - Members of this group that are domain controllers may be cloned. * RAS and IAS Servers - Servers in this group can access remote access properties of users ### Trusts + Policies #### Trusts Specify the way that the domains inside a forest communicate to each other. * Directional **(A -> B)** * Transitive **(A -> B -> C so A -> C)** #### Policies Dictates how the server operates and what rules it will and will not follow. ### AD Services Default domain services: * LDAP - provides communication between applications and directory services * Certificate Services - allows the domain controller to create, validate, and revoke public key certificates * DNS, LLMNR, NBT-NS - Domain Name Services for identifying IP hostnames ### AD Auth #### Windows * Kerberos - default auth service for AD; uses ticket-granting tickets and service tickets to authenticate users and give users access to other resources across the domain. * NTLM - default Windows auth protocol uses an encrypted challenge/response protocol #### Linux * RADIUS Protocl * LDAP ## Reference [TryHackMe AD Room](https://tryhackme.com/room/activedirectorybasics)