1.1 - Introduction to Active Directory (AD)
Last updated
Last updated
Active Directory (AD) is directory service developed by Microsoft to manage Windows domain networks and it is the most commonly used indentity management service in the world (95% of companies use it),
Active Directory is like a phone book that stores all kinds of informations related to different kind of objects, such as: computers, users, printers, etc. In this case, we can store info regarding:
Windows User: Account Info, Privileges, Profiles, Policy;
Windows Servers: Managament Profile, Network Information, Printers, File Shares, Policy;
Windows Clients: Managament Profile, Network Information, Policy;
Network Devices: Configuration, Quality of Service Policy, Security Policy;
Firewall Services: Configuration, VPN Policy, Security Policy;
Applications: Server Configuration, Single Sign-on, Application Specific Directory Information;
E-Mail Servers: Mailbox Info, Address Book;
Other NDS: User Registry, Security Policy.
All these info can be allocated throughout multiple location and AD permits centralization with: Manageability, Security and Interoperability.
It permits the authentication of computers in the network using relative credentials via Kerberos tickets methodology.
Schema The schema defines the structure of the directory by specifying the types of objects (e.g., users, computers, groups) and their attributes (e.g., username, email, security ID). This ensures a consistent format for all entries in the Active Directory. Schema updates are rare and must be carefully planned as they affect the entire directory.
Query and Index Mechanism This mechanism allows efficient searching and organization of data in the directory. Queries are typically made using LDAP (Lightweight Directory Access Protocol). Indexes improve performance by pre-sorting frequently queried attributes, such as usernames or group memberships.
Global Catalog (GC) The Global Catalog contains a partial, read-only replica of all objects in the directory, with a focus on commonly used attributes. It facilitates tasks like locating resources in different domains, supporting user logins in multi-domain environments, and enabling fast searches across the directory.
Replication Service The replication service synchronizes changes between domain controllers within a domain and across the forest. It ensures high availability and consistency of data. Replication uses a multi-master model, meaning changes can be made on any domain controller and propagated throughout the network. Replication traffic is optimized using features like delta synchronization, which only transmits modified data.
Forests, Domains, and Organizational Units (OUs) These are the foundational elements of Active Directory's hierarchical structure, organizing resources and applying administrative boundaries:
Forests: The top-level structure and the ultimate security boundary within Active Directory.
A forest consists of one or more domains that share a common schema, configuration, and Global Catalog.
Trust relationships between domains in the same forest are automatic and transitive.
Domains: Subsets within a forest that serve as administrative boundaries.
Each domain has its own unique policies and authentication services but shares the forest's schema and configuration.
Domains contain users, computers, groups, and other objects.
Organizational Units (OUs): Containers within a domain used to organize and manage objects.
OUs simplify the delegation of administrative tasks by allowing granular control of permissions.
Group Policy Objects (GPOs) can be applied at the OU level for centralized management.
Forest as a Security Boundary
A forest acts as the highest level of isolation within Active Directory.
Trusts between forests must be explicitly created, unlike domains within the same forest.
Security policies and configurations set at the forest level affect all domains it contains.
Focus on Abuse, Not Exploits
The approach emphasizes abusing inherent misconfigurations and weak design in Active Directory components and trusts rather than relying on patchable vulnerabilities or exploits.
This methodology ensures relevance even in environments where systems are fully patched.
Using Built-in Windows Management Tools
All attacks will be conducted using native Windows tools (e.g., PowerShell, Command Prompt, and Active Directory Users and Computers).
By avoiding external tools or non-Windows platforms, the methodology ensures:
Increased Stealth: Native tools blend into standard user activity, reducing detection by security monitoring solutions.
Flexibility: Operates effectively in environments without access to Unix/Linux systems or where external tools are restricted.
A Domain Controller (DC) is a crucial component of a Windows-based network, entrusted with the Active Directory Domain Services (AD DS) server role. This role entails specific responsibilities, making the DC a cornerstone for network operations. When a server is promoted to a domain controller, it assumes several key functions:
Hosts AD DS Directory Store: The DC hosts a comprehensive copy of the Active Directory Domain Services (AD DS) directory store. This store contains vital information about network resources, user accounts, group policies, and more, crucial for network operations and security.
Provides Authentication and Authorization Services: Authentication and authorization services are core functions of a domain controller. It verifies the identity of users and computers attempting to access network resources and determines the level of access they are granted based on established security policies.
Replicates Updates: Domain Controllers collaborate through replication mechanisms to ensure data consistency across the domain and forest. When changes are made to the directory store on one DC, those updates are propagated to other domain controllers within the same domain and across the forest.
Allows Administrative Access: Domain Controllers facilitate administrative access to manage user accounts, group policies, network resources, and other aspects of the Active Directory infrastructure. Administrative tasks are crucial for maintaining the security and functionality of the network.
However, if a Domain Controller is compromised, it poses significant risks to the entire network. Potential consequences of a compromised DC include:
Unauthorized Access: Attackers may exploit the compromised DC to gain unauthorized access to sensitive data and resources within the network.
Data Theft: Sensitive information stored in the Active Directory, such as user credentials and proprietary data, may be stolen or manipulated.
Disruption of Services: Compromised DCs can disrupt network services, leading to downtime and productivity losses.
Propagation of Attacks: Attackers may use compromised DCs as footholds to launch further attacks or spread malware within the network.
In larger corporations, multiple Domain Controllers are typically deployed to distribute the workload and provide redundancy. This distributed architecture offers some resilience against attacks because compromising one DC does not grant total control over the entire network. However, it underscores the importance of robust security measures and proactive monitoring to detect and mitigate potential threats promptly.
The AD DS Data Store is the foundational component of Active Directory Domain Services (AD DS), responsible for storing and managing directory information critical for user authentication, service access, and application functionality. This data store comprises the Ntds.dit file, which holds a wealth of sensitive information pertaining to users, objects, groups, password hashes, and more. Here are the main purposes and characteristics of the AD DS Data Store:
Ntds.dit File: At the heart of the AD DS Data Store is the Ntds.dit file, a database file that encapsulates all directory information within Active Directory. This file contains a comprehensive record of users, objects, groups, organizational units, and their respective attributes, along with encrypted password hashes for authentication purposes.
Sensitive Information Repository: The Ntds.dit file houses highly sensitive information that forms the backbone of an organization's identity and access management infrastructure. This includes user credentials, group memberships, access control settings, and other security-related data crucial for maintaining the integrity and security of the network.
Storage Location: By default, the Ntds.dit file is stored in the %SystemRoot%\NTDS folder on all domain controllers within the Active Directory domain. This centralized storage ensures uniform access to directory information across the network while maintaining data consistency and integrity.
Access Control: Access to the AD DS Data Store is tightly controlled and restricted to domain controller processes and protocols. This ensures that only authorized entities, such as Active Directory services and administrative tools, can interact with and manipulate directory data. Unauthorized access attempts are rigorously enforced and logged to maintain the confidentiality and integrity of the data store.
Integration with Domain Controller Operations: The AD DS Data Store is seamlessly integrated with domain controller operations, facilitating efficient storage, retrieval, and management of directory information. Changes made to directory objects and attributes are promptly reflected in the Ntds.dit file and replicated across domain controllers to maintain data consistency and availability throughout the network.
Overall, the AD DS Data Store plays a pivotal role in the functioning of Active Directory, serving as a secure repository for critical directory information essential for user authentication, resource access control, and administrative management within Windows-based network environments.
Active Directory Domain Services (AD DS) schema is a fundamental component of Active Directory infrastructure, defining the structure, attributes, and rules governing the storage and management of objects within the directory service. It provides a standardized framework for organizing and accessing information in a Windows network environment. Here are the main functions and characteristics of the AD DS schema:
Object Classes: Object classes serve as blueprints for defining the types of objects that can be stored in Active Directory. These classes encompass a wide range of entities such as users, groups, computers, printers, organizational units (OUs), and more. Each object class encapsulates a specific set of attributes that define the properties and characteristics of the objects belonging to that class.
Attributes: Attributes represent the properties or characteristics of objects stored in Active Directory. They provide essential information about objects, such as usernames, passwords, email addresses, phone numbers, and group memberships. Attributes are defined within the schema along with their data types, syntax, and other constraints to ensure data integrity and consistency.
Schema Objects: The schema itself is represented as a collection of objects stored within Active Directory. These schema objects define the object classes, attributes, and other schema-related components necessary for maintaining the directory structure. Schema objects are instances of schema classes defined within the schema and are essential for enforcing consistency and standardization across the directory service.
Extension and Modification: The AD DS schema is designed to be flexible and extensible, allowing organizations to tailor it to their specific requirements. Administrators can extend or modify the schema to accommodate new object classes, attributes, or custom schema rules. This may involve adding new attributes to existing object classes, defining entirely new object classes, or implementing custom schema rules to enforce specific business logic or constraints.
Replication: Changes made to the AD DS schema are replicated across all domain controllers within an Active Directory forest. This ensures consistency and uniformity of the directory structure and data across the entire forest, regardless of the location of domain controllers. Replication mechanisms ensure that schema updates are propagated efficiently, minimizing inconsistencies and ensuring that all domain controllers have the latest schema information.
In summary, the AD DS schema plays a crucial role in defining and maintaining the structure, attributes, and rules governing the storage and management of objects within Active Directory. It provides a flexible and extensible framework that allows organizations to customize Active Directory to meet their unique business requirements while ensuring consistency and standardization across the entire directory service.
Domains are fundamental units within an Active Directory (AD) environment, providing centralized management and authentication services for network resources. Here are the main functions and characteristics of domains within Active Directory:
Organizational Boundary: Domains serve as organizational boundaries within an Active Directory forest. They provide a logical structure for organizing and managing network resources, including users, computers, groups, and other objects. Each domain represents a distinct administrative boundary, allowing administrators to delegate management responsibilities and apply security policies at the domain level.
Security Boundary: Domains establish security boundaries within an Active Directory forest, defining the scope of authentication and authorization for network resources. Users and computers within a domain authenticate against domain controllers within the same domain, which verify their identity and grant access to resources based on established security policies. Domains also enforce access control mechanisms, such as group policies, to regulate resource access and permissions.
Trust Relationships: Domains can establish trust relationships with other domains within the same forest or with external domains in separate forests. Trust relationships allow users and resources from one domain to access resources in another domain while maintaining security boundaries and enforcing authentication and authorization policies. Trust relationships facilitate collaboration and resource sharing across organizational boundaries within a secure and controlled environment.
Namespace Management: Each domain in Active Directory has a unique Domain Name System (DNS) name, known as the domain's DNS namespace. The DNS namespace ensures that domain-joined clients can locate domain controllers and other network resources using fully qualified domain names (FQDNs). Domain controllers within a domain manage the domain's DNS namespace and provide name resolution services to clients within the domain.
Replication Boundary: Domains define replication boundaries within an Active Directory forest, determining the scope of replication for directory information between domain controllers. Replication within a domain ensures that changes made to directory objects, such as user accounts or group memberships, are synchronized across all domain controllers within the same domain. This ensures data consistency and availability while minimizing replication traffic across the network.
Administrative Boundaries: Domains allow for the delegation of administrative responsibilities, enabling organizations to distribute management tasks and responsibilities across different administrative units. Administrators can assign specific administrative privileges and permissions to users or groups within a domain, allowing them to manage resources and perform administrative tasks based on their assigned roles and responsibilities.
Domains are essential building blocks of an Active Directory environment, providing organizational, security, and administrative boundaries for managing network resources. They facilitate centralized authentication, access control, and resource management while enabling collaboration and resource sharing within a secure and controlled environment.
#ToDo
#ToDo
#ToDo
Trust
#ToDo
#ToDo
#ToDo
