Active Directory Basics
Last updated
Last updated
🎯 Target IP: 10.10.130.43
We start lab and spawn Windows Server machine. After we'll spawn an attacker box machine directly on THM (available in the free version).
To overcome these limitations, we can use a Windows domain. Simply put, a Windows domain is a group of users and computers under the administration of a given business. The main idea behind a domain is to centralise the administration of common components of a Windows computer network in a single repository called Active Directory (AD).
Active Directory
The server that runs the Active Directory services is known as a Domain Controller (DC).
Domain Controller
Domain Admins
Users of this group have administrative privileges over the entire domain. By default, they can administer any computer on the domain, including the DCs.
Server Operators
Users in this group can administer Domain Controllers. They cannot change any administrative group memberships.
Backup Operators
Users in this group are allowed to access any file, ignoring their permissions. They are used to perform backups of data on computers.
Account Operators
Users in this group can create or modify other accounts in the domain.
Domain Users
Includes all existing user accounts in the domain.
Domain Computers
Includes all existing computers in the domain.
Domain Controllers
Includes all existing DCs on the domain.
Domain Admin
Identifying machine accounts is relatively easy. They follow a specific naming scheme. The machine account name is the computer's name followed by a dollar sign. For example, a machine named DC01
will have a machine account called DC01$
.
TOM-PC$
Security Groups vs OUs
You are probably wondering why we have both groups and OUs. While both are used to classify users and computers, their purposes are entirely different:
OUs are handy for applying policies to users and computers, which include specific configurations that pertain to sets of users depending on their particular role in the enterprise. Remember, a user can only be a member of a single OU at a time, as it wouldn't make sense to try to apply two different sets of policies to a single user.
Security Groups, on the other hand, are used to grant permissions over resources. For example, you will use groups if you want to allow some users to access a shared folder or network printer. A user can be a part of many groups, which is needed to grant access to multiple resources.
Organizational Unit
Deleting extra OUs and users
Your first task as the new domain administrator is to check the existing AD OUs and users, as some recent changes have happened to the business. You have been given the following organisational chart and are expected to make changes to the AD to match it:
Delegation
One of the nice things you can do in AD is to give specific users some control over some OUs. This process is known as delegation and allows you to grant users specific privileges to perform advanced tasks on OUs without needing a Domain Administrator to step in.
One of the most common use cases for this is granting IT support
the privileges to reset other low-privilege users' passwords. According to our organisational chart, Phillip is in charge of IT support, so we'd probably want to delegate the control of resetting passwords over the Sales, Marketing and Management OUs to him.
Now let's use Phillip's account to try and reset Sophie's password. Here are Phillip's credentials for you to log in via RDP:
We can use xfreerdp to connect via RDP, on the attacker box of THM: