\ tact page simer DMCA Donate icy Terms and condit G,, cyberpen.in Q = Menu What is active directory and its components for example? March 20, 2021 by kanhaiya panchal On premises network Gateway subnet Appieaton subnet Ves network ‘contoso.com, & Authertication Gateway Gateway ‘AD servers ms a 7 AN = oO By nn Internet What is Active Directory? Active directory is store information related to object, such as Computers, Users, Printers, etc. thinking about it as a phone book for windows, which can Authenticates using kerberos tickets. Non-Windows devices, such as Linux machines, firewalls, etc, it can also authenticate to Active Directory via RADIUS or LDAP. active directory service generally developed by Microsoft to manage windows domain networks Why Active Directory? Active Directory is most commonly used identity management service in the world. Generally, 90% of fortune 10000 companies implement the service in their networks canbe exploited without ever attacking patchable exploits. instead, we abuse features, trusts, components, and more. Active Directory Components Active Directory have 2 major components Physical Active Directory component & Logical Active Directory component Let's talk about. Physical Active Directory component Domain Controller - which is server with AD DS (Directory store) server role installed that has specifically been promoted to a domain controller. Domain controller consist of: —Host a copy of AD DS directory store — Provide authentication and authorization services — Replicate updates to other domain controllers in the domain and forest — Allow administrative access to manage user accounts and network resources “IT PROVIDES AND DOES THE ENVIRONMENT AND AUTHRORIZATION AND AUTHENTICATION” AD DS Data Store — The AD DS data store contains the database file and processes that store and manages directory information for users, services, and applications AD DS Data Store consist of —Consist of Ntds.dit file ~ Is stored by default in the %SystemRoot%\NTDS folder on all domain controllers — Is accessible only through the domain controller process and protocols “THIS NTDS.DIT FILE IS VERY SENSITIVE, WHEN YOU COMPROMIZED THE DOMAIN CONTROLLER, IT CONTAINS ALL THE INFORMATION OF ACTIVE DIRECTORY OF DATA, MAINS ALL USER, OBJECTS, GROUPS, PASSWORD HASHES IN THE DOMAIN” Let's talk about. Logical Active Directory componentIt has consisted of several structure depending on the organizational strength we can expand the structure using logical active directory component AD DS Scheme: — Defines every type of object that can be stored in the Directory —Enforces rules regarding object creation and configuration it has two objects includes class object and attribute object, 1) Class Object is termed What objects can be created in the directory. Example — User, Computer 2) Attribute Object is termed Information that can be attached to an object. Example — Display name Domains: Generally, domains are used to group and manages objects in an organization — An administrative boundary for applying policies to group of objects —A replication boundary for replicating data between domain controllers — An authentication and authorization boundary that provides a way to limit the scope of access to resources “Uses in regular basis, when we do our work.” Trees: A domain tree is hierarchy of domains in AD DS. Combination of domains which is interconnect each other in some manner. All domains in the tree: — Share a contiguous name space with the parent domain —Can have additional child domains — By default create a two-way transitive trust with other domains‘TREES Forests: A forest is a collection of one or more domain trees — Share a common schema — Share a common configuration partition —Share a common global catalogue to enable searching —Enable trusts between all domains in the forest ~ Share the Enterprise Admins and Schema Admins groups FOREST Organizational Units (Ous): Ous are active directory containers that can contain users, groups, computers, and other Ous. Us are used to — ~ Represent your organization hierarchically and logically —Manage a collection of objects in a consistent way — Delegation permission to administer groups of objects — Apply policiesORGANIZATINAL UNITS Trusts: Trusts provides a mechanism for users to gain access to resources in another domains, there are 2 types of trust Directional and Transitive 1) Directional Trusts : The trust direction flows from trusting domain to the trusted domain 2) Transitive Trusts: The trust relationship is extended beyond a two-domain trust to include other trusted domains.“ALL DOMAINS IN FOREST TRUST ALL OTHER DOMAIN IN THE FOREST” “TRUST CAN EXTENDED OUTSIDE THE FOREST” OBJECTS: Contains useful information about internal parts such as. Users ~ Enable network resources access for a user. InetOrgPerson — Similar to a user account, used for compatibility with other directory services Contacts - Used primarily to assign e-mail address to external users, does not enable network access Groups ~ Used to simplify the administration of access control Computers - Enables and auditing of computers access to resources Printers — Used to simplify the process of locating and connecting to printers Shared folders — Enables users to search for shared folders based on properties Example ~ PHONE BOOK, store all kind of information, consider as objects, computers, all these objects stored in phonebook we called active directories used by windows. — Username and Password which can login on one computer but sometime login on another location same username and password uses active directory with authentication {kerberos tickets). fm Articles, Blog ® active directory, active directory basics, learn active directory, turorial of active directory< Understanding Unix vs Linux Concepts > Understand linux overview and how to use linux with basic useful commands Archives April 2021 March 2021 Search ... Q Recent Posts Understand linux overview and how to use linux with basic useful commands What is active directory and its components for example? Understanding Unix vs Linux Concepts what is shell? types of shell in kali linux most commonly used for exploitation Token Ring and FDDI? Categories Articles Blog info-gathering kali-Linux Linux networking Uncategorizedcyberpen © 2021, Cyber Security & Penetration Testing.