Hello folks!!! hope you all are doing well, I am here to write a blog on the basics of Active Directory, and I hope you all like it. We will start with some definitions and then go to the Domain Enumeration part.
Active Directory is simply a Directory Service that was developed by Microsoft in the mid-1990s to replace the old Windows-NT style user authentication. It stores information about all the objects like computers, users, printers, shares, etc. you can think it as a phonebook for windows. It helps to manage all the objects under a domain in an efficient manner with the help of LDAP (Leight weight Directory Access Protocol). Light Weight Directory Access Protocol is an application protocol for querying and modifying the Active Directory Services, will add more about LDAP in the next blog.
Components of the Active Directory
Objects
Objects are nothing but an entity in the Active Directory, it can be anything like users, groups, or any resource which can be accessed by the users. Objects in the Active Directory depicts the real-world entity which facilitates ease in accessing the elements in the Active Directory like Users are represented using user object in the AD, computers are represented through computer object and so on.
Group
As the name suggests, the group is an object which can contain the collection of objects, users, and sometimes groups also. It helps to ease the administrative work, for example, if in an organization some employee, let’s say 100, want to access a resource(like a printer), so instead of using the resource(printer) to each object(employee), he will form a group and assign that resource to the group.
Domain
A domain is a group of users, computers, printers, etc. in a network. Consider the below domain tree (hierarchy of domains), in this image “abc.com”, is the name of the domain (please consider half left part, will explain all later), and “asia.abc.com” and “europe.abc.com” are two child domains of the root domain (“abc.com”).
Domain Controller
Domain Controllers are the servers for the Active Directory which do all the essentials works like authentication, authorization, granting tickets, etc. For example, there is more than 1000 employee in an organization, so before going into the office everyone has to show their identity to the security officer, in the same way, Domain Controller acts. The DC is configured to authorized or authenticate more computers in an organization.
Distinguished Names:
Every object in the domain should be called using a unique path called Distinguished Names. Like, in figure 1, the Distinguished Name of the root node and a child node should be as follow:
dc=abc dc=com ; dc=asia dc=abc dc=com; ddc stands for domain component.
Forest
Forest is a collection of the domain tree, which is a collection of domains. The first domain in the forest is called the forest root domain, in the above figure the forest root domains are “abc.com” and “xyz.com” and all the other domains are their respective child domains.
Schema
Schema is like a blueprint, which describes the attributes or properties of the objects in the Active Directory Environment, whenever you make changes in the schema it is replicated to all the domain controllers in the entire forest, thus you have to be very careful, otherwise it will lead to distortion of the entire forest. It is rare that you will manually make changes to the schema, some programs that are directly integrated with the Active Directory, like Microsoft Exchange, will make changes in the Schema for you. You should be very qualified to make changes to the schema and should also be a member of Active Directory Schema Admins to make changes in the schema.
Trust
Trust establishes a connection, for the users, between the domains for accessing the resources present in other domains. Trust is of two types:
a. Directional: The trust-flows from the trusting domain to the trusted domain, the trusted domain should have the right to access the resource of the trusting domain, consider the below figure. There are other two types of trust on the basis of direction:
i. One-Way Trust: Only one domain is allowed to access the resource.
ii. Bi-Directional: Both the domains can access the resource of each other.
b. Transitive: The trust relationship is extended beyond a two-domain trust to include other trusted domains. For example: if domain “A” trusts domain “B” and domain “B” trusts domain “C”, then, in that case, domain “A” will automatically trust the domain “C”.
Organizational Unit
These are the container objects which help to build the hierarchy structure of AD which encapsulates other leaf objects like users, computers, etc. For example, in an organization, there may be many other departments like the IT department, the Development department, etc. So we can create an Organizational Unit for each of these departments for efficient administration. These separate OUs will contain users, computers, printers, etc. of these departments.
That’s all for the basic theory part, will cover the Domain Enumeration part in the next blog !!!
Happy Hacking
