# Intro to AD ### What is Active Directory? *** Active directory (AD) is a directory service system used in windows networks to manage users, computers, and other network resources like printers, IoT devices in one central place. It was developed by Microsoft to use in Windows Servers for enterprise and organizations. It contains critical information about users, systems, or objects within the network or domain. Some clarifications and more:\ In active directory, directory isn't a normal folder that you use to store files. AD is directory system that provides both a database and services for better management in Windows Server environment. As I said it is suite of services that includes ADDS which stands for Active Directory Domain Service. \ ADDS is the main or core part of the AD that manages the information about users, computers, groups, policies and more resources. **ADDS also controls the authentication and authorization,** this is why AD is such a high-value target in corporate or enterprise environment.\ It includes more services such as: AD LDS, AD CS, AD FS, etc. AD stores the information about user, machines, groups, policies, objects and more in a database which is often called `NTDS.dit` . Let's talk about services and database in depth later. ### Why AD is used? *** Does it matter? If it's exploitable, just exploit it. But still here is the overview: Imagine a company **Fox** that have 100 employees and all employees gets each computer so 100 computer, then there are printers, servers, IoT devices, and other network resources. Now without a centralized system, every computer, machine, shared folder, printers, server, etc would require separate credentials for each employee. The credentials provided for every employee is different so the admin will have to set those credentials on every machine within their organization network manually, which is such hassle. Now imagine if an employee wants to change their password then they must report it to admin so the admin can change the password on every resource within the network which is gonna be chaotic for an admin. As company grows, more resources are added, now managing resources becomes more complex and inefficient. This is where AD becomes useful. With centralized system, Admin need to create a user/employee account once then AD automatically gives login access to company computers, printers, shared folders and other network resources. Admin can easily apply security policies on each employee or can give privileges to the specific employee. Admin won't need to go to each machine to change or give the policies for the user manually. In centralized system, if a user wants to change the password, AD will update the credentials in its central database (NTDS.dit) and resources authenticate against AD, so they dont store password separately on every resource within the network. AD also enables Single Sign On (SSO), means if a user logs in to their computer, they will automatically get access to email, file server, and more internal apps. So if you compromised AD, you own the entire network. #### What more AD does and what can we do? * Authenticate users - verifies who you are and when you log in. This is what we abuse in pass-the-hash, kerberoasting, etc. * Authorize access - control what resources you can access. Misconfiguration here can lead to privilege escalation. * Manages all the devices connected within the network. If AD compromised, we have all the access within the network. * Apply security policies across all devices at once. Again misconfiguration here can lead to potential access. * Store information about users, groups, computers and other resources. Enumerating the stored data is first step in attacking AD. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kaizoku.gitbook.io/notes/active-directory/intro-to-ad.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.