Active Directory (AD) — Pentester-Friendly Overview

🏢 Active Directory (AD) — Pentester-Friendly Overview

Active Directory (AD) is Microsoft’s centralized system for managing users, computers, permissions, and policies in a Windows network.

It’s one of the most important targets in enterprise security testing because a weakness in AD can lead to full domain compromise.

🔍 What Active Directory Does

AD helps organizations to:

• Authenticate users (login system)
• Control access to resources
• Manage computers & servers
• Apply security policies (GPOs)

👉 Used in banks, companies, universities, and government networks.

🧱 Core Active Directory Components

1️⃣ Domain Controller (DC)

• The server that runs AD
• Handles authentication & authorization
• Stores the AD database (NTDS.dit)

2️⃣ Domain

• Logical group of users, computers, and resources
• Example: company.local

3️⃣ Users & Groups

• User accounts (employees)
• Groups (Admin, HR, IT, etc.)
• Group membership controls access

4️⃣ Organizational Units (OU)

• Containers to organize users & computers
• Used to apply Group Policy Objects (GPOs)

5️⃣ Group Policy (GPO)

• Security rules applied across the network
• Password policies, USB control, software installs

6️⃣ Authentication Protocols

• Kerberos (default & secure)
• NTLM (legacy, weaker)

🛡️ Why Active Directory Matters for Pentesters

If AD is compromised:

• Attacker can control the entire network
• Access all systems & data
• Create admin accounts silently

Pentesters focus on misconfigurations, not breaking in blindly.