Active Directory Fundamentals and Architecture

Active Directory Fundamentals and Architecture

Active Directory operates as a hierarchical database storing information about network objects including users, computers, groups, and organizational units. Domain Controllers (DCs) host AD services, processing authentication requests and policy enforcement. Understanding AD structure—forests, domains, trusts, and organizational units—guides attack strategies and reveals potential exploitation paths.

Kerberos authentication underpins AD security, replacing older NTLM protocols in modern environments. The ticket-based system involves three parties: clients requesting access, services being accessed, and the Key Distribution Center (KDC) running on domain controllers. Kerberos vulnerabilities like Kerberoasting, AS-REP roasting, and ticket manipulation provide initial foothold and privilege escalation opportunities.

Group Policy Objects (GPOs) centrally manage security settings across domain members, creating both defensive controls and attack opportunities. Misconfigured GPOs might deploy vulnerable software, expose credentials, or weaken security settings domain-wide. Understanding GPO processing and precedence reveals how local compromises escalate through policy abuse.

Trust relationships between domains and forests enable resource sharing but introduce security boundaries requiring careful configuration. Trust types (one-way, two-way, transitive) determine authentication flows and potential attack paths. Misunderstood trust implications frequently enable cross-domain compromise through seemingly isolated vulnerabilities.