General information

Subsections in this chapter will introduce you to Active Directory.

Organizational Units (OU)

OUs store objects and are comparable to the file system folders which contain them.

Types of objects

All objects contain attributes specific for them.

Computer objects

Represent computers and servers within the domain.

User objects

Represent accounts that can be used to log in to the domain computers.

Domain Controller (DC)

Is a core of a domain - store all OU, Objects and their attributes.

AD groups

Objects are assigned to them so Administratos can manage them as single unit.

Domain admins

Domain admins = control over domain. Enterprise admins = control over all domains.

The most privileged objects in the domain. Compromise = complete control of the domain.

LDAP

LDAP is the protocol used to communicate with Active Directory.

SID

Structure of SID:

S-R-X-Y

S - indicates that the string is a SID.

R - revision (is always set to "1").

X - identifier authority.

Y - sub authorities of the identifier authority.

The following listing contains some useful well-known SIDs in the context of privilege escalation.

S-1-0-0                       Nobody        
S-1-1-0	                      Everybody
S-1-5-11                      Authenticated Users
S-1-5-18                      Local System
S-1-5-domainidentifier-500    Administrator

PreviousPort Forwarding and SSH Tunneling NextInformation Gathering

Last updated 12 months ago