Skip to main content

Boring Active Directory Basics

Active Directory: From Basics to Advanced

Active Directory: From Basics to Advanced Concepts

The Active Directory Domain Service (AD DS) is a key component of the Windows Domain and serves as a central database or directory of all objects in the network. These objects can include user accounts, group policies, security groups, computer accounts, and more. By storing all this information in one place, AD DS provides a convenient and efficient way to manage and organize resources on the network. It also allows for easy authentication and authorization of users and devices, making it an essential tool for securing and maintaining a Windows Domain. In this blog post, we'll cover the basics of Active Directory, explore advanced concepts, and provide practical code snippets to help you get hands-on experience.

Table of Contents

1. What is Active Directory?

Active Directory is a directory service developed by Microsoft for Windows domain networks. It stores information about objects on the network (e.g., users, computers, printers) and makes this information available to users and administrators.The main idea behind a domain is to centralize the administration of common components of a Windows computer network in a single repository called Active Directory (AD). The server that runs the Active Directory services is known as a Domain Controller (DC).

Key Features:

  • Centralized user and resource management.
  • Single sign-on (SSO) for users.
  • Group Policy for managing user and computer settings.
  • Scalability to support large organizations.

2. Key Components of Active Directory

a. Domain

A Windows domain is a group of computers and users managed by a central server called a Domain Controller. It simplifies the administration of a large network by allowing you to configure policies and settings from a central location, apply them to users and computers across the network, and provide remote support and troubleshooting. This is particularly useful for businesses with many computers and users spread across multiple locations.

b. Domain Controller (DC)

A server that runs Active Directory Domain Services (AD DS) and manages user authentication and authorization.

c. Users

Users are one of the most important object types in Active Directory, as they are used to represent both people and services within the organization. As security principals, users can be authenticated by the domain and assigned privileges over resources such as files or printers. This allows them to access the resources they need to do their job, while also ensuring that sensitive data is protected from unauthorized access.

d. Machines

In Active Directory, machines refer to computers that have joined the domain. When a computer joins the domain, a machine object is created in Active Directory, which allows the computer to be managed centrally through Group Policy, as well as enabling authentication and authorization services for users who log in to the computer.

e. Security Groups

Security groups are an important object type in Active Directory and are used to manage access to network resources. By assigning permissions to a security group, you can control access to files, folders, printers, and other resources for all the members of that group.Examples(Domain admins,server operator,backup operator, Account operator, Domain Users

f. Organizational Units (OU)

Organizational Units (OUs) are container objects that help you organize and manage users, computers, and groups in Active Directory. You can use OUs to group objects together based on their department, location, or any other criteria you choose. By doing so, you can apply specific policies or permissions to those objects. However, each user can only belong to one OU at a time.In OU we can manage users and delete departments and protect from accidential delteion by enabling (protect object from accidential deletion). Then we can delegate control over particular user by adding to specified groups like assigning a user for password reset.

g. Manage Users in AD

In an Active Directory domain, it’s important to organize devices according to their use. Workstations, servers, and domain controllers are the most common devices in the network. Workstations are used by users to do their work, servers provide services to users or other servers, and domain controllers manage the Active Directory domain. To better manage these devices, it’s recommended to create separate Organizational Units (OUs) for workstations and servers. The domain controllers are already in an OU created by Windows. These OUs will be created directly under the domain container.

h. Group Policies

Windows manages such policies through Group Policy Objects (GPO). GPOs are simply a collection of settings that can be applied to OUs. GPOs can contain policies aimed at either users or computers, allowing you to set a baseline on specific machines and identities.In Group Policies we can configure Minimum length of the password, prohibit user from accessing windows services like "control panel", auto lock screen function etc.

i. Forests, Trees and Trust Relationships

  • Forest: The domains you manage can also be configured in different namespaces. Suppose your company continues growing and eventually acquires another company called Company2 Inc. When both companies merge, you will probably have different domain trees for each company, each managed by its own IT department. The union of several trees with different namespaces into the same network is known as a forest.
  • Tree: Imagine, for example, that suddenly your company expands to a new country. The new country has different laws and regulations that require you to update your GPOs to comply. In addition, you now have IT people in both countries, and each IT team needs to manage the resources that correspond to each country without interfering with the other team. While you could create a complex OU structure and use delegations to achieve this, having a huge AD structure might be hard to manage and prone to human errors.

    Luckily for us, Active Directory supports integrating multiple domains so that you can partition your network into units that can be managed independently. If you have two domains that share the same namespace (company.local in our example), those domains can be joined into a Tree.

    If our company.local domain was split into two subdomains for UK and US branches, you could build a tree with a root domain of company.local and two subdomains called uk.company.local and us.company.local, each with its AD, computers, and users

  • Trust Relationships:Having multiple domains organized in trees and forest allows you to have a nice compartmentalized network in terms of management and resources. But at a certain point, a user at COMPANY UK might need to access a shared file in one of COMPANY ASIA servers. For this to happen, domains arranged in trees and forests are joined together by trust relationships. In simple terms, having a trust relationship between domains allows you to authorize a user from a domain COMPANY UK to access resources from the domain COMPANY EU. The simplest trust relationship that can be established is a one-way trust relationship. In a one-way trust, if Domain AAA trusts Domain BBB, this means that a user on BBB can be authorized to access resources on AAA:

e. Schema

Defines the structure and attributes of objects in AD.

3. Setting Up Active Directory

To set up Active Directory, you need to install the Active Directory Domain Services (AD DS) role on a Windows Server.

Step 1: Install AD DS

# Install the AD DS role
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

Step 2: Promote the Server to a Domain Controller

# Promote the server to a domain controller
Install-ADDSForest -DomainName "example.com" -DomainNetbiosName "EXAMPLE" -InstallDns

4. Basic AD Operations

a. Creating a User

# Create a new user
New-ADUser -Name "John Doe" -GivenName "John" -Surname "Doe" -SamAccountName "jdoe" -UserPrincipalName "jdoe@example.com" -Path "OU=Users,DC=example,DC=com" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true

b. Creating a Group

# Create a new group
New-ADGroup -Name "IT Admins" -SamAccountName "ITAdmins" -GroupCategory Security -GroupScope Global -Path "OU=Groups,DC=example,DC=com"

c. Adding a User to a Group

# Add a user to a group
Add-ADGroupMember -Identity "IT Admins" -Members "jdoe"

5. Advanced AD Concepts

a. Group Policy Objects (GPOs)

GPOs are used to enforce settings and configurations across users and computers in a domain.

Example: Create a GPO

# Create a new GPO
New-GPO -Name "Disable USB Access"

Link GPO to an OU

# Link GPO to an OU
New-GPLink -Name "Disable USB Access" -Target "OU=Computers,DC=example,DC=com"

b. Active Directory Federation Services (AD FS)

AD FS provides single sign-on (SSO) capabilities for external applications.

c. Active Directory Certificate Services (AD CS)

AD CS is used to issue and manage digital certificates.

6. Security Best Practices

  • Implement Least Privilege: Grant users the minimum permissions necessary to perform their tasks.
  • Enable Multi-Factor Authentication (MFA): Add an extra layer of security to user accounts.
  • Regularly Audit AD: Use tools like Microsoft Advanced Threat Analytics (ATA) or Azure Sentinel to monitor and detect suspicious activity.
  • Secure Domain Controllers: Physically secure DCs and limit administrative access.

7. Automating AD Tasks with PowerShell

PowerShell is a powerful tool for automating Active Directory management tasks.

a. Bulk User Creation

# Import users from a CSV file
$users = Import-Csv -Path "C:\Users.csv"
foreach ($user in $users) {
    New-ADUser -Name $user.Name -GivenName $user.FirstName -Surname $user.LastName -SamAccountName $user.SamAccountName -UserPrincipalName "$($user.SamAccountName)@example.com" -Path "OU=Users,DC=example,DC=com" -AccountPassword (ConvertTo-SecureString $user.Password -AsPlainText -Force) -Enabled $true
}

b. Export AD Users

# Export all users to a CSV file
Get-ADUser -Filter * -Properties * | Select-Object Name, SamAccountName, EmailAddress | Export-Csv -Path "C:\ADUsers.csv" -NoTypeInformation

c. Find Inactive Accounts

# Find users who haven't logged in for 90 days
$inactiveDate = (Get-Date).AddDays(-90)
Get-ADUser -Filter {LastLogonDate -lt $inactiveDate} -Properties LastLogonDate | Select-Object Name, SamAccountName, LastLogonDate

D. Password Reset For other Users

# Reset other User password as a Domain Admin.
Set-ADAccountPassword TOM -Reset -NewPassword (Read-Host -AsSecureString -Prompt ‘New Password’) -Verbose

F. Password Reset For other Users

# Password change prompt after password reset.
Set-ADUser -ChangePasswordAtLogon $true -Identity TOM -Verbose

8. Conclusion

Active Directory is a powerful tool for managing and securing enterprise environments. By mastering the basics and exploring advanced concepts, you can ensure your organization's AD infrastructure is robust, secure, and efficient. Automation with PowerShell can further streamline your workflows and reduce the risk of human error.

Labels:

Comments

Post a Comment

Popular posts from this blog

SMTP (Simple Mail Transfer Protocol) Pentesting - Port 25

 SMTP (Simple Mail Transfer Protocol) is a communication protocol for electronic mail transmission.it is used for sending e-mail. POP3 or IMAP are used for receiving e-mail. Default ports are 25 (SMTP), 465 (SMTPS), 587 (SMTPS)   Connect We can use Telnet to connect to the remote server. Here is a command using Telnet: telnet example.com 25 Enumeration Identifying a SMTP Server You can use Nmap to check if there's an Telnet server on a target host like this: nmap -p25,465,587 -sV -Pn target.com Additional Nmap commands for enumeration nmap --script smtp-brute -p 25,465,587 "target-ip" nmap --script smtp-commands -p 25,465,587 "target-ip" nmap --script smtp-enum-users -p 25,465,587 "target-ip" nmap --script smtp-ntlm-info --script-args smtp-ntlm-info.domain=example.com -p 25,465,587 "target-ip" nmap --script smtp-vuln-cve2011-1764 -p 25,465,587 "target-ip" nmap --script smtp-* -p 25,465,587 "target-ip" Enumer...
Post a Comment
Read more

DNS Pentest - Port 53

Recon Banner Grabbing - Identify DNS Server Versions # Use dig to determine DNS server versions dig version.bind CHAOS TXT @DNS # Alternatively, use nmap script to grab the banner nmap --script dns-nsid <DNS_IP> # Alternatively, use telnet to grab the banner nc -nv -u <DNS_IP> 53 DNS Server Discovery # Using dig dig NS <target-domain> # Using nslookup nslookup -type=NS <target-domain> Enumeration Using DNS enum dnsenum --dnsserver <DNS_IP> --enum -p 0 -s 0 -o subdomains.txt -f <WORDLIST> <DOMAIN> Using dig # Query DNS records dig hackviser.com # Query specific type of DNS records (e.g., A record) dig A hackviser.com # Perform a reverse DNS lookup dig -x <IP_ADDRESS> # Query a specific DNS server dig @<DNS_SERVER_IP> hackviser.com Using nslookup # Perform DNS queries nslookup hackviser.com # Query a specific type of DNS record (e.g., MX record) nslookup -type=MX hackviser.com # Query a specific DNS server nslookup ha...
Post a Comment
Read more

Thread Modelling Cheatsheet: Know Your Weaknesses Before Attackers Do!

Threat Modelling Part - 1 What is Threat Modelling?      Threat modelling is the process of identifying, assessing, and mitigating potential security threats before they happen. It helps teams anticipate how systems can be attacked and build defences proactively , not reactively. Key Concepts Threat: Something (like a hacker or malware) that could exploit a weakness. Vulnerability: A flaw in your system that can be exploited. Risk: The chance that a threat will exploit a vulnerability to cause damage. Analogy : Threat = Burglar Vulnerability = Unlocked door Risk = Getting robbed because the door is open in a bad neighborhood  Threat Modelling Process (High-Level) Define the Scope – What systems/apps are you evaluating? Identify Assets – What needs protection? (e.g. data, services) Identify Threats – Think like an attacker. What could go wrong? Analyze Vulnerabilities – What weaknesses exist? Prioritize Ri...
Post a Comment
Read more