What is Active Directory?

Active Directory (AD) is a directory service developed by Windows to manage Windows domain networks. It plays a central role in managing an organization's resources and providing authentication and authorization functions within a Windows environment. Designed to be backward compatible

Resources including users, computers, groups, network devices and file shares, group policies, servers and workstations, and trusts.

https://learn.microsoft.com/en-us/powershell/module/activedirectory/?view=windowsserver2022-ps

Key Functions:

• Centralized Management:
  • Manages resources such as users, computers, groups, network devices, file shares, group policies, and trusts with other organizations.
• Authentication:
  • Utilizes Kerberos for authenticating users and devices within the Windows domain.
  • Non-Windows devices like Linux systems and firewalls can authenticate to AD via RADIUS or LDAP.
• Identity Management:
  • Acts as the most commonly used identity management service.
  • Provides a centralized point of management for user accounts, passwords, and access rights.

Structure & Accessibility:

• Read-Only Database:
  • AD is a large read-only database accessible to all users within the domain, regardless of their privilege level.
  • Even basic AD user accounts can enumerate most objects within AD.
• Gatekeeper Role:
  • Controls access to enterprise resources, allowing domain members to access resources freely while restricting access to non-domain members.

Significance in Security:

• Widespread Use:
  • Around 95% of Fortune 500 companies run Active Directory, making it a key focus for attackers.
  • Microsoft Active Directory holds approximately 21.47% of the  market share for enterprise organizations in 2024, ranking second to its competitor, Azure Active Directory, in the utilization of Identity and Access Management solutions, after holding 43% of the market share in 2022.
• Exploitation Potential:
  • AD flaws and misconfigurations can be exploited to gain unauthorized access, move laterally and vertically within a network, and compromise protected resources such as databases, file shares, and source code.

AD is essentially a large database accessible to all users within the domain, regardless of their privilege level. A basic AD user account with no added privileges can be used to enumerate the majority of objects contained within AD

Common Exploitation Tactics:

• Abusing AD Features and Trust Components:
  • Attackers often target AD's inherent features and trust components to obtain a foothold, escalate privileges, and access sensitive resources.