Active Directory Overview#

• Host a copy of the AD DS directory store (”Phone book”)
• Provide authentication and authorization services
• Replicate updates to the other domain controllers in the domain and forest
• Allow admins access to manage user accounts and network resources

• Consists of the NTDS.dit file (very important file ⚠️)
  • Contains all the information we need like stored password hashes
• Is stored by default in the %SystemRoot%\NTDS folder on all domain controllers

AD DS Schema (rule book / blueprint)

• Defines every type of object that can be stored in the directory

Domains

• Used to group and manage objects (computers, users, etc.) in an organization

Trees

• A hierarchy of domains in AD DS
• Share a contiguous namespace with the parent domain
• Default: a two-way transitive trust with the other domains

Forests

• A collection of one or more domain trees
• Share a common schema, config partition, global catalog to enable searching
• Enable trust between all domains in the forest
• Share the Enterprise Admins & Schema Admins groups ⚠️

Organizational Units (OUs)

• AD containers that can contain users, groups, computers, and other OUs.
• Apply policies

Trusts

• Provide a mechanism for users to gain access to resources in another domain

Objects