RIO
  • Welcome
    • RIO
    • Useful Links
  • PENTESTING
    • Methodology
    • Protocols
      • FTP
      • SMB
      • NFS
      • SSH
      • RDP
      • SMTP
      • IMAP / POP3
      • RSYNC
      • SNMP
      • IPMI
      • R-Services
      • WinRM
      • WMI
      • LDAP
    • Databases
      • MySQL
      • MSSQL
      • Oracle TNS
      • PostgreSQL
    • File Transfers
      • Windows
      • Linux
      • Code
      • Misc
    • Password Attacks
      • John The Ripper
      • Hashcat
    • Docker
  • TOOLS
    • Nmap
    • Metasploit
    • BloodHound
    • Other
  • Linux
    • Theory
    • Commands and Utilities
      • Useful Commands
    • Bash Scripting
    • Post-Exploitation
      • Cred Hunting
      • Pivoting
    • Privilege Escalation
  • WINDOWS
    • Theory
      • Security
    • Commands and Utilities
    • PowerShell
    • Post-Exploitation
      • Tools
      • Enumeration
        • System
        • Network
        • Users
        • Groups
        • Processes / Services
        • Permissions
        • Defence
        • Programs
        • Files
      • Access
      • Pivoting
      • Cred Hunting
    • Privilege Escalation
      • Privileges
      • Built-In Groups
        • Backup Operators
        • Server Operators
        • Print Operators
        • DnsAdmins
        • Event Log Readers
      • Privilege Abuse
        • Potatoes
        • SeDebugPrivilege
        • SeTakeOwnershipPrivilege
      • MISC
        • UAC Bypass
        • User-Interaction Attacks
        • Weak Permissions
  • ACTIVE DIRECTORY
    • Theory
      • Terminology
    • Reconnaissance
      • Responder
      • Password Policies
      • DNS
      • Enumeration
        • Users
        • Groups
          • GPO's
        • Shares
        • Domain
        • Trusts
        • ACL
    • Movement
      • Credentials
        • Dumping
          • DCSync
        • Making a Target List
        • Spraying
        • Powershell Remoting
      • Kerberos
        • Kerbrute
        • Kerberoasting
          • Semi-Manual Way
          • Targeted Kerberoasting
        • ASREProasting
        • Forging
          • Golden Ticket
        • Overpass The Hash
        • Pass The Ticket
        • noPAC
      • MITM / Coerced Auths
        • LLMNR, NBT-NS Poisoning
        • PetitPotam
      • DACL Abuse
        • AddMember
        • ForceChangePassword
      • Trust Abuse
        • ExtraSIDs
      • ADCS
      • Printers
        • PrintNightmare
    • Tools
  • Networking
    • Theory
      • Types / Topologies
      • OSI & TCP/IP Models
      • TCP / UDP
      • MAC Addresses
      • IP / Subnetting
      • Proxies
      • ARP
    • Pivoting
      • Port-Forwarding
    • Commands and Utilities
    • Techniques
  • WEB
    • Web Recon
      • Fuzzing
    • DNS
  • CLOUD
    • Google GKE/GCP
      • Theory
Powered by GitBook
On this page
  • Object
  • Global Unique Identifier (GUID)
  • Security Principals
  • Distinguished Name (DN)
  • Relative Distinguished Name (RDN)
  • userPrincipalName (UPN)
  • FSMO Roles
  • Global Catalog (GC)
  • Replication
  • Service Principal Name (SPN)
  • Group Policy Object (GPO)
  • Fully Qualified Domain Name (FQDN)
  • Tombstone
  • AD Recycle Bin
  • SYSVOL
  • Active Directory Users and Computers (ADUC)
  • ADSI Edit
  • sIDHistory
  1. ACTIVE DIRECTORY
  2. Theory

Terminology

Object

  • Object can be defined as ANY resource present within an Active Directory environment such as OUs, printers, users, domain controllers.

Global Unique Identifier (GUID)

  • Unique 128-bit value assigned to objects.

  • Used internally by AD for identification.

Security Principals

  • Authenticated entities (users, computers, services, etc.).

  • Manage access to domain resources.

Distinguished Name (DN)

  • Full path to an object in AD (e.g., cn=sreed, ou=IT, dc=example, dc=com).

Relative Distinguished Name (RDN)

  • Unique identifier within its parent container.

userPrincipalName (UPN)

  • Alternative way to identify users (e.g., sreed@example.com).

FSMO Roles

  • Five roles ensuring AD replication and operation:

    1. Schema Master (one per forest)

    2. Domain Naming Master (one per forest)

    3. RID Master (one per domain)

    4. PDC Emulator (one per domain)

    5. Infrastructure Master (one per domain)

Global Catalog (GC)

  • Stores full copies of objects in the current domain and partial copies from other domains.

  • Helps in authentication and searching for AD objects across domains.

  • Crucial for login processes and Exchange Server lookups.

Replication

  • Synchronizes changes across Domain Controllers.

  • Managed by the Knowledge Consistency Checker (KCC).

Service Principal Name (SPN)

  • Service Principal Name (SPN) is a unique identifier of a service instance. Kerberos authentication uses SPNs to associate a service instance with a service sign-in account. Doing so allows a client application to request service authentication for an account even if the client doesn't have the account name, because every service has a corresponding service account.

Group Policy Object (GPO)

  • Collection of policy settings applied to users and computers.

  • Used for security configurations, software deployments, and administrative settings.

  • Can be applied at different levels (site, domain, OU).

Fully Qualified Domain Name (FQDN)

  • Complete name for a host (e.g., dc01.example.com).

Tombstone

  • Holds deleted AD objects for a set period before permanent deletion.

AD Recycle Bin

  • Enables easy recovery of deleted objects while preserving attributes.

SYSVOL

  • Stores Group Policy settings and logon scripts.

  • Replicated across all DCs.

Active Directory Users and Computers (ADUC)

  • GUI for managing users, groups, computers, and contacts.

ADSI Edit

  • Advanced GUI tool for managing AD objects and attributes.

sIDHistory

  • Stores previous SIDs during migrations.

  • Can be abused if not secured.

PreviousTheoryNextReconnaissance