Active Directory

Active Directory (AD) is a Microsoft service that helps administrators manage users, computers, and access to resources within a network. It organizes these resources into objects (like users and computers) that have specific permissions. Objects are grouped into domains (e.g., corp.com) and structured with Organizational Units (OUs), which act like folders.

A central server called the Domain Controller (DC) manages logins and stores information about all objects. AD relies heavily on DNS to operate correctly. Groups in AD simplify management by allowing permissions to be assigned to multiple users or systems at once. High-privilege groups like Domain Admins and Enterprise Admins are key targets for attackers because controlling them means controlling the network.

In larger environments, multiple domains can exist within a domain tree or forest. Each domain has its own Domain Admins, but Enterprise Admins can control the entire forest, making them especially valuable to attackers.

When using AD credentials, it's best to connect with RDP instead of PowerShell Remoting or WinRM. This avoids the Kerberos Double Hop issue, which can block AD enumeration tools. RDP passes your authentication cleanly, allowing smoother interaction with the domain.