Active Directory Basics — TryHackMe Walkthrough

Task 1 Introduction

What is Active Directory? -

Active Directory is a collection of machines and servers connected inside of domains, that are a collective part of a bigger forest of domains, that make up the Active Directory network. Active Directory contains many functioning bits and pieces, a majority of which we will be covering in the upcoming tasks. To outline what we’ll be covering take a look over this list of Active Directory components and become familiar with the various pieces of Active Directory:

  • Domain Controllers
  • Forests, Trees, Domains
  • Users + Groups
  • Trusts
  • Policies
  • Domain Services

Task 2 Physical Active Directory

What database does the AD DS contain?

>> NTDS.dit

Where is the NTDS.dit stored?

>> %SystemRoot%\NTDS

What type of machine can be a domain controller?

>> Windows Server

Task 3 The Forest

A forest is a collection of one or more domain trees inside of an Active Directory network. It is what categorizes the parts of the network as a whole.

What is the term for a hierarchy of domains in a network?

>> Tree

What is the term for the rules for object creation?

>> Domain Schema

What is the term for containers for groups, computers, users, printers, and other OUs?

>> Organizational Units

Task 4 Users + Groups

Default Security Groups -

There are a lot of default security groups so I won’t be going into too much detail of each past a brief description of the permissions that they offer to the assigned group. Here is a brief outline of the security groups:

  • Domain Controllers — All domain controllers in the domain
  • Domain Guests — All domain guests
  • Domain Users — All domain users
  • Domain Computers — All workstations and servers joined to the domain
  • Domain Admins — Designated administrators of the domain
  • Enterprise Admins — Designated administrators of the enterprise
  • Schema Admins — Designated administrators of the schema
  • DNS Admins — DNS Administrators Group
  • DNS Update Proxy — DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).
  • Allowed RODC Password Replication Group — Members in this group can have their passwords replicated to all read-only domain controllers in the domain
  • Group Policy Creator Owners — Members in this group can modify group policy for the domain
  • Denied RODC Password Replication Group — Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain
  • Protected Users — Members of this group are afforded additional protections against authentication security threats. See http://go.microsoft.com/fwlink/?LinkId=298939 for more information.
  • Cert Publishers — Members of this group are permitted to publish certificates to the directory
  • Read-Only Domain Controllers — Members of this group are Read-Only Domain Controllers in the domain
  • Enterprise Read-Only Domain Controllers — Members of this group are Read-Only Domain Controllers in the enterprise
  • Key Admins — Members of this group can perform administrative actions on key objects within the domain.
  • Enterprise Key Admins — Members of this group can perform administrative actions on key objects within the forest.
  • Cloneable Domain Controllers — Members of this group that are domain controllers may be cloned.
  • RAS and IAS Servers — Servers in this group can access remote access properties of users

Which type of group specifies user permissions?

>> Security Groups

Which group contains all workstations and servers joined to the domain?

>> Domain Computers

Which group can publish certificates to the directory?

>> Cert Publishers

Which user can make changes to a local machine but not to a domain controller?

>> Local Administrator

Which group has their passwords replicated to read-only domain controllers?

>> Allowed RODC Password Replication Group

Task 5 Trusts + Policies

Domain Trusts Overview -

Trusts are a mechanism in place for users in the network to gain access to other resources in the domain. For the most part, trusts outline the way that the domains inside of a forest communicate to each other, in some environments trusts can be extended out to external domains and even forests in some cases.

There are two types of trusts that determine how the domains communicate. I’ll outline the two types of trusts below:

  • Directional — The direction of the trust flows from a trusting domain to a trusted domain
  • Transitive — The trust relationship expands beyond just two domains to include other trusted domains

What type of trust-flows from a trusting domain to a trusted domain?

>> Directional

What type of trust expands to include other trusted domains?.

>> Transitive

Task 6 Active Directory Domain Services + Authentication

What type of authentication uses tickets?

>> Kerberos

What domain service can create, validate, and revoke public key certificates?

>> Certificate Services

Task 7 AD in the Cloud

Cloud Security Overview -

The best way to show you how the cloud takes security precautions past what is already provided with a physical network is to show you a comparison with a cloud Active Directory environment:

What is the Azure AD equivalent of LDAP?

>> REST APIs

What is the Azure AD equivalent of Domains and Forests?

>> Tenants

What is the Windows Server AD equivalent of Guests?

>> Trusts

Task 8 Hands-On Lab

What is the name of the Windows 10 operating system?

What is the second “Admin” name?

Which group has a capital “V” in the group name?

When was the password last set for the SQLService user?

Thank You

Follow On: LinkedIn | Twitter

Written By: Pratik Dhavade