Active Directory

Active Directory is the backbone of identity and access management in most enterprise Windows environments. It stores information about network objects such as users, groups, computers, and organizational units, and enforces security policies across the domain. AD uses protocols like Kerberos for authentication and LDAP for directory queries.

From a security perspective, Active Directory is a high-value target for attackers. Compromising a domain controller grants an adversary near-complete control over the entire network. Common AD attack vectors include Kerberoasting, AS-REP roasting, Golden Ticket and Silver Ticket attacks, DCSync, and abuse of misconfigured Group Policy Objects or delegation permissions.

Securing Active Directory requires regular auditing of group memberships and permissions, enforcing strong password policies, implementing tiered administration models, enabling Protected Users security groups, and monitoring for suspicious authentication events. Tools like BloodHound are used by both attackers and defenders to map and analyze AD trust relationships and identify attack paths to critical assets.