Security Diaries All About Security
Related Articles
If you are working in some IT company and if your company infrastructure is using windows, then there is a high chance that you are on windows AD.
Active Directory is windows service which runs on windows servers and helps administrators to manage the windows devices in the network.
Basically, the point of AD is to manage all the windows machines in the network which includes the users, permissions, privileges. Instead of creating users manually and deleting them when the employee exists AD will help administrators to manage the employee data with ease.
Let’s say there are multiple domains in the organization, Domain controller in AD helps to login to all the domains of the organization with single windows credential and when the employee leaves the organization administrator needs to delete a user in one domain and it will replicate in all the domains. This is just one case of AD similarly there are many features in AD which helps in managing the organization assets, users, and permissions.
Let’s talk about what AD is made of and then we will talk about the structure. I am trying to give you a very high-level understanding of AD. In this article, we are not going deep into the AD or how it works.
Everything in active directory is an object. The object is the basic element of Active Directory. It can represent any user, machine, group, application, printer, shared folder.
Active Directory contains
- Schema
- Query and Index mechanisms
- Global Catalog
- Replication Service
Schema: Schema defines objects and their attributes. This is like there is a user-created and the attributes for that user are Account information, Privileges, policy. So when we talk about schema it is all about the objects and their attributes.
Query & Index mechanisms: This mechanism will provide searching and publication of the objects and their properties. AD is a centralized service that will provide management, security, and inter-operability. To achieve this in the network level, query and index mechanisms will publish the objects and their properties.
Global Catalog: It contains information about all the objects in the directory.
Replication Service: This will distribute data across domain controllers. When there are multiple domains in the directory, one user has to login to multiple domains for which the user have access to, replication service will take this responsibility in distributing data across the domain controller
What is a domain controller?
Domain controller primary responsibility is to authenticate the user with one’s credentials
Structure of AD
Active Directory contains 3 building blocks.
- Forest
- Domain
- Organization Unit
Forest: Forest is also called a security boundary. It contains multiple domains.
Domain: Domain is a network where any object in the AD logs in or connects to.
Organization Unit: Organization Units are the devices, users that are present in the AD.
Forest is called a security boundary because if there are two domains ‘A’ & ‘B’ then if domain ‘A’ is compromised then the attacker can access resources in domain ‘B’. This is actually an intended feature and it cannot be patched.
Please sir write something about injection LDAP XML or different types of injection. I am eagerly waiting fir your blogs.
okay Ma’am