At its core, Active Directory domain services (AD DS) is a structured data store of objects in the domain controller. It is a directory service from Microsoft for identity management and access control in Windows domain networks. Active Directory can authenticate users, groups, services and computers to protected information. In addition to that, AD DS also helps to implement security policies and permissions. AD DS enforces them for all computers in your network.
Active Directory (AD) handles sensitive organization data like user credentials, personal information of employees, security permissions, and more. Because of this, AD is prone to being targeted by cyber attackers. Malicious actors are constantly coming up with new attack strategies, making it a challenge for organizations to secure their AD environment. This is why it’s essential that every organization formulates a cyber defense strategy to combat cyber threats and protect their AD.
Understanding Active Directory (AD) permissions is vital for cybersecurity, compliance and business continuity. In this blog, we’ll be going over, at a high level, how Active Directory permission are applied in a domain and how to view them natively. The most common way to apply Active Directory permissions is through the tool Active Directory Users and Computers (ADUC). There are two ways in ADUC to apply permissions: This blog post will cover both of these options.
ManageEngine ADAudit Plus is a real-time change auditing and reporting software that fortifies your Active Directory (AD) security infrastructure. With over 250 built-in reports, it provides you with granular insights into what’s happening within your AD, such as all the changes made to objects and their attributes. This can include changes to users, computers, groups, network shares, and more.
Active Directory user objects possess a number of logon metadata attributes that are valuable for Active Directory audit reporting and administration. For example, they are commonly used to identify user accounts that have been inactive for a significant period, or as “stale” accounts. However, each logon metadata attribute has some unique behaviors that need to be understood.
One critical way that attackers gain access to an IT environment and escalate their privileges is by stealing user password hashes and cracking them offline. We covered a method for harvesting service account passwords in our post on Kerberoasting. Here we will explore a technique that works against certain user accounts, AS-REP Roasting. We’ll cover how adversaries perform AS-REP Roasting using the Rubeus tool and how you can defend your organization against these attacks.
Note: The examples in this post use apt commands, which are for Debian-based operating systems like Ubuntu, Kali and Mint. However, the examples have also been tested with yum/dnf commands for RPM-based distros like CentOS, Red Hat, Fedora and openSUSE.
Learning how attackers target weak domain account passwords is not enough for Active Directory security. Let’s look beyond domain accounts and understand the ways adversaries attack local accounts on Windows servers and desktops. For this post, we will focus on the most important local account: Administrator.
I was speaking with an Active Directory security engineer at a global pharmaceutical company recently, and I asked him the most classic question in the product management handbook: “What keeps you up at night?” So cliché (I know), but sometimes instead of an eye roll, you get a real gem, which is exactly what happened.
IT pros are well aware that Active Directory has two types of groups: security groups, which are used to assign permissions to shared resources, and distribution groups, which are used to create email distribution lists. But not everyone understands that each of these Active Directory groups has a scope — and understanding how scope works is vital to security and business continuity. This blog post dives into what group scope is and exactly why it’s important.
