Walkthrough: TryHackMe Active Directory Basics
4 min readJul 20, 2022
Introduction
I understand what Active Directory is and why it is used. ✅
Physical Active Directory
- What database does the AD DS contain? : ntds.dit
- Where is the NTDS.dit stored? : %SystemRoot%\NTDS
- What type of machine can be a domain controller? : windows server
The Forest
- What is the term for a hierarchy of domains in a network? : tree
- What is the term for the rules for object creation? : Domain Schema
- What is the term for containers for groups, computers, users, printers, and other OUs? : Organizational Units
Users + Groups
- Which type of groups specify user permissions? : Security Groups
- Which group contains all workstations and servers joined to the domain? : Domain Computers
- Which group can publish certificates to the directory? : Cert Publishers
- Which user can make changes to a local machine but not to a domain controller? : Local Administrators
- Which group has their passwords replicated to read-only domain controllers? : Allowed RODC Password Replication Group
Trust + Policies
- What type of trust flows from a trusting domain to a trusted domain? : directional
- What type of trusts expands to include other trusted domains? : Transitive
Active Directory Domain Services + Authentication
- What type of authentication uses tickets? : Kerberos
- What domain service can create, validate, and revoke public key certificates? : Certificate Services
AD in the Cloud
- What is the Azure AD equivalent of LDAP? : Rest APIs
- What is the Azure AD equivalent of Domains and Forests? : Tenants
- What is the Windows Server AD equivalent of Guests? : Trusts
Hands-On Lab
- Deploy the Machine ✅
Run the following commands in Powershell
cd Downloads
powershell -ep bypass
. .\PowerView.ps1
Tasks
- What is the name of the Windows 10 operating system?
Script: Get-NetComputer -fulldata | select operatingsystem
Windows 10 Enterprise Evaluation
- What is the second “Admin” name?
Script: Get-NetUser | select cn
Admin2
- Which group has a capital “V” in the group name?
Script: net localgroup
Hyper-V Administrators
- When was the password last set for the SQLService user?
Script: Get-ADUser -identity SQLService -properties * | select passwordlastset
5/13/2020 8:26:58 PM
Conclusion
- I understand the basics of Active Directory ✅