Walkthrough: TryHackMe Active Directory Basics

Walkthrough: TryHackMe Active Directory Basics

Introduction

I understand what Active Directory is and why it is used. ✅

Physical Active Directory

What database does the AD DS contain?

• What database does the AD DS contain? : ntds.dit

Where is the NTDS.dit stored?

• Where is the NTDS.dit stored? : %SystemRoot%\NTDS

What type of machine can be a domain controller?

• What type of machine can be a domain controller? : windows server

The Forest

What is the term for a hierarchy of domains in a network?

• What is the term for a hierarchy of domains in a network? : tree

What is the term for the rules for object creation?

• What is the term for the rules for object creation? : Domain Schema

What is the term for containers for groups, computers, users, printers, and other OUs?

• What is the term for containers for groups, computers, users, printers, and other OUs? : Organizational Units

Users + Groups

Which type of groups specify user permissions?

• Which type of groups specify user permissions? : Security Groups

Which group contains all workstations and servers joined to the domain?

• Which group contains all workstations and servers joined to the domain? : Domain Computers

Which group can publish certificates to the directory?

• Which group can publish certificates to the directory? : Cert Publishers

Which user can make changes to a local machine but not to a domain controller?

• Which user can make changes to a local machine but not to a domain controller? : Local Administrators

Which group has their passwords replicated to read-only domain controllers?

• Which group has their passwords replicated to read-only domain controllers? : Allowed RODC Password Replication Group

Trust + Policies

What type of trust flows from a trusting domain to a trusted domain?

• What type of trust flows from a trusting domain to a trusted domain? : directional

What type of trusts expands to include other trusted domains?

• What type of trusts expands to include other trusted domains? : Transitive

Active Directory Domain Services + Authentication

What type of authentication uses tickets?

• What type of authentication uses tickets? : Kerberos

What domain service can create, validate, and revoke public key certificates?

• What domain service can create, validate, and revoke public key certificates? : Certificate Services

AD in the Cloud

What is the Azure AD equivalent of LDAP?

• What is the Azure AD equivalent of LDAP? : Rest APIs

What is the Azure AD equivalent of Domains and Forests?

• What is the Azure AD equivalent of Domains and Forests? : Tenants

What is the Windows Server AD equivalent of Guests?

• What is the Windows Server AD equivalent of Guests? : Trusts

Hands-On Lab

• Deploy the Machine ✅

Run the following commands in Powershell

cd Downloads

powershell -ep bypass

. .\PowerView.ps1

Tasks

• What is the name of the Windows 10 operating system?

Script: Get-NetComputer -fulldata | select operatingsystem

Windows 10 Enterprise Evaluation

Windows 10 Enterprise Evaluation

• What is the second “Admin” name?

Script: Get-NetUser | select cn

Admin2

Admin2

• Which group has a capital “V” in the group name?

Script: net localgroup

Hyper-V Administrators

• When was the password last set for the SQLService user?

Script: Get-ADUser -identity SQLService -properties * | select passwordlastset

5/13/2020 8:26:58 PM

Conclusion

• I understand the basics of Active Directory ✅

That's it for this walkthrough. Connect with through the links below:

• Twitter
• LinkedIn