Introduction to Active Directory

Active Directory (AD): Centralized Network Management and Security

Active Directory (AD) is a critical component for managing resources, users, and devices within a Windows domain network. It provides centralized control, enhancing efficiency and security for organizations.

Key Features of Active Directory

1. Centralized Management

  • Unified Control: Manage users, groups, computers, and services from a single location.

  • Streamlined Administration: Simplifies tasks like user provisioning, password resets, and access management.

2. Authentication and Authorization

  • Single Sign-On (SSO): Users access multiple resources with one set of credentials.

  • Access Control: Verifies user identity and enforces security policies for resource access.

3. Integration

  • Microsoft Ecosystem: Seamlessly integrates with Exchange, SharePoint, and Office 365.

  • Group Policy Objects (GPOs): Automates software distribution, patch management, and security enforcement.

4. Group Policy

  • Policy Enforcement: Configures security settings, deploys software, and manages user environments across the network.

Core Component: Kerberos Authentication

Kerberos is the default authentication protocol in Windows AD environments. It provides secure, efficient authentication using ticket-based mechanisms.

Key Components of Kerberos

  • Key Distribution Center (KDC):

    • Central service for issuing tickets, composed of:

      • Authentication Service (AS): Issues the Ticket Granting Ticket (TGT).

      • Ticket Granting Service (TGS): Issues Service Tickets (ST) for specific resources.

  • Ticket Granting Ticket (TGT):

    • Allows the client to request service tickets without re-authenticating.

  • Service Principal Name (SPN):

    • A unique identifier for services in the domain.

Kerberos Authentication Workflow

  1. Authentication Request:

    • The client sends a plaintext authentication request to the KDC.

  2. TGT Issuance:

    • If the client exists in the AD database, the KDC issues a TGT and session key.

    • If not, authentication fails.

  3. Service Ticket Request:

    • The client uses the TGT to request a service ticket for a specific resource.

  4. Service Ticket Issuance:

    • The KDC issues an encrypted service ticket, which the client decrypts with the session key.

  5. Resource Access:

    • The client presents the service ticket to the resource. If valid, access is granted.

  6. Ticket Expiry:

    • The default ticket lifetime is 600 minutes (10 hours). Tickets can be reused until expiration.

Benefits of Kerberos

1. Enhanced Security

  • Mutual Authentication: Verifies both client and server identities.

  • Replay Attack Protection: Uses timestamps and session keys to prevent reuse of old tickets.

2. Efficiency

  • SSO: Access multiple services without repeated credential prompts.

3. Scalability

  • Suitable for large enterprise environments, managing thousands of users and services.

Key Points

Active Directory, with its Kerberos authentication, is an indispensable tool for secure and efficient network management. Its centralized management and seamless integration with other Microsoft services ensure operational efficiency, while Kerberos enhances security and user experience.

For a deeper dive into Kerberos, refer to this in-depth guide: What is Kerberos?

PreviousHunting AD AttacksNextHunting AS-REP Roasting Attack

Last updated