Internal Network & Active Directory · beginner · ~11 min
Explain the domain model, the domain controller, and why AD is the keys to the kingdom.
Active Directory is the central identity/policy database for Windows networks. A domain is a security boundary; the domain controller (DC) authenticates everyone and holds NTDS.dit; a forest groups domains. Owning the DC / Domain Admin = owning everything joined.
AD centralises authentication and management across an organisation, so compromising it compromises every joined machine and user at once. It's the universal high-value target of internal engagements, and most AD attacks abuse configuration, not exploits.
Domain. Security boundary of users/computers/groups. Domain controller. Runs AD, stores NTDS.dit, authenticates all — DC compromise = domain compromise. Forest & trusts. Top boundary; cross-domain access. Domain Admin. Control of everything joined.
Active Directory (AD) is Microsoft's directory service — the central database of identities and policy that runs almost every corporate Windows network.
In a domain, you don't log into each machine separately — AD centralises authentication (single sign-on via Kerberos) and management (Group Policy pushes settings to every host). That centralisation is exactly why AD is the universal target: Domain Admin (or DC compromise) means control of every joined machine, user, and resource at once.
Enumerate the directory (users, groups, computers, policies, trusts), find misconfigurations and credential-exposure, and chain them into a path to Domain Admin — usually with far less "exploitation" than configuration abuse. The next lessons cover the pieces.
AD is the centralised directory that authenticates and manages a Windows estate; the domain controller and Domain Admin are the crown jewels because they confer control over every joined resource. AD attacks chain misconfigurations toward that goal.