Physical AD components →

This is not the most detailed description its more of a high level overview

The most important active directory component is something called a Domain controller it has a lot of features and does a lot of things for our enviornment. it hosts Active Directory Domain Service directory store which is basically the phone book it has all the information on the users ,computers ,printers and everything in the network.

It also provides authentication and authorisation services which means it also does stuff with kerberos tickets.

And this also replicates updates to other domain controllers in the domain in the forest (Which is basically like a parent and child domain directory situation).

It also gives us administrative access to manage user accounts and network resources.

So basically this where all the cool stuff happens if you can comprise this you can compromise everything.This is the top target when we do Internal Pen-testing but its not the only information the clients might want but maybe they will want maybe like PII(Personally Indentifiable Information) maybe stuff related social security numbers and stuff like that so dont just look for domain controller think beyond that and try to protect those.


This contains the database files and processes that store and manage dirctory infromation for users,services, and application.

This consists of the Ntds.dit file this file is very very sensitive typically when we comprise the domain controller we wanna gain this file because it literally consists of all the important information like the objects,users,more importantly password hashes for all users in that domain.You can try to crack them then afterwards.

It is stored by default in the %SystemRoot%\NTDS folder on all domain its accesible only throught the domain controller and protocols

Logical AD Components →

AD DS Schema so this is basically kinda like a rule book so it contains definitions of every object that can be created in active directory.So think of it as a rule book

Domains are used to group and manage objects in an organisation .In small businesses you might just have one domain but in bigger company you can have domains split between maybe like categories or something these act as an administrative boundary for applying new policies. They are authentication and authorisation boundary that provides a way to limit the scope of access to resources.

Trees are basically a group of domains and their in order of hierarchy so its used to share a continuous namespace with parent domain and they can have these additional child domains and by default create a two way transitive between these domains .