Penetration Tester Interview Q&A…What is Active Directory?

5qu1n7
3 min readJul 25, 2024

--

Most of this information is copy/paste from different open-source resources, but this will be a place that puts it all together for interview focus.

What is Active Directory?

This question should not be difficult to answer, but the technical aspects of Active Directory (AD) can make it a little more difficult, below we will look at different aspects of AD and what you should know for an interview.

Easily put, AD is the most commonly used identity management service on internal networks in the world. In laymen terms, think of AD as a phonebook, that stores lots of data in objects (more on this later). There are a lot of “Features” that are within AD that can be exploited through misconfigurations without needing a sophisticated payload.

AD is a hierarchical structure that stores information about objects on the network. It was developed by Microsoft for the Windows domain. Active Directory Domain Services (AD DS) (which is usually a Domain Controller), provides the methods for storing directory data and making this data available to network users and administrators. For example, AD DS stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information.

In an interview setting this information above is the information you should have memorized for this type of question.

To expound on the question here are some additional things to know, not memorize, about AD.

Key features of Active Directory Domain Services (AD DS)

Certificate Services: Create, manage, and share encryption certificates using Domain Services. This helps users exchange information securely over the internet.

Lightweight Directory Services (LDS): AD LDS is a Lightweight Directory Access Protocol Service (LDAP) that makes the Domain Services more versatile and flexible.

Active Directory Federation Services (ADFS): ADFS allows employees to access multiple devices, applications, and systems with a single login credential. This Single Sign-On solution enhances the user experience.

Rights Management Services (RMS): AD RMS provides tools to help administrators manage security services to secure their data. These technologies include authentication, certifications, encryption, and more.

AD stores information about objects on the network and makes this information easy for administrators and users to find and use. AD uses a structured data store as the basis for a logical, hierarchical organization of directory information.

This data store, also known as the directory, contains information about AD objects. These objects typically include shared resources such as servers, volumes, printers, and the network user and computer accounts. For more information about the AD data store, see Directory data store.

Security is integrated with AD through logon authentication and access control to objects in the directory. With a single network logon, administrators can manage directory data and organization throughout their network, and authorized network users can access resources anywhere on the network. Policy-based administration eases the management of even the most complex network. For more information about AD security, see Security overview.

AD also includes:

  • A set of rules, the schema, that defines the classes of objects and attributes contained in the directory, the constraints and limits on instances of these objects, and the format of their names. For more information about the schema, see Schema.
  • A global catalog that contains information about every object in the directory. This allows users and administrators to find directory information regardless of which domain in the directory actually contains the data. For more information about the global catalog, see Global catalog.
  • A query and index mechanism, so that objects and their properties can be published and found by network users or applications. For more information about querying the directory, see Searching in Active Directory Domain Services.
  • A replication service that distributes directory data across a network. All domain controllers in a domain participate in replication and contain a complete copy of all directory information for their domain. Any change to directory data is replicated to all domain controllers in the domain. For more information about AD replication, see Active Directory Replication Concepts.

Active Directory is HUGE and is necessary for Penetration Testers to know and understand. This information will get you through the interview process but will not make you a penetration tester. You need the hands-on skills to navigate AD and expose AD for some of its “features” to become good at penetration testing. For things like that I suggest TCM Security — PNPT certification. This course will have everything you need to become a great up and coming penetration tester.

--

--

5qu1n7

Currently a Penetration Tester and Retired United States Air Force Military Working Dog Handler after 23 years. Who also has a habit of picking locks.