Hello friend,
this is my write-up of the Active Directory Basics Room on TryHackMe. A lot of big companies use an Active Directory environment, it makes managing users and computers much easier. So it is important to learn about it.
This is a pretty simple walkthrough room, most of the answers are provided in the descriptions of the tasks. If you need an answer anyway, just look below.
Let’s get to it.
Task 2 – Physical Active Directory
Every physical computer which is part of the active directory. Most importantly the domain controllers, which control the rest of an active directory domain. They also hold the Active Directory Domain Service (AD DS) data store.
What database does the AD DS contain?
NTDS.dit – the database that contains all the information of an Active Directory domain controller as well as password hashes for domain users – this might be interesting later on.
Where is the NTDS.dit stored?
%SystemRoot%\NTDS – by default
What type of machine can be a domain controller?
windows server
Task 3 – The Forest
An Active Directory Forest is the organisational structure of an AD. It stores all information of an AD and can contain multiple domains.
What is the term for a hierarchy of domains in a network?
tree
What is the term for the rules for object creation?
domain schema
What is the term for containers for groups, computers, users, printers and other OUs?
organizational units
Task 4 – Users + Groups
Which type of groups specify user permissions?
security groups
Which group contains all workstations and servers joined to the domain?
domain computers
Which group can public certificates to the directory?
cert publishers
Which user can make changes to a local machine but not to a domain controller?
local administrators
Which group has their passwords replicated to read-only domain controllers?
Allowed RODC Password Replication Group
Task 5 – Trusts + Policies
These are the rules, which define how users and machine in the AD may interact with each other or have to act themselves.
What type of trust flows from a trusting domain to a trusted domain?
directional
What type of trusts expands to include other trusted domains?
transitive
Task 6 – Active Directory Domain Services + Authentication
What type of authentication uses tickets?
kerberos
What domain service can create, validate, and revoke public key certificates?
certificate services
Task 7 – AD in the cloud
What is the Azure AD equivalent of LDAP?
rest APIs
What is the Azure AD equivalent of Domains and Forests?
tenants
What is the Windows Server AD equivalent of Guests?
trusts
Task 8 – Hands-On Lab
Deploy the machine
Should be doable.
What is the name of the Windows 10 operating system?
We get the answer by using the command of the task description:
Windows 10 Enterprise Evaluation
What is the second “Admin” name?
Again, the command is already provided in the description:
Admin2
Which group has a capital “V” in the group name?
We can use the Get-NetGroup command to list all groups. I then piped it to Select-String -CaseSensitive “V” to only show the one group we are looking for.
When was the password last set for the SQLService user?
This information we get from Get-NetUser, so let’s just select the name and pwdlastset.
And here we are.
5/13/2020 8:26:58 PM