Directory service developed by Microsoft to Manage Windows Domain Networks.
Think about it as a phone book for Windows which stores information related to objects, such as Computers, Users, Printers etc.
E.g.: You can login into multiple computers with the same credentials in a network. That happens because the company is using the active directory.
<aside> 💡 Authenticate using Kerberos tickets: Non-Windows-devices, such as Linux machines, firewalls, etc. can also authenticate to Active Directory via RADIUS or LDAP.
</aside>
Active Directory is the most commonly used identity management service in the world. 95% of Fortune 1000 companies implement the service in their network. Can be exploited without ever attacking patchable exploits. Instead, we abuse features, trusts, components, and more.
A domain controller is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain.
A domain controller is a server with the AD DS serve role installed that has specifically been promoted to a domain controller.
The AD DS data store contains the database files and processes that store and manage directory information for users, services, and applications.
The AD DS data store: