TryHackMe: Active Directory Basics Room Writeup

Learn the basics of Active Directory and how it is used in the real world today

Task 2

What database does the AD DS contain?

NTDS.dit

Where is the NTDS.dit stored?

%SystemRoot%\NTDS

What type of machine can be a domain controller?

windows server

Task 3

What is the term for a hierarchy of domains in a network?

tree

What is the term for the rules for object creation?

Domain Schema

What is the term for containers for groups, computers, users, printers, and other OUs?

Organization Units

Task 4

Which type of groups specify user permissions?

Security Groups

Which group contains all workstations and servers joined to the domain?

Domain Computers

Which group can publish certificates to the directory?

Cert Publishers

Which user can make changes to a local machine but not to a domain controller?

Local Administrators

Which group has their passwords replicated to read-only domain controllers?

Allowed RODC Password Replication Group

Task 5

What type of trust flows from a trusting domain to a trusted domain?

Directional

What type of trusts expands to include other trusted domains?

Transitive

Task 6

What type of authentication uses tickets?

Kerberos

What domain service can create, validate, and revoke public key certificates?

Certificate Services

Task 7

What is the Azure AD equivalent of LDAP?

Rest APIs

What is the Azure AD equivalent of Domains and Forests?

Tenants

What is the Windows Server AD equivalent of Guests?

Trusts

Task 8

Before we dive in to the answers, we need to set up PowerView first. PowerView is a Powershell tool for gaining network information on Windows Domains.

cd Downloads
powershell -ep bypass  # Use 'powershell -ep bypass' to open a powershell shell without being checked by the execution policy.
. .\PowerView.ps1  # Import PowerView script

Check the PowerView cheatsheet here.

What is the name of the Windows 10 operating system?