- phone book to store services for Windows (computers, users, printers). Kerberos tickets.
- 95% of Fortune 1000 companies uses it.
- no need to use an exploit, we use features, trusts, components.
- domain controller stores the phone book. Provides auth. Allows admin access to manage users and networks.
- the active directory directory schema. Rulebook.
- domains: users, computers for one domain.
- tree: group of domains, with child domains.
- forest: collection of one or more domain trees.
- organizational units: containers for users, groups, computers.
- trusts: directional (trusted to access another domain), transitive (trust is extended to include other trusted domains)
- objects: user, contacts, groups, computers, printers, shared folders