search
DiscordHackTheBoxTryHackMeGitHub

booksTerminology

hashtag
Object

  • Object can be defined as ANY resource present within an Active Directory environment such as OUs, printers, users, domain controllers.

hashtag
Global Unique Identifier (GUID)

  • Unique 128-bit value assigned to objects.

  • Used internally by AD for identification.

hashtag
Security Principals

  • Authenticated entities (users, computers, services, etc.).

  • Manage access to domain resources.

hashtag
Distinguished Name (DN)

  • Full path to an object in AD (e.g., cn=sreed, ou=IT, dc=example, dc=com).

hashtag
Relative Distinguished Name (RDN)

  • Unique identifier within its parent container.

hashtag
userPrincipalName (UPN)

  • Alternative way to identify users (e.g., sreed@example.com).

hashtag
FSMO Roles

  • Five roles ensuring AD replication and operation:

    1. Schema Master (one per forest)

    2. Domain Naming Master (one per forest)

    3. RID Master (one per domain)

    4. PDC Emulator (one per domain)

    5. Infrastructure Master (one per domain)

hashtag
Global Catalog (GC)

  • Stores full copies of objects in the current domain and partial copies from other domains.

  • Helps in authentication and searching for AD objects across domains.

  • Crucial for login processes and Exchange Server lookups.

hashtag
Replication

  • Synchronizes changes across Domain Controllers.

  • Managed by the Knowledge Consistency Checker (KCC).

hashtag
Service Principal Name (SPN)

  • Service Principal Name (SPN) is a unique identifier of a service instance. Kerberos authentication uses SPNs to associate a service instance with a service sign-in account. Doing so allows a client application to request service authentication for an account even if the client doesn't have the account name, because every service has a corresponding service account.

hashtag
Group Policy Object (GPO)

  • Collection of policy settings applied to users and computers.

  • Used for security configurations, software deployments, and administrative settings.

  • Can be applied at different levels (site, domain, OU).

hashtag
Fully Qualified Domain Name (FQDN)

  • Complete name for a host (e.g., dc01.example.com).

hashtag
SYSVOL

  • Stores Group Policy settings and logon scripts.

  • Replicated across all DCs.

hashtag
ADSI Edit

  • Advanced GUI tool for managing AD objects and attributes.

hashtag
sIDHistory

  • Stores previous SIDs during migrations.

  • Can be abused if not secured.

PreviousTheoryNextReconnaissance

Last updated