Active Directory Basics : Tryhackme

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

yo what's going on guys and welcome back today we're actually covering active directory Basics so before we dive into this guys we're almost to 5K hit that sub button help me out a little bit we're so close I wanted to get it by the end of the year hopefully we still can um let's go ahead and dive into it so first off guys this this is probably one of the most important boxes you'll ever do and I'll explain why so you hear me talk about it all the time that there is basically an issue with people going like from college or getting a bunch of certs and then expecting a job in cyber security right this is something that we talk about a lot people always say well I got this cert and I got this degree I should be able to get a job like why can't I get a job well the problem is you're trying to jump tears right so you you're expected to work help desk system administration Network Administration things like that the reason for it is because of this box right here active directory Basics now there's other reasons but this is the main experience that you miss out if you jump that tier if you skip you don't understand active directory because this is the basics but we're going to do this module and we're going to dive into it deep as we progress so let's go ahead and look at it so what is active directory right and here it talks about it it's the backbone of the corporate world exactly and not just corporate military everybody it's government anybody that has a large Network almost exclusively uses active directory now some people might say well they a lot of companies use cloud-based guess what they're using Azure active directory or something else there's some centralized brain to it and this is what they are so let's go ahead and hop into it so the Windows domain right so this is a good example your picture yourself you have a small business you got five computers okay you've got these five computers well cool think about your own personal computer right now you get on you log on right that logon that you use on your computer at home it's not going to work at your neighbor's computer right they that account doesn't match their computer so when you have this small company with five computers you log into one you can't log into the other right because the unless you create an account on that computer those are what's called local accounts so with five computers yeah you could probably just make five accounts and be done with it and be pretty easy right that that wouldn't be bad but what happens when now you have 157 computers and 320 different users well you can't just make 150 you can't take 320 users and make a local account on every single machine if you have 160 computers it's just too difficult to manage right so to overcome that we have active directory okay and this is what it would look like so here's your domain tryhackme.com is the domain they're using here's your domain controller it's in the middle it's your brains right it can allow you to have one single log on and you can control everything on that from simple one machine so I can log into all these machines if I have access with my one account and I don't have to do anything right my account works here it works here it works here it works here it works here and if you anybody that's ever worked in a actual um anywhere really has probably seen this where they've been able to log on on all the computers or the company sends you a computer and you can log on using your new account and stuff like that those accounts are all managed in active directory along with the permissions that the machine has so that's the security policies we're going to talk about so real world real world example excuse me sounds a bit confusing chain star that you've already interacted with the Windows domain at your point exactly I just said at some point with school work whatever you've probably done this and never realized it so you've logged in so what they're showing us here is welcome to try hack me incorporated during this task we'll assume the role of a new it admin okay be sure to click the start machine button use the same machine for all tasks this should open up in your browser so here is our machine eventually now I'll tell you this is an extremely slow machine and that's because um they have a domain controller running on it and they probably don't have hardly any RAM on it um so in a Windows domain credentials are stored in a central positive repository called active directory so what does that mean active directory is what we're talking about the reason they specify that is because that is right here the main idea behind the domain controller centralizes the administration but Windows computer network is a single repository called active directory okay the server that runs active directory is called a domain controller the reason that's important is because they're almost using interchangeably but people will often say domain controller and you might say I don't know what that is it's just active directory it's the server running active directory so you'll see um especially in a lot of corporate environments and things like that you'll see like naming convention the server might be called dc01 or dc02 it's because that server is called a domain controller what's running on it is active directory all right so let's dive into active directory so the core of any Windows is active directory domain services this is just the what we'll show here and we'll pull it up here we'll say active and another thing you might hear this called a lot um active directory users and computers look at the acronym aduc a lot of people call this a duck okay because active directory does a lot of other things besides just managed users and computers um and we're covering some of those so if someone refers to a duck if you hear that this is what they're talking about they're talking about the users and computers they're not talking about the group policies the any of that stuff the DNS now I mentioned DNS here they're not going to mention it here because it's not in active directory you do not have to run your DNS server on active directory you don't you can run it anywhere you want a lot of people run their DNS server on their domain controller just know that a lot of people do that um so here you've got what they call group or uh here we go I'm trying to make sure we follow the what they're saying here so yeah so they're just talking about it as objects right so objects are users computers um you can see here they have computers here they have try hack me this is the domain that we're using and you can see it says try hacking.local so at the beginning they actually named it tryhackme.com or something it's going to be thm.local that's the domain we're currently using in this scenario and you can see um here they have an I.T Department a management department marketing research and development sales and then they have users inside each one you see that so they have Christine Roberts Sophia Thomas they are all in the sales department well they also have computers in here and they are managed differently right a computer in a certain organizational unit OU might be managed differently than one over in HR for instance it might have access to different shares or it might have access to a server that a computer over here doesn't have access that's what's all managed in here so you have users these are your objects so if you ever hear something called an object in active directory it can be anything so it's users these are people services now when they talk about people that's Christine Robert Sophie Thomas those are people when they talk about Services they're talking about the account that is used to run a service those are called service accounts um those Services have to have some sort of account to talk to each other right these are called service accounts they usually are rotated passwords just like regular person um so just know that there's a difference between services and people then you have machines these are your computers your servers all that stuff um they don't show it here but usually and then you have your domain controllers that's a machine but um usually you'll see like a OU here for servers workstations stuff like that and that's where you manage those um now you can see security groups so this is by default what they're talking about so by the way this is one of the questions so identifying machine accounts is relatively easy these are accounts that are automatically generated local accounts for the machine and you can see it's going to have the same name as the machine with a dollar sign that's the account they will have passwords um so you can get that password and log into the machine technically but you can see they're generally comprised of 120 random characters I will tell you most people don't use these accounts what they do is they make a local admin account so what that means is when I'm actually creating the um the when I'm creating the image so when I design an image that I'm going to then pass out to every workstation meaning I have one hard drive it's got my golden image it's how I want all my computers to run for everybody that I pass one out to I clone that hard drive and I do what's called sysprep don't worry about that but and then you have those hard drives right and then you just give everyone that um basically that computer and when you do that it has a local admin account on it that local admin account is something that only the um administrators will have access to but it allows if you do lock yourself out of that computer if there is no way in they can get into it with that local admin account so that keep in mind that is not what they're talking about here so if you hear of local accounts this is different this is a machine account and it's not very much in use necessarily but it is if you ever need to get into it you can okay so now we're talking about security groups so security if these are the the default groups meaning this is going to come with your domain control you can add delete manage whatever change anything you want but you have your domain admins this is pretty self-explanatory it's they're admins of all the domain they can access everything then you have your server operators using the script can administrate administer domain controllers they cannot change administrative group permissions so what's that mean they can actually change things on the domain controller that's necessary to administer it um you know update it run scripts that type of stuff but they cannot change administrative group permissions meaning they can't go in here and start changing who has permission to what because these are people that are just managing the server they're not actually working on the permissions and stuff then you have backup operators um this is users in this group are allowed to access any files ignoring their permissions they're used to perform backups so what does that mean it means hey we gotta take up backups of this domain controller and the reason people take backups is in case something ever happens they can just restore it well that person if they don't have access to every single file on the domain controller they're going to get errors when they're trying to back it up right this allows them to ignore that and go ahead and do the backups now account operators users in this group can modify other accounts in the domain so I could go to Christine I could say hey I want to change her password I want to give her access to something else blah blah domain users this is everybody that's just got an account in the domain you're a domain user you're using the domain now domain computers this is every computer in the machine or in the domain and then domain controllers this is the actual active directory server so active directories and computers were here okay and then you can see feel free to right click the try hack mail you can create a new OU under it called students so what they're saying is we could actually go into here and we could create a new OU if we wanted and we could say we want a new organizational unit and we want it to be called students um and it doesn't really matter but you can see now it's here so now we have it management marketing research sales and students so they're just showing you that you can do that um now you could like they said if you open any of them you can see that they have people in them so that's fine and then you probably notice that they're already default containers apart from them which is the built-in computers blah blah blah these containers are created by Windows automatically and contain following so this is basically a just default domain controller they haven't changed much on it they've added a couple of things like management marketing with a few accounts but usually you're talking you open one of these ous there might be hundreds or thousands of people in this not just three or four so let's go through them so the built-in which is up here contains default groups available to any Windows host so what's that mean these are default so if you don't know what you're doing if you're kind of like hey I'm not sure how to do this in your new admin these are your best friend because these are default meaning some they've come together they said these are what a standard organization might use you can use them then computers any machine joining the network will be held here so this is let's say you get a new computer it's never been on the domain before meaning it's never actually connected to the network you connect to the network and you log in with your domain credentials right well now it's going to join the domain those are going to go in here until somebody moves them the point of this is if something new joins it doesn't you can make that have very little permissions until you get that computer where it needs to be whether it's in HR whether it's in marketing whether it's in sales whatever now domain controllers this is your all your permissions for your basic domain controller so that one most people won't be touching that um users default users and groups that apply to a wide context so this is all of your users um you can see right here and this is again your security groups and stuff that you can use and you can see they have guests they have um all kinds of different things that all different accounts that you can use Enterprise admins etc etc etc these are security groups and then these are two users so you could tell the groups versus the users but you can see that under try hack me they created a new a new OU for try hack me that's going to manage all their stuff so they left all the default but you can see they created new and that's usually best practice leave the default in case you need to reference it or take some stuff from it but create your own so which group normally administrates all computers if you remember that's domain admin they have access to everything on the domain then what would the name of the machine be with Tom PC and you remember it's just the Tom PC with the dollar sign it's just the name with a dollar sign that's the machine account suppose our company creates a new department for quality assurance so in here we have it management marketing research development sales we need a quality assurance what type of container should we use to group all quality assurance users so that policies can be applied that's an OU organizational unit all right so this is a lot of information but what does any of it mean to you we're gonna we're gonna dive into it so first things first they said hey here's your org chart okay so this is how it relates to the business okay this is why it's very important to kind of put this picture together for you because this is how things are managed so Daniel's the general manager okay well we have management here there's Daniel he's the general manager he actually has if you go to properties and you look well of course we'll go here and we'll look at his account and see what he has permissions for and you can see okay so he doesn't actually have permissions normally he'd have special permissions because he's a manager um here they haven't set all that up that's fine but usually if you have a general manager they might have permissions to manage the people underneath them um in whether whatever case that might be they might have access to specific drives that somebody else doesn't have like for instance there's might be a management Drive where they store all their HR information for their users stuff like that they all that stuff he would have access to but this management OU would have access to it marketing research all of them would not have access to it now why would now you're starting to see why we create OU's versus giving them individually to a user because if we have 200 managers in here I'd have to go to each one and assign them that role or I mean that permission here I can go in here and I can just delegate them control right now and assign them information or or assign them permissions in there and I don't have to manage them individually I can do that all in one OU and then if somebody the nice thing is if someone gets promoted to a manager let's say they were marketing before let's say Mark got promoted to manager I just take Mark and I move them into management and now he has access to all of the stuff that manager should have access to so you're seeing why it's beneficial to do it this way so then we go into marketing we saw that Dan or that Mark was in there um sales if we go into sales we can see okay so we have Thomas Sophie and then we have Robert and Christine so you can see that there's they're telling us we should be matching our active directory with this right so there's a couple people here that probably haven't gotten um that probably don't work here anymore or whatever and they still are in here that actively that's a problem so first thing we would do is disable this account we now I'll tell you some people would say delete it I don't delete it because I don't know what's going on yet right maybe Christine was an important person I need to access her stuff still so I don't delete it I disable it meaning they cannot log in now but I can still if I need to restore that account and get in there just in case I need to um so now deleting extra ous so you can see here they're saying that research and development because it's no longer exists we need to delete it well if we try and delete it you'll see we'll get an error so what we need to do is we need to go over here and go to there it is Advanced features and you notice it opened a bunch more stuff that's fine but now when we go in here and we go to research and development when we go to properties you'll see we actually have we actually have this protect object hopefully you guys can see that protect object from accidental deletion we need to disable that because it won't let you delete it if you don't and the point of that is so that you don't accidentally delete something because if this had 500 people in it and you delete it even on accent it's a big deal so we say yes let's go ahead and delete it boom there we go now we don't have research and development anymore so now we're going to go to delegation this is one thing I mentioned earlier so one of the most common uses is for granting it support the privilege so what they're talking about here specifically is help desk so help desk has permissions to change your passwords and stuff like that so how can they do that here's how they do it so without giving them too much so we go to sales we say delegate control okay so we want to add a user so here let's say Philip is our only help desk guy because this is a small company remember that now you check the name there it is Philip at THM local hit okay hit next and then here what do we want them to be able to do to this OU well we want him to reset user password and force password changes that's all we want them to do we hit next we hit finish and boom that's all he can do now but Philip can do that to the sales department that's all he can do it too now the what you would do here is you would actually give sales delegate control and you'd give it to a large group of people and you wouldn't individually put them in there you put a security group in there and then everyone with that Security Group can now do that the point of that is help desk for a large company you might have 200 people on help desk let's just say um you don't want to individually go to each one because you might have people quitting getting hired quitting getting hired at least five six times a year and you don't want to have to keep changing that so now it wants us to go ahead and log in as Philip so we'll go to our attack box so we'll go in as Philip I got the wrong IP 48.69 all right so now we're Philip we'll log in as Philip and they gave us his password Here and his password is claire2008 so now we log in and it's going to tell you if you try to open up active directory users and computers a duck you won't get permission you don't have permission to open it so he doesn't have permission to open it but that's okay because what we can do is we can run this command set ad account password Sophie because that's who we want to change reset new password and then this is just a little prompt that pops up so that you don't see it let's say prompt new password and then verbose so that we see it so you can see it's going to ask me what's a new password I'm just gonna put password one two three hit enter and then it will actually go and change it so he had permission to change it and you can see here's the target common name OU sales OU trihack me domain controllers try hack me local so you can see it telling us hey it worked the password has been changed so now we can actually go ahead since we did change the password and we can sign out we can do the same thing but this time we're going to log into Sophie because we have her password right and this is just to prove that it worked so and here we logged in so the password worked we didn't know Sophie's password before and then here's the flag thank you for contacting support or thanks for contacting support so that's how that works now that when I say that's how it works that's how the permissions work we we gave him delegation on that OU meeting we gave him access to um actually go to that OU and change the password that's what he could do and he did it so now the process of granting privileges to a user over some OU or other object is delegation which we just did because it's under sales so let's go to the next one all right by default the machines that join domain except for the domain controllers will be put in the container called computers which we talked about earlier so so far we've only talked about managing users OU but now we're talking about computers and you can see here we can see that servers some laptops and PCs so there's lpt laptop PCS and servers are all in here right having all of our devices there is not best idea since it's fairly very likely that you want different policies for your servers than you do for your PCS makes sense right you don't usually want server to have the same policy as a la as a computer now you might even break it down even more and say laptops are usually for work from home so we need laptops to be able to RDP and we don't want PCS to be able to RDP because they're sitting in the office so you can start breaking out policies that way now you have workstations you have servers and then you have domain controllers they're saying if you look here under users they actually created um looks like they created it yep workstations and servers so we'll go ahead and go in here and this is where the machine starts getting really slow so just keep bear with me here you can see I'm struggling to even get it to click anything and it's not it's taking forever so we'll do it here come on all right so we're gonna say new OU and we're gonna name this workstations hit okay there's workstations so now what we do is we take all the workstations which is this one this one this one this one this one this one this one and we're going to drag them down into workstations yes now all these workstations we can actually manage separately meaning we know they're all all the workstations we need to manage them separately so now we can actually assign policies to this workstation OU and we don't have to do it individually so that's where the really nice administrative overhead comes into play so after organizing the available computers how many end up in workstation there's seven and then is it recommended is it recommendable to create separate OU's for servers and workstations yes you there's very few instances where there are times where you might have a server or a workstation in a server OU but that's not the point typically you don't do that so now we're going to go to group policy management so this is also part of active directory again this active director users and computers is a duck active directory um that's what activator users computers is the server itself is called domain controller and then this is group policy management so this is where you configure gpos or group policy objects and you can see gpos are simply a collection of settings that can be applied to OU so this is where we actually manage the settings we're going to handle and apply them so if you see here we go in here to group policy and look at that there's our right there there's our domain tryhackme.local and then there's our workstations and there's our try hack me domain so we can actually look in the workstations and you notice it's not going to give us anybody it's going to tell us hey there is no policies applied to this so we could actually go in here and we could say hey we want to create a GPO or a group policy object so if we created one let's just say test it doesn't really matter my dog just saw a squirrel outside all right so we do test right so you notice it says enforced no it's not enforced yet because we're still testing it right so we'll edit it and this is just a better way of seeing it than the way they did it in my opinion um but we can look so you can see we have different ones we have computer configurations and since these are if we go down yep and of course since these are workstations that's what I want I want the works that computer configuration is not the actual user configurations so we'll go to all these and kind of just take a look and you can see for instance control panel which is the example they give us below but they do it under users so we'll go to control panel and we'll look at them all right so user accounts apply the default account picture to all users that's one setting you could do so we could say hey this is where we want all the accounts to have this picture right that's under there the control panel now if we go to this you can see we could create one or we could say settings page visibility we could change all these policies now the ones they show us is if we go to users you'll notice the same thing so if we go to policies there's administrative templates and then here's control panel but you'll notice there's one called right here man this thing's slow it is show prohibit access to control panel so you can prohibit the axis of control panel to users okay so we could take this we could edit it and we could apply it and then we just drag it to the OU but because we already created this test one we're going to do something with the actual whoops with the actual um workstations because it's showing you the user one I want to show you a workstation one so here's the workstation one let's just say device installation okay so you can see prevent creation of system restore point allow remote access to the Plug and Play Turn off found new hardware do not send error reports specify search order blah blah okay let's try and find one that's less complex that we can just show something easy um but this thing is so slow it started hard to even control okay so software installation okay so that would be specific software that you installed man this thing is like I'm clicking stuff and it's not responding so I think it doesn't do it and then I go off of it okay so we'll just go with system for now and we'll look at and see if we can find something easy okay log on right there we'll do that one so you can see allow users to select when a password is required when resuming from connected standby turn on convenience pin sign in so for example let's say you'd want people to be able to sign on with a pin you can select this one or turn off picture password sign in um let's see let's see if we can find one that we can turn off the Windows startup sound for instance right let's say we don't want people to hear that and we only don't want the workstations to hear it right that's a silly one but it's something that you could turn off right and then you would turn this on and then that would be under this GPO right and you could add multiple things to this GPO and then everything in the workstations follows this security practice so you build your security based on the workstation and then you build it based on the users so now they work together so for instance one thing that I know most companies will turn off is they'll turn off um that you can't open Powershell right that's something that now some companies won't do that but um so they might have all the regular users not be able to open Powershell the point of that is obvious right a regular user has no using reason to open Powershell it can cause problems but that's something they can control in the gpos so then here you see they had to show you they had to go through and they did the password policy so the password policy is down here and you can see under users and they go through here and they say the password policy and you can see here it is enforce password history 24 passwords remembered blah blah blah you can change all that now I will say Windows password policy isn't super strict by default but you can change all that and that's the point so you guys can follow this and go through it and change the minimum password link to 10 characters I'm not going to do it because this machine is so slow that I've tried doing this stuff and it it just takes so long to actually get anything to happen on this machine that's driving me nuts so um you can see here's a big big thing any help desk skinny sysad probably knows this command by heart GP update force and the reason for it is because every time anything changes if somebody tries to log into a machine and something's not right um typically this fixes it and what it is is the group policy updater never worked so there might be a change and something didn't work so it doesn't know how to talk and if it can't understand the group policy it's not going to work so anytime you make a change you need to update the group policy and this means on the individual's machine you have to do this now usually when you restart a machine and log back in it does this but sometimes it won't and then you have to force it that's what's happening so one other thing to notice is gpos are distributed on the network via a network share called sys volume okay so that's important because it's stored in the DC and that's where everybody gets their policy and you can see um okay so they actually changed the um auto lock GPO as well so they said interactive login machine inactivity limit is 300 seconds so if after 300 seconds you're not touching your machine it turns off you might change that to 50 seconds might be 20 seconds depends on how strict you want to be with it but there's a lot of companies that might be more strict because they have confidential information things like that so that's where your policy reference or is key to how you run your organization now um you can see once the gpos have been applied the correct we can log in as any users in either Marketing sales or management because they set up an RDP um policy with those users again I'm not going to do it because I was having issues even getting it to keep doing stuff um it's starting to slow down again so what's the name of the network share that's used to distribute gpos sis Vol if you remember and if you guys want to do this um that they literally walk you through it it's super easy if you can change one group policy in here you can change them all it's just finding the one you want um so for people that are saying well you didn't do it correct I didn't do it because I showed you guys how to do other ones and the reason I showed you other ones is because I don't want you to think that these are the only ones you can change and they showed different ones here but you can go through and mess with it yourself set up your own group policy that's a huge thing you should learn how to do um I actually when I taught cyber um Patriot I think it was called or cyber Shield I can't remember what it's called anyway um it's a program for high school kids I taught years ago and that was something that they had to do they had to change the group policy to be secure so can a GPO be used to apply settings to users and computers yes that's the whole point all right now we're breaking into authentication methods caused caused used by domain controllers I'm just going to switch to this so you don't get distracted um so the users this is how Kerberos works okay so Kerberos my dog is sat down so Kerberos this is how it works okay so you have Kerberos basically is a ticket granting service you can see it says key distribution center that's the Hub that's where everything's going to go so that's usually the domain controller so you're going to go in the client you have the user hash the client requests a ticket granny a TGT a ticket granting ticket okay so they send the username and the timestamp they send it to the um and they do this by using the user hash to um encrypt it the domain controller looks at it says okay the user hash is good the ticket granting ticket hash here it is and they send you over the ticket granting ticket and a session key okay now you don't have access to anything yet this is just setting you up for Success from there you go to a server and you say hey I want to access this file server right and mind you this all happens in milliseconds you're not seeing this so you have your session key that it sent you before and your ticket grain ticket that it sent you before and now you say hey here's my username my time stamp and the ticket you gave me earlier and you say here's the ax here's this server I want to access okay this is the MySQL server now it looks and validates that you have you have permissions to access that if you do it says hey yes here's your ticket granting service and then here's your service session key so here is your temporary access it might be you have access for you know an hour you might have access it depends on how it's set up but it's going to give you access right now you take that and you give that to the server say hey look I've already got my username my time stamp and my ticket granting service and now I want to access the server and it says yep cool we you're valid you got everything you need and the reason it knows that is because it's actually this ticket granting service is and the service itself is actually encrypted with the owner's hash so the reason this sounds complex it's really not that complex but the reason all these steps are in place is because the encryption is based on the service the user the ticket so it changes the encryption and doesn't allow it to just be like one encryption standard that you can then crack one encryption and then you're in um because it's using different hashes each time so it'll change um so the other thing with this is this is if you ever heard of a golden ticket attack this is what they're talking about is there are times where you can it's an attack that you can get the domain controller to give you a golden ticket and what it is is it's free access to everything um that that attack is still around but that's not the part point of this box so now net in tlm authentication this is older this isn't in use anymore but what this does um is basically you can see it says the client sends an authentication request to server server generates a random number and then sends it as a challenge to the client so then the client combines their ntlm password hash which in tln passwords shouldn't be in use anymore hopefully um at least not in this facet um password hash with the challenge and other known data blah blah to generate a response to the challenge and sends it back to the server for verification so they you send them a request they send you a challenge to basically validate it to you you get that you send it all back the server forwards the challenge to the domain controller so in this case the server does it and then sends it to the domain controller in the last in Kerberos you're doing it and sending it to the domain controller before you contact the server so you can see the differences so that's one of the kind of key differences here obviously the process is different too the domain control uses the challenge to recalculate and compare and make sure that the original response from you basically the original request was actually you and that somebody you didn't try and say they're you um that's what they do you can read it this isn't really in use anymore so I'm not going to cover it too much um when I say it's not in use everything that's outdated is still in use somewhere but I'm saying people aren't going forward trying to use this well a current version of Windows net in tlm as a preferred authentication method um no so nay so it is not the current version will not when referring to Kerberos what type of ticket allows us to request further tickets that's a ticket granting ticket and when using NT ntlm is a user's password transmitted over the network at any point no that's the only that's the other difference here is they never send the password over um over the wire at all so now finally we're going to cover domains forests trees trusts okay so here's your domain right sure I hackme.local you have these your domain controller your PCS your servers your people that's all a domain right now let's say you buy a company in the UK and or you start a company in the UK well you still have the tryhackme.local right but now you have trackme.local then you have the UK then you have the US these are managed differently because in the U in the you are in the um Europe there is gdpr right global data protection regulation so you might have to change how you do security over there so you have this managed separately they can still talk to each other because they're under the same parent domain as long as there's trusts built in there but the US is managed separately meaning when I open up our a duck you're going to see the UK one and the US one and they're managed separately so that we can apply different policies to whatever we need them for now now you have forests forests are multiple trees so this is a tree right because you can see we have the UK we have the US and then the parent these are a tree now the forest is multiple trees put together so now let's say we bought a totally different company but we are now we own them both but we need them there might be a time where this company over here and this company over here need to talk to each other right what if you know the director of this company and the director of this company need to talk to each other because they are you know they're literally owned by the same parent company they just need to talk right I need access to your files you need access to mine whatever this is where a forest trust is built okay so this is where you take this tree and this tree and you have a trust built where they can talk to each other and this is all managed under one umbrella that's the whole point um so now you have trust relationships so there's two types of trust relationships there is one-way trust relationships and this is counter intuitive to what you think so domain AAA trusts domain BBB meaning hey I trust you right that's the way to think about it like you have a friend I trust him so he has access so for instance in my house right I trust my friend so he has a key he can come into my house but that doesn't necessarily mean that my friend gave me a key to his house right so that's a one-way trust meaning they can access my stuff maybe they have to pull files every week or something like that for a report something um and then there's a two-way trust which is exactly what it sounds like we have access to each other's stuff because we trust each other so it's not uncommon for either of those so just know the difference who has a group of Windows domains that share the same name space that has a tree so the namespace was thm.local and then you notice this one is MHT they have a totally different namespace now what should be configured between two domains for a user in domain a to access resource domain B and that's a trust relationship you have to have that trust or else we can't talk to each other it's the same reason if I'm if I work for Google I can't just log in and start accessing Yahoo's internal stuff right we don't have that trust we don't have that sitting there right so now in the conclusion that's active directory guys very Basics we're going to keep going through this path and try and cover it all because this is where people miss so much stuff this this uh you don't get hands-on experience with active directory and you're missing how the entire brain of the operation works and this is why people expect years of experience before you get into a job not just because of active directory but activities one of many pieces that that experience that you're not getting when you skip straight to the security piece so let me know what you guys think hopefully you guys like this content and if you do hit that like button let's get this thing going let's get 5K let's go guys thank you so much

Info

Channel: stuffy24

Views: 2,560

Rating: undefined out of 5

Keywords: hacking, tryhackme tutorial, tryhackme review, try hack me red team path, try hack me pentesting, hacker simulator, how to hack wifi password, pentesting for beginners, walkthrough, tryhackme, tryhackme vs hackthebox, Active Directory, active directory for helpdesk, active directory troubleshooting scenarios, active directory interview questions and answers, tryhackme active directory, tryhackme active directory basics walkthrough, tryhackme active directory walkthrough

Id: T55AcTV_m7E

Channel Id: undefined

Length: 42min 28sec (2548 seconds)

Published: Thu Aug 31 2023