Sitemap
Open in app

Sign in

Medium Logo
Write
Search

Sign in

Active Directory (AD) Basics

3 min readSep 12, 2025
Press enter or click to view image in full size

If you’ve ever worked in a company, you know how messy it can get managing hundreds (or thousands) of employees, their computers, and their permissions.

What is Active Directory?

Think of AD as a giant company phonebook + security guard + policy manager rolled into one.

  • Phonebook → It knows every employee, every computer, every printer in the company.
  • Security guard → It decides who can enter what door (login to which system, access which folder).
  • Policy manager → It makes sure rules are applied to everyone’s devices (like disabling USB drives, forcing password changes, or giving software licenses).

Without AD, every computer in the office would be its own world → you’d have to manage logins, permissions, and rules separately on each. Total chaos.
With AD, everything is connected, organized, and controlled centrally.

The Tree Analogy

Think of AD like a tree:

  • Domain (suhel.local) = The whole tree (your company)
  • Domain Controller (DC) = The root (the boss that keeps the tree alive and in order)
  • Organizational Units (OUs) = Big branches (departments like IT, Finance, HR)
  • Groups = Sub-branches (teams inside departments like IT-Security, IT-Infra, IT-Support
  • Users = Leaves (employees)
  • Computers = Fruits (laptops, desktops, printers connected to the tree)

The Domain Controller (DC) is king here. If attackers compromise the DC, they can control the entire tree.

OU vs Groups

Here’s the easiest way to understand it:

OU (Organizational Unit) = Folders in a cupboard

  • Example: A cupboard with folders named IT, Finance, HR.
  • You put employees (user accounts) and their computers inside the right folder.
  • OUs are for organization + rules (like “USB disabled for Finance laptops”).
  • A user can live in only one OU.

Group = WhatsApp Groups

  • The same employee can join many groups at once.
  • Groups are for permissions (like VPN access, file share access, software access).
  • Groups don’t organize people; they just control what you can do.

Quick Memory Trick:
OU = Folder (structure + rules)
Group = WhatsApp Group (access + permissions)

Why Companies Love AD

  • Centralized control: Manage thousands of users/computers from one place.
  • Security policies: Apply rules across all employees (disable USB, enforce password policies, auto-install software).
  • Easy resource sharing: Share printers, drives, and apps with just a few clicks.
  • Licensing control: Manage Office365, Teams, and other licenses centrally.

Why Attackers Love AD

AD is like the master key to the kingdom.

  • Compromise one weak user → escalate → eventually compromise the DC.
  • Once DC is owned, the attacker owns everything (users, groups, computers, policies).
  • That’s why AD attacks are so popular in pentesting and real-world breaches (think ransomware).

Closing Thoughts

Active Directory is both powerful and dangerous. It makes life easier for companies, but also provides a huge attack surface for hackers.

  • As a developer/IT admin, think of AD as your safety net but keep it tight.
  • As a pentester, think of AD as the ultimate target — because once you’re in, the game changes.
Active Directory
Active Directory Basics
Penetration Testing
Active Directory Security
Active Directory Attack

--

--

Suhel Kathi
Suhel Kathi

Written by Suhel Kathi

48 followers
2 following

Cybersecurity professional | OSCP | CEH | Writing about Pentesting, AppSec, labs & real-world security insights. Learning by hacking & sharing.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech