Active Directory Basics Banner

Active Directory Basics Logo

Active Directory Basics

This guide contains the answer and steps necessary to get to them for the Active Directory Basics room.

Windows Domains
Active Directory
Managing Users in AD
Managing Computers in AD
Group Policies
Authentication Methods
[Trees, Forests and Trusts](#trees forests and trusts)

Windows Domains

In a Windows domain, credentials are stored in a centralised repository called...

The answer to this question can be found in the text.

Click for answer
Active Directory
The server in charge of running the Active Directory services is called...

The answer to this question can be found in the text.

Click for answer
Domain Controller

Active Directory

Which group normally administrates all computers and resources in a domain?

The answer to this question can be found in the text.

Click for answer
Domain admins
What would be the name of the machine account associated with a machine named TOM-PC?

The answer to this question can be found in the text.

Click for answer
TOM-PC$
Suppose our company creates a new department for Quality Assurance. What type of containers should we use to group all Quality Assurance users so that policies can be applied consistently to them?

The answer to this question can be found in the text.

Click for answer
Organizational Unit

Managing Users in AD

What was the flag found on Sophie's desktop?

To change Sophies password, we must first delegate control to phillip to reset passwords for the people in sales.

After adding phillip we must select his permissions. In this case we only want him to be able to reset passwords.

Follow the prompts and hit finish when done.

Since we can't use the UI to change the password, we must login as phillip and use Powershell to change sophies password.

After login into his account we start powershell and use the following command to change the password for Sophie within the AD.
powershell
```
Set-ADAccountPassword sophie -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password') -Verbose
```
We add our own password (note that a password policy is in place that prevents users from using insecure passwords) and can now log into Sophies account.

Click for answer
THM{thanks_for_contacting_support}
The process of granting privileges to a user over some OU or other AD Object is called...

The answer to this question can be found in the text.

Click for answer
Delegation

Managing Computers in AD

After organising the available computers, how many ended up in the Workstations OU?

Lets first create two new OU's, Workstations and Servers.

Now we can move the servers to the Servers OU and the laptops and pc's to the workstation OU.

Click for answer
7
Is it recommendable to create separate OUs for Servers and Workstations? (yay/nay)

The answer to this question can be found in the text.

Click for answer
yay

Group Policies

What is the name of the network share used to distribute GPOs to domain machines?

The answer to this question can be found in the text.

Click for answer
Can a GPO be used to apply settings to users and computers? (yay/nay)

The answer to this question can be found in the text.

Click for answer

Authentication Methods

Will a current version of Windows use NetNTLM as the preferred authentication protocol by default? (yay/nay)

The answer to this question can be found in the text.

Click for answer
nay
When referring toKerberos, what type of ticket allows us to request further tickets known as TGS?

The answer to this question can be found in the text.

Click for answer
Ticket Granting Ticket
When using NetNTLM, is a user's password transmitted over the network at any point? (yay/nay)

The answer to this question can be found in the text.

Click for answer
nay

Trees, Forests and Trusts

What is a group of Windows domains that share the same namespace called?

The answer to this question can be found in the text.

Click for answer
Tree
What should be configured between two domains for a user in Domain A to access a resource in Domain B?

The answer to this question can be found in the text.

Click for answer
A trust relationship

Table of contents

Windows Domains

In a Windows domain, credentials are stored in a centralised repository called...

The answer to this question can be found in the text.

Click for answer
Active Directory

The server in charge of running the Active Directory services is called...

The answer to this question can be found in the text.

Click for answer
Domain Controller

Active Directory

Which group normally administrates all computers and resources in a domain?

The answer to this question can be found in the text.

Click for answer
Domain admins

What would be the name of the machine account associated with a machine named TOM-PC?

The answer to this question can be found in the text.

Click for answer
TOM-PC$

Suppose our company creates a new department for Quality Assurance. What type of containers should we use to group all Quality Assurance users so that policies can be applied consistently to them?

The answer to this question can be found in the text.

Click for answer
Organizational Unit

Managing Users in AD

What was the flag found on Sophie's desktop?

To change Sophies password, we must first delegate control to phillip to reset passwords for the people in sales.

Managing Delegate

After adding phillip we must select his permissions. In this case we only want him to be able to reset passwords.

Follow the prompts and hit finish when done.

Since we can't use the UI to change the password, we must login as phillip and use Powershell to change sophies password.

After login into his account we start powershell and use the following command to change the password for Sophie within the AD.

powershell

Set-ADAccountPassword sophie -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password') -Verbose

Managing Password Change

We add our own password (note that a password policy is in place that prevents users from using insecure passwords) and can now log into Sophies account.

Managing Flag

Click for answer
THM{thanks_for_contacting_support}

The process of granting privileges to a user over some OU or other AD Object is called...

The answer to this question can be found in the text.

Click for answer
Delegation

Managing Computers in AD

After organising the available computers, how many ended up in the Workstations OU?

Lets first create two new OU's, Workstations and Servers.

Now we can move the servers to the Servers OU and the laptops and pc's to the workstation OU.

Managing Computers

Click for answer
7

Is it recommendable to create separate OUs for Servers and Workstations? (yay/nay)

The answer to this question can be found in the text.

Click for answer
yay

Group Policies

What is the name of the network share used to distribute GPOs to domain machines?

The answer to this question can be found in the text.

Click for answer

Can a GPO be used to apply settings to users and computers? (yay/nay)

The answer to this question can be found in the text.

Click for answer

Authentication Methods

Will a current version of Windows use NetNTLM as the preferred authentication protocol by default? (yay/nay)

The answer to this question can be found in the text.

Click for answer
nay

When referring toKerberos, what type of ticket allows us to request further tickets known as TGS?

The answer to this question can be found in the text.

Click for answer
Ticket Granting Ticket

When using NetNTLM, is a user's password transmitted over the network at any point? (yay/nay)

The answer to this question can be found in the text.

Click for answer
nay

Trees, Forests and Trusts

What is a group of Windows domains that share the same namespace called?

The answer to this question can be found in the text.

Click for answer
Tree

What should be configured between two domains for a user in Domain A to access a resource in Domain B?

The answer to this question can be found in the text.

Click for answer
A trust relationship