← All glossary categories

Active Directory

On-premises Active Directory security: Tier-0 assets, Kerberos, NTLM, GPO, ACL abuse, delegation misconfigurations, and AD attack patterns.

20 terms in Active Directory

22 min read

What is Active Directory?

Active Directory, often called AD, is Microsoft's directory service used to manage users, computers, groups, devices, permissions, and policies in enterprise Windows environments.

Active DirectoryAD DSDomain Controller
5 min read

What is Active Directory Security?

Active Directory security is the discipline of protecting AD — the identity backbone of most enterprises — from misconfiguration, abuse, and attack. Learn the risks, controls, and a practical roadmap.

Active DirectoryAD SecurityTier 0
5 min read

What is a Domain Controller?

A Domain Controller (DC) is the server that authenticates users and enforces policy in an Active Directory domain. Learn what DCs do, FSMO roles, and how to secure them.

Domain ControllerActive DirectoryFSMO
4 min read

What is an Active Directory Domain?

An Active Directory domain is a logical security boundary that groups users, computers, and resources under a common directory and policy. Learn the structure, trusts, and security implications.

Active DirectoryAD DomainTrusts
5 min read

What is an Active Directory Forest?

An Active Directory forest is the top-level container in AD and the true security boundary. Learn what it is, how it differs from a domain, and the security implications.

Active DirectoryAD ForestSecurity Boundary
5 min read

What is Group Policy?

Group Policy is the Active Directory feature for centrally managing configuration and security settings on Windows users and computers. Learn what it does and how attackers abuse it.

Group PolicyActive DirectoryEndpoint Hardening
5 min read

What is Kerberos Authentication?

Kerberos is the primary authentication protocol in Active Directory, using a ticket-based system to verify identity without sending passwords. Learn how it works and how attackers abuse it.

KerberosAuthenticationActive Directory
4 min read

What is NTLM Authentication?

NTLM is a legacy challenge-response authentication protocol still used in many Active Directory environments. Learn how it works, why it's risky, and how to phase it out.

NTLMAuthenticationPass-the-Hash
4 min read

What is LDAP?

LDAP is the standard protocol for querying and modifying directory services like Active Directory. Learn how it works, common attacks, and how to harden it.

LDAPActive DirectoryDirectory Services
5 min read

What is Active Directory Delegation?

AD delegation lets services impersonate users to access other resources on their behalf. Learn the types — unconstrained, constrained, RBCD — and how attackers abuse them.

AD DelegationUnconstrained DelegationConstrained Delegation
5 min read

What is a Domain Admin?

Domain Admin is the highest-privilege standard group in an Active Directory domain. Learn what it can do, why it's the top target for attackers, and how to manage it safely.

Domain AdminActive DirectoryTier 0
4 min read

What is AdminSDHolder?

AdminSDHolder is a special object in Active Directory that re-applies a strict ACL to privileged accounts every hour. Learn what it does, how attackers abuse it, and how to monitor it.

AdminSDHolderSDPropActive Directory
4 min read

What is Kerberoasting?

Kerberoasting is an Active Directory attack that lets any authenticated user request service tickets and crack them offline to recover service account passwords. Learn how it works and how to defend.

KerberoastingActive DirectoryKerberos
4 min read

What is AS-REP Roasting?

AS-REP Roasting targets Active Directory accounts with Kerberos pre-authentication disabled, allowing attackers to crack their passwords offline. Learn how to detect and defend.

AS-REP RoastingActive DirectoryKerberos
4 min read

What is DCSync?

DCSync is an Active Directory attack that abuses replication rights to extract password hashes — including KRBTGT — directly from a Domain Controller. Learn how it works and how to defend.

DCSyncActive DirectoryReplication
4 min read

What is Pass-the-Hash?

Pass-the-Hash (PtH) is an attack that lets an adversary authenticate using an NTLM password hash without knowing the plaintext password. Learn how it works and how to defend.

Pass-the-HashNTLMLateral Movement
5 min read

What is a Golden Ticket Attack?

A Golden Ticket attack lets attackers forge Kerberos TGTs using the KRBTGT hash, granting them long-lived impersonation of any user — including Domain Admin. Learn how it works.

Golden TicketKerberosKRBTGT
5 min read

What is Active Directory Certificate Services?

Active Directory Certificate Services (AD CS) issues certificates used for authentication and encryption across the enterprise. Learn how it works and how to harden ESC1–ESC15 misconfigurations.

AD CSCertificate ServicesESC1
5 min read

Common Active Directory Misconfigurations

Most AD compromises trace back to the same handful of misconfigurations. Learn the most common AD security mistakes and how to fix them.

Active DirectoryCISA Top 10Hardening
5 min read

Active Directory Security Checklist for Beginners

A practical, beginner-friendly checklist for hardening Active Directory — from Tier 0 administration to AD CS, delegation, GPOs, NTLM, and continuous attack-path analysis.

Active DirectoryAD SecurityChecklist

See your identity risk clearly.

Start with a 1-day Proof of Value in your own environment.

We respect your privacy

We use cookies to keep this site secure and working properly. With your permission, we also use optional cookies to understand usage and improve the experience. Cookie Policy

You can change your choice at any time.

Active Directory Glossary | Identity Security Terms | Forestall