Address Analysis
Address analysis is the process of examining blockchain public addresses to identify patterns, cluster identities, and track the flow of funds.
Microsoft Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is a fundamental component of most enterprise IT infrastructures, providing centralized management and organization of network resources. AD stores information about objects such as users, computers, groups, printers, and applications, and makes this information available to users and administrators. The core functionality of AD revolves around the concept of a domain, which is a logical grouping of network objects. Within a domain, AD enforces security policies, manages user authentication and authorization, and controls access to resources. It utilizes a hierarchical structure, typically organized into trees and forests, allowing for scalability and the management of large, distributed organizations. Key protocols used by AD include LDAP (Lightweight Directory Access Protocol) for querying and modifying directory information, Kerberos for authentication, and DNS (Domain Name System) for locating domain controllers and other network resources. AD Domain Services (AD DS) is the primary role that provides the directory database, authentication, and authorization services. Other related services include Active Directory Certificate Services (AD CS) for [public key infrastructure](/en/terms/public-key-infrastructure), Active Directory Federation Services (AD FS) for single sign-on across different organizations, and Active Directory Rights Management Services (AD RMS) for data protection. The primary trade-off is the complexity of setup and maintenance, requiring specialized expertise, and the potential security risks if not properly configured and managed, such as vulnerabilities to pass-the-hash attacks or Kerberoasting.
graph LR
Center["Address Analysis"]:::main
Pre_dns["dns"]:::pre --> Center
click Pre_dns "/terms/dns"
Pre_authentication["authentication"]:::pre --> Center
click Pre_authentication "/terms/authentication"
Pre_authorization["authorization"]:::pre --> Center
click Pre_authorization "/terms/authorization"
Rel_ldap["ldap"]:::related -.-> Center
click Rel_ldap "/terms/ldap"
Rel_kerberos["kerberos"]:::related -.-> Center
click Rel_kerberos "/terms/kerberos"
Rel_group_policy["group-policy"]:::related -.-> Center
click Rel_group_policy "/terms/group-policy"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
🌍 Imagine a giant company with thousands of employees. Active Directory is like the 'Master Office' that has a file on everyone. It knows your username, your password, and which doors (folders or printers) you're allowed to open with your ID badge.
🤓 Expert Deep Dive
Active Directory Domain Services (AD DS) implements a distributed, hierarchical database that stores information about objects within a network, such as users, computers, groups, and policies. It relies on the Kerberos protocol (RFC 4120) for authentication and LDAP (Lightweight Directory Access Protocol, RFC 4511) for querying and modifying directory information. AD DS is organized into domains, trees, and forests, forming a logical structure for managing resources. Each domain has its own security boundary and contains one or more Domain Controllers (DCs) that replicate directory data. Replication can be unidirectional or bidirectional, typically using the Multimaster Replication model. Key architectural components include the NTDS.DIT file (a JET Blue database), the SYSVOL share for Group Policy Objects (GPOs) and logon scripts, and the Global Catalog (GC) which provides a partial replica of all objects in the forest for faster searching across domain boundaries. Authentication involves obtaining a Ticket Granting Ticket (TGT) from the Authentication Service (AS) on a DC, which is then used to request a Service Ticket (ST) for specific resources. Authorization is managed through Access Control Lists (ACLs) applied to objects, referencing Security Identifiers (SIDs) of users and groups.
ldap
# Example LDAP query to find a user
(objectClass=user)(sAMAccountName=johndoe)