Security Stuff
  • About
  • HackTheBox
    • Windows
      • Forest
      • Escape
      • Timelapse
      • Support
    • Linux
      • TwoMillion
      • Soccer
      • Pollution
      • Pilgrimage
      • Sandworm
  • Windows
    • Authentication
      • Overview
      • Logon
      • Kerberos
      • Credential
    • Active Directory
      • Domain Service
        • LDAP
        • AD Objects
      • Key Distribution Center
      • Certificate Service
    • Windows Protocols
      • SMB
    • Windows Server
      • MSSQL
    • Execution
      • Windows APIs
      • Remote Access
        • WinRM
    • Credential Access
      • Kerberos Ticket
        • Kerberoasting Attack
        • Golden/Silver Ticket Attack
        • AS-REP Roasting Attack
      • OS Credential Dumping
        • DCsync Attack
      • Certified Pre-Owned
  • Linux
    • Management
      • Package
    • Process
      • Namespace
      • Terminal
  • Web
    • Authentication
      • SAML
      • OAuth
    • Enumeration
  • Defense
    • Windows
      • Windows Event Logs
  • Development
    • Programming Language
    • Database
      • MySQL
    • Virtualization
      • Container
    • Cryptography
      • GnuPG
Powered by GitBook
On this page
  • Security Principal
  • Access Control
  • Reference
  1. Windows
  2. Active Directory
  3. Domain Service

AD Objects

PreviousLDAPNextKey Distribution Center

Last updated 1 year ago

Security Principal

A security principal object has the objectSid attribute.

In Active Directory,

  • the user

  • computer and

  • group object classes are examples of security principal object classes though not every group object is a security principal object.

In AD LDS, an independent mode of Active Directory, any object containing the msDS-BindableObject auxiliary class is a security principal.

Access Control

Access control is administered at the object level by setting different levels of access, or permissions, to objects, such as Full Control, Write, Read, or No Access.

Reference

Microsoft Learn - Access control in Active Directory
[MS-ADTS]