AD DS Data Store

The Active Directory directory service uses a data store for all directory information. This data store is often referred to as the directory. The directory contains information about objects such as users, groups, computers, domains, organizational units, and security policies. This information can be published for use by users and administrators. The directory is stored on domain controllers and can be accessed by network applications or services.

More generally, it containts the database files and processes that store and manage directory information ofr users, services and applications.

The AD DS data store :

• Consists of the Ntds.dit file

• Is stored by default in the %SystemRoot%\NTDS folder on all domain controllers

• Is accessible only through the domain controller processes and protocols

The Ntds.dit file is very sensible, it is a database that stores Active Directory data, including information about user objects, groups, and group membership. It includes the password hashes for all users in the domain.

By extracting these hashes, it is possible to use tools such as Mimikatz to perform pass-the-hash attacks, or tools like Hashcat to crack these passwords and many other attacks.