TOP EXPLOITABLE SETTINGS IN ACTIVE DIRECTORY

To prove that your AD is not secure and could be exploited, here are a few settings that are nearly always misconfigured and exploitable.

AdminSDHolder

The default object responsible for continuously ensuring the security of all privileged users and groups is consistent

Primary Group ID

A legacy setting used by Mac clients and POSIX applications for associating a user with a specific group

SIDHistory

A user attribute used during a migration so users can access resources in their original domain

Privileged Groups

Both default and post-install created groups allowing users to perform administrative tasks on AD, services, applications, etc.

Service Principal Names

Attributes used to allow service accounts to perform actions on behalf of the service they support