Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Active Directory is susceptible to compromise due to its permissive default settings, its complex relationships, and permissions; support for legacy protocols and a lack of tooling for diagnosing Active Directory security issues,” Five Eyes cybersecurity agencies have clarified in a recently released guide for detecting and mitigating AD compromises.

Source: Help Net Security