Final Thoughts
We have covered a reasonable amount of content on Active Directory and potential ways of enumerating it and exploiting vulnerabilities. Necessarily, there is a lot we haven't covered, including Azure Active Directory, Microsoft's cloud based version of AD which does differ from the on-premises version. AD is built on standards however and so the techniques of exploring LDAP are applicable to other implementations of LDAP such as OpenLDAP and to Kerberos implementations built on other platforms.