Skip to main content

AD Miscellaneous

User SID and RID

In Active Directory, any group or user that Windows doesn't create has a RID of 1000 or greater. The last 8 bytes of RID determines the user's group.

RID : 0x0105000000000005150000001c00d1bcd181f1492bdfc236f4010000

SID : 0x0105000000000005150000001c00d1bcd181f1492bdfc236

Group: f4010000 -> 0x01f4 -> 500 Administrators

NTDS

New Technology Directory Services Directory Information Tree. It serves as the primary database file within Microsoft’s Active Directory Domain Services (AD DS). Essentially, NTDS.DIT stores and organizes all the information related to objects in the domain, including users, groups, computers, and more. It acts as the backbone of Active Directory, housing critical data such as user account details, passwords, group memberships, and other object attributes.

  • Location (on a Domain Controller): C:\Windows\NTDS\ntds.dit