`INLANEFREIGHT.LOCAL/`
`├── ADMIN.INLANEFREIGHT.LOCAL`
`│ ├── GPOs`
`│ └── OU`
`│ └── EMPLOYEES`
`│ ├── COMPUTERS`
`│ │ └── FILE01`
`│ ├── GROUPS`
`│ │ └── HQ Staff`
`│ └── USERS`
`│ └── barbara.jones`
`├── CORP.INLANEFREIGHT.LOCAL`
`└── DEV.INLANEFREIGHT.LOCAL`
NTDS.DIT
Every passwords are stored here - Could be in clear text due to misconfiguration
Token impersonation
Use metasploit for this