Domain Enumeration: LDAP

LDAP is an opensource, cross platform protocol used for used to centralize authentication across applications, allowing users to log in with a single set of credentials, querying and managing directory information in AD DS.

Some organizations don't use Active Directory but do have LDAP, which likely means they’re using a different type of LDAP server, such as OpenLDAP or Red Hat Directory Server

Simply AD is the data storage system (like a web server), while LDAP is the access protocol (like HTTP) used to retrieve and interact with that data.

In some domains, anonymous binds are allowed, which lets unauthenticated users enumerate certain directory information.

By default, LDAP authentication messages are sent in plain text, which allows anyone on the internal network to intercept and read LDAP messages.

So using LDAP over SSL (port 636) to encrypt the communication between clients and the LDAP server will ensure that authentication messages are sent securely.

To communicate with AD using LDAP, LDAP Queries can be used