This is a 200-level presentation that describes gathering information from Active Directory to assist a penetration tester in target selection, locating and leveraging common configuration mistakes to attack domain member computers and users, and post-exploitation activities. An emphasis is placed on using information that can be freely gathered by unprivileged users from Active Directory. This presentation assumes familiarity with the Windows security architecture and Active Directory.