Security experts say many organizations don’t know they have a problem with Active Directory. Many organizations fail to update AD admin passwords, which can be accessed via the same password on every workstation in an organization. By default, Active Directory workstations can communicate with each other, which attackers can abuse to move laterally across networks. Retiring outdated Windows systems makes attackers’ job job harder for security experts, says Rapid7’s Tod Beardsley. “Penetration testers’ job is basically to get out these older targets at this point,” he says.”]
Source: https://www.cuinfosecurity.com/essential-active-directory-security-defenses-a-12828