1. Reconnaissance

The reconnaissance step in Active Directory penetration testing involves gathering as much information as possible about the network, systems, and domain to understand the environment. This phase includes identifying domain controllers, network topology, user accounts, group memberships, and trust relationships.