> ## Documentation Index
> Fetch the complete documentation index at: https://specterops-bp-2735-release-notes.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# DCFor

> This edge indicates that the computer is a domain controller for the domain. This edge is not created for read-only domain controllers.

<img noZoom src="https://mintcdn.com/specterops-bp-2735-release-notes/2djt2Sp9UeFPjBFr/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=2djt2Sp9UeFPjBFr&q=85&s=a791748158fde5ff3b3b82b51497ab39" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Abuse Info

Domain Controllers store all Active Directory credentials and configurations for all principals in the domain. If an adversary gains administrative access to a Domain Controller, there are several options at their disposal for compromising domain identities and domain-managed systems. Please see the references section for more information.

## Opsec Considerations

Domain Controllers are universally among the most sensitive systems in Active Directory, and are often closely monitored by defenders. Attacks that rely on administrative access to a domain controller may produce artifacts that defenders will see as reliable and urgent indicators of compromise.

## Edge Schema

Source: [Domain](/resources/nodes/domain)\
Destination: [Domain](/resources/nodes/domain)\
Traversable: **Yes**

## References

### Abuse and Opsec references

* [Beyond Domain Admins](https://adsecurity.org/?p=3700)
