> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# DCFor

> This edge indicates that the computer is a domain controller for the domain. This edge is not created for read-only domain controllers.

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Abuse Info

Domain Controllers store all Active Directory credentials and configurations for all principals in the domain. If an adversary gains administrative access to a Domain Controller, there are several options at their disposal for compromising domain identities and domain-managed systems. Please see the references section for more information.

## Opsec Considerations

Domain Controllers are universally among the most sensitive systems in Active Directory, and are often closely monitored by defenders. Attacks that rely on administrative access to a domain controller may produce artifacts that defenders will see as reliable and urgent indicators of compromise.

## Edge Schema

Source: [Domain](/resources/nodes/domain)\
Destination: [Domain](/resources/nodes/domain)\
Traversable: **Yes**

## References

### Abuse and Opsec references

* [Beyond Domain Admins](https://adsecurity.org/?p=3700)