Providing centralized authentication, authorization and resource control, Active Directory (AD) is the pillar of identity and access management in most enterprise Windows environments. AD is one of the main targets for adversaries seeking persistence, privilege escalation and domain-wide compromise due to its widespread and great integration into organizational infrastructure. By combining theoretical foundations with real-world attack scenarios, this project offers an in-depth analysis of Penetration Testing in Active Directory. The goal is to expose and leverage security flaws built into AD environments. It starts with describing AD's architecture and components, including important elements like Domains, Forests, Trusts, Group Policy Objects and Kerberos-based authentication, while also highlighting advanced threats involving Active Directory Certificate Services (ADCS) and identity abuse via certificate-based escalation. This project then focuses on real-world attack techniques including Password Spraying, Kerberoasting, AS-REP Roasting, Pass-the-Hash and Golden Ticket attacks. Analyzed and used in the simulated lab environment GOAD, are tools including Impacket, Certipy and CrackMapExec, to show how poor security practices and configuration errors can result in complete domain compromise. Apart from proving offensive capability, the aim is to underline mitigating strategies by mapping all approaches to the MITRE ATT&CK framework. This project is intended to equip cybersecurity professionals with the knowledge and tools required to evaluate, defend and harden Active Directory infrastructures against modern adversaries by bridging offensive and defensive points of view.