The objective of this project is to highlight the most common attacks that occur in real business environments. To achieve this, an experimental pilot has been carried out in which an Active Directory environment with vulnerabilities has been created in order to show the known weaknesses and configuration errors that could allow a real attacker to compromise the entire enterprise system. Mitigating measures that should be implemented to avoid the most common vulnerabilities and attacks in this type of environment are also presented.