Fast Guide: Active Directory security

Windows Active Directory has become one of the key components to enterprise management

This fast guide and all of the content contained within originally appeared on


Brendan Cournoyer, Assistant Site Editor Windows Active Directory has become one of the key components to enterprise management, and many companies use it to control large portions of their networks. With so many factors dependent on the successful administration of AD, security is especially important. This guide offers plenty of must-know tips on maintaining a secure AD environment, starting with the basics and moving on to more advanced practices. We'll be updating this page from time to time, so be sure to come back often to see what's new. Also, feel free to contact us and let us know what else you'd like to see included in this guide.
-- Brendan Cournoyer, Assistant Site Editor

More information on Active Directory and security management.


   Basic AD security
   Best practices
   Group Policy security
   Answers from our experts



  Basic AD security  Return to Table of Contents
  • Securing your Active Directory network
    Derek Melber investigates the security of your Active Directory database and the objects that exist within the database.
  • Chapter of the Week: Inside Active Directory: A System Administrator's Guide -- Chapter 4, 'Securing Active Directory'
    Active Directory (AD) has access control features that facilitate the management of access to various elements in the directory. After briefly giving some background on AD access control, this chapter describes how permissions work to protect each AD object. The chapter also introduces scenarios that illustrate the kinds of permissions you can use in different practical situations and ways to implement these permissions.
  • Handling patch emergencies
    Managing an Active Directory environment means juggling hordes of Microsoft patches, which is even more precarious for domain controllers (DC).
  • Securing Windows 2000 Active Directory, part 1
    Protecting Active Directory's integrity is paramount. This article will focus on Active Directory security and will be written in two parts. Active Directory is the Windows 2000 information repository that needs to be kept very secure. Active Directory has vital service dependencies, such as DNS, that change the scope of what needs to remain secure. This white paper focuses on actions that you can take in order to safeguard the Active Directory service.
  • Securing Windows 2000 Active Directory, part 2
    Protecting Active Directory's integrity is paramount. This article, the second in a three-part series, focuses on Active Directory security. This white paper explains how important it is to have a contingency plan in case of a disaster.
  • Securing Windows 2000 Active Directory, part 3
    This article will focus on the Active Directory process. As part of securing Active Directory, backup and restoration are paramount in recovering AD.



  Best practices  Return to Table of Contents
  • Active Directory security best practices
    Expert James Michael Stewart provides some pointers for securing Active Directory that every administrator should know.
  • SIDs help tighten AD security
    Laura Hunter continues her advice on how to manage Active Directory security through the use of Security Identifiers.
  • Securely juggling service admin accounts
    A look at the Active Directory service administrator accounts and some tips for keeping them secure.
  • Securing an administrator's computer
    Limiting administrators' access to a single workstation can greatly improve overall security.
  • Challenge: Make sure you have a secure Active Directory network by securing domain controllers
    Protecting your domain controllers is at the core of protecting your Active Directory investment. In this article, Derek Melber challenges IT managers to ensure that their networks are secure as possible.
  • Keep your domain user accounts in check or suffer the consequences
    In Part 3 of his series on Active Directory security, expert Derek Melber signals a warning about securing user accounts in your domain.
  • What's in a name? Active Directory security under the covers
    Laura Hunter delves a bit deeper into ways to manage Active Directory security when the need arises to create trust relationships beyond those that are created by default.
  • Advanced Security Management of Active Directory in Windows 2000
    As the cornerstone of a Windows 2000 network, Active Directory provides a unified repository of corporate users, groups and network assets when it is deployed completely in the enterprise. The security management challenges of Active Directory are profoundly different than the challenges experienced with Windows NT domains. The new challenges are a result of the complexity and flexibility of Active Directory and Windows 2000. Microsoft offers this flexibility to meet the enterprise requirements of large networks.



  Group Policy security  Return to Table of Contents
  • Group Policy: The final consideration in securing Active Directory
    Group Policy considerations can't be left out of the equation when addressing Active Directory security. Expert Derek Melber gives you an idea of some things to think about when securing Active Directory.
  • Ten attacks you can easily avoid with Group Policy
    You should always run Group Policy on your Active Directory-based systems. If you don't, plenty of attacks are just waiting to happen inside your network.
  • Where does your client's security policy actually come from?
    Your clients could be getting different domain-enforced security settings than what you defined in your domain policy.
  • Protecting against anonymous connections using GPOs
    Expert Derek Melber explains how to use Group Policy Objects to protect your Windows computers from insecure anonymous connections.



  Answers from experts  Return to Table of Contents
  • What is a good free tool for testing DNS environments against corruptions?
  • How do I do patch files along with AD to run while a client starts their machine (as an admin)?
  • Why are the enabling and disabling of firewalls not taking effect?
  • Can you help me replace a Windows default client with a secureCRT pop-up?
  • Is it possible to monitor Active Directory performance?
  • Have a question that you don't see here? Check out our Ask the Experts section to learn more about Active Directory security and other topics, or send your own question to our Active Directory pro Laura E. Hunter.

What do you think of this guide? Would you like to see more guides like this? Is anything missing from this page that you'd like to see added? E-mail us your thoughts and comments.

Read more on Microsoft Windows software