Securing Active Directory

The Active Directory is the heart of a Windows domain network. An Active Directory contains objects such as user accounts, groups, group memberships, passwords, etc. Relationships between (administrator) accounts and other objects in an Active Directory are quickly mapped by tooling such as Bloodhound. It is therefore essential that the cyber security of a Domain Controller is taken seriously and meets at least basic security. More and more enterprise organizations are migrating their workloads to the cloud, such as Microsoft Azure services. The number of organizations still using an Active Directory whether hosted on Microsoft Azure or not is decreasing. Nevertheless, legacy applications that rely entirely on an Active Directory continue to exist.

Active Directory Security Audit

There are several tools available in the field for performing a security audit of an Active Directory. Personally, I find the open-source program Purple Knight from Semperis a pleasant tool.

• Download Purple Knight from this source: https://www.purple-knight.com/resources/

Table of Contents

1. Configure Strong Password Policy
   • Configure fine-grained Password Policy
2. Disable Printer Spooler
3. Securing Domain Admin accounts
4. Remove inactive useraccounts
5. Configure LDAPS