Category: Active Directory

This guide contains best practices for securing Active Directory installations. The intended audience for this document is IT professionals who are responsible for maintaining the security of their Active Directory environment.

This guide contains recommendations for protecting domain controllers against known threats, establishing administrative policies and practices to maintain network security, and protecting Domain Name System (DNS) servers from unauthorized updates. It also provides guidelines for maintaining Active Directory security boundaries and securing Active Directory administration.

Microsoft has released a document that describes the functionality of Read-Only Domain Controllers, when to use them and how to deploy them.  You must read this document if you have a branch office infrastructure Active Directory.  Using RODC’s in physically insecure branch offices is highly recommended.

Nathan Winters, a MS infrastructure pro, has an article on the TechNet blogs site that goes into great detail on how time works and is synchronised in a Microsoft Active Directory network.  It’s a good read and goes into all sorts of detail.  I doubt you’ll have any questions after reading it.

Windows Time is critical for the correct functioning of the Kerberos protocol which is the primary authentication and authorisation method used in an Active Directory environment.  Many of these problems I’ve encountered have been a result of time not being syncronised.  Speaking of which, I’m usually surprised by how few people realise that there already is a synchronisation mechanism running in an AD environment.  So stop shopping for a third party clock synch product and read this article an you will understand how time synch in AD works, how to configure it and how to troubleshoot it.