From a business perspective, Active Directory needs to be an available, confidential attribute store with absolute integrity. The security measures in this chapter detail how to achieve a higher level of confidentiality and integrity.
The following recipes will be covered in this chapter:
- Applying fine-grained password and account lockout policies
- Backing up and restoring GPOs
- Backing up and restoring the Active Directory database
- Working with Active Directory snapshots
- Managing the DSRM passwords on domain controllers
- Implementing LAPS
- Managing deleted objects
- Working with group Managed Service Accounts
- Configuring the advanced security audit policy
- Resetting the KRBTGT secret
- Using SCW to secure domain controllers
- Leveraging the Protected Users group
- Putting authentication policies and authentication policy silos to good use
- Configuring Extranet Smart...
