Active Directory Paradigm Blog
Merriam-Webster defines Paradigm as “an outstandingly clear or typical example or archetype. Regard science as the paradigm of true knowledge”. And this is exactly what Active Directory Paradigm blog is about. Of course this is not the ultimate AD post, but in my humble opinion, is a very good approach on how to design, implement & operate a corporate directory.
The main areas of discussion are build on some best practices and guidance, which by the way, have been around for many years.
My intention is to give some ideas on how a properly designed Active Directory should look like, taking into account recommendations and best practices (just some examples… suggest one for me?):
Design
- Forest, Tree & Domains
- Main usage of the container (as the point above)
- Who and how will use it
- Directory Aware Applications
- Business IT model
- Security design
Implementation
- Clean source principal
- Critical assets provisioning
- Privileged and Semi-Privileged access
- Configurations over conventions
- Automation
- Fine tuning
- Re-Engineering
- Process, process and more process
Operation
- Recurrent tasks
- Least Privileged Access
- Segregation of duties and rights
- Process, process and more process
- Troubleshooting
Monitoring & Auditing
- Basic health monitoring
- Specific (tuned up) monitoring
- Alerts, triggers and actions
- Compliance
Security
- Pass-the-hash
- Pass-the-ticket
- Credential theft
- Least privileged access
- 0 Admin Model
- Segregation of assets
- Common restrictions
- Patch Management
- Delegation Model
- Tier Model
