Chapter 4. Strengthening AD to Increase Resilience
Out of the box, Active Directory (AD) provides very good redundancy and failover features. Yet there are still quite a few things that can make it much more resistant to potential day-to-day operating mistakes, and other disruptive events.
In this chapter, we will go over both directly-related (implementations) and indirectly-related (processes) subjects that will help you make your AD environment stronger against events that can negatively impact it.
Baseline Security
To ensure the same level of security in your AD-throughout your organization, you need to have a security baseline for your AD and your Domain Controllers (DC). Whilst the security baseline has to be in line with your organizational security policy, there are several things that you should consider implementing.
Domain Policy
The default Domain Security Policy contains default values that are quite relaxed for most organizations. You should definitely change some of them.
As per...