Securing and Auditing Windows Active Directory Domains
Overview
This course focuses on the skills required to effectively audit Active Directory. Using a Cloud-based Lab, each participant will have their own virtualized Windows Server 2016 Domain Controller and Windows 10 Workstation to practice the concepts and techniques learned during the class with a series of 15 hands-on labs. Output from each of the labs will be incorporated into an Excel spreadsheet. This spreadsheet can be used as the basis for an audit program after the class is completed. Separate sheets in the Auditing Active Directory Excel Spreadsheet summarize how to obtain Active Directory data using PowerShell scripts, a place to store samples of the PowerShell output, and items to review in the output. Participants can email their completed spreadsheet to take with them after the class with lab notes and PowerShell Scripts.
The course provides a practical methodology for auditing and securing Active Directory, attacks against Active Directory, and how to protect against those attacks. Audit techniques are designed to make Active Directory more secure and difficult to hack. The last day of class includes a role-playing exercise to put into practice the skills learned earlier in the course in a challenging real-world auditing environment. A working knowledge of Windows Server, Windows 7 or later, Excel, and VMware Workstation is helpful but not mandatory.
Why you should take this course
For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.
Here are the topics we'll cover.
-
Windows and Windows Networks
- Windows Operating Systems
- Windows Patches
- Windows Server Builds
- VLANs
- Siloing
-
Auditing Active Directory Core Components
- What is Active Directory?
- Domains, Trees, and Forests
- Active Directory Structure
- Active Directory Sites and Services
- Domain Controllers
- DNS
- Time Configuration
- Active Directory Domains and Trusts
- Active Directory Federation Services
- Active Directory Certification Authority
-
Auditing Active Directory Users
- User Accounts
- Windows Services
- Active Directory Administrative Center
- Active Directory Recycle Bin
- Authentication Policies
- Authentication Policy Silos
-
Auditing Active Directory Groups
- Group Types**
- Access Control Lists
- Auditing Domain Groups
-
Authentication and Auditing Protecting Policies
- Security Identifiers (SIDs)
- Kerberos
- Password Attack Techniques
- Protecting Passwords
- Password Policies
- Fine Grained Password Policies
-
Auditing Active Directory Delegation
- Active Directory Administration Delegation
- Audit Active Directory Delegation
- Kerberos Unconstrained Delegation
-
Security Compliance Manager and Group Policy
- Microsoft Security Assessment Tool 4.0
- Retina Network Vulnerability Community Scanner
- Microsoft Security Compliance Toolkit 1.0
- Group Policy
-
Auditing User Rights and Event Viewer Logs
- Auditing User Rights
- Event Viewer
-
Hardening Active Directory
- Password Policies
- Patch Management
- Upgrade Domain Controllers to Windows Server 2016/2019
- Multifactor authentication
- Authentication Policy Silos
- Silo your Network
- Audit Administration Account Use
- Limit Membership of Schema Admins and Enterprise Admins Groups
- Use Separate Administrative Accounts
- Continuous Monitoring
- End-User Training
-
Active Directory Case Study
Learning Style
Level
Who this course is for
NASBA Certified CPE
Field of Study
Length of course
Prerequisites
Advanced Preparation
Here are the learning objectives we'll cover
- Select key procedures to audit Active Directory.
- List procedures to obtain Active Directory data.
- Apply concepts and techniques learned to create an audit program.
- Describe procedures to review related data and draw conclusions.