Active Directory Security and Hardening with Jordan Drysdale and Kent Ickler

While we cover foundational concepts, this is a fast-paced, hands-on class. Prior experience with Windows Server or Active Directory will help.

Yes. Students will receive temporary post-class lab access to continue practicing on their own time.

Students will receive instructions to build and maintain their own lab environment on their own pay as you go Azure subscription.

PingCastle, Purple Knight, BloodHound, PowerShell, Microsoft LAPS, GPO analysis tools, deception frameworks, and native Windows administrative tools.

This course is ideal for system administrators, security engineers, Blue Teamers, and IT professionals responsible for maintaining and defending Windows enterprise environments. If you manage AD, or if you’re on the hook for securing it, this course is for you. Familiarity with Windows Server and Active Directory basics is helpful but not required.

• Deep understanding of AD attack paths and how to proactively prevent them.
• Practical use of tools like PingCastle, Purple Knight, PowerShell, and built-in Microsoft utilities.
• Strategies to apply least privilege, secure authentication, and reduce lateral movement opportunities.
• Framework for building an AD environment that’s secure, auditable, and defensible.
• Grasp the fundamental concepts of Active Directory, including its structure (domains, trees, forests) and components (users, groups, organizational units)
• Learn best practices for managing user accounts and groups, including the principle of least privilege and the importance of regular audits.
• Understand the significance of strong password policies, including complexity requirements, expiration, and account lockout settings.
• Familiarize yourself with authentication methods used in AD, such as Kerberos and NTLM, and their respective security implications.
• Explore how to implement effective access control measures, including the use of Access Control Lists (ACLs) and Role-Based Access Control (RBAC)
• Understand the importance of monitoring AD for suspicious activities and how to configure auditing to track changes and access.
• Identify common threats to AD, such as privilege escalation, pass-the-hash attacks, and how to implement countermeasures
• Emphasize the importance of keeping AD and its components updated with the latest security patches to mitigate vulnerabilities.
• Familiarize yourself with best practices for hardening AD, such as minimizing the attack surface, disabling unnecessary services, and securing domain controllers.
• Engage in practical exercises to reinforce learning, such as configuring security settings, implementing GPOs, and conducting audits.
• Identify additional resources, such as documentation, forums, and communities, for ongoing education and support in AD security.

Risk mitigation planning for Windows infrastructure

Security configuration management across enterprise Active Directory deployments

Alignment of technical AD controls with compliance and governance requirements

Cross-functional communication between IT, security, and compliance teams

Enhancing incident response capabilities through AD visibility and audit readiness

Strategic implementation of least privilege and access governance models

This course is designed for technical professionals with at least a foundational understanding of Windows Server and Active Directory. Participants should be comfortable using command-line tools and exploring systems independently. No prior security training is required, but basic knowledge of how AD works will accelerate learning.