logo
October 30, 2024 | Dirk Schrader

What are Active Directory Service Accounts?

Just like human users, computer programs also need access to resources on a network to function properly. There’s a difference in how these two groups—individuals and programs—access these resources, though. While humans utilize user accounts, computer programs use Active Directory...
August 9, 2024 | Ian Andersen

Secure Password Policies for Active Directory: A Comprehensive Guide

One of the most common ways for attackers to slip into a corporate network is by compromising the username and password of a legitimate user account. Usernames are typically trivial to guess because they follow an established standard in a given organization, such as...
July 8, 2024 | Kevin Joyce

How to Backup Active Directory: A Step-by-Step Guide

Microsoft Active Directory (AD) is the primary authentication service used by a majority of organizations worldwide (roughly 90 percent). It stores critical business information on domain controllers (DCs) like user accounts, their permissions, the number of computers in your organization’s...
February 19, 2024 | Jonathan Blackwell

How to Add a Distribution Group to a Security Group

Distribution groups — more commonly known as distribution lists — are a powerful tool for managing communications. Users do not have to painstakingly compile a set of recipients for each email; they can simply select the appropriate distribution list. This approach doesn’t just save time; it...
February 9, 2024 | Craig Riddell

A Comprehensive Guide to Active Directory Monitoring Tools

Effective Active Directory (AD) monitoring is a cornerstone for security and compliance. It empowers administrators to spot suspicious activity, including improper changes to AD objects like user accounts and Group Policy objects (GPOs), in time to avoid data breaches or minimize their...
January 23, 2024 | Jonathan Blackwell

Office 365 Ransomware Protection

Most organizations today rely on Entra ID (formerly Azure AD) and Microsoft 365 (formerly Office 365) for core business operations. But how secure are these vital platforms against ransomware? This article explores the key concern concerns in Entra ID and Microsoft 365 and details the key...
January 23, 2024 | Jonathan Blackwell

What Is Deprovisioning?

Each user in an IT ecosystem — including both employees and third parties like consultants, trainers, auditors and contractors — needs to be provisioned access to the data and systems they need to do their job. In most cases, these IT resources involve sensitive information and applications...
December 15, 2023 | Jonathan Blackwell

How to Transfer FSMO Roles

Introduction What are FSMO Roles? There are 5 Flexible Single Master Operations (FSMO) roles: 2 forest-wide roles: Domain Naming Master and Schema Master 3 domain-wide roles: PDC Emulator, RID Master and Infrastructure Master Why Should FSMO Roles Be Transferred? All 5...
December 8, 2023 | Jonathan Blackwell

How to Seize FSMO Roles

Introduction Shifting a Flexible Single Master Operations (FSMO) role from one domain controller (DC) to another is normally done through a role transfer operation. But if the DC that holds an FSMO role experiences a serious failure that takes it out of service, you must instead seize its FSMO...
June 16, 2023 | Jeff Warren

How Adversaries Achieve Persistence using AdminSDHolder and SDProp

Once an adversary has compromised privileged credentials, for example, by exploiting an attack path, they want to make sure they don’t lose their foothold in the domain. That is, even if the accounts they have compromised are disabled or have their passwords reset, they want to be able to...
Show more articles
...