Manage Learn to apply best practices and optimize your operations.

Secure AD migration

I have been tasked with reviewing the security of Active Directory as it relates to migration from NT and NetWare to Windows 2000 and a vendor SAN solution.

What are the most common security mistakes made by administrators when setting up and migrating to AD? And what, if the answer is not the same as the previous question, are the things a security analyst should look for when assessing AD?

Oh my, we could write a book on this. Since Active Directory is the seat of much security application, a thorough understanding of what security is available through AD is imperative. And, the database itself must be kept secure. Here are a couple of biggies though:
  1. In addition to sound, correct knowledge, most failures in security come from providing too much access to domain controllers -- i.e., DCs should not also be DHCP servers, RRAS servers, firewalls, IIS servers -- you get the picture.
  2. Much security for the database relies on the proper, secure configuration of the computer before it's made a DC. Installation on a secure network, using security baseline recommendations (the Microsoft Security Operations Guide has security template DCs, which lock down many things, including disabling unnecessary services. You can get a copy here.

If you hold a premium Microsoft cert, you can also access my article on securing AD from MCPmag.com.

Dig Deeper on Windows legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.