Active Directory & Azure AD/Entra ID Security

Active Directory & Azure AD/Entra ID: Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Category: AD Fundamentals

May 19 2026

AD Fundamentals: Group Policy Permissions & Owner Rights

By Sean Metcalf in ActiveDirectorySecurity, AD Fundamentals

This series of posts focuses on key Active Directory (AD) components that need to be secured in order to ensure AD security is leveled up. In this post, we focus on Group Policy Objects (GPOs) and their permissions. Group Policy provides the ability to change application settings, security settings, install and run code, and more! …

GPOOwner, GPOPermissions, GPOSecurity, GroupPolicyOwner, GroupPolicyPermissions, GroupPolicySecurity

May 13 2026

AD Fundamentals: Domain Root & AdminSDHolder Permissions

By Sean Metcalf in ActiveDirectorySecurity, AD Fundamentals, Technical Reference

This series of posts focuses on key Active Directory (AD) components that need to be secured in order to ensure AD security is leveled up. this post focuses on permissions on two important objects in AD: the Domain root and the AdminSDHolder object. Domain Root Let’s start with the domain root. The domain is the container …

AdminSDHolder, AdminSDHolderPermissions, DomainPermissions, DomainRootPermissions

May 12 2026

AD Fundamentals: DSHeuristics

By Sean Metcalf in ActiveDirectorySecurity, AD Fundamentals

This series of posts focuses on key Active Directory (AD) components that need to be secured in order to ensure AD security is leveled up. In this post, we focus on the mostly unknown AD component called DSHeuristics DSHeuristics is like a registry editor for changing behavior in the Active Directory forest (and AD Lightweight …

DSHeuristics, DSHeuristicsSecurity, dwAdminSDExMask, fAllowAnonNSPI, fLDAPBlockAnonOps

May 06 2026

AD Fundamentals: Pre-Windows 2000 Compatible Group

By Sean Metcalf in ActiveDirectorySecurity, AD Fundamentals, Microsoft Security, Technical Reference

This series of posts focuses on key Active Directory (AD) components that need to be secured in order to ensure AD security is leveled up. In this post, we focus on the often-misunderstood group called “Pre-Windows Compatible”. This domain-scoped group is created automatically in the Built-in root OU and is part of any Active Directory …

Pre-Windows2000, Pre-Windows2000CompatibleGroup, Pre-Windows2000CompatibleSecurity, PreWindows200Compatible

May 05 2026

AD Fundamentals: Domain Controller Security

By Sean Metcalf in ActiveDirectorySecurity, AD Fundamentals, Technical Reference

This series of posts focuses on key Active Directory (AD) components that need to be secured in order to ensure AD security is leveled up. In this post, we focus on Domain Controller configuration. Tier 0 Domain Controllers need to be managed and maintained as Tier 0 servers since they handle authentication and authorization for …

DCACLs, DCSecurity, DCSupportedWindows, DomainController, DomainControllerPermissions, DomainControllerSecurity, DomainControllerSoftware

Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2025.

Made with by Graphene Themes.

Category: AD Fundamentals

AD Fundamentals: Group Policy Permissions & Owner Rights

AD Fundamentals: Domain Root & AdminSDHolder Permissions

AD Fundamentals: DSHeuristics

AD Fundamentals: Pre-Windows 2000 Compatible Group

AD Fundamentals: Domain Controller Security

Recent Posts

Active Directory & Entra ID Security Services

Popular Posts

Categories

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright

Category: AD Fundamentals

AD Fundamentals: Group Policy Permissions & Owner Rights

AD Fundamentals: Domain Root & AdminSDHolder Permissions

AD Fundamentals: DSHeuristics

AD Fundamentals: Pre-Windows 2000 Compatible Group

AD Fundamentals: Domain Controller Security

Recent Posts

Active Directory & Entra ID Security Services

Popular Posts

Categories

Tags

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright