How to Use This Guide (Best Practices for Securing Active Directory Installations)

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2

The information in this guide is presented as if the reader’s organization is in the planning stage of its Active Directory deployment. However, this information can be equally beneficial to an organization that is reviewing its current Active Directory security practices.

The information in this guide focuses on security, and this guide should not be used as the sole reference for planning an Active Directory deployment. For a complete analysis of deployment and upgrade issues and for recommendations for planning, designing, and deploying an Active Directory infrastructure, see “Designing the Active Directory Logical Structure” in Designing and Deploying Directory and Security Services of the Windows Server 2003 Deployment Kit (or see “Designing the Active Directory Logical Structure” on the Web at https://go.microsoft.com/fwlink/?LinkId=4723).

You can proceed through your Active Directory security planning process in the order presented in this guide. Each phase of the Active Directory security planning process, such as securing domain controllers, is contained in its own chapter. Each chapter begins with a discussion of how the security recommendations enhance security, and it also discusses the cost of the recommendations in terms of complexity and performance. If a recommendation is impractical for a specific deployment strategy, that fact is indicated and specific alternatives are recommended, if they exist. Finally, the recommendations in each chapter are summarized in a checklist at the end of the chapter.

You can proceed to the next chapter after completing the checklist of recommendations at the end of the previous chapter. Before proceeding with security planning, make sure that you:

  • Set your business goals and practices and understand how they affect Active Directory security.

  • Gain executive-level sponsorship to implement a secure, Active Directory–managed Windows network.

Active Directory infrastructure and practices can span both technology and business areas. Therefore, to make progress in security planning, you must articulate the value of security to IT and business decision makers.