General Guidelines (Best Practices for Securing Active Directory Installations)

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2

The goal of this guide is to assist organizations in enhancing the security of their Active Directory systems. Because any guide that addresses a general audience can provide only guidelines, in some instances these guidelines might conflict with the needs of an organization to lower costs, provide services and line-of-business applications, or maintain an information technology (IT) infrastructure. In such cases, an organization’s security planning team can arrive at suitable tradeoffs by evaluating these other needs against the need for security.

In addition, the recommendations in this guide take into consideration how an organization’s domain controllers are deployed. Domain controllers can be deployed in datacenters for enterprise intranets, in branch offices, and in datacenters for extranets. In some cases, the guidelines vary in accordance with special circumstances that are encountered in each environment.