Microsoft Active Directory (AD) is the central credential store for 90% of organizations worldwide. As the gatekeeper to business applications and data, it’s not just everywhere, it’s everything! Managing AD is a never-ending task, and securing it is even harder. At Netwrix, we talk to a lot of customers who are using our tools to manage and secure AD, and over the years, key strategies for tightening security and hardening AD to resist attacks have emerged.

Using groups is a best practice for Active Directory management. This article describes the two types of Active Directory groups — security groups and distribution groups — and offers guidance for using them effectively.

Active Directory (AD) security groups enable administrators to grant access to IT resources, both within a domain and across domains. However, groups can be members of other groups. This group nesting has profound implications for security, so it’s vital to understand nesting and how to nest groups correctly. This article explains how group nesting works and the best practices to follow.

The Get-ADUser cmdlet in PowerShell provides many parameters for finding one or more users in an Active Directory (AD) domain. By default, PowerShell runs using the account that is logged on to the machine. If you want to run a command using a different account, you can force PowerShell to prompt you for the credentials by using this switch before your command.

This article rounds out a series of articles on Kerberos delegation. Before reading it, we suggest making sure you are familiar with both Active Directory delegation and Kerberos delegation, and have read the earlier posts in the series that provide an overview of how resource-based constrained delegation and unconstrained delegation are configured and how they can be abused. This article explains how a constrained delegation attack enables an adversary to gain elevated access to vital services.

Compromising the credentials of Active Directory accounts remains a primary way for adversaries to gain a foothold in an organization’s IT ecosystem. They use a range of tactics, including credential stuffing, password spraying, phishing and brute-force attacks This blog post details key best practices for effective user credential management. Then it dives into how software can help enforce those best practices and further secure user credentials.

Commonly referred to as Zerologon, CVE-2020-1472 is the Common Vulnerabilities and Exposures (CVE) identifier assigned to a vulnerability in Microsoft’s Netlogon Remote Protocol (MS-NRPC). MS-NRPC is essential for authentication of both user and machine accounts in Active Directory.

Adversaries use multiple techniques to identify and exploit weaknesses in Active Directory (AD) to gain access to critical systems and data. This blog post explores 3 ways they use PowerShell PowerSploit to elevate or abuse permissions, and offers effective strategies for protecting against them.

Monitoring SharePoint Server activity is vital to knowing who is accessing your SharePoint sites, services and content and how they’re using your system. Tracking SharePoint performance monitoring metrics can help you identify potential problems in time to stop them from negatively affecting your business. You can also use tracking activity to monitor the adoption and usage rates of SharePoint and determine areas that need improvement.

The transition to hybrid IT architectures and remote work strategies has greatly expanded the IT estates of most organizations in recent years. Couple this expansion with the growing number of computing and IoT devices that connect to company networks today and you understand why cybersecurity is a growing challenge: As your IT footprint grows, so does your attack surface.

Active Directory (AD) is a database and set of services that offers centralized management of IT infrastructure resources. It connects users with the resources they require to get their work done. Therefore, technicians must be able to quickly check and recover AD attributes that are modified or deleted by hardware failures, cyberattacks, scripting mistakes and other problems.