Featured image
Truesec pattern

Mastering Active Directory


We review what you should consider when designing and implementing Active Directory (AD), automated installation, security aspects (how to protect your AD and infrastructure), delegation, migration, and upgrades.

On your own, you will get plenty of time to try and test:

  • ADDS configuration and troubleshooting tools
  • learn about GPO Design
  • DNS
  • Forest and Domain Topologies
  • Trusts
  • FSMO roles
  • Sites and services
  • Disaster/Recovery
  • Backup and Restore
  • Kerberos
  • KDC
  • NTDS.DIT ​​
  • Time management

Theory sections are mixed with Daniel Ulrich's experience from real customer cases and provide access to material that cannot be read in common course material, TechNet, or KB articles.

Learn how to manage the small AD environment, scale it to larger environments across multiple countries, and how to use AD in the best possible way!

Tailored Training or a Scheduled Course?

We can help you or your team understand your specific skills and development needs. Send us a request, and we’ll guide you, or reserve a spot on our next scheduled course.


Target Audience
Active Directory administrators, IT professionals wishing to immerse themselves in Active Directory

As the course is at a high pace and requires a certain level of knowledge, participants should have completed a basic course in Active Directory or have obtained equivalent knowledge through work with Active Directory and Windows Server in the operating environment.

Course Objectives
The lab should teach you how to design, deploy and maintain Active Directory. You will learn about all the components and security mechanisms that are included in the service, and gain knowledge that will enable you to troubleshoot, restructure, and upgrade your Active Directory. You will be proactive and able to make decisions about AD changes without consulting a need.

Lab manual and exercise booklet

Detailed description
Active Directory Design – Forest, Domain, and OU
– Forest and domain topology design (how to do right from the start)
– Domain Controller’s function, location, and configuration
– Automation and standardization of installation
– Forest and domain trust management
– OU design (how less becomes more)

Active Directory Design – Namespace and DNS integration
– Considerations when selecting namespace (options and conditions)
– Integration between AD and DNS
– DNS replication methods, Dynamic Updates, and forwarding methods

Active Directory Design – Replication and Site Management
– Then configure, maintain and troubleshoot AD Replication
– Catalog partitions (functions and differences)
– Subnet in Active Directory (therefore they play a huge role)
– How can Sites and Services help me?
– How KCC works and how to optimize the replication

Active Directory Design – Components and Roles
– All you need to know about FSMO roles to survive
– The purpose of Global Catalogs
– Time synchronization in the domain (so important, you’ll get it working)
– Deactivation of Active Directory Schema

Active Directory Drift – Then you should work with groups and rights
– Understand the difference between global, domain, and universal groups
– Name standards that hold
– cleanups
– Dynamic Access Control

Active Directory Drift – Disaster recovery and high availability
– Backup and restore of Active Directory (technology and challenge)
– DC crashed, what am I doing now?
– Tombstone lifetime
– Virtual domain controllers (The good, the bad, and the ugly)

Active Directory Drift – Then you should work with Group Policy
– How are policies applied and how do you best get it wrong?
– Consolidate or not, that’s the question
– Linking and filtering (the old and new school)
– Group Policy Preferences?
– SYSVOL replication

Active Directory – Security
– What does the security model look like in AD
– How are accounts and data protected in AD
– AdminSDHolder what is it?
– Confidentiality data bit, when is it used?
– Read-only Domain Controllers
– Fine-Grained Password Policies
– Authentication Mechanism Assurance
– Authentication Policies and Policy Silos

Active Directory – Kerberos
– How does Kerberos really work?
– KDCn and its services
– Claims based Authentication
– Over Trusts

Active Directory – Hosting
– Resource Forest / Domain
– List object mode
– UPN Suffix

Active Directory – Migrations
– Sid History
– AD Migration / Upgrade

Active Directory Maintenance – Upgrades and Changes
– Upgrading Active Directory and forest/domain functional level
– How is the migration scenario (eg acquisition of companies or adaptation to MSKD for municipalities)

Active Directory Maintenance – Overview of the New Technology
– Various troubleshooting tools
– Introduction to AD management via Powershell
– Introduction to Azure AD Premium
– What’s in the next version of Active Directory

Enquire training

Online trainings

See all trainings
M365 Security Boost

M365 Security Boost

Application Security Testing and Mitigation for Developers and Testers

Application Security Testing and Mitigation for Developers and Testers

Secure Coding Patterns

Secure Coding Patterns

Implementing Microsoft 365 Security Solutions

Implementing Microsoft 365 Security Solutions

Managing Endpoints With Microsoft Intune

Managing Endpoints With Microsoft Intune

Mobile Device Management Using Microsoft Intune

Mobile Device Management Using Microsoft Intune

Introduction to PowerShell

Introduction to PowerShell

Introduction to Windows 10 Management

Introduction to Windows 10 Management

Social Engineering, the Human Side of Security [2 Days]

Social Engineering, the Human Side of Security [2 Days]

Cybersecurity Threats and Defenses in a Microsoft 365 Platform

Cybersecurity Threats and Defenses in a Microsoft 365 Platform

Stay ahead in cyber

Join 1000+ other cyber professionals that get monthly updates from us with the key things to know.

You might also like...

Go to Knowledge Hub