Securing AD with Least Privilege Principle I have been working for the last number of weeks on a project to secure AD, and to reduce the Attack Surface of AD. If you are not on board with why you need to secure AD from compromise, and to establish good security work habits, please view one or more of the following videos. These show how incredibly easy it is for a hacker to break in to your systems. From Microsoft Ignite 2015. How You Can Hack-Proof Your Clients and Servers in a Day https://channel9.msdn.com/Events/Ignite/2015/BRK2346 This is an excellent technical article with hands-on demo of tools, password decodes, remote code execution, enable webcam, etc. . Detecting the Undetectable https://channel9.msdn.com/Events/Ignite/2015/BRK2344 . Next step is to review and become familiar with Microsoft's Best Practices for Securing AD. http://www.microsoft.com/en-ca/download/details.aspx?id=38785 Some of the key components of these documents and video's are: Set