In two previous articles (here and here) I shared some classic Active Directory mistakes people have made that got their companies into serious trouble. Here’s another mistake that on the face of it ...

It’s called “site coverage.” When domain controller X registers its SRV records in DNS, it checks to see if any poor, neglected Active Directory sites don’t have any domain controllers in the same ...

Windows domains rely on policy-based security mechanisms, but Windows security policy deployment can be confusing to the uninitiated. What’s the difference between the local security policy, domain ...

In Windows Server, a child domain is a subdomain under a parent domain, inheriting policies and trust relationships. For example, if the parent domain is example.com, a child domain might be ...

Since Active Directory is a core feature of Windows Server, we can install it from the Server Manager. So, to install Active Directory, follow the steps mentioned below. After installing the role, you ...

Active Directory is at the center of many attacks as it is still the predominant source of identity and access management in the enterprise. Hackers commonly target Active Directory with various ...

Unprivileged users with permission to create objects inside an Active Directory organizational unit can abuse the new Delegated Managed Service Accounts (dMSA) feature to elevate their privilege to ...

Organizations trying to improve the security of their Active Directory environments face a simple problem: Attackers have too many options. The average enterprise AD environment has thousands or tens ...

In this blog post on IPv6, I’m going to cover Active Directory support for IPv6. This is the fourth technical blog post on configuring IPv6 in a Windows networking ...

An easily exploitable flaw in Windows Server 2025 allows attackers to escalate privileges and assume the permissions of any Active Directory (AD) user. The flaw occurs due to the fumbling of ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Privilege escalation vulnerabilities are among the worst you ...