The State of Identity Security in the AI Era — Read the Report here.
Back to blogs listing

Active Directory Security

Categories

Featured Articles

How to Automatically Undo Risky Changes in Active Directory
  • Huy Kha | Senior Identity & Security Architect
AD Security 101: GPO Logon Script Security
  • Daniel Petri | Senior Training Manager
AD Security 101: Non-Default Security Principals with DCSync Rights
  • Daniel Petri | Senior Training Manager

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
11 Real-World Risks Hidden in Active Directory Migrations

11 Real-World Risks Hidden in Active Directory Migrations

  • Mike Masciulli
  • Jun 12, 2026

An Active Directory migration and consolidation project is not just a data move. If you carry over legacy delegation mistakes, group nesting, trust relationships, and overprivileged accounts, you simply recreate risky attack paths. Learn how a security-first approach helps you make your new AD environment more secure.

RC4 and AD Migration: Uncover the Break Scenarios Hiding in Your Source Domain

RC4 and AD Migration: Uncover the Break Scenarios Hiding in Your Source Domain

  • Mike Masciulli
  • May 29, 2026

A quiet AD migration can turn into a noisy outage when RC4-dependent accounts fail. Migration services expert Mike Masciulli helps you understand where RC4-related failures hide—and how to find and fix them before cutover.

How to Audit Your Environment for RC4 Encryption

How to Audit Your Environment for RC4 Encryption

  • Guido Grillenmeier and Rich Peckham
  • Mar 30, 2026

Microsoft is deprecating RC4 encryption beginning in April 2026. This post explains the process—and points you to resources that can help.

What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119)

What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119)

  • Andrea Pierini
  • Mar 23, 2026

Learn about the discovery of CVE-2026-26119: why it worked and why you shouldn't underestimate authentication reflection.

When Is WinRM Over HTTP Secure?

When Is WinRM Over HTTP Secure?

  • Andrea Pierini
  • Mar 17, 2026

Is use of the Windows Remote Management (WinRM) protocol over HTTP inherently bad? Take a nuanced look at why "HTTP = insecure" isn't the whole story—and when HTTPS can actually introduce risk.

What You’re Missing: Proper LAN Manager Authentication Levels

What You’re Missing: Proper LAN Manager Authentication Levels

  • Andrea Pierini
  • Mar 11, 2026

One of the most common misconfigurations I encounter in Active Directory environments is a LAN Manager authentication level set to 2 on domain controllers (DCs). If your reason for staying at level 2 is legacy application compatibility, you can move to level 3 today without breaking those applications.

LDAP, LDAPS, and Active Directory

LDAP, LDAPS, and Active Directory

  • Evgenij Smirnov
  • Feb 13, 2026

Almost every AD security assessment, penetration test, or architecture conversation ends up containing the recommendation to “switch from unsecured LDAP to LDAPS” for your Active Directory (AD). Working for a software vendor whose products “do stuff with AD,” I hear the question multiple times a week: “Does your product XY…

25 Years of AD Breaches: Three Moves to Transform Incident Response

25 Years of AD Breaches: Three Moves to Transform Incident Response

  • Semperis
  • Jan 23, 2026

Active Directory is attackers’ favorite path to domain dominance. Learn how mapping your defenses to the NIST Cybersecurity Framework can improve cyber incident response and recovery.