Securing Active Directory Deep Dive LEVEL 2 (SADDD-L2)

 

Course Overview

In this follow-up to the Master Class Active Directory Security, you will learn everything that could not be discussed in the first course due to time and know-how constraints.

We have added another "spurt" of security topics.

Look forward to a worthy successor to our Master Class Active Directory Security.

Please note:

You can only participate in this follow-up course if you have previously attended the Master Class Active Directory Security with Andy Wendel as trainer.

In the first MasterClass Active Directory Security course, we already covered the most important topics for securing your Active Directory.

Over the last few years, the questions for even deeper topics and approaches have become louder and louder in our courses.

Here comes our answer.

Three days of intensive Active Directory security topics.

Look forward to the successor.

We promise: Our best know-how for you and your day-to-day work from our most experienced trainers and consultants.

Who should attend

This course is designed for experienced system administrators, consultants and Active Directory designers. After this seminar, you will be able to design, implement and consult on Active Directory in a highly secure manner.

Prerequisites

At least 5 years of experience with Active Directory and client systems

Prior attendance of the Securing Active Directory Deep Dive (SADDD) course is REQUIRED AND must be verified.

Course Objectives

In this master class course LEVEL 2, the topic of Active Directory security is once again immensely deepened.

Want to make your crown jewels even more secure?

Is your environment critical or are you in the "SupplyChain"?

Or are you even bound to secrecy?

No problem: We will show you how to secure your environment extremely.

After more than 100 trainings in this area, this course was created as a worthy successor to the well-known and highly booked MasterClass Active Directory Security.

That's why: Understand, harden and monitor so you can sleep better.

Course Content

  • Review of best practices from the MasterClass Securing Active Directory FastPass.
  • LAPS for domain controllers - does NOT work - but it does!
    We show you how to secure the DSRM password rolling and encrypted incl. password history!
  • DSRM-User: From emergency administrator to domain admin:
    What a simple registry hack can do and what you should do about it...
  • Unified Write Filter - a completely unknown solution for Windows 10/11 clients: Kiosk mode for professionals and for Privileged Admin Workstation - PAWs with "sheriff cards")
  • Multi-tenant Active Directory - how to hide organizational units (Ous) for administrators who should not see them: Object List
    No one dares to do it - how to show you how to do it and how the pros do it!
  • MBAM & Bitlocker: Bitlocker on Steroids
    Microsoft BitLocker Administration and Monitoring 2.5 - even if the extended support ends in 2026 - MBAM is absolutely worth a look!
  • Hiding TIER-0 admins via Powershell
    What I can't see, I can't attack....
    How to hide your crown jewels...
  • Bloodhound: Hunting for Privileges
    Install and use Bloodhound - let's hunt for privileges!
  • PAM feature with Server 2016: JEA & JIT
    Just enough Administration with JustInTime Administration
    With Server 2016 came - for most undiscovered - the PAM feature:
    Privileged Access Management for Users: Time-to-Live for Administrators who manage the Tickets
  • When it should be less:
    Authentication Silos & Authentication Policies
    Who, How, Where, and When...
  • Build, maintain and administer tier models en detail
    Tier and ESAE model in practice.
  • Windows Defender for Identity
  • Lithnet Active Directory Password Protection
  • DNS-SEC - Run DNS in a highly secure way
    Trust-Anchors
    DNS over https ( DoH )
  • SMB encryption AES 256
    Operate SMB highly secure
  • UNC Hardening
  • From DNS-Admin to DomainAdmin
    How to go from small to big...
  • LocalAccountTokenFilterPolicy
  • LDAP-S, signing and channel binding
    What exactly is it about and why LDAP-S is not LDAP-signing...
  • LDAP-S and SSL V2, V3 and TLS V1 - what then now
    LDAP-S en detail
  • "Notes from the field - our experience from 10 years of hardening Active Directory
    • LAPS
    • Protected Users
    • KRBTGT Reset
    • PingCastle
  • Questions from the participants

Prices & Delivery methods

Online Training

Duration
3 days

Price (excl. tax)
  • 3,800.— €
Classroom Training

Duration
3 days

Price (excl. tax)
  • Germany: 3,800.— €

Schedule

Guaranteed date:   The course is guaranteed to run regardless of the number of participants. This excludes unforeseeable events (e.g. accident, illness of the trainer) which make it impossible to carry out the course.
Instructor-led Online Training:   Course conducted online in a virtual classroom.

English

Time zone: Central European Time (CET)   ±1 hour

Online Training Time zone: Central European Time (CET)
Online Training Time zone: Central European Summer Time (CEST) Guaranteed date!
Online Training Time zone: Central European Summer Time (CEST)
Online Training Time zone: Central European Summer Time (CEST)
Online Training Time zone: Central European Time (CET)

Germany

Berlin
Hamburg
Frankfurt
Munich