AD Architecture Patterns: Field Guide
RCCE students will learn Active Directory security including AD architecture, authentication protocols (Kerberos, NTLM), group policy security, trust relationships, privilege escalation paths, and AD attack detection. RCCE students will learn to assess Active Directory environments for security weaknesses, identify misconfigured permissions, detect Kerberoasting, AS-REP roasting, DCSync, Golden Ticket, and Silver Ticket attacks, implement tiered administration models, configure AD security monitoring with Windows event logs, harden group policy configurations, clean up stale accounts and excessive permissions, and respond to AD compromise with containment and recovery procedures. This architecture course teaches secure system design using proven patterns, guardrails, and reference architectures. At an expert level, RCCE students will learn to evaluate design options against security requirements, make informed trade-off decisions, and build systems that are resilient by design. Students gain the architectural thinking skills needed for security engineering and solution design roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing AD Architecture Patterns: Field Guide
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for field guide
- Explain Module Overview & Objectives fundamentals
- Design a scalable privilege management architecture with policy and enforcement, including Evaluate AD design against security needs, and Apply tiered admin models at scale.
- Design a scalable privilege management architecture with policy and enforcement, including Apply tiered admin models at scale.
- Execute hands-on tasks for threat & defense — covering Kerberoasting & ticket attacks, Prevent DCSync and lateral movement.
- Execute hands-on tasks for detect kerberoasting & ticket attacks — covering Prevent DCSync and lateral movement.
- Execute hands-on tasks for operations & recovery — covering Clean stale accounts & permissions, with Windows event logs.
- Execute hands-on tasks for architectural thinking — covering Make informed trade-off decisions, Build systems resilient by design.
- Execute hands-on tasks for active directory core components
- Execute hands-on tasks for domain controllers
- Execute hands-on tasks for forest & domains
| Module 01 | AD Architecture Patterns |
| Module 02 | Field Guide |
| Module 03 | Module Overview & Objectives |
| Module 04 | Architecture Mastery |
| Module 05 | Evaluate AD design against security needs |
| Module 06 | Threat & Defense |
| Module 07 | Detect Kerberoasting & ticket attacks |
| Module 08 | Operations & Recovery |
| Module 09 | Architectural Thinking |
| Module 10 | Active Directory Core Components |
| Module 11 | Domain Controllers |
| Module 12 | Forest & Domains |
| Module 13 | Organizational Units |
| Module 14 | FSMO Roles |
All hands-on labs run on Rocheston Rose X OS. Students practice ad architecture patterns: field guide by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Design a scalable privilege management architecture with policy and enforcement
- Lab 2: Execute hands-on tasks for field guide
- Lab 3: Explain Module Overview & Objectives fundamentals
- Lab 4: Design a scalable privilege management architecture with policy and enforcement
- Lab 5: Design a scalable privilege management architecture with policy and enforcement
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for AD Architecture Patterns: Field Guide, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI