AD Deep Dive: In Practice
RCCE students will learn Active Directory security including AD architecture, authentication protocols (Kerberos, NTLM), group policy security, trust relationships, privilege escalation paths, and AD attack detection. RCCE students will learn to assess Active Directory environments for security weaknesses, identify misconfigured permissions, detect Kerberoasting, AS-REP roasting, DCSync, Golden Ticket, and Silver Ticket attacks, implement tiered administration models, configure AD security monitoring with Windows event logs, harden group policy configurations, clean up stale accounts and excessive permissions, and respond to AD compromise with containment and recovery procedures. This deep-dive course provides comprehensive technical coverage that goes beyond surface-level understanding. At an expert level, RCCE students will learn to master the nuances, edge cases, and advanced configurations that separate competent practitioners from true experts. Students will engage with complex real-world scenarios and gain the depth of knowledge required to troubleshoot difficult situations, mentor junior team members, and make architectural decisions with confidence.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing AD Deep Dive: In Practice
- Execute hands-on tasks for ad deep dive: in practice
- Execute hands-on tasks for learning objectives
- Explain Active Directory Architecture Overview fundamentals
- Execute hands-on tasks for core components
- Execute hands-on tasks for directory services — covering Domain Controllers (DCs).
- Design a scalable privilege management architecture with policy and enforcement, including LDAP query protocol (389/636).
- Execute hands-on tasks for ad logical structure — covering Forest.
- Execute hands-on tasks for unique namespace (dns) — covering Delegation of admin rights.
- Execute hands-on tasks for sites & subnets
- Execute hands-on tasks for domain controllers — covering to physical network topology, FSMO role holders (5 roles).
- Execute hands-on tasks for replication topology — covering KCC auto-generates intra-site topology using ring structure.
- Execute hands-on tasks for database structure
| Module 01 | AD Deep Dive: In Practice |
| Module 02 | Learning Objectives |
| Module 03 | Active Directory Architecture Overview |
| Module 04 | Core Components |
| Module 05 | Directory Services |
| Module 06 | Architecture Decision Points |
| Module 07 | AD Logical Structure |
| Module 08 | Unique namespace (DNS) |
| Module 09 | Sites & Subnets |
| Module 10 | Domain Controllers |
| Module 11 | Replication Topology |
| Module 12 | Database Structure |
| Module 13 | Security Implications |
| Module 14 | Kerberos Authentication Protocol |
All hands-on labs run on Rocheston Rose X OS. Students practice ad deep dive: in practice by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for ad deep dive: in practice
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Explain Active Directory Architecture Overview fundamentals
- Lab 4: Execute hands-on tasks for core components
- Lab 5: Execute hands-on tasks for directory services
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for AD Deep Dive: In Practice, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI