AD Troubleshooting
RCCE students will learn Active Directory security including AD architecture, authentication protocols (Kerberos, NTLM), group policy security, trust relationships, privilege escalation paths, and AD attack detection. RCCE students will learn to assess Active Directory environments for security weaknesses, identify misconfigured permissions, detect Kerberoasting, AS-REP roasting, DCSync, Golden Ticket, and Silver Ticket attacks, implement tiered administration models, configure AD security monitoring with Windows event logs, harden group policy configurations, clean up stale accounts and excessive permissions, and respond to AD compromise with containment and recovery procedures. This diagnostic course focuses on identifying, analyzing, and resolving common failures, misconfigurations, and operational issues. Building on core knowledge, RCCE students will learn systematic troubleshooting methodologies that accelerate root-cause analysis and minimize downtime. Students work through realistic break-fix scenarios that build the diagnostic confidence needed for high-pressure production environments.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing AD Troubleshooting
- Execute hands-on tasks for diagnosing, analyzing & resolving active directory failures
- Execute hands-on tasks for 6 credit hours
- Explain Course Overview fundamentals
- Execute hands-on tasks for module focus
- Execute hands-on tasks for learning outcomes — covering Prerequisites.
- Execute hands-on tasks for detect and respond to ad attacks — covering Prerequisites.
- Explain AD Architecture Foundations fundamentals
- Execute hands-on tasks for logical components
- Execute hands-on tasks for physical components
- Execute hands-on tasks for core services — covering Forest, trees, and domains, Domain controllers (DCs).
- Execute hands-on tasks for schema master
- Execute hands-on tasks for domain naming
| Module 01 | Diagnosing, Analyzing & Resolving Active Directory Failures |
| Module 02 | 6 Credit Hours |
| Module 03 | Course Overview |
| Module 04 | Module Focus |
| Module 05 | Learning Outcomes |
| Module 06 | Detect and respond to AD attacks |
| Module 07 | AD Architecture Foundations |
| Module 08 | Logical Components |
| Module 09 | Physical Components |
| Module 10 | Core Services |
| Module 11 | Schema Master |
| Module 12 | Domain Naming |
| Module 13 | Kerberos Authentication Flow |
| Module 14 | NTLM Authentication |
All hands-on labs run on Rocheston Rose X OS. Students practice ad troubleshooting by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for diagnosing, analyzing & resolving active directory failures
- Lab 2: Execute hands-on tasks for 6 credit hours
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for module focus
- Lab 5: Execute hands-on tasks for learning outcomes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for AD Troubleshooting, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI