Active Directory is a large, complex component of your network. Many aspects of this book?such as IP Security, certificates, DNS, and authentication?relate to providing security for Active Directory. Combining those technologies with the security suggestions that are laid out in this chapter will provide a reasonably secure environment for Active Directory.
If you take only one thing from this chapter, remember that the primary mechanisms to secure Active Directory include GPOs, delegation, and administrative privileges. If you apply security in these areas, the majority of the work for locking down Active Directory will be complete.