Category Archives: Active Directory Security 101

Time to Ignite An Intellectual Spark at Microsoft Ignite 2018!


This week, thousands of IT professionals, managers, CISOs and CIOs are in Orlando, attending, well, Microsoft Ignite 2018 !

Image Courtesy Microsoft. Source:

Now, according to Microsoft's website, Microsoft Ignite has SOLD OUTGreat!  There are 900+ sessions, 100+ instructor-led technology workshops, 60+ Microsoft Immersion workshops, and 50+ hands-on labs with access to expert proctors!

Did I mention that of course, Microsoft's very own experts are also going to be there, and collectively, they covered numerous vital areas such as Securing the Enterprise, Simplified IT Management, Identity‚ Access & Compliance, Enterprise Security etc.

So, with over 1000 sessions, 1000s of attendees, access to "expert proctors", and 100s of Microsoft's very own IT experts, THERE MUST BE AT LEAST ONE PERSON AT MICROSOFT IGNITE who could answer A very SIMPLE QUESTION -

       Question - What's The World's Most Important Active Directory Security Capability?

Now, in case you're wondering why anyone and in fact everyone attending Microsoft Ignite should care about this question, its because in a Microsoft Windows Server based IT Infrastructure, NOT A SINGLE ONE of the numerous vital areas listed above i.e. Securing the Enterprise, Simplified IT Management, Identity‚ Access & Compliance, Enterprise Security etc. etc. can be adequately addressed without FIRST ENSURING THE SECURITY of their foundational Active Directory deployments!

Guess what?!  I'm willing to bet that 99% of experts (let alone attendees) at Microsoft Ignite don't have a clue as to the answer!

Unbelievable, haan?! So much so for a US $ 800 Billion company's  "Sold Out"  IT Conference, where 100s of world renowned IT experts, including Microsoft's finest, were presenting, and where 1000s of IT professionals (including Domain Admins of most Fortune 100 companies) were attending, yet no one likely knows the answer to this most basic of Windows Security questions!

Er, what's that millennial lingo again? Ah yes,  OMG  LOL ROFL !

Doesn't anyone RTM today?  (They don't, and here's likely why.)

On a serious note, if anyone attending Microsoft Ignite 2018 (including Microsoft's own experts) knows the answer to this 1 question, be my guest and answer the question by leaving a comment at the end of that blog post, and you'll earn my respect.

If you don't know the answer, I highly recommend reading, one, two and three, because without knowing the answer to this 1 question (and without possessing this capability,) you cannot secure anything in an Active Directory based Windows network.

Best wishes,

WHAT is the ONE Essential Cyber Security Capability WITHOUT which NOT a single Active Directory object or domain can be adequately secured?


Hello again. Today onwards, as I had promised, it is finally TIME for us to help SAFEGUARD Microsoft's Global Ecosystem.

Before I share how we uniquely do so, or answer this paramount question, or ask more such ones, I thought I'd ask likely the most important question that today DIRECTLY impacts the foundational cyber security of 1000s of organizations worldwide.

Here It Is -
What Is the 1 Essential Cyber Security Capability Without Which NOT a single Active Directory object, domain, forest or deployment can be adequately secured?

A Hint

I'll give you a hint. It controls exactly who is denied and who is granted access to literally everything within Active Directory.

In fact, it comes into play every time anyone accesses anything in any Active Directory domain in any organization worldwide.

Make No Mistake

Make no mistake about it - one simply CANNOT adequately protect anything in any Active Directory WITHOUT possessing this ONE capability, and thus one simply cannot protect the very foundation of an organization's cyber security without possessing this ONE paramount cyber security capability. It unequivocally is as remarkably simple, elemental and fundamental as this.

Only 2 Kinds of Organizations

Thus, today there are only two kinds of organizations worldwide - those that possess this paramount cyber security capability, and those that don't. Those that don't possess this essential capability do not have the means to, and thus cannot adequately protect, their foundational Active Directory deployments, and thus by logic are provably and demonstrably insecure.

If you know the answer, feel free to leave a comment below.
I'll answer this question right here, likely on July 04, 2018.