Active Directory Tiered Model

v20260317

configuring-active-directory-tiered-model

Implements Microsoft’s Enhanced Security Admin Environment (ESAE) tiered Active Directory administration model, covering Tier 0/1/2 separation, privileged access workstations, administrative forest design, authentication policy silos, and credential theft mitigation for enterprise IAM assurance.

IAM Identity Access-Control Active-Directory Tiered-Model PAW ESAE Security

Get Skill

318 downloads

Overview

Configuring Active Directory Tiered Model

Overview

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative forest design, authentication policy silos, and credential theft mitigation.

Objectives

Implement comprehensive configuring active directory tiered model capability
Establish automated discovery and monitoring processes
Integrate with enterprise IAM and security tools
Generate compliance-ready documentation and reports
Align with NIST 800-53 access control requirements

Security Controls

Control	NIST 800-53	Description
Account Management	AC-2	Lifecycle management
Access Enforcement	AC-3	Policy-based access control
Least Privilege	AC-6	Minimum necessary permissions
Audit Logging	AU-3	Authentication and access events
Identification	IA-2	User and service identification

Verification

Implementation tested in non-production environment
Security policies configured and enforced
Audit logging enabled and forwarding to SIEM
Documentation and runbooks complete
Compliance evidence generated

Info

Category Development

Name configuring-active-directory-tiered-model

Version v20260317

Size 8.14KB

Source mukul975/Anthropic-Cybersecurity-Skills

Updated At 2026-03-18