--- name: configuring-active-directory-tiered-model description: Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative f domain: cybersecurity subdomain: identity-access-management tags: [iam, identity, access-control, active-directory, tiered-model, paw, esae] version: "1.0" author: mahipal license: MIT --- # Configuring Active Directory Tiered Model ## Overview Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative forest design, authentication policy silos, and credential theft mitigation. ## Objectives - Implement comprehensive configuring active directory tiered model capability - Establish automated discovery and monitoring processes - Integrate with enterprise IAM and security tools - Generate compliance-ready documentation and reports - Align with NIST 800-53 access control requirements ## Security Controls | Control | NIST 800-53 | Description | |---------|-------------|-------------| | Account Management | AC-2 | Lifecycle management | | Access Enforcement | AC-3 | Policy-based access control | | Least Privilege | AC-6 | Minimum necessary permissions | | Audit Logging | AU-3 | Authentication and access events | | Identification | IA-2 | User and service identification | ## Verification - [ ] Implementation tested in non-production environment - [ ] Security policies configured and enforced - [ ] Audit logging enabled and forwarding to SIEM - [ ] Documentation and runbooks complete - [ ] Compliance evidence generated