configuring-active-directory-tiered-model

star 2

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative f

oyi77 By oyi77 schedule Updated 6/8/2026
play_arrow Run Skill in Manus View GitHub

name: configuring-active-directory-tiered-model description: Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative f domain: cybersecurity subdomain: identity-access-management tags:

  • iam
  • identity
  • access-control
  • active-directory
  • tiered-model
  • paw
  • esae version: '1.0' author: mahipal license: Apache-2.0 nist_csf:
  • PR.AA-01
  • PR.AA-02
  • PR.AA-05
  • PR.AA-06

Configuring Active Directory Tiered Model

Overview

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative forest design, authentication policy silos, and credential theft mitigation.

When to Use

  • When deploying or configuring configuring active directory tiered model capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Familiarity with identity access management concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Objectives

  • Implement comprehensive configuring active directory tiered model capability
  • Establish automated discovery and monitoring processes
  • Integrate with enterprise IAM and security tools
  • Generate compliance-ready documentation and reports
  • Align with NIST 800-53 access control requirements

Security Controls

Control NIST 800-53 Description
Account Management AC-2 Lifecycle management
Access Enforcement AC-3 Policy-based access control
Least Privilege AC-6 Minimum necessary permissions
Audit Logging AU-3 Authentication and access events
Identification IA-2 User and service identification

Verification

  • Implementation tested in non-production environment
  • Security policies configured and enforced
  • Audit logging enabled and forwarding to SIEM
  • Documentation and runbooks complete
  • Compliance evidence generated

When NOT to Use

  • You need to implement from scratch (use implementing-* skills)
  • Task is about testing the configuration (use performing-* skills)
  • You need to analyze misconfigurations (use analyzing-* skills)
  • Task is about building automation (use building-* skills)
  • You don't have admin access to the system
  • Task requires vendor professional services

Red Flags

  • Performing actions without explicit written authorization from the asset owner
  • Testing against production systems without a defined scope and rules of engagement
  • Treating compliance checklists as security guarantees rather than minimum baselines
  • Failing to document exceptions and risk acceptance decisions
  • Relying on point-in-time audits instead of continuous monitoring

Process

  1. Analyze the task requirements
  2. Apply domain expertise
  3. Verify output quality
Install via CLI
npx skills add https://github.com/oyi77/1ai-skills --skill configuring-active-directory-tiered-model
Repository Details
star Stars 2
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
oyi77
oyi77 Explore all skills →