Hello again, world's most sporadic blogger here. A while back, I posted here recommending that people who are interested in admin-free Active Directory stay tuned to this site. The reason for that post was that I'd just learned that we were going to write and publish a document that would include some of the information I'd originally intended to publish here. We published Best Practices for Securing Active Directory (BPSAD) in April of 2013, and if you haven't seen it already, please take a look. It's a long document, but we hope that the content is useful.
Now that the BPSAD has been published and readers have had some time to digest it, I'm planning to produce a post now and then discussing some of the things that are in the document, some of the things that aren't in the document, and our reasons for each. I'd also like to provide related information such as sample approaches to some of the things we recommend in the document. If you're interested in any of those things, please check back here now and again. I can't promise that I'll be posting regularly or frequently, but I will be posting.
Thanks for reading, and I'll be back soon...