Improving AD security and enabling new features
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 93%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Seema Kanwal Gurmani
341
Reputation points
Dear Community,
We are in the process of enabling new security features in our AD environment. We want to enable following:
- Disabling Kerberos Weak Encryption i.e. (DES )
- How to hide sensitive identifiers in Active Directory Object Descriptions
- Enforce LDAP signing by configuring Group Policy settings to require signing and validating it using PowerShell or the GPMC.
- Enabling LAPS - LAPS Local Administrator Password Management
- what are the best practices to do above and what be the side effects when we enable above settings?
Microsoft Security | Active Directory Federation Services
{count} votes
-
Seema Kanwal Gurmani 341 Reputation points
2025-10-31T07:21:45.8833333+00:00 Dear Community,
Can anyone share any updates?
Sign in to comment
Sign in to answer