This document provides a practitioner’s perspective and contains a set of practical techniques to help IT executives protect an enterprise Active Directory® environment. Active Directory plays a critical role in the IT infrastructure, and ensures the harmony and security of different network resources in a global, interconnected environment. The methods discussed are based largely on the Microsoft® Information Security and Risk Management (ISRM) organization’s experience, which is accountable for protecting the assets of Microsoft IT and other Microsoft Business Divisions, in addition to advising a selected number of Microsoft Global 500 customers.
Go get it @ http://www.microsoft.com/en-us/download/details.aspx?id=38785