I’ve been recently doing a bit of reading regarding corporate domain security and I came across this short but detailed Microsoft Article that references some best practices.
One interesting thing that I came across and it might already be common knowledge is the recommendation to enable BitLocker on Domain Controllers.
I figure if anybody is looking at working on their homelab and building skills, you might as well start off with good/best practices which would follow you from the homelab to the corporate world.
The article also has links that open up further security documents such as Administering security policy settings, Avenues to Compromise and configuration of firewall for AD Domains and Trusts.
As I continue to review and read more into these, I wanted to share this link in case anybody else has an interest in this topic.