Domain controller (Active Directory)
Overview
Section titled “Overview”Active Directory Domain Services (AD DS) for the core.lef forest and LEF domain.
Entry points
Section titled “Entry points”- AD services (VPN/LAN):
dc.core.lef - Admin workflow: see Identity & server access
Where it runs
Section titled “Where it runs”- Hosted on:
dc.core.lef
Dependencies
Section titled “Dependencies”- VPN/LAN reachability (see VPN access).
- Entra Connect for sync to Microsoft Entra ID (see Entra Connect (AD sync)).
Operational notes
Section titled “Operational notes”Password policy (current)
Section titled “Password policy (current)”- Forced password resets: disabled.
- Minimum length: 12.
- Complexity: enabled.
- MFA: enforced where supported.
- Users can still change passwords in the RDP environment.
Known risks / failure modes
Section titled “Known risks / failure modes”- AD/DNS issues can cascade into widespread login failures.
- Not on VPN → admin access is unreachable.