Active Directory security has come to the forefront in the past few years, with more research & conference talks covering the issues. Many organizations have moved through the standard steps of limiting what accounts have administrative rights, configuring security tools, & optimizing visibility in their SIEM. So, what's next? This talk is focused on the items that greatly improve enterprise security that are the next steps that should be done (beyond the basics), & why they should, which often aren't. The action items required to consider an AD environment as "secure" are clearly outlined and identified. Visiting ADSecurity.org is only the beginning... :)