Active Directory Deployment & RBAC ImplementationÂ
Installed and configured Windows Server 2022 as a Domain Controller. Deployed Active Directory Domain Services (AD DS), created a domain (coreleylab.local), and designed an organizational unit (OU) structure to represent departmental roles. Implemented Role-Based Access Control (RBAC) using security groups, provisioned user accounts and enforced domain-level security policies through Group Policy, including password complexity and account lockout settings.
Simulated a real-world enterprise Active Directory environment aligned with departmental access control and security best practices.
Technologies Used:
Windows Server 2022, Active Directory Domain Services (AD DS), Group Policy(GPO), DNS, Server Manager, Active Directory users and Computers
Key Actions Performed:
✔ Installed Active Directory Domain Services (AD DS) and DNS
✔ Promoted Windows Server 2022 to Domain Controller
✔ Created and configured custom domain (coreleylab.local)
✔ Designed Organizational Unit (OU) structure for departmental roles
✔ Provisioned user accounts and security groups
✔ Implemented Role-Based Access Control (RBAC) using security groups
✔ Configured and enforced security policies using Group Policy (GPO)
Why this project matters:
Active Directory is a core component of enterprise IT environments used to manage user identities, authentication, and access to critical systems. This project demonstrates foundational Identity and Access Management (IAM) skills, including user provisioning, organizational structure design, Role-Based Access Control (RBAC), and centralized security policy enforcement through Group Policy. These capabilities are essential for maintaining secure, scalable, and well-managed enterprise networks.
Lab Evidence
Server Manager Configuration - AD DS and DNS Installed
Organizational Unit (OU) Structure Representing Departmental Roles
Security Groups Configured for RBAC
Users Assigned to Department- Based Security Group (RBAC Implementation)
Group Policy Configuration Enforcing Password Complexity and Account Lockout
Smart Factory Network Segmentation (IT/OT + DMZ Architecture)
Designed and implemented a segmented smart factory network architecture separating enterprise IT systems from operational technology (OT) environments using a DMZ.
Configured controlled communication between enterprise systems and industrial control systems (PLC, SCADA, and monitoring servers) to enforce network security boundaries.
Reduced risk of lateral movement between IT and OT networks by implementing structured segmentation and access control pathways.
TECHNOLOGIES USED:
Network Segmentation, DMZ Architecture, ICS/OT Security, SCADA, PLC, Network Design
Key Actions Performed:
✔ Designed IT, DMZ, and OT network zones
✔ Implemented firewall-controlled communication between network layers
✔ Segmented enterprise IT systems from industrial OT systems
✔ Configured a DMZ to act as a secure intermediary between networks
✔ Defined controlled communication paths between SCADA and PLC systems
✔ Limited direct access to industrial devices to reduce attack surface
✔ Structured network layout to follow real-world manufacturing security practices
Why this project matters:
Network segmentation is a critical security control in industrial and enterprise environments. By separating IT and OT systems, organizations reduce the risk of cyber threats spreading from business networks to critical manufacturing systems.
This project demonstrates an understanding of real-world cybersecurity practices used in smart factories, including DMZ implementation, access control, and protection of industrial control systems (ICS). These concepts are essential for securing modern manufacturing environments.
Lab Evidence:
Network Zone Layout
Network Devices Added
Smart Factory Network Segmentation Architecture (IT/DMZ/OT)