This document discusses securing Active Directory without spending money. It describes Active Directory and why access control is important. Privilege creep can occur over time as user accounts gain more access to objects like computers, groups and other users. This expands the attack surface for attackers. The document outlines Microsoft's Enhanced Security Administrative Environment (ESAE) solution in 3 stages with 14 steps to better separate administrative duties and limit administrative access. It provides an example of how a breach could occur if an unpatched public web server is compromised, allowing an attacker to gain domain administrator access. The document recommends two initial steps: 1) limit the number of administrative users and 2) create separate administrative accounts to better restrict administrative privileges.