Subscribe to the Non-Human & AI Identity Journal

Minimum viable AD

Minimum viable AD is the smallest set of directory services, objects, and dependencies needed to restore authentication and critical business operations. It helps teams prioritise recovery under pressure instead of aiming for full restoration first. The goal is controlled service return, not theoretical completeness.

Expanded Definition

Minimum viable AD is the least complex Active Directory state that still restores authentication, group policy, and the directory dependencies required for critical business services. In NHI recovery planning, it is less about rebuilding every object and more about restoring the directory primitives that service accounts, application bindings, and administrative workflows depend on.

Definitions vary across vendors and incident response teams, because some treat minimum viability as a forest-wide recovery target while others focus on a limited set of domain controllers, trust paths, and high-value OUs. The practical distinction is that minimum viable AD is a recovery outcome, not a full redesign, and it must be aligned to service prioritisation, rollback risk, and identity integrity. That makes it closely related to directory recovery, but narrower than broad business continuity planning, and more operational than a standard access governance review. NIST SP 800-53 Rev 5 Security and Privacy Controls is often used to map recovery and access control expectations to concrete safeguards during this phase.

The most common misapplication is treating minimum viable AD as a shortcut to “bring everything back later,” which occurs when teams restore directory services without first identifying the minimum authentication paths needed by critical applications.

Examples and Use Cases

Implementing minimum viable AD rigorously often introduces a tension between speed and completeness, requiring organisations to weigh rapid authentication restoration against the risk of reintroducing compromised objects or broken dependencies.

  • A recovery team restores only the domain controllers, core DNS, and the OUs required for payroll and ERP authentication, while deferring low-priority user populations.
  • Administrators rebuild a limited set of service account groups and Kerberos dependencies so a payment platform can authenticate before the wider forest is fully reconciled.
  • During a ransomware event, responders use the Ultimate Guide to NHIs to prioritise NHI recovery because service accounts outnumbered manually managed human admin accounts across several application tiers.
  • Security teams validate recovery steps against NIST SP 800-53 Rev 5 Security and Privacy Controls to ensure restored access does not bypass least privilege or change control expectations.
  • An organisation restores only the trusts and identity paths needed for a subsidiary to resume operations, while leaving nonessential federation links offline until integrity checks are complete.

Why It Matters in NHI Security

Minimum viable AD matters because directory recovery failures often cascade into NHI outages: service accounts cannot authenticate, automation stops, and critical integrations fail even when servers are online. The blast radius is especially large in environments where long-lived credentials, nested groups, and legacy trusts have accumulated over time. NHIMG research shows that 97% of NHIs carry excessive privileges, which means a rushed rebuild can easily restore dangerous access along with legitimate access if teams do not define a minimal recovery boundary first. The same research also shows 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, reinforcing that directory restoration is a security decision, not only an availability task.

A disciplined minimum viable AD approach supports controlled service return, reduces the chance of reintroducing attacker persistence, and gives incident leaders a workable boundary for validation, rotation, and staged re-enablement. It also helps align recovery sequencing with zero trust expectations rather than assuming the pre-incident directory state should simply be recreated. Organisations typically encounter the need for minimum viable AD only after a domain compromise or ransomware outage, at which point authentication restoration becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-01 Recovery scope and directory dependency control are central to restoring NHIs safely.
NIST CSF 2.0 RC.RP-1 Recovery planning defines how essential services are restored after an incident.
NIST Zero Trust (SP 800-207) Zero Trust recovery requires limiting trust expansion during directory rebuilds.

Prioritise restoration of authentication services needed to resume critical business functions.