Active Directory Administration Cookbook

Book description

Learn the intricacies of managing Azure AD and Azure AD Connect, as well as Active Directory for administration on cloud and Windows Server 2019

Key Features

  • Expert solutions for the federation, certificates, security, and monitoring with Active Directory
  • Explore Azure AD and AD Connect for effective administration on cloud
  • Automate security tasks using Active Directory and PowerShell

Book Description

Active Directory is an administration system for Windows administrators to automate network, security and access management tasks in the Windows infrastructure.

This book starts off with a detailed focus on forests, domains, trusts, schemas and partitions. Next, you'll learn how to manage domain controllers, organizational units and the default containers.

Going forward, you'll explore managing Active Directory sites as well as identifying and solving replication problems. The next set of chapters covers the different components of Active Directory and discusses the management of users, groups and computers. You'll also work through recipes that help you manage your Active Directory domains, manage user and group objects and computer accounts, expiring group memberships and group Managed Service Accounts (gMSAs) with PowerShell.

You'll understand how to work with Group Policy and how to get the most out of it. The last set of chapters covers federation, security and monitoring. You will also learn about Azure Active Directory and how to integrate on-premises Active Directory with Azure AD. You'll discover how Azure AD Connect synchronization works, which will help you manage Azure AD.

By the end of the book, you have learned about Active Directory and Azure AD in detail.

What you will learn

  • Manage new Active Directory features, such as the Recycle Bin, group Managed Service Accounts, and fine-grained password policies
  • Work with Active Directory from the command line and use Windows PowerShell to automate tasks
  • Create and remove forests, domains, and trusts
  • Create groups, modify group scope and type, and manage memberships
  • Delegate control, view and modify permissions
  • Optimize Active Directory and Azure AD in terms of security

Who this book is for

This book will cater to administrators of existing Active Directory Domain Services environments and/or Azure AD tenants, looking for guidance to optimize their day-to-day effectiveness. Basic networking and Windows Server Operating System knowledge would come in handy.

Downloading the example code for this ebook: You can download the example code files for this ebook on GitHub at the following link: https://github.com/PacktPublishing/Active-Directory-Administration-Cookbook. If you require support please email: customercare@packt.com

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Active Directory Administration Cookbook
  3. About Packt
    1. Why subscribe?
    2. Packt.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Sections
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Get in touch
      1. Reviews
  6. Optimizing Forests, Domains, and Trusts
    1. Choosing between a new domain or forest
      1. Why would you have a new domain?
      2. What are the downsides of a new domain?
      3. Why would you create a new forest?
      4. What are the downsides of a new forest?
    2. Listing the domains in your forest
      1. Getting ready
        1. Installing the Active Directory module for Windows PowerShell on Windows Server
        2. Installing the Active Directory module for Windows PowerShell on Windows
        3. Required permissions
      2. How to do it...
      3. How it works...
    3. Using adprep.exe to prepare for new Active Directory functionality
      1. Getting ready
        1. Required permissions
      2. How to do it...
        1. Preparing the forest
        2. Preparing the forest for RODCs
        3. Preparing the domain
        4. Fixing up Group Policy permissions
        5. Checking the preparation replication
      3. How it works...
      4. There's more...
    4. Raising the domain functional level to Windows Server 2016
      1. Getting ready
        1. Required permissions
      2. How to do it...
      3. How it works...
    5. Raising the forest functional level to Windows Server 2016
      1. Getting ready
        1. Required permissions
      2. How to do it...
      3. How it works...
    6. Creating the right trust
      1. Trust direction
      2. Trust transitivity
      3. One-way or two-way trust
      4. Getting ready
        1. Required permissions
      5. How to do it...
    7. Verifying and resetting a trust
      1. Getting ready
        1. Required permissions
      2. How to do it...
      3. How it works...
    8. Securing a trust
      1. Getting ready
        1. Required permissions
      2. How to do it...
      3. How it works...
      4. There's more...
    9. Extending the schema
      1. Getting ready
        1. Required permissions
      2. How to do it...
      3. There's more...
    10. Enabling the Active Directory Recycle Bin
      1. Getting ready
        1. Required permissions
      2. How to do it...
      3. How it works...
    11. Managing UPN suffixes
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
  7. Managing Domain Controllers
    1. Preparing a Windows Server to become a domain controller
      1. Intending to do the right thing
      2. Dimensioning the servers properly
      3. Preparing the Windows Server installations
      4. Preconfigure the Windows Servers
      5. Document the passwords
    2. Promoting a server to a domain controller
      1. Getting ready
      2. How to do it...
        1. Promoting a domain controller using the wizard
          1. Installing the Active Directory Domain Services role
          2. Promoting the server to a domain controller
        2. Promoting a domain controller using dcpromo.exe
        3. Promoting a domain controller using Windows PowerShell
        4. Checking proper promotion
      3. See also
    3. Promoting a server to a read-only domain controller
      1. Getting ready
      2. How to do it...
        1. Installing the Active Directory Domain Services role
        2. Promoting the server to a read-only domain controller
        3. Promoting a read-only domain controller using dcpromo.exe
        4. Promoting a domain controller using Windows PowerShell
      3. Checking proper promotion
      4. How it works...
      5. See also
    4. Using Install From Media
      1. How to do it...
        1. Creating the IFM package
        2. Leveraging the IFM package
          1. Using the Active Directory Domain Services Configuration Wizard
          2. Using dcpromo.exe
          3. Using the Install-ADDSDomainController PowerShell cmdlet
      2. How it works...
    5. Using domain controller cloning
      1. Getting ready
      2. How to do it...
        1. Making sure all agents and software packages are cloneable
        2. Supplying the information for the new domain controller configuration
        3. Adding the domain controller to the Cloneable Domain Controllers group
        4. Cloning the domain controller from the hypervisor
      3. How it works...
      4. See also
    6. Determining whether a virtual domain controller has a VM-GenerationID
      1. How to do it...
      2. How it works...
    7. Demoting a domain controller
      1. Getting ready
      2. How to do it...
        1. Using the wizard
        2. Using the Active Directory module for Windows PowerShell
      3. How it works...
      4. There's more...
    8. Demoting a domain controller forcefully
      1. How to do it...
        1. Using the Active Directory Domain Services Configuration Wizard
        2. Using manual steps
          1. Performing metadata cleanup
          2. Deleting the domain controller from DNS
          3. Deleting the computer object for the domain controller
          4. Deleting the SYSVOL replication membership
          5. Deleting the domain controller from Active Directory Sites and Services
          6. Deleting an orphaned domain
      2. See also
    9. Inventory domain controllers
      1. How to do it...
        1. Using Active Directory Users and Computers to inventory domain controllers
        2. Using the Active Directory module for Windows PowerShell to inventory domain controllers
    10. Decommissioning a compromised read-only domain controller
      1. How to do it...
      2. How it works...
  8. Managing Active Directory Roles and Features
    1. About FSMO roles
      1. Recommended practices for FSMO roles
    2. Querying FSMO role placement
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Transferring FSMO roles
      1. Getting ready
      2. How to do it...
        1. Transferring FSMO roles using the MMC snap-ins
        2. Transferring FSMO roles using the ntdsutil command-line tool
        3. Transferring FSMO roles using Windows PowerShell
      3. How it works...
    4. Seizing FSMO roles
      1. Getting ready
      2. How to do it...
        1. Seizing FSMO roles using the ntdsutil command-line tool
        2. Seizing FSMO roles using Windows PowerShell
      3. How it works...
    5. Configuring the Primary Domain Controller emulator to synchronize time with a reliable source
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Managing time synchronization for virtual domain controllers
      1. Getting ready
      2. How to do it...
        1. Managing time synchronization for virtual domain controllers running on VMware vSphere
        2. Managing time synchronization for virtual domain controllers running on Microsoft Hyper-V
      3. How it works...
    7. Managing global catalogs
      1. Getting ready
      2. How to do it...
      3. How it works
  9. Managing Containers and Organizational Units
    1. Differences between OUs and containers
      1. Containers
      2. OUs
      3. OUs versus Active Directory domains
    2. Creating an OU
      1. Getting ready
      2. How to do it...
        1. Using the Active Directory Administrative Center
        2. Using the command line
        3. Using Windows PowerShell
      3. How it works...
      4. There's more...
    3. Deleting an OU
      1. Getting ready
      2. How to do it...
        1. Using the Active Directory Administrative Center
        2. Using the command line
        3. Using Windows PowerShell
      3. How it works...
      4. There's more...
    4. Modifying an OU
      1. Getting ready
      2. How to do it...
        1. Using the Active Directory Administrative Center
        2. Using the command line
        3. Using Windows PowerShell
      3. How it works...
      4. There's more...
      5. See also
    5. Delegating control of an OU
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the command line
      3. How it works...
        1. Using the built-in groups
        2. Using delegation of control
      4. See also
    6. Modifying the default location for new user and computer objects
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
  10. Managing Active Directory Sites and Troubleshooting Replication
    1. What do Active Directory sites do?
    2. Recommendations
    3. Creating a site
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. See also
    4. Managing a site
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    5. Managing subnets
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    6. Creating a site link
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    7. Managing a site link
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. See also
    8. Modifying replication settings for an Active Directory site link
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. How it works...
        1. Site-link costs
        2. Site-link replication schedules
      4. See also
    9. Creating a site link bridge
      1. Getting ready
      2. How to do it...
      3. See also
    10. Managing bridgehead servers
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    11. Managing the Inter-site Topology Generation and Knowledge Consistency Checker
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    12. Managing universal group membership caching
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Sites and Services
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    13. Working with repadmin.exe
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    14. Forcing replication
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    15. Managing inbound and outbound replication
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    16. Modifying the tombstone lifetime period
      1. Getting ready
      2. How to do it...
        1. Using ADSI Edit
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    17. Managing strict replication consistency
      1. Getting ready
      2. How to do it...
      3. How it works...
    18. Upgrading SYSVOL replication from File Replication Service to Distributed File System Replication
      1. Getting ready
      2. How to do it...
        1. The initial state
        2. The prepared state
        3. The redirected state
        4. The eliminated state
      3. How it works...
      4. See also
    19. Checking for and remediating lingering objects
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
  11. Managing Active Directory Users
    1. Creating a user
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
      4. There's more...
    2. Deleting a user
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
      4. See also
    3. Modifying several users at once
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using Windows PowerShell
      3. How it works...
      4. There's more...
    4. Moving a user
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
    5. Renaming a user
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
    6. Enabling and disabling a user
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
      4. There's more...
    7. Finding locked-out users
      1. Getting ready
      2. How to do it...
        1. Using the Active Directory Administrative Center
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    8. Unlocking a user
      1. Getting ready
      2. How to do it...
        1. Using the Active Directory Administrative Center
        2. Using Windows PowerShell
    9. Managing userAccountControl
      1. Getting ready
      2. How to do it...
        1. Reading the userAccountControl attribute
          1. Using Active Directory Users and Computers
          2. Using the Active Directory Administrative Center
          3. Using Windows PowerShell
        2. Setting the userAccountControl attribute
          1. Using ADSI Edit
          2. Using Windows PowerShell
      3. How it works...
    10. Using account expiration
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
  12. Managing Active Directory Groups
    1. Creating a group
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
        1. Group scopes
        2. Group types
    2. Deleting a group
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Groups and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
    3. Managing the direct members of a group
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Groups and Computers
        2. Using the Active Directory Administrative Center
        3. Using Windows PowerShell
      3. How it works...
    4. Managing expiring group memberships
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Changing the scope or type of a group
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Groups and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
        1. Group scopes
        2. Group types
    6. Viewing nested group memberships
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Finding empty groups
      1. Getting ready
      2. How to do it...
      3. How it works...
  13. Managing Active Directory Computers
    1. Creating a computer
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
      4. There's more...
    2. Deleting a computer
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using command-line tools
        4. Using Windows PowerShell
      3. How it works...
      4. See also
    3. Joining a computer to the domain
      1. Getting ready
      2. How to do it...
        1. Using the GUI
        2. Using Windows PowerShell
      3. How it works...
      4. There's more...
      5. See also
    4. Renaming a computer
      1. Getting ready
      2. How to do it...
        1. Using the settings app
        2. Using the command line
        3. Using Windows PowerShell
      3. How it works...
      4. There's more...
    5. Testing the secure channel for a computer
      1. Getting ready
      2. How to do it...
        1. Using the command line
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    6. Resetting a computer's secure channel
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using the command line
        4. Using Windows PowerShell
      3. How it works...
    7. Changing the default quota for creating computer objects
      1. Getting ready
      2. How to do it...
        1. Using ADSI Edit
        2. Using Windows PowerShell
      3. How it works...
  14. Getting the Most Out of Group Policy
    1. Creating a Group Policy Object (GPO)
      1. Getting ready
      2. How to do it...
        1. Using the Group Policy Management Console
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    2. Copying a GPO
      1. Getting ready
      2. How to do it...
        1. Using the Group Policy Management Console
        2. Using Windows PowerShell
      3. How it works...
      4. There's more...
    3. Deleting a GPO
      1. Getting ready
      2. How to do it...
        1. Using the Group Policy Management Console
        2. Using Windows PowerShell
      3. How it works...
      4. See also
    4. Modifying the settings of a GPO
      1. Getting ready
      2. How to do it...
      3. How it works...
    5. Assigning scripts
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Installing applications
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Linking a GPO to an OU
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    8. Blocking inheritance of GPOs on an OU
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Enforcing the settings of a GPO Link
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Applying security filters
      1. Getting ready
      2. How to do it...
      3. How it works...
    11. Creating and applying WMI Filters
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    12. Configuring loopback processing
      1. Getting ready
      2. How to do it...
      3. How it works...
    13. Restoring a default GPO
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    14. Creating the Group Policy Central Store
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
  15. Securing Active Directory
    1. Applying fine-grained password and account lockout policies
      1. Getting ready
      2. How to do it...
        1. Using the Active Directory Administrative Center
        2. Using the Active Directory Module for Windows PowerShell
      3. How it works...
      4. There's more...
    2. Backing up and restoring GPOs
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    3. Backing up and restoring Active Directory
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Working with Active Directory snapshots
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    5. Managing the DSRM passwords on domain controllers
      1. Getting ready
      2. How to do it...
      3. How it works...
    6. Implementing LAPS
      1. Getting ready
      2. How to do it...
        1. Implementing LAPS
          1. Extending the schema
          2. Setting permissions
          3. Creating the GPO to install the LAPS Client-side Extensions
          4. Linking the GPO to OUs with devices
        2. Managing passwords
          1. Viewing an administrator password
          2. Resetting an Administrator password
      3. How it works...
      4. See also
    7. Managing deleted objects
      1. Getting ready
      2. How to do it...
        1. Using the Active Directory Administrative Center
        2. Using Windows PowerShell
      3. How it works...
      4. There's more...
      5. See also
    8. Working with group Managed Service Accounts
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    9. Configuring the advanced security audit policy
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Resetting the KRBTGT secret
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    11. Using SCW to secure domain controllers
      1. Getting ready
      2. How to do it
        1. Secure a representative domain controller using SCW
        2. Roll-out the security settings to all domain controllers using Group Policy
      3. How it works...
    12. Leveraging the Protected Users group
      1. Getting ready
      2. How to do it...
        1. Using Active Directory Users and Computers
        2. Using the Active Directory Administrative Center
        3. Using Windows PowerShell
      3. How it works...
    13. Putting authentication policies and authentication policy silos to good use
      1. Getting ready
      2. How to do it...
        1. Enable domain controller support for claims
        2. Enable compound claims on devices in scope for an authentication policy
        3. Create an Authentication Policy
        4. Create an Authentication Policy Silo
        5. Assign the Authentication Policy Silo
      3. How it works...
    14. Configuring Extranet Smart Lock-out
      1. Getting ready
      2. How to do it...
      3. How it works...
  16. Managing Federation
    1. Choosing the right AD FS farm deployment method
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    2. Installing the AD FS server role
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Setting up an AD FS farm with Windows Internal Database
      1. Getting ready
      2. How to do it...
        1. Configuring AD FS
        2. Checking the proper AD FS configuration
      3. How it works...
      4. There's more...
      5. See also
    4. Setting up an AD FS farm with SQL Server
      1. Getting ready
      2. How to do it...
        1. Creating a gMSA
        2. Creating the script
        3. Creating the databases
        4. Configuring AD FS
        5. Checking the proper AD FS configuration
      3. How it works...
      4. There's more...
      5. See also
    5. Adding additional AD FS servers to an AD FS farm
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    6. Removing AD FS servers from an AD FS farm
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    7. Creating a Relying Party Trust (RPT)
      1. Getting ready
      2. How to do it...
      3. How it works...
    8. Deleting an RPT
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Configuring branding
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Setting up a Web Application Proxy
      1. Getting ready
      2. How to do it...
        1. Installing the Web Application Proxy feature
        2. Configuring the Web Application Proxy
        3. Checking the proper Web Application Proxy configuration
      3. How it works...
      4. There's more...
    11. Decommissioning a Web Application Proxy
      1. Getting ready
      2. How to do it...
      3. How it works...
  17. Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and 3SO)
    1. Choosing the right authentication method
      1. Getting ready
      2. How to do it...
      3. How it works...
        1. Active Directory Federation Services or PingFederate
        2. Password Hash Sync
        3. Pass-through authentication
        4. Seamless Single Sign-on
        5. Cloud-only
      4. There's more...
    2. Verifying your DNS domain name
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Implementing Password Hash Sync with Express Settings
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Implementing Pass-through Authentication
      1. Getting ready
      2. How to do it...
        1. Adding the Azure AD Authentication Service to the intranet sites
        2. Configuring Azure AD Connect
      3. How it works...
      4. There's more...
    5. Implementing single sign-on to Office 365 using AD FS
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    6. Managing AD FS with Azure AD Connect
      1. Getting ready
      2. How to do it...
        1. Reset Azure AD trust
        2. Federate an Azure AD domain
        3. Update the AD FS SSL certificate
        4. Deploy an AD FS server
        5. Add a Web Application Proxy server
        6. Verify federated login
      3. How it works...
      4. There's more...
    7. Implementing Azure Traffic Manager for AD FS geo-redundancy
      1. Getting ready
      2. How to do it...
        1. Configuring the Web Application Proxies for probing
        2. Configuring Azure Traffic Manager
        3. Adding DNS records
      3. How it works...
      4. There's more...
    8. Migrating from AD FS to Pass-through Authentication for single sign-on to Office 365
      1. Getting ready
      2. How to do it...
        1. Adding the Azure AD Authentication Service to the intranet sites
        2. Configuring Azure AD Connect
        3. Checking domains in the Azure portal
        4. Disabling federation in Azure AD
        5. Deleting the Office 365 Identity Platform relying party trust
      3. How it works...
      4. There's more...
    9. Making Pass-through Authentication (geo)redundant
      1. Getting ready
      2. How to do it...
        1. Installing and configuring the PTA Agent
        2. Checking proper installation and configuration
      3. How it works...
  18. Handling Synchronization in a Hybrid World (Azure AD Connect)
    1. Choosing the right sourceAnchor
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    2. Configuring staging mode
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    3. Switching to a staging mode server
      1. Getting ready
      2. How to do it...
      3. How it works...
    4. Configuring Domain and OU filtering
      1. Getting ready
      2. How to do it...
        1. Configuring Azure AD Connect initially
        2. Reconfiguring Azure AD Connect
      3. How it works...
    5. Configuring Azure AD app and attribute filtering
      1. Getting ready
      2. How to do it...
        1. Configuring Azure AD Connect initially
        2. Reconfiguring Azure AD Connect
      3. How it works...
    6. Configuring MinSync
      1. Getting ready
      2. How to do it...
        1. Configuring Azure AD Connect initially
        2. Reconfiguring Azure AD Connect
      3. How it works...
    7. Configuring Hybrid Azure AD Join
      1. Getting ready
      2. How to do it...
        1. Adding the Azure AD Device Registration Service to the intranet sites
        2. Distributing Workplace Join for non-Windows 10 computers
        3. Setting the Group Policy to register for down-level Windows devices
        4. Link the Group Policy to the right Organizational Units
        5. Configuring Hybrid Azure AD Join in Azure AD Connect
      3. How it works...
    8. Configuring Device writeback
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Configuring Password writeback
      1. Getting ready
      2. How to do it...
        1. Configuring the proper permissions for Azure AD Connect service accounts
        2. Configuring Azure AD Connect
          1. Configuring Azure AD Connect initially
          2. Reconfiguring Azure AD Connect
      3. How it works...
    10. Configuring Group writeback
      1. Getting ready
      2. How to do it...
        1. Creating the Organizational Unit where groups are to be written back
        2. Configuring Azure AD Connect
          1. Configuring Azure AD Connect initially
          2. Reconfiguring Azure AD Connect
        3. Configuring the proper permissions for Azure AD Connect service accounts
      3. How it works...
    11. Changing the passwords for Azure AD Connects service accounts
      1. Getting ready
      2. How to do it...
        1. Managing the service account connecting to Active Directory
        2. Managing the service account connecting to Azure AD
        3. Managing the computer account for Seamless Single Sign-on
      3. How it works...
        1. The service account running the Azure AD Connect service
        2. The service account connecting to Active Directory
        3. The service account connecting to Azure AD
        4. The computer account for Seamless Single Sign-on
  19. Hardening Azure AD
    1. Setting the contact information
      1. Getting ready
      2. How to do it...
      3. How it works...
    2. Preventing non-privileged users from accessing the Azure portal
      1. Getting ready
      2. How to do it...
      3. How it works...
    3. Viewing all privileged users in Azure AD
      1. Getting ready
      2. How to do it...
        1. Using the Azure AD PowerShell
        2. Using the Azure Cloud Shell
      3. How it works...
    4. Preventing users from registering or consenting to apps
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    5. Preventing users from inviting guests
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Configuring whitelisting or blacklisting for Azure AD B2B
      1. Getting ready
      2. How to do it...
      3. How it works...
    7. Configuring Azure AD Join and Azure AD Registration
      1. Getting ready
      2. How to do it...
        1. Limiting who can join Azure AD devices
        2. Limiting who can register Azure AD devices
        3. Configuring additional administrators
        4. Enabling Enterprise State Roaming
      3. How it works...
      4. See also
    8. Configuring Intune auto-enrollment upon Azure AD Join
      1. Getting ready
      2. How to do it...
      3. How it works...
    9. Configuring baseline policies
      1. Getting ready
      2. How to do it...
      3. How it works...
    10. Configuring Conditional Access
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    11. Accessing Azure AD Connect Health
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    12. Configuring Azure AD Connect Health for AD FS
      1. Getting ready
      2. How to do it...
        1. Downloading the agent
        2. Installing and configuring the agent
        3. Consuming the information in the Azure AD Connect Health dashboard
      3. How it works...
    13. Configuring Azure AD Connect Health for AD DS
      1. Getting ready
      2. How to do it...
        1. Downloading the agent
        2. Installing and configuring the agent
        3. Consuming the information in the Azure AD Connect Health dashboard
      3. How it works...
    14. Configuring Azure AD Privileged Identity Management
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    15. Configuring Azure AD Identity Protection
      1. Getting ready
      2. How to do it...
      3. How it works...
        1. MFA registration
        2. User risk policies
        3. Sign-in risk policies
      4. There's more...
  20. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Active Directory Administration Cookbook
  • Author(s): Sander Berkouwer
  • Release date: May 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781789806984