book

Active Directory Administration Cookbook, Second Edition - Second Edition

Name: Active Directory Administration Cookbook, Second Edition - Second Edition
Author: Sander Berkouwer
ISBN: 9781803242507

by Sander Berkouwer

July 2022

Intermediate to advanced

696 pages

13h 30m

English

Packt Publishing

Read now

Unlock full access

Active Directory Administration Cookbook Second Edition
ContributorsAbout the authorAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesCode in ActionDownload the color imagesConventions usedGet in touchShare Your Thoughts
Chapter 1: Optimizing Forests, Domains, and Trusts
Choosing between a new domain or forestWhy would you have a new domain?What are the downsides of a new domain?Why would you create a new forest?What are the downsides of a new forest?Listing the domains in your forestGetting readyHow to do it...How it works...Using adprep.exe to prepare for new Active Directory functionalityGetting readyHow to do it...How it works...There's more...Raising the domain functional level to Windows Server 2016Getting readyHow to do it...How it works...Raising the forest functional level to Windows Server 2016Getting readyHow to do it...How it works...Creating the right trustTrust directionTrust transitivityOne-way or two-way trustGetting readyHow to do it...See alsoRemoving a trustGetting readyHow to do it...How it works...Verifying and resetting a trustGetting readyHow to do it...How it works...Securing a trustGetting readyHow to do it...How it works...There's more...Extending the schemaGetting readyHow to do it...There's more...Enabling the Active Directory Recycle BinGetting readyHow to do it...How it works...Managing UPN suffixesGetting readyHow to do it...How it works...There's more...
Chapter 2: Managing Domain Controllers
Preparing a Windows server to become a domain controllerIntending to do the right thingDimensioning the servers properlyPreparing the Windows Server installationsPreconfiguring the Windows serversDocumenting the passwordsSee alsoPromoting a server to a domain controllerGetting readyHow to do it...See alsoPromoting a server to a read-only domain controllerGetting readyHow to do it...Checking proper promotionHow it works...See alsoUsing Install From MediaGetting readyHow to do it...How it works...Using domain controller cloningGetting readyHow to do it...How it works...See alsoDetermining whether a virtual domain controller has a VM-GenerationIDHow to do it...How it works...Demoting a domain controllerGetting readyHow to do it...How it works...There's more...Demoting a domain controller forcefullyGetting readyHow to do it...See alsoInventory domain controllersHow to do it...Decommissioning a compromised read-only domain controllerHow to do it...How it works...
Chapter 3: Managing Active Directory Roles and Features
About FSMO rolesRecommended practices for FSMO rolesQuerying FSMO role placementGetting readyHow to do it...How it works...Transferring FSMO rolesGetting readyHow to do it...How it works...Seizing FSMO rolesGetting readyHow to do it...How it works...Configuring the PDC Emulator to synchronize time with a reliable sourceGetting readyHow to do it...How it works...Managing time synchronization for virtual domain controllersGetting readyHow to do it...How it works...Managing global catalogsGetting readyHow to do it...How it works
Chapter 4: Managing Containers and Organizational Units
Differences between OUs and containersContainersOUsOUs versus Active Directory domainsCreating an OUGetting readyHow to do it...How it works...There's more...Deleting an OUGetting readyHow to do it...How it works...There's more...Modifying an OUGetting readyHow to do it...How it works...There's more...See alsoDelegating control of an OUGetting readyHow to do it...How it works...See alsoModifying the default location for new user and computer objectsGetting readyHow to do it...How it works...See also
Chapter 5: Managing Active Directory Sites and Troubleshooting Replication
What do Active Directory sites do?RecommendationsCreating a siteGetting readyHow to do it...See alsoManaging a siteGetting readyHow to do it...How it works...See alsoManaging subnetsGetting readyHow to do it...How it works...See alsoCreating a site linkGetting readyHow to do it...How it works...See alsoManaging a site linkGetting readyHow to do it...See alsoModifying replication settings for an Active Directory site linkGetting readyHow to do it...How it works...See alsoCreating a site link bridgeGetting readyHow to do it...See alsoManaging bridgehead serversGetting readyHow to do it...How it works...See alsoManaging the ISTG and KCCGetting readyHow to do it...How it works...See alsoManaging UGMCGetting readyHow to do it...How it works...See alsoWorking with repadmin.exeGetting readyHow to do it...How it works...See alsoForcing replicationGetting readyHow to do it...How it works…See alsoManaging inbound and outbound replicationGetting readyHow to do it...How it works...There's more...See alsoModifying the tombstone lifetime periodGetting readyHow to do it...How it works...See alsoManaging strict replication consistencyGetting readyHow to do it...How it works...Upgrading SYSVOL replication from FRS to DFSRGetting readyHow to do it...How it works...See alsoChecking for and remediating lingering objectsGetting readyHow to do it...How it works...See also
Chapter 6: Managing Active Directory Users
Creating a userGetting readyHow to do it...How it works...There's more...Deleting a userGetting readyHow to do it...How it works...See alsoModifying several users at onceGetting readyHow to do it...How it works...There's more...Moving a userGetting readyHow to do it...How it works...Renaming a userGetting readyHow to do it...How it works...Enabling and disabling a userGetting readyHow to do it...How it works...There's more...Finding locked-out usersGetting readyHow to do it...How it works...See alsoUnlocking a userGetting readyHow to do it...Managing userAccountControlGetting readyHow to do it...How it works...Using account expirationGetting readyHow to do it...How it works...
Chapter 7: Managing Active Directory Groups
Creating a groupGetting readyHow to do it...How it works...Deleting a groupGetting readyHow to do it...How it works...Managing the direct members of a groupGetting readyHow to do it...How it works...Managing expiring group membershipsGetting readyHow to do it...How it works...Changing the scope or type of a groupGetting readyHow to do it...How it works...See also…Viewing nested group membershipsGetting readyHow to do it...How it works...Finding empty groupsGetting readyHow to do it...How it works...
Chapter 8: Managing Active Directory Computers
Creating a computerGetting readyHow to do it...How it works...There's more...Deleting a computerGetting readyHow to do it...How it works...See alsoJoining a computer to the domainGetting readyHow to do it...How it works...There's more...See alsoRenaming a computerGetting readyHow to do it...How it works...There's more...Testing the secure channel for a computerGetting readyHow to do it...How it works...See alsoResetting a computer's secure channelGetting readyHow to do it...How it works...Getting readyHow to do it...How it works...

Chapter 9: Managing DNS
Managing the DNS server role on domain controllersGetting readyHow to do it…How it works…See alsoCreating a DNS zoneGetting readyHow to do it…How it works…Managing the DNS zone propertiesGetting readyHow to do it…How it works…Deleting a DNS zoneGetting readyHow to do it…How it works…Creating a DNS recordGetting readyHow to do it…How it works…Deleting a DNS recordGetting readyHow to do it…How it works…Verifying the domain controller SRV DNS records Getting readyHow to do it…How it works…Creating a DNS conditional forwarderGetting readyHow to do it...How it works…See also
Chapter 10: Getting the Most Out of Group Policy
Creating a GPOGetting readyHow to do it...How it works...See alsoCopying a GPOGetting readyHow to do it...How it works...There's more...Deleting a GPOGetting readyHow to do it...How it works...See alsoModifying the settings of a GPOGetting readyHow to do it...How it works...Assigning scriptsGetting readyHow to do it...How it works...Installing applicationsGetting readyHow to do it...How it works...Linking a GPO to an OUGetting readyHow to do it...How it works...There's more...Blocking inheritance of GPOs on an OUGetting readyHow to do it...How it works...Enforcing the settings of a GPO LinkGetting readyHow to do it...How it works...Applying security filtersGetting readyHow to do it...How it works...Creating and applying WMI filtersGetting readyHow to do it...How it works...There's more...Refreshing GPO settingsGetting readyHow to do it…How it works…Configuring loopback processingGetting readyHow to do it...How it works...Restoring a default GPOGetting readyHow to do it...How it works...There's more...Creating the Group Policy Central StoreGetting readyHow to do it...How it works...There's more...
Chapter 11: Securing Active Directory
Applying fine-grained password and account lockout policiesGetting readyHow to do it...How it works...There's more...Backing up and restoring GPOsGetting readyHow to do it...How it works...There's more...Backing up and restoring Active DirectoryGetting readyHow to do it...How it works...See also…Working with Active Directory snapshotsGetting readyHow to do it...How it works...There's more...See alsoManaging the DSRM passwords on domain controllersGetting readyHow to do it...How it works...Protecting important objects from accidental deletion Getting readyHow to do it…How it works…There's more…Implementing LAPSGetting readyHow to do it...How it works...See alsoManaging deleted objectsGetting readyHow to do it...How it works...There's more...See alsoWorking with gMSAsGetting readyHow to do it...How it works...There's more...Configuring diagnostic loggingGetting readyHow to do it…How it works…Configuring the advanced security audit policyGetting readyHow to do it...How it works...Resetting the KRBTGT secretGetting readyHow to do it...How it works...There's more...Using the SCW to secure domain controllersGetting readyHow to do itHow it works...Leveraging the Protected Users groupGetting readyHow to do it...How it works...See alsoPutting authentication policies and authentication policy silos to good useGetting readyHow to do it...How it works...Configuring Extranet Smart LockoutGetting readyHow to do it...How it works...
Chapter 12: Managing Certificates
Deciding between your own CA and a public CAHow to do it…How it works…See alsoThere's more…Setting up a CAGetting readyHow to do it…How it works…There's more…Setting up an online responderGetting readyHow to do it…How it works…See alsoRemoving a certificate templateGetting readyHow to do it…How it works…Duplicating and editing a certificate templateGetting readyHow to do it…How it works…Requesting a web server certificateGetting readyHow to do it…How it works…See alsoIssuing domain controller certificatesGetting readyHow to do it…How it works…Managing certificate autoenrollmentGetting readyHow to do it…How it works…See alsoRevoking a certificateGetting readyHow to do it…How it works…Decommissioning a CAGetting readyHow to do it…How it works…
Chapter 13: Managing Federation
Choosing the right AD FS farm deployment methodGetting readyHow to do it...How it works...There's more...See alsoInstalling the AD FS server roleGetting readyHow to do it...How it works...Setting up an AD FS farm with WIDGetting readyHow to do it...How it works...There's more...See alsoSetting up an AD FS farm with SQL ServerGetting readyHow to do it...How it works...There's more...See alsoAdding additional AD FS servers to an AD FS farmGetting readyHow to do it...How it works...Removing AD FS servers from an AD FS farmGetting readyHow to do it...How it works...There's more...Creating an RPTGetting readyHow to do it...How it works...Deleting an RPTGetting readyHow to do it...How it works...Configuring brandingGetting readyHow to do it...How it works...Migrating a WID-based AD FS farm to an SQL ServerGetting readyHow to do it...How it works…Setting up a WAPGetting readyHow to do it...How it works...There's more...Decommissioning a WAPGetting readyHow to do it...How it works...
Chapter 14: Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and DSSO)
Choosing the right authentication methodGetting readyHow to do it...How it works...There's more...Signing up for Azure ADGetting readyHow to do itHow it works…Verifying your DNS domain nameGetting readyHow to do it...How it works...Implementing PHS with Express SettingsGetting readyHow to do it...How it works...Implementing PTA and Seamless SSOGetting readyHow to do it...How it works...There's more...Implementing SSO using AD FSGetting readyHow to do it...How it works...There's more...Managing AD FS with Azure AD ConnectGetting readyHow to do it...How it works...Implementing Azure Traffic Manager for AD FS geo-redundancyGetting readyHow to do it...How it works...There's more...Migrating from AD FS to PTA for SSO to Office 365Getting readyHow to do it...How it works...There's more...Making PTA (geo)redundantGetting readyHow to do it...How it works...
Chapter 15: Handling Synchronization in a Hybrid World (Azure AD Connect)
Choosing the right source anchor attribute for user objectsGetting readyHow to do it...How it works...There's more...Configuring staging modeGetting readyHow to do it...How it works...See alsoSwitching to a staging-mode serverGetting readyHow to do it...How it works...Configuring domain and OU filteringGetting readyHow to do it...How it works...Configuring Azure AD app and attribute filteringGetting readyHow to do it...How it works...Configuring hybrid Azure AD joinGetting readyHow to do it...How it works...Configuring device writebackGetting readyHow to do it...How it works...Configuring password writebackGetting readyHow to do it...How it works...Configuring group writebackGetting readyHow to do it...How it works...Changing passwords for Azure AD Connect service accountsGetting readyHow to do it...How it works...
Chapter 16: Hardening Azure AD
Setting contact informationGetting readyHow to do it...How it works...See alsoPreventing non-privileged users from accessing the Azure portalGetting readyHow to do it...How it works...Viewing all privileged users in Azure ADGetting readyHow to do it...How it works...Preventing users from registering or consenting to appsGetting readyHow to do it...How it works...Preventing users from inviting guestsGetting readyHow to do it...How it works...There's more...See alsoAllowing and blocking invitations for Azure AD B2BGetting readyHow to do it...How it works...Configuring Azure AD join and Azure AD registrationGetting readyHow to do it...How it works...See alsoConfiguring Intune auto-enrollment upon Azure AD joinGetting readyHow to do it...How it works...Choosing between Security defaults and Conditional AccessGetting readyHow to do it...How it works…Configuring Conditional AccessGetting readyHow to do it...How it works...See alsoAccessing Azure AD Connect HealthGetting readyHow to do it...How it works...There's more...Configuring Azure AD Connect Health for AD FSGetting readyHow to do it...How it works...There's more…Configuring Azure AD Connect Health for AD DSGetting readyHow to do it...How it works...Configuring Azure AD PIMGetting readyHow to do it...How it works...Configuring Azure AD Identity ProtectionGetting readyHow to do it...How it works...Implementing Defender for IdentityGetting readyHow to do it…How it works…
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Overview

Master the complexities of Active Directory with the 'Active Directory Administration Cookbook, Second Edition.' This comprehensive guide provides clear, expert solutions for managing identity, authentication, and security across on-premises and cloud environments, empowering you to streamline and secure your Windows infrastructure.

What this Book will help me do

Understand and implement advanced Active Directory features such as forests, domains, and trusts.
Automate Active Directory tasks efficiently using PowerShell scripts.
Optimize security by managing certificates, group policies, and fine-grained password policies.
Integrate and manage Azure Active Directory with on-premises directories.
Troubleshoot replication and domain controller management effectively.

Author(s)

Sander Berkouwer is a recognized Microsoft MVP and technical expert specializing in identity, security, and networking solutions. With years of experience deploying and managing Active Directory environments, Sander shares actionable insights and practical techniques in this book.

Who is it for?

This book is ideal for IT administrators and professionals managing or working with Active Directory in on-premises or hybrid environments. Readers should have basic knowledge of networking and Windows Server. It effectively caters to those seeking to enhance their Active Directory administration skills and automate workflows.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Active Directory Administration Cookbook

Publisher Resources

ISBN: 9781803242507

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills