Book description
Simplified actionable recipes for managing Active Directory and Azure AD, as well as Azure AD Connect, for administration on-premise and in the cloud with Windows Server 2022
Key Features
- Expert solutions for name resolution, federation, certificates, and security with Active Directory
- Explore Microsoft Azure AD and Azure AD Connect for effective administration on the cloud
- Automate security tasks using Active Directory tools and PowerShell
Book Description
Updated to the Windows Server 2022, this second edition covers effective recipes for Active Directory administration that will help you leverage AD's capabilities for automating network, security, and access management tasks in the Windows infrastructure.
Starting with a detailed focus on forests, domains, trusts, schemas, and partitions, this book will help you manage domain controllers, organizational units, and default containers. You'll then explore Active Directory sites management as well as identify and solve replication problems. As you progress, you'll work through recipes that show you how to manage your AD domains as well as user and group objects and computer accounts, expiring group memberships, and Group Managed Service Accounts (gMSAs) with PowerShell. Once you've covered DNS and certificates, you'll work with Group Policy and then focus on federation and security before advancing to Azure Active Directory and how to integrate on-premise Active Directory with Azure AD. Finally, you'll discover how Microsoft Azure AD Connect synchronization works and how to harden Azure AD.
By the end of this AD book, you'll be able to make the most of Active Directory and Azure AD Connect.
What you will learn
- Manage the Recycle Bin, gMSAs, and fine-grained password policies
- Work with Active Directory from both the graphical user interface (GUI) and command line
- Use Windows PowerShell to automate tasks
- Create and remove forests, domains, domain controllers, and trusts
- Create groups, modify group scope and type, and manage memberships
- Delegate, view, and modify permissions
- Set up, manage, and optionally decommission certificate authorities
- Optimize Active Directory and Azure AD for security
Who this book is for
This book is for administrators of existing Active Directory Domain Service environments as well as for Azure AD tenants looking for guidance to optimize their day-to-day tasks. Basic networking and Windows Server Operating System knowledge will be useful for getting the most out of this book.
Table of contents
- Active Directory Administration Cookbook Second Edition
- Contributors
- About the author
- About the reviewers
- Preface
-
Chapter 1: Optimizing Forests, Domains, and Trusts
- Choosing between a new domain or forest
- Listing the domains in your forest
- Using adprep.exe to prepare for new Active Directory functionality
- Raising the domain functional level to Windows Server 2016
- Raising the forest functional level to Windows Server 2016
- Creating the right trust
- Removing a trust
- Verifying and resetting a trust
- Securing a trust
- Extending the schema
- Enabling the Active Directory Recycle Bin
- Managing UPN suffixes
-
Chapter 2: Managing Domain Controllers
- Preparing a Windows server to become a domain controller
- Promoting a server to a domain controller
- Promoting a server to a read-only domain controller
- Using Install From Media
- Using domain controller cloning
- Determining whether a virtual domain controller has a VM-GenerationID
- Demoting a domain controller
- Demoting a domain controller forcefully
- Inventory domain controllers
- Decommissioning a compromised read-only domain controller
- Chapter 3: Managing Active Directory Roles and Features
- Chapter 4: Managing Containers and Organizational Units
-
Chapter 5: Managing Active Directory Sites and Troubleshooting Replication
- What do Active Directory sites do?
- Recommendations
- Creating a site
- Managing a site
- Managing subnets
- Creating a site link
- Managing a site link
- Modifying replication settings for an Active Directory site link
- Creating a site link bridge
- Managing bridgehead servers
- Managing the ISTG and KCC
- Managing UGMC
- Working with repadmin.exe
- Forcing replication
- Managing inbound and outbound replication
- Modifying the tombstone lifetime period
- Managing strict replication consistency
- Upgrading SYSVOL replication from FRS to DFSR
- Checking for and remediating lingering objects
- Chapter 6: Managing Active Directory Users
- Chapter 7: Managing Active Directory Groups
- Chapter 8: Managing Active Directory Computers
- Chapter 9: Managing DNS
-
Chapter 10: Getting the Most Out of Group Policy
- Creating a GPO
- Copying a GPO
- Deleting a GPO
- Modifying the settings of a GPO
- Assigning scripts
- Installing applications
- Linking a GPO to an OU
- Blocking inheritance of GPOs on an OU
- Enforcing the settings of a GPO Link
- Applying security filters
- Creating and applying WMI filters
- Refreshing GPO settings
- Configuring loopback processing
- Restoring a default GPO
- Creating the Group Policy Central Store
-
Chapter 11: Securing Active Directory
- Applying fine-grained password and account lockout policies
- Backing up and restoring GPOs
- Backing up and restoring Active Directory
- Working with Active Directory snapshots
- Managing the DSRM passwords on domain controllers
- Protecting important objects from accidental deletion
- Implementing LAPS
- Managing deleted objects
- Working with gMSAs
- Configuring diagnostic logging
- Configuring the advanced security audit policy
- Resetting the KRBTGT secret
- Using the SCW to secure domain controllers
- Leveraging the Protected Users group
- Putting authentication policies and authentication policy silos to good use
- Configuring Extranet Smart Lockout
-
Chapter 12: Managing Certificates
- Deciding between your own CA and a public CA
- Setting up a CA
- Setting up an online responder
- Removing a certificate template
- Duplicating and editing a certificate template
- Requesting a web server certificate
- Issuing domain controller certificates
- Managing certificate autoenrollment
- Revoking a certificate
- Decommissioning a CA
-
Chapter 13: Managing Federation
- Choosing the right AD FS farm deployment method
- Installing the AD FS server role
- Setting up an AD FS farm with WID
- Setting up an AD FS farm with SQL Server
- Adding additional AD FS servers to an AD FS farm
- Removing AD FS servers from an AD FS farm
- Creating an RPT
- Deleting an RPT
- Configuring branding
- Migrating a WID-based AD FS farm to an SQL Server
- Setting up a WAP
- Decommissioning a WAP
-
Chapter 14: Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and DSSO)
- Choosing the right authentication method
- Signing up for Azure AD
- Verifying your DNS domain name
- Implementing PHS with Express Settings
- Implementing PTA and Seamless SSO
- Implementing SSO using AD FS
- Managing AD FS with Azure AD Connect
- Implementing Azure Traffic Manager for AD FS geo-redundancy
- Migrating from AD FS to PTA for SSO to Office 365
- Making PTA (geo)redundant
-
Chapter 15: Handling Synchronization in a Hybrid World (Azure AD Connect)
- Choosing the right source anchor attribute for user objects
- Configuring staging mode
- Switching to a staging-mode server
- Configuring domain and OU filtering
- Configuring Azure AD app and attribute filtering
- Configuring hybrid Azure AD join
- Configuring device writeback
- Configuring password writeback
- Configuring group writeback
- Changing passwords for Azure AD Connect service accounts
-
Chapter 16: Hardening Azure AD
- Setting contact information
- Preventing non-privileged users from accessing the Azure portal
- Viewing all privileged users in Azure AD
- Preventing users from registering or consenting to apps
- Preventing users from inviting guests
- Allowing and blocking invitations for Azure AD B2B
- Configuring Azure AD join and Azure AD registration
- Configuring Intune auto-enrollment upon Azure AD join
- Choosing between Security defaults and Conditional Access
- Configuring Conditional Access
- Accessing Azure AD Connect Health
- Configuring Azure AD Connect Health for AD FS
- Configuring Azure AD Connect Health for AD DS
- Configuring Azure AD PIM
- Configuring Azure AD Identity Protection
- Implementing Defender for Identity
- Why subscribe?
- Other Books You May Enjoy
Product information
- Title: Active Directory Administration Cookbook - Second Edition
- Author(s):
- Release date: July 2022
- Publisher(s): Packt Publishing
- ISBN: 9781803242507
You might also like
book
Active Directory Administration Cookbook
Learn the intricacies of managing Azure AD and Azure AD Connect, as well as Active Directory …
book
Active Directory Cookbook
Those of you who run networks on Windows 2000 know the benefits of using Active Directory …
book
Mastering Active Directory - Second Edition
Become an expert at managing enterprise identity infrastructure by leveraging Active Directory Key Features Explore the …
book
Mastering Active Directory - Third Edition
Become an expert at managing enterprise identity infrastructure with Active Directory Domain Services 2022. Purchase of …
