Chapter 11: Securing Active Directory

From a business perspective, Active Directory needs to be an available, confidential attribute store with absolute integrity. The security measures in this chapter detail how to achieve a higher level of confidentiality and integrity.

The following recipes are covered in this chapter:

  • Applying fine-grained password and account lockout policies
  • Backing up and restoring GPOs
  • Backing up and restoring the Active Directory database
  • Working with Active Directory snapshots
  • Managing the DSRM passwords on domain controllers
  • Protecting important objects from accidental deletion
  • Implementing Local Administrator Password Solution (LAPS)
  • Managing deleted objects
  • Working with group Managed Service Accounts (gMSAs)

Get Active Directory Administration Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.