Chapter 11: Securing Active Directory
From a business perspective, Active Directory needs to be an available, confidential attribute store with absolute integrity. The security measures in this chapter detail how to achieve a higher level of confidentiality and integrity.
The following recipes are covered in this chapter:
- Applying fine-grained password and account lockout policies
- Backing up and restoring GPOs
- Backing up and restoring the Active Directory database
- Working with Active Directory snapshots
- Managing the DSRM passwords on domain controllers
- Protecting important objects from accidental deletion
- Implementing Local Administrator Password Solution (LAPS)
- Managing deleted objects
- Working with group Managed Service Accounts (gMSAs)
Get Active Directory Administration Cookbook - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.