June 2017
Beginner to intermediate
742 pages
18h 29m
English
Content preview from Mastering Active Directory
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Just-in-time administration
In Chapter 2, Active Directory Domain Services 2016, you learned about JIT in detail and we discussed how AD DS 2016 features will help. Therefore, we are not going to look at it in detail in this chapter again, but I'd like to list down a few important facts:
- JIT administration allows you to assign administrative privileges to users whenever required. In this method, user accounts do not need to be members of privileged groups permanently.
- Privileges will be time-based. Privileged group memberships have TTL, and once it exceeds the allocated time, members will automatically fade away from groups.
- A bastion forest (the administrative forest) will introduce you to the existing infrastructure in order to manage ...