August 2019
Intermediate to advanced
786 pages
20h 22m
English
Content preview from Mastering Active Directory - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
JIT administration
In Chapter 2, Active Directory Domain Services 2016, we learned about JIT in detail and we discussed how AD DS 2016 features help to do it. Therefore, we are not going to look at it in detail again in this chapter, but I'd like to list a few important facts:
- JIT administration allows you to assign administrative privileges to users whenever required. With this method, user accounts do not need to be members of privileged groups permanently.
- Privileges are time-based. Privileged group memberships have TTL, and once they exceed the allocated time, members will automatically be removed from groups.
- A bastion forest (the administrative forest) introduces to your existing infrastructure in order to manage privileges. This forest ...