Book Image

Active Directory Administration Cookbook

By : Sander Berkouwer
Book Image

Active Directory Administration Cookbook

By: Sander Berkouwer

Overview of this book

Active Directory is an administration system for Windows administrators to automate network, security and access management tasks in the Windows infrastructure. This book starts off with a detailed focus on forests, domains, trusts, schemas and partitions. Next, you'll learn how to manage domain controllers, organizational units and the default containers. Going forward, you'll explore managing Active Directory sites as well as identifying and solving replication problems. The next set of chapters covers the different components of Active Directory and discusses the management of users, groups and computers. You'll also work through recipes that help you manage your Active Directory domains, manage user and group objects and computer accounts, expiring group memberships and group Managed Service Accounts (gMSAs) with PowerShell. You'll understand how to work with Group Policy and how to get the most out of it. The last set of chapters covers federation, security and monitoring. You will also learn about Azure Active Directory and how to integrate on-premises Active Directory with Azure AD. You'll discover how Azure AD Connect synchronization works, which will help you manage Azure AD. By the end of the book, you have learned about Active Directory and Azure AD in detail.
Table of Contents (16 chapters)

Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and 3SO)

Azure Active Directory is Microsoft's cloud-based identity and access management service. Organizations can register for an Azure Active Directory (Azure AD) tenant, where they can store and use the information on their identities.

Hybrid identity is Microsoft Marketing speak for connecting an on-premise Active Directory environment to Azure AD. When done correctly, the hybrid identity implementation allows end-users to authenticate to both on-premise and cloud-based applications, systems, and services:

  • When accessing NTLM-, LDAP-, and Kerberos-integrated applications, systems, and services, the on-premise Active Directory takes care of authentication and authorization. These protocols are designed for safe networks and have been offering single sign-on for decades.
  • When accessing cloud-based applications...