Book Image

Active Directory Administration Cookbook

By : Sander Berkouwer
Book Image

Active Directory Administration Cookbook

By: Sander Berkouwer

Overview of this book

Active Directory is an administration system for Windows administrators to automate network, security and access management tasks in the Windows infrastructure. This book starts off with a detailed focus on forests, domains, trusts, schemas and partitions. Next, you'll learn how to manage domain controllers, organizational units and the default containers. Going forward, you'll explore managing Active Directory sites as well as identifying and solving replication problems. The next set of chapters covers the different components of Active Directory and discusses the management of users, groups and computers. You'll also work through recipes that help you manage your Active Directory domains, manage user and group objects and computer accounts, expiring group memberships and group Managed Service Accounts (gMSAs) with PowerShell. You'll understand how to work with Group Policy and how to get the most out of it. The last set of chapters covers federation, security and monitoring. You will also learn about Azure Active Directory and how to integrate on-premises Active Directory with Azure AD. You'll discover how Azure AD Connect synchronization works, which will help you manage Azure AD. By the end of the book, you have learned about Active Directory and Azure AD in detail.
Table of Contents (16 chapters)

What this book covers

This book consists of fourteen chapters:

Chapter 1, Optimizing Forests, Domains, and Trusts, provides recipes for structuring the logical components of Active Directory, including UPN suffixes, trusts, domains, and forests. Several recipes help lift Active Directory to new heights, where others help expand the functionality of Active Directory in terms of collaboration.

Chapter 2, Managing Domain Controllers, shows how to promote, demote, and inventory both domain controllers and read-only domain controllers; these are Active Directory's physical components.

Chapter 3, Managing Active Directory Roles and Features, covers Flexible Single Operations Master (FSOM) roles and global catalog servers for addressing all your organization's multi-forest and multi-domain needs.

Chapter 4, Managing Containers and Organizational Units, provides Active Directory admins who like cleanliness, with the rationale and steps necessary to categorize objects into organizational units and containers. Lazy admins learn how to properly delegate, too.

Chapter 5, Managing Active Directory Sites and Troubleshooting Replication, details how to optimize multiple domain controllers in multiple geographic locations using sites, site links, and bridgehead servers, and how to troubleshoot replication.

Chapter 6, Managing Active Directory Users, contains recipes to help out colleagues when they start working, leave the organization, and every change in between. The proactive recipe on finding locked-out accounts helps admins to stay ahead of the game.

Chapter 7, Managing Active Directory Groups, covers all types of groups in Active Directory, along with how to create, modify, and delete them, no matter how nested these groups are. Getting rid of empty groups is easy with the last recipe in this chapter.

Chapter 8, Managing Active Directory Computers, provides ways to keep your organization's devices in check. Of course, it also details how to prevent non-privileged users to join devices to your environment.

Chapter 9, Getting the Most Out of Group Policy, enables admins to get the most out of Group Policy! Managing tens or thousands of devices won't be an issue anymore with the recipes in this chapter.

Chapter 10, Securing Active Directory, provides ways to improve the security stance of your Active Directory environment. Each recipe in this chapter makes your environment less attractive to attackers.

Chapter 11, Managing Federation, covers ADFS. Build the perfect ADFS farm using the recipes, or decommission one.

Chapter 12, Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and 3SO), details hybrid identity between Active Directory and Azure AD in terms of ADFS, Password Hash Synchronization (PHS), Pass-Through Authentication (PTA), and Seamless Single Sign-on (SSO).

Chapter 13, Handling Synchronization in a Hybrid World (Azure AD Connect), covers Azure AD Connect and the key role it plays in synchronizing between Active Directory and Azure AD.

Chapter 14, Hardening Azure AD, provides recipes to keep your organization's Azure AD tenant in check. The recipes explore the many possibilities of Azure AD, including conditional access and Azure AD Identity Protection.