Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Active Directory
  • Table Of Contents Toc
Mastering Active Directory

Mastering Active Directory - Third Edition

By : Dishan Francis
4.9 (22)
Buy this Book
close
close
Mastering Active Directory

Mastering Active Directory

4.9 (22)
By: Dishan Francis
Buy this Book

Overview of this book

Mastering Active Directory, Third Edition is a comprehensive guide for Information Technology professionals looking to improve their knowledge about MS Windows Active Directory Domain Service. The book will help you to use identity elements effectively and manage your organization’s infrastructure in a secure and efficient way. This third edition has been fully updated to reflect the importance of cloud-based strong authentication and other tactics to protect identity infrastructure from emerging security threats. Mastering Active Directory, Third Edition provides extensive coverage of AD Domain Services and helps you explore their capabilities as you update to Windows Server 2022. This book will also teach you how to extend on-premises identity presence to cloud via Azure AD hybrid setup. By the end of this Microsoft Active Directory book, you’ll feel confident in your ability to design, plan, deploy, protect, and troubleshoot your enterprise identity infrastructure.
Table of Contents (22 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Lock Free Chapter
1
Active Directory Fundamentals
Icon
Active Directory Fundamentals
Icon
Modern access management
Icon
The future of Identity and Access Management (IAM)
Icon
Hybrid Identity and Active Directory Domain Services
Icon
Benefits of using Active Directory
Icon
Understanding Active Directory components
Icon
Understanding Active Directory objects
Icon
Summary
2
Active Directory Domain Services 2022
Icon
Active Directory Domain Services 2022
Icon
The features of AD DS 2022
Icon
Privileged Access Management (PAM)
Icon
What does PAM have to do with AD DS 2022?
Icon
Windows Hello for Business
Icon
PowerShell 7
Icon
Summary
3
Designing an Active Directory Infrastructure
Icon
Designing an Active Directory Infrastructure
Icon
What makes a good system?
Icon
Gathering business requirements
Icon
Designing the forest structure
Icon
Creating the forest structure
Icon
Selecting forest design models
Icon
Designing the domain structure
Icon
Deciding on the domain and forest functional levels
Icon
Designing the OU structure
Icon
Designing the physical topology of Active Directory
Icon
Designing a hybrid identity
Icon
Identifying business needs
Icon
Summary
4
Active Directory Domain Name System
Icon
Active Directory Domain Name System
Icon
What is DNS?
Icon
Hierarchical naming structures
Icon
How DNS works
Icon
DNS infrastructure design
Icon
DNS essentials
Icon
Conditional forwarders
Icon
DNS policies
Icon
Secure DNS client over HTTPS (DoH)
Icon
DNS server operation modes
Icon
Zone transfers
Icon
DNS delegation
Icon
DNS service providers
Icon
Summary
5
Placing Operations Master Roles
Icon
Placing Operations Master Roles
Icon
FSMO roles
Icon
Active Directory's logical and physical topology
Icon
Best practices
Icon
Moving FSMO roles
Icon
Seizing FSMO roles
Icon
Summary
6
Migrating to Active Directory 2022
Icon
Migrating to Active Directory 2022
Icon
AD DS installation prerequisites
Icon
AD DS installation methods
Icon
AD DS deployment scenarios
Icon
How to plan AD migrations
Icon
Summary
7
Managing Active Directory Objects
Icon
Managing Active Directory Objects
Icon
Tools and methods for managing objects
Icon
AD object administration with PowerShell
Icon
Creating computer objects
Icon
Modifying AD objects
Icon
Removing AD objects
Icon
Finding objects in AD
Icon
Preventing the accidental deletion of objects
Icon
AD recycle bin
Icon
Summary
8
Managing Users, Groups, and Devices
Icon
Managing Users, Groups, and Devices
Icon
Object attributes
Icon
Custom attributes
Icon
Syncing custom attributes to Azure AD
Icon
User accounts
Icon
Groups
Icon
Devices and other objects
Icon
Best practices
Icon
Summary
9
Designing the OU Structure
Icon
Designing the OU Structure
Icon
OUs in operations
Icon
Containers vs. OUs
Icon
Active Directory Groups vs. OUs
Icon
OU design models
Icon
Managing the OU structure
Icon
Summary
10
Managing Group Policies
Icon
Managing Group Policies
Icon
Benefits of group policies
Icon
Group Policy capabilities
Icon
Group Policy objects
Icon
The Group Policy template
Icon
Group Policy processing
Icon
Group Policy inheritance
Icon
Group Policy conflicts
Icon
Administrative templates
Icon
Group Policy filtering
Icon
Group Policy preferences
Icon
Item-level targeting
Icon
Loopback processing
Icon
Group Policy best practices
Icon
Useful group policies
Icon
Summary
11
Active Directory Services – Part 01
Icon
Active Directory Services – Part 01
Icon
Overview of AD LDS
Icon
Where to use LDS
Icon
The LDS installation
Icon
AD replication
Icon
Sites
Icon
Summary
12
Active Directory Services – Part 02
Icon
Active Directory Services – Part 02
Icon
Active Directory trusts
Icon
RODCs
Icon
Active Directory database maintenance
Icon
Active Directory Backup and Recovery
Icon
Summary
13
Active Directory Certificate Services
Icon
Active Directory Certificate Services
Icon
PKI in action
Icon
SSL certificates
Icon
AD CS components
Icon
Planning PKI
Icon
PKI deployment models
Icon
Setting up a PKI
Icon
Certificate templates
Icon
Requesting certificates
Icon
Migrating AD CS from Windows Server 2008 R2 to Windows Server 2022
Icon
AD CS disaster recovery
Icon
Summary
14
Active Directory Federation Services
Icon
Active Directory Federation Services
Icon
How does AD FS work?
Icon
AD FS components
Icon
AD FS configuration database
Icon
AD FS deployment topologies
Icon
AD FS deployment
Icon
Azure AD federation with AD FS
Icon
Summary
15
Active Directory Rights Management Services
Icon
Active Directory Rights Management Services
Icon
What is AD RMS?
Icon
AD RMS components
Icon
How does AD RMS work?
Icon
How do we deploy AD RMS?
Icon
Azure Information Protection (AIP)
Icon
Summary
16
Active Directory Security Best Practices
chevron up
Icon
Active Directory Security Best Practices
Icon
AD authentication
Icon
The Kerberos protocol
Icon
Authentication in an AD environment
Icon
Delegating permissions
Icon
Predefined AD administrator roles
Icon
Using object ACLs
Icon
Using the delegate control method in AD
Icon
Implementing fine-grained password policies
Icon
Limitations
Icon
Resultant Set of Policy (RSoP)
Icon
Configuration
Icon
Pass-the-hash attacks
Icon
The Protected Users security group
Icon
Restricted admin mode for RDP
Icon
Authentication policies and authentication policy silos
Icon
Authentication policies
Icon
Authentication policy silos
Icon
Creating authentication policies
Icon
Creating authentication policy silos
Icon
Secure LDAP
Icon
Microsoft Local Administrator Password Solution (LAPS)
Icon
On-prem Azure AD Password Protection
Icon
Summary
17
Advanced AD Management with PowerShell
Icon
Advanced AD Management with PowerShell
Icon
AD management with PowerShell – preparation
Icon
AD management commands and scripts
Icon
Replication
Icon
Replicating a specific object
Icon
Users and groups
Icon
Last logon time
Icon
Last login date report
Icon
Login failures report
Icon
Finding the locked-out account
Icon
Password expire report
Icon
Review the membership of the high-level administrative groups
Icon
Dormant accounts
Icon
Users with the Password Never Expires setting
Icon
Azure Active Directory PowerShell
Icon
Installation
Icon
General commands
Icon
Managing users
Icon
Managing groups
Icon
Microsoft Graph
Icon
Microsoft Graph Explorer
Icon
Summary
18
Hybrid Identity
Icon
Hybrid Identity
Icon
Extending on-prem AD to Azure AD
Icon
Evaluating the present business requirements
Icon
Evaluating an organization's infrastructure road map
Icon
Evaluating the security requirements
Icon
Selecting the Azure AD version
Icon
Federation with Azure AD
Icon
Step-by-step guide to integrating an on-prem AD environment with Azure AD
Icon
Creating a virtual network
Icon
Setting up an Azure AD managed domain
Icon
Adding DNS server details to the virtual network
Icon
Creating a Global Administrator account for Azure AD Connect
Icon
Setting up Azure AD Connect
Icon
Installing the Pass-through Authentication agent
Icon
Azure AD Connect configuration
Icon
Syncing NTLM and Kerberos credential hashes to Azure AD
Icon
Enabling secure LDAP (LDAPS) for an Azure AD DS managed domain
Icon
Enable secure LDAP (LDAPS)
Icon
Summary
19
Active Directory Audit and Monitoring
Icon
Active Directory Audit and Monitoring
Icon
Auditing and monitoring AD using built-in Windows tools and techniques
Icon
Windows Event Viewer
Icon
Custom Views
Icon
Windows Logs
Icon
Applications and Services Logs
Icon
Subscriptions
Icon
AD DS event logs
Icon
AD DS log files
Icon
AD audit
Icon
Demonstration
Icon
Setting up event subscriptions
Icon
Security event logs from domain controllers
Icon
Enabling advanced security audit policies
Icon
Enforcing advanced auditing
Icon
Reviewing events with PowerShell
Icon
Microsoft Defender for Identity
Icon
What is Microsoft Defender for Identity?
Icon
Defender for Identity benefits
Icon
Azure AD Connect Health
Icon
Prerequisites
Icon
Configuration
Icon
Summary
20
Other Books You May Enjoy
Icon
Other Books You May Enjoy
21
Index
Icon
Index

Secure LDAP

In an on-prem AD environment, there can be applications or services that require integration with AD. An AD-integrated application or service can query for AD users, authenticate, modify objects, and so on. This integration process is usually done using the Lightweight Directory Access Protocol (LDAP). By default, this LDAP connection between the client (application, service) and server (domain controller) is not encrypted. With this default configuration, a man-in-the-middle attacker can capture packets between the LDAP client and server, modify them, and then send the modified packets back to the server.

The LDAP server will not see the difference and reply to these forged requests with a decision. Microsoft is well aware of this vulnerability.

On August 13, 2019, Microsoft released a security advisory report, recommending to enable LDAP channel binding and LDAP signing to the LDAP client and server. For more information, refer to https://bit.ly/3CRmr0B...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering Active Directory
End of Section 16
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon