Book Image

Mastering Active Directory. - Second Edition

By : Dishan Francis
Book Image

Mastering Active Directory. - Second Edition

By: Dishan Francis

Overview of this book

Active Directory (AD) is a centralized and standardized system that automates networked management of user data, security, and distributed resources and enables inter-operation with other directories. This book will first help you brush up on the AD architecture and fundamentals, before guiding you through core components, such as sites, trust relationships, objects, and attributes. You will then explore AD schemas, LDAP, RMS, and security best practices to understand objects and components and how they can be used effectively. Next, the book will provide extensive coverage of AD Domain Services and Federation Services for Windows Server 2016, and help you explore their new features. Furthermore, you will learn to manage your identity infrastructure for a hybrid cloud setup. All this will help you design, plan, deploy, manage operations, and troubleshoot your enterprise identity infrastructure in a secure and effective manner. You’ll later discover Azure AD Module, and learn to automate administrative tasks using PowerShell cmdlets. All along, this updated second edition will cover content based on the latest version of Active Directory, PowerShell 5.1 and LDAP. By the end of this book, you’ll be well versed with best practices and troubleshooting techniques for improving security and performance in identity infrastructures.
Table of Contents (25 chapters)
Free Chapter
1
Section 1: Active Directory Planning, Design, and Installation
8
Section 2: Active Directory Administration
13
Section 3: Active Directory Service Management
18
Section 4: Best Practices and Troubleshooting

AIP

So far in this chapter, we have talked about protecting identities. While this is the most valuable thing in the infrastructure, it is not the only valuable thing. In Chapter 1, Active Directory Fundamentals, we looked at how data is becoming the new oil. Some data types have a higher value than others, and these high-value data types are confidential/sensitive for a person, group, company, organization, or country. Adversaries are after identities because compromised identity infrastructure allows them to access different types of data. Identity and access permissions decide what sort of data a person should have access to.

As an example, a director of a company has more access to confidential data about the company than a receptionist does. The protection of sensitive/confidential data not only depends on the protection of identity infrastructure, but it also depends on...