Book Image

Mastering Active Directory. - Second Edition

By : Dishan Francis
Book Image

Mastering Active Directory. - Second Edition

By: Dishan Francis

Overview of this book

Active Directory (AD) is a centralized and standardized system that automates networked management of user data, security, and distributed resources and enables inter-operation with other directories. This book will first help you brush up on the AD architecture and fundamentals, before guiding you through core components, such as sites, trust relationships, objects, and attributes. You will then explore AD schemas, LDAP, RMS, and security best practices to understand objects and components and how they can be used effectively. Next, the book will provide extensive coverage of AD Domain Services and Federation Services for Windows Server 2016, and help you explore their new features. Furthermore, you will learn to manage your identity infrastructure for a hybrid cloud setup. All this will help you design, plan, deploy, manage operations, and troubleshoot your enterprise identity infrastructure in a secure and effective manner. You’ll later discover Azure AD Module, and learn to automate administrative tasks using PowerShell cmdlets. All along, this updated second edition will cover content based on the latest version of Active Directory, PowerShell 5.1 and LDAP. By the end of this book, you’ll be well versed with best practices and troubleshooting techniques for improving security and performance in identity infrastructures.

Related Content you might be interested in

Current Title:

Small book image
Mastering Active Directory. - Second Edition
Dishan Francis
Aug, 2019 | 786 pages
Small book image
Identity with Windows Server 2016: Microsoft 70-742 MCSA Exam Guide
Sasha Kranjac | Vladimir Stefanovic
Jan, 2019 | 232 pages
Small book image
Active Directory Administration Cookbook
Sander Berkouwer
May, 2019 | 620 pages
Small book image
Active Directory Administration Cookbook, Second Edition
Sander Berkouwer
Jul, 2022 | 696 pages
Table of Contents (25 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Section 1: Active Directory Planning, Design, and Installation
Section 1: Active Directory Planning, Design, and Installation
2
Active Directory Fundamentals
Active Directory Fundamentals
Benefits of using Active Directory
Understanding Active Directory components
Understanding Active Directory objects
Active Directory server roles
Azure AD
Summary
3
Active Directory Domain Services 2016
Active Directory Domain Services 2016
Features of AD DS 2016
PAM
Time-based group memberships
Microsoft Passport
AD FS improvements
Time sync improvements
Azure AD join
Summary
4
Designing an Active Directory Infrastructure
Designing an Active Directory Infrastructure
What makes a good system?
Gathering business data
Designing the forest structure
Designing the domain structure
Designing the OU structure
Designing the physical topology of Active Directory
Global catalog server placement
Designing a Hybrid Identity
Summary
5
Active Directory Domain Name System
Active Directory Domain Name System
What is DNS?
Hierarchical naming structures
How DNS works
DNS essentials
Summary
6
Placing Operations Master Roles
Placing Operations Master Roles
FSMO roles
FSMO role placement
Moving FSMO roles
Seizing FSMO roles
Summary
7
Migrating to Active Directory 2016
Migrating to Active Directory 2016
AD DS installation prerequisites
AD DS deployment scenarios
How to plan Active Directory migrations
Summary
8
Section 2: Active Directory Administration
Section 2: Active Directory Administration
9
Managing Active Directory Objects
Managing Active Directory Objects
Tools and methods for managing objects
Creating, modifying, and removing objects in AD
Finding objects in AD
Summary
10
Managing Users, Groups, and Devices
Managing Users, Groups, and Devices
Object attributes
User accounts
Groups
Devices and other objects
Best practices
Summary
11
Designing the OU Structure
Designing the OU Structure
OUs in operations
OU design models
Managing the OU structure
Summary
12
Managing Group Policies
Managing Group Policies
Benefits of group policies
Group Policy capabilities
Group Policy objects
Group Policy processing
Group Policy inheritance
Group Policy conflicts
Group Policy mapping and status
Group Policy filtering
Group Policy preferences
Item-level targeting
Loopback processing
Group Policy best practices
Summary
13
Section 3: Active Directory Service Management
Section 3: Active Directory Service Management
14
Active Directory Services
Active Directory Services
Overview of AD LDS
AD replication
AD sites and replication
Sites
Managing AD sites and other components
How does replication work?
RODCs
AD database maintenance
AD backup and recovery
Summary
15
Active Directory Certificate Services
Active Directory Certificate Services
PKI in action
Planning PKI
PKI deployment models
Setting up a PKI
Summary
16
Active Directory Federation Services
Active Directory Federation Services
How does AD FS work?
AD FS components
AD FS deployment topologies
AD FS deployment
Integrating with Azure MFA
Summary
17
Active Directory Rights Management Services
Active Directory Rights Management Services
What is AD RMS?
AD RMS components
How does AD RMS work?
How do we deploy AD RMS?
AD RMS configuration
Summary
18
Section 4: Best Practices and Troubleshooting
Section 4: Best Practices and Troubleshooting
19
Active Directory Security Best Practices
Active Directory Security Best Practices
AD authentication
Delegating permissions
Implementing fine-grained password policies
Pass-the-hash attacks
JIT administration and JEA
Azure AD PIM
AIP
Summary
20
Advanced AD Management with PowerShell
Advanced AD Management with PowerShell
AD management with PowerShell – preparation
Azure Active Directory PowerShell
Summary
21
Azure Active Directory Hybrid Setup
Azure Active Directory Hybrid Setup
Integrating Azure AD with on-premises AD
Step-by-step guide to integrating an on-premises AD environment with Azure AD
Summary
22
Active Directory Audit and Monitoring
Active Directory Audit and Monitoring
Auditing and monitoring AD using in-built Windows tools and techniques
AD audit
Demonstration
Microsoft ATA
Demonstration
Azure Monitor
Demonstration
Azure AD Connect Health
Summary
23
Active Directory Troubleshooting
Active Directory Troubleshooting
Troubleshooting AD DS replication issues
Troubleshooting replication issues
Issues involving DFS Replication
How to troubleshoot Group Policy issues
How to troubleshoot AD DS database-related issues
Summary
24
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

AD audit

The only way to identify potential security threats and security breaches in infrastructure is through continuous monitoring and auditing. When it comes to auditing, the Windows system itself provides advanced auditing capabilities to identify such security issues. However, by default, only certain types of actions are audited. These auditing settings are handled by Windows audit policies.

Here, we are only going to look at advanced security audit policies, which were first introduced with Windows Server 2008 R2.

There are 10 categories of events we can audit in a Windows system:

  • System events
  • Logon/logoff events
  • Object access events
  • Privilege use events
  • Detailed tracking events
  • Policy change events
  • Account management events
  • Directory service (DS) access events
  • Account logon events
  • Global object access auditing

Each and every event category also has subcategories.

Legacy...
Previous Section
End of Section 3
Next Section