Book Image

Mastering Active Directory. - Second Edition

By : Dishan Francis
Book Image

Mastering Active Directory. - Second Edition

By: Dishan Francis

Overview of this book

Active Directory (AD) is a centralized and standardized system that automates networked management of user data, security, and distributed resources and enables inter-operation with other directories. This book will first help you brush up on the AD architecture and fundamentals, before guiding you through core components, such as sites, trust relationships, objects, and attributes. You will then explore AD schemas, LDAP, RMS, and security best practices to understand objects and components and how they can be used effectively. Next, the book will provide extensive coverage of AD Domain Services and Federation Services for Windows Server 2016, and help you explore their new features. Furthermore, you will learn to manage your identity infrastructure for a hybrid cloud setup. All this will help you design, plan, deploy, manage operations, and troubleshoot your enterprise identity infrastructure in a secure and effective manner. You’ll later discover Azure AD Module, and learn to automate administrative tasks using PowerShell cmdlets. All along, this updated second edition will cover content based on the latest version of Active Directory, PowerShell 5.1 and LDAP. By the end of this book, you’ll be well versed with best practices and troubleshooting techniques for improving security and performance in identity infrastructures.
Table of Contents (25 chapters)
Free Chapter
1
Section 1: Active Directory Planning, Design, and Installation
8
Section 2: Active Directory Administration
13
Section 3: Active Directory Service Management
18
Section 4: Best Practices and Troubleshooting

Placing Operations Master Roles

Rebeladmin Corp. is a managed IT service provider. They have introduced a new client management system, where clients can open service tickets, check their invoices, track project progress, and so on. Every customer and every employee gets an account in this system. Each of these user accounts gets certain privileges based on their roles and responsibilities. Support engineers are allowed to open tickets, edit tickets, and close tickets. But they are not allowed to change the schedules, delete tickets, change the appearance of the portal, or change the system database settings. Only the operations manager, Sean, can do similar system-level changes. What if everyone is allowed to do these kinds of system-level changes? Will the system be able to maintain its integrity for long? Keeping system-level change permissions to certain roles will prevent...