Book Image

Mastering Active Directory

By : Dishan Francis
Book Image

Mastering Active Directory

By: Dishan Francis

Overview of this book

Active Directory is a centralized and standardized system that automates networked management of user data, security, and distributed resources and enables interoperation with other directories. If you are aware of Active Directory basics and want to gain expertise in it, this book is perfect for you. We will quickly go through the architecture and fundamentals of Active Directory and then dive deep into the core components, such as forests, domains, sites, trust relationships, OU, objects, attributes, DNS, and replication. We will then move on to AD schemas, global catalogs, LDAP, RODC, RMS, certificate authorities, group policies, and security best practices, which will help you gain a better understanding of objects and components and how they can be used effectively. We will also cover AD Domain Services and Federation Services for Windows Server 2016 and all their new features. Last but not least, you will learn how to manage your identity infrastructure for a hybrid-cloud setup. All this will help you design, plan, deploy, manage operations on, and troubleshoot your enterprise identity infrastructure in a secure, effective manner. Furthermore, I will guide you through automating administrative tasks using PowerShell cmdlets. Toward the end of the book, we will cover best practices and troubleshooting techniques that can be used to improve security and performance in an identity infrastructure.

Related Content you might be interested in

Current Title:

Small book image
Mastering Active Directory
Dishan Francis
Jun, 2017 | 742 pages
Small book image
Identity with Windows Server 2016: Microsoft 70-742 MCSA Exam Guide
Sasha Kranjac | Vladimir Stefanovic
Jan, 2019 | 232 pages
Small book image
Active Directory Administration Cookbook
Sander Berkouwer
May, 2019 | 620 pages
Small book image
Active Directory Administration Cookbook, Second Edition
Sander Berkouwer
Jul, 2022 | 696 pages
Table of Contents (20 chapters)
Preface
Preface
Why subscribe?
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
Active Directory Fundamentals
Active Directory Fundamentals
Benefits of using Active Directory
Active Directory components
Active Directory objects
Active Directory server roles
Summary
2
Active Directory Domain Services 2016
Active Directory Domain Services 2016
AD DS 2016 features
Privileged Access Management
Time-based group memberships
Microsoft Passport
Active Directory Federation Services improvements
Time sync improvements
Summary
3
Designing Active Directory Infrastructure
Designing Active Directory Infrastructure
What makes a good system?
Gathering business data
Designing the forest structure
Designing the domain structure
Designing the OU structure
Designing the physical topology of Active Directory
Global catalog server placement
Summary
4
Active Directory Domain Name System
Active Directory Domain Name System
What is DNS?
Hierarchical naming structure
How DNS works
DNS essentials
Summary
5
Placing Operations Master Roles
Placing Operations Master Roles
FSMO roles
FSMO roles placement
Moving FSMO roles
Seize FSMO roles
Summary
6
Migrating to Active Directory 2016
Migrating to Active Directory 2016
Active Directory Domain Service installation prerequisites
Active Directory Domain Service deployment scenarios
How to plan Active Directory migrations
Summary
7
Managing Active Directory Objects
Managing Active Directory Objects
Tools and methods to manage objects
Creating, modifying, and removing objects in Active Directory
Finding objects in Active Directory
Summary
8
Managing Users, Groups, and Devices
Managing Users, Groups, and Devices
Object attributes
User accounts
Groups
Devices and other objects
Best practices
Summary
9
Designing the OU Structure
Designing the OU Structure
OUs in operations
OU design models
Managing the OU structure
Summary
10
Managing Group Policies
Managing Group Policies
Benefits of group policies
Group Policy capabilities
Group Policy objects
Group Policy processing
Group Policy inheritance
Group Policy conflicts
Group Policy mapping and status
Group Policy filtering
Group Policy preferences
Item-level targeting
Loopback processing
Group Policy best practices
Summary
11
Active Directory Services
Active Directory Services
The AD LDS overview
The Active Directory replication
Active Directory sites and replication
Sites
Managing Active Directory sites and other components
How does replication work?
The read-only domain controllers
Active Directory database maintenance
Active Directory backup and recovery
Summary
12
Active Directory Certificate Services
Active Directory Certificate Services
PKI in action
Planning PKI
PKI deployment models
Setting up PKI
Summary
13
Active Directory Federation Services
Active Directory Federation Services
How does AD FS work?
AD FS components
AD FS deployment topologies
AD FS deployment
Integrating with Azure MFA
Summary
14
Active Directory Rights Management Services
Active Directory Rights Management Services
What is AD RMS?
AD RMS components
How does AD RMS work?
AD RMS deployment
AD RMS configuration
Summary
15
Active Directory Security Best Practices
Active Directory Security Best Practices
Active Directory authentication
Delegating permissions
Fine-grained password policies
Pass-the-hash attacks
Just-in-time administration and just enough administration
Summary
16
Advanced AD Management with PowerShell
Advanced AD Management with PowerShell
AD management with PowerShell – preparation
17
Azure Active Directory Hybrid Setup
Azure Active Directory Hybrid Setup
What is Azure AD?
Integrate Azure AD with on-premises AD
Step-by-step guide to integrate on-premises AD environment with Azure AD
Manage Azure AD Domain Services using virtual server
Summary
18
Active Directory Audit and Monitoring
Active Directory Audit and Monitoring
Auditing and monitoring Active Directory using inbuilt Windows tools and techniques
Active Directory audit
Demonstration
Microsoft Advanced Threat Analytics
Demonstration
Microsoft Operations Management Suite (OMS)
Demonstration
Summary
19
Active Directory Troubleshooting
Active Directory Troubleshooting
How to troubleshoot AD DS replication issues
Troubleshooting replication issues
DFS replication issues
How to troubleshoot Group Policy issues
How to troubleshoot AD DS database-related issues
Summary

Pass-the-hash attacks

When the client and server uses the authentication system, in order to begin the communication, client needs to successfully prove his identity. This is done using a username and password. The client needs to present its username and password to the authentication server, and it will verify the identity. There are legacy protocols and systems that send this information in clear text even in an open network. Telnet is a good example. If someone is listening to traffic (packet capturing) for the telnet session, they can easily capture password as it is transmitted in clear text.

Modern authentication systems are well aware of these types of threats and use different technologies to encrypt credentials or create cryptographic hashes and then use them for identity verifications. The cryptographic hash means a password string transformed into a fixed-length digest...

Previous Section
End of Section 5
Next Section