Book Image

Mastering Active Directory

By : Dishan Francis
Book Image

Mastering Active Directory

By: Dishan Francis

Overview of this book

Active Directory is a centralized and standardized system that automates networked management of user data, security, and distributed resources and enables interoperation with other directories. If you are aware of Active Directory basics and want to gain expertise in it, this book is perfect for you. We will quickly go through the architecture and fundamentals of Active Directory and then dive deep into the core components, such as forests, domains, sites, trust relationships, OU, objects, attributes, DNS, and replication. We will then move on to AD schemas, global catalogs, LDAP, RODC, RMS, certificate authorities, group policies, and security best practices, which will help you gain a better understanding of objects and components and how they can be used effectively. We will also cover AD Domain Services and Federation Services for Windows Server 2016 and all their new features. Last but not least, you will learn how to manage your identity infrastructure for a hybrid-cloud setup. All this will help you design, plan, deploy, manage operations on, and troubleshoot your enterprise identity infrastructure in a secure, effective manner. Furthermore, I will guide you through automating administrative tasks using PowerShell cmdlets. Toward the end of the book, we will cover best practices and troubleshooting techniques that can be used to improve security and performance in an identity infrastructure.
Table of Contents (20 chapters)

Groups

In general, a group is a collection of individuals or resources which share the same characteristics and responsibilities. In an organization, individual identities get added and deleted, but roles and responsibilities do not change much. Therefore, the best way to manage privileges in organizations is based on roles and responsibilities rather than individuals. For example, in a sales department, sales persons will change quite often but their operational requirements will not change frequently. They all will access the same file shares, have the same permissions to CRM application, and have the same privileges to access each other's calendars. AD groups allow you to isolate identities based on the privileges requirements.

In an AD environment, there are two categories of groups:

  • Security groups: This type is used to assign permissions to the resources. As an example...