Book Image

Mastering Active Directory

By : Dishan Francis
Book Image

Mastering Active Directory

By: Dishan Francis

Overview of this book

Active Directory is a centralized and standardized system that automates networked management of user data, security, and distributed resources and enables interoperation with other directories. If you are aware of Active Directory basics and want to gain expertise in it, this book is perfect for you. We will quickly go through the architecture and fundamentals of Active Directory and then dive deep into the core components, such as forests, domains, sites, trust relationships, OU, objects, attributes, DNS, and replication. We will then move on to AD schemas, global catalogs, LDAP, RODC, RMS, certificate authorities, group policies, and security best practices, which will help you gain a better understanding of objects and components and how they can be used effectively. We will also cover AD Domain Services and Federation Services for Windows Server 2016 and all their new features. Last but not least, you will learn how to manage your identity infrastructure for a hybrid-cloud setup. All this will help you design, plan, deploy, manage operations on, and troubleshoot your enterprise identity infrastructure in a secure, effective manner. Furthermore, I will guide you through automating administrative tasks using PowerShell cmdlets. Toward the end of the book, we will cover best practices and troubleshooting techniques that can be used to improve security and performance in an identity infrastructure.
Table of Contents (20 chapters)

The read-only domain controllers

The read-only domain controllers (RODCs) are a great feature introduced with Windows Server 2008 in order to maintain a low-risk domain controller in locations where it cannot guarantee physical security and the maintenance. Throughout the chapter we have discussed possible scenarios where we required a domain controller in a remote site. When considering a domain controller in a remote site, the link between sites is not the only thing we need to focus on. When we deploy a domain controller, by default, it will be aware of any changes in the Active Directory structure. Once an update triggers, it updates its own copy of the Active Directory database. This ntds.dit file contains everything about the Active Directory infrastructure, including the identity data of the user objects. If it falls into wrong hands, they can retrieve data related to identities...