Table Of Content

Title Page Page: 2 Copyright and Credits Page: 2 Active Directory Administration Cookbook Page: 4 About Packt Page: 5 Why subscribe? Page: 6 Packt.com Page: 7 Contributors Page: 8 About the author Page: 9 About the reviewer Page: 10 Packt is searching for authors like you Page: 11 Preface Page: 21 Who this book is for Page: 22 What this book covers Page: 23 To get the most out of this book Page: 24 Download the example code files Page: 25 Download the color images Page: 26 Conventions used Page: 27 Sections Page: 28 Getting ready Page: 29 How to do it... Page: 30 How it works... Page: 31 There's more... Page: 32 See also Page: 33 Get in touch Page: 34 Reviews Page: 35 Optimizing Forests, Domains, and Trusts Page: 36 Choosing between a new domain or forest Page: 37 Why would you have a new domain? Page: 38 What are the downsides of a new domain? Page: 39 Why would you create a new forest? Page: 40 What are the downsides of a new forest? Page: 41 Listing the domains in your forest Page: 42 Getting ready Page: 43 Installing the Active Directory module for Windows PowerShell on Windows Server Page: 44 Installing the Active Directory module for Windows PowerShell on Windows Page: 45 Required permissions Page: 46 How to do it... Page: 47 How it works... Page: 48 Using adprep.exe to prepare for new Active Directory functionality Page: 49 Getting ready Page: 50 Required permissions Page: 51 How to do it... Page: 52 Preparing the forest Page: 53 Preparing the forest for RODCs Page: 54 Preparing the domain Page: 55 Fixing up Group Policy permissions Page: 56 Checking the preparation replication Page: 57 How it works... Page: 58 There's more... Page: 59 Raising the domain functional level to Windows Server 2016 Page: 60 Getting ready Page: 61 Required permissions Page: 62 How to do it... Page: 63 How it works... Page: 64 Raising the forest functional level to Windows Server 2016 Page: 65 Getting ready Page: 66 Required permissions Page: 67 How to do it... Page: 68 How it works... Page: 69 Creating the right trust Page: 70 Trust direction Page: 71 Trust transitivity Page: 72 One-way or two-way trust Page: 73 Getting ready Page: 74 Required permissions Page: 75 How to do it... Page: 76 Verifying and resetting a trust Page: 77 Getting ready Page: 78 Required permissions Page: 79 How to do it... Page: 80 How it works... Page: 81 Securing a trust Page: 82 Getting ready Page: 83 Required permissions Page: 84 How to do it... Page: 85 How it works... Page: 86 There's more... Page: 87 Extending the schema Page: 88 Getting ready Page: 89 Required permissions Page: 90 How to do it... Page: 91 There's more... Page: 92 Enabling the Active Directory Recycle Bin Page: 93 Getting ready Page: 94 Required permissions Page: 95 How to do it... Page: 96 How it works... Page: 97 Managing UPN suffixes Page: 98 Getting ready Page: 99 How to do it... Page: 100 How it works... Page: 101 There's more... Page: 102 Managing Domain Controllers Page: 103 Preparing a Windows Server to become a domain controller Page: 104 Intending to do the right thing Page: 105 Dimensioning the servers properly Page: 106 Preparing the Windows Server installations Page: 107 Preconfigure the Windows Servers Page: 108 Document the passwords Page: 109 Promoting a server to a domain controller Page: 110 Getting ready Page: 111 How to do it... Page: 112 Promoting a domain controller using the wizard Page: 113 Installing the Active Directory Domain Services role Page: 114 Promoting the server to a domain controller Page: 115 Promoting a domain controller using dcpromo.exe Page: 116 Promoting a domain controller using Windows PowerShell Page: 117 Checking proper promotion Page: 118 See also Page: 119 Promoting a server to a read-only domain controller Page: 120 Getting ready Page: 121 How to do it... Page: 122 Installing the Active Directory Domain Services role Page: 123 Promoting the server to a read-only domain controller Page: 124 Promoting a read-only domain controller using dcpromo.exe Page: 125 Promoting a domain controller using Windows PowerShell Page: 126 Checking proper promotion Page: 127 How it works... Page: 128 See also Page: 129 Using Install From Media Page: 130 How to do it... Page: 131 Creating the IFM package Page: 132 Leveraging the IFM package Page: 133 Using the Active Directory Domain Services Configuration Wizard Page: 134 Using dcpromo.exe Page: 135 Using the Install-ADDSDomainController PowerShell cmdlet Page: 136 How it works... Page: 137 Using domain controller cloning Page: 138 Getting ready Page: 139 How to do it... Page: 140 Making sure all agents and software packages are cloneable Page: 141 Supplying the information for the new domain controller configuration Page: 142 Adding the domain controller to the Cloneable Domain Controllers group Page: 143 Cloning the domain controller from the hypervisor Page: 144 How it works... Page: 145 See also Page: 146 Determining whether a virtual domain controller has a VM-GenerationID Page: 147 How to do it... Page: 148 How it works... Page: 149 Demoting a domain controller Page: 150 Getting ready Page: 151 How to do it... Page: 152 Using the wizard Page: 153 Using the Active Directory module for Windows PowerShell Page: 154 How it works... Page: 155 There's more... Page: 156 Demoting a domain controller forcefully Page: 157 How to do it... Page: 158 Using the Active Directory Domain Services Configuration Wizard Page: 159 Using manual steps Page: 160 Performing metadata cleanup Page: 161 Deleting the domain controller from DNS Page: 162 Deleting the computer object for the domain controller Page: 163 Deleting the SYSVOL replication membership Page: 164 Deleting the domain controller from Active Directory Sites and Services Page: 165 Deleting an orphaned domain Page: 166 See also Page: 167 Inventory domain controllers Page: 168 How to do it... Page: 169 Using Active Directory Users and Computers to inventory domain controllers Page: 170 Using the Active Directory module for Windows PowerShell to inventory domain controllers Page: 171 Decommissioning a compromised read-only domain controller Page: 172 How to do it... Page: 173 How it works... Page: 174 Managing Active Directory Roles and Features Page: 175 About FSMO roles Page: 176 Recommended practices for FSMO roles Page: 177 Querying FSMO role placement Page: 178 Getting ready Page: 179 How to do it... Page: 180 How it works... Page: 181 Transferring FSMO roles Page: 182 Getting ready Page: 183 How to do it... Page: 184 Transferring FSMO roles using the MMC snap-ins Page: 185 Transferring FSMO roles using the ntdsutil command-line tool Page: 186 Transferring FSMO roles using Windows PowerShell Page: 187 How it works... Page: 188 Seizing FSMO roles Page: 189 Getting ready Page: 190 How to do it... Page: 191 Seizing FSMO roles using the ntdsutil command-line tool Page: 192 Seizing FSMO roles using Windows PowerShell Page: 193 How it works... Page: 194 Configuring the Primary Domain Controller emulator to synchronize time with a reliable source Page: 195 Getting ready Page: 196 How to do it... Page: 197 How it works... Page: 198 Managing time synchronization for virtual domain controllers Page: 199 Getting ready Page: 200 How to do it... Page: 201 Managing time synchronization for virtual domain controllers running on VMware vSphere Page: 202 Managing time synchronization for virtual domain controllers running on Microsoft Hyper-V Page: 203 How it works... Page: 204 Managing global catalogs Page: 205 Getting ready Page: 206 How to do it... Page: 207 How it works Page: 208 Managing Containers and Organizational Units Page: 209 Differences between OUs and containers Page: 210 Containers Page: 211 OUs Page: 212 OUs versus Active Directory domains Page: 213 Creating an OU Page: 214 Getting ready Page: 215 How to do it... Page: 216 Using the Active Directory Administrative Center Page: 217 Using the command line Page: 218 Using Windows PowerShell Page: 219 How it works... Page: 220 There's more... Page: 221 Deleting an OU Page: 222 Getting ready Page: 223 How to do it... Page: 224 Using the Active Directory Administrative Center Page: 225 Using the command line Page: 226 Using Windows PowerShell Page: 227 How it works... Page: 228 There's more... Page: 229 Modifying an OU Page: 230 Getting ready Page: 231 How to do it... Page: 232 Using the Active Directory Administrative Center Page: 233 Using the command line Page: 234 Using Windows PowerShell Page: 235 How it works... Page: 236 There's more... Page: 237 See also Page: 238 Delegating control of an OU Page: 239 Getting ready Page: 240 How to do it... Page: 241 Using Active Directory Users and Computers Page: 242 Using the command line Page: 243 How it works... Page: 244 Using the built-in groups Page: 245 Using delegation of control Page: 246 See also Page: 247 Modifying the default location for new user and computer objects Page: 248 Getting ready Page: 249 How to do it... Page: 250 How it works... Page: 251 See also Page: 252 Managing Active Directory Sites and Troubleshooting Replication Page: 253 What do Active Directory sites do? Page: 254 Recommendations Page: 255 Creating a site Page: 256 Getting ready Page: 257 How to do it... Page: 258 Using Active Directory Sites and Services Page: 259 Using Windows PowerShell Page: 260 See also Page: 261 Managing a site Page: 262 Getting ready Page: 263 How to do it... Page: 264 Using Active Directory Sites and Services Page: 265 Using Windows PowerShell Page: 266 How it works... Page: 267 See also Page: 268 Managing subnets Page: 269 Getting ready Page: 270 How to do it... Page: 271 Using Active Directory Sites and Services Page: 272 Using Windows PowerShell Page: 273 How it works... Page: 274 See also Page: 275 Creating a site link Page: 276 Getting ready Page: 277 How to do it... Page: 278 Using Active Directory Sites and Services Page: 279 Using Windows PowerShell Page: 280 How it works... Page: 281 See also Page: 282 Managing a site link Page: 283 Getting ready Page: 284 How to do it... Page: 285 Using Active Directory Sites and Services Page: 286 Using Windows PowerShell Page: 287 See also Page: 288 Modifying replication settings for an Active Directory site link Page: 289 Getting ready Page: 290 How to do it... Page: 291 Using Active Directory Sites and Services Page: 292 Using Windows PowerShell Page: 293 How it works... Page: 294 Site-link costs Page: 295 Site-link replication schedules Page: 296 See also Page: 297 Creating a site link bridge Page: 298 Getting ready Page: 299 How to do it... Page: 300 See also Page: 301 Managing bridgehead servers Page: 302 Getting ready Page: 303 How to do it... Page: 304 Using Active Directory Sites and Services Page: 305 Using Windows PowerShell Page: 306 How it works... Page: 307 See also Page: 308 Managing the Inter-site Topology Generation and Knowledge Consistency Checker Page: 309 Getting ready Page: 310 How to do it... Page: 311 Using Active Directory Sites and Services Page: 312 Using Windows PowerShell Page: 313 How it works... Page: 314 See also Page: 315 Managing universal group membership caching Page: 316 Getting ready Page: 317 How to do it... Page: 318 Using Active Directory Sites and Services Page: 319 Using Windows PowerShell Page: 320 How it works... Page: 321 See also Page: 322 Working with repadmin.exe Page: 323 Getting ready Page: 324 How to do it... Page: 325 How it works... Page: 326 See also Page: 327 Forcing replication Page: 328 Getting ready Page: 329 How to do it... Page: 330 How it works... Page: 331 See also Page: 332 Managing inbound and outbound replication Page: 333 Getting ready Page: 334 How to do it... Page: 335 How it works... Page: 336 There's more... Page: 337 See also Page: 338 Modifying the tombstone lifetime period Page: 339 Getting ready Page: 340 How to do it... Page: 341 Using ADSI Edit Page: 342 Using Windows PowerShell Page: 343 How it works... Page: 344 See also Page: 345 Managing strict replication consistency Page: 346 Getting ready Page: 347 How to do it... Page: 348 How it works... Page: 349 Upgrading SYSVOL replication from File Replication Service to Distributed File System Replication Page: 350 Getting ready Page: 351 How to do it... Page: 352 The initial state Page: 353 The prepared state Page: 354 The redirected state Page: 355 The eliminated state Page: 356 How it works... Page: 357 See also Page: 358 Checking for and remediating lingering objects Page: 359 Getting ready Page: 360 How to do it... Page: 361 How it works... Page: 362 See also Page: 363 Managing Active Directory Users Page: 364 Creating a user Page: 365 Getting ready Page: 366 How to do it... Page: 367 Using Active Directory Users and Computers Page: 368 Using the Active Directory Administrative Center Page: 369 Using command-line tools Page: 370 Using Windows PowerShell Page: 371 How it works... Page: 372 There's more... Page: 373 Deleting a user Page: 374 Getting ready Page: 375 How to do it... Page: 376 Using Active Directory Users and Computers Page: 377 Using the Active Directory Administrative Center Page: 378 Using command-line tools Page: 379 Using Windows PowerShell Page: 380 How it works... Page: 381 See also Page: 382 Modifying several users at once Page: 383 Getting ready Page: 384 How to do it... Page: 385 Using Active Directory Users and Computers Page: 386 Using the Active Directory Administrative Center Page: 387 Using Windows PowerShell Page: 388 How it works... Page: 389 There's more... Page: 390 Moving a user Page: 391 Getting ready Page: 392 How to do it... Page: 393 Using Active Directory Users and Computers Page: 394 Using the Active Directory Administrative Center Page: 395 Using command-line tools Page: 396 Using Windows PowerShell Page: 397 How it works... Page: 398 Renaming a user Page: 399 Getting ready Page: 400 How to do it... Page: 401 Using Active Directory Users and Computers Page: 402 Using the Active Directory Administrative Center Page: 403 Using command-line tools Page: 404 Using Windows PowerShell Page: 405 How it works... Page: 406 Enabling and disabling a user Page: 407 Getting ready Page: 408 How to do it... Page: 409 Using Active Directory Users and Computers Page: 410 Using the Active Directory Administrative Center Page: 411 Using command-line tools Page: 412 Using Windows PowerShell Page: 413 How it works... Page: 414 There's more... Page: 415 Finding locked-out users Page: 416 Getting ready Page: 417 How to do it... Page: 418 Using the Active Directory Administrative Center Page: 419 Using Windows PowerShell Page: 420 How it works... Page: 421 See also Page: 422 Unlocking a user Page: 423 Getting ready Page: 424 How to do it... Page: 425 Using the Active Directory Administrative Center Page: 426 Using Windows PowerShell Page: 427 Managing userAccountControl Page: 428 Getting ready Page: 429 How to do it... Page: 430 Reading the userAccountControl attribute Page: 431 Using Active Directory Users and Computers Page: 432 Using the Active Directory Administrative Center Page: 433 Using Windows PowerShell Page: 434 Setting the userAccountControl attribute Page: 435 Using ADSI Edit Page: 436 Using Windows PowerShell Page: 437 How it works... Page: 438 Using account expiration Page: 439 Getting ready Page: 440 How to do it... Page: 441 Using Active Directory Users and Computers Page: 442 Using the Active Directory Administrative Center Page: 443 Using command-line tools Page: 444 Using Windows PowerShell Page: 445 How it works... Page: 446 Managing Active Directory Groups Page: 447 Creating a group Page: 448 Getting ready Page: 449 How to do it... Page: 450 Using Active Directory Users and Computers Page: 451 Using the Active Directory Administrative Center Page: 452 Using command-line tools Page: 453 Using Windows PowerShell Page: 454 How it works... Page: 455 Group scopes Page: 456 Group types Page: 457 Deleting a group Page: 458 Getting ready Page: 459 How to do it... Page: 460 Using Active Directory Groups and Computers Page: 461 Using the Active Directory Administrative Center Page: 462 Using command-line tools Page: 463 Using Windows PowerShell Page: 464 How it works... Page: 465 Managing the direct members of a group Page: 466 Getting ready Page: 467 How to do it... Page: 468 Using Active Directory Groups and Computers Page: 469 Using the Active Directory Administrative Center Page: 470 Using Windows PowerShell Page: 471 How it works... Page: 472 Managing expiring group memberships Page: 473 Getting ready Page: 474 How to do it... Page: 475 How it works... Page: 476 Changing the scope or type of a group Page: 477 Getting ready Page: 478 How to do it... Page: 479 Using Active Directory Groups and Computers Page: 480 Using the Active Directory Administrative Center Page: 481 Using command-line tools Page: 482 Using Windows PowerShell Page: 483 How it works... Page: 484 Group scopes Page: 485 Group types Page: 486 Viewing nested group memberships Page: 487 Getting ready Page: 488 How to do it... Page: 489 How it works... Page: 490 Finding empty groups Page: 491 Getting ready Page: 492 How to do it... Page: 493 How it works... Page: 494 Managing Active Directory Computers Page: 495 Creating a computer Page: 496 Getting ready Page: 497 How to do it... Page: 498 Using Active Directory Users and Computers Page: 499 Using the Active Directory Administrative Center Page: 500 Using command-line tools Page: 501 Using Windows PowerShell Page: 502 How it works... Page: 503 There's more... Page: 504 Deleting a computer Page: 505 Getting ready Page: 506 How to do it... Page: 507 Using Active Directory Users and Computers Page: 508 Using the Active Directory Administrative Center Page: 509 Using command-line tools Page: 510 Using Windows PowerShell Page: 511 How it works... Page: 512 See also Page: 513 Joining a computer to the domain Page: 514 Getting ready Page: 515 How to do it... Page: 516 Using the GUI Page: 517 Using Windows PowerShell Page: 518 How it works... Page: 519 There's more... Page: 520 See also Page: 521 Renaming a computer Page: 522 Getting ready Page: 523 How to do it... Page: 524 Using the settings app Page: 525 Using the command line Page: 526 Using Windows PowerShell Page: 527 How it works... Page: 528 There's more... Page: 529 Testing the secure channel for a computer Page: 530 Getting ready Page: 531 How to do it... Page: 532 Using the command line Page: 533 Using Windows PowerShell Page: 534 How it works... Page: 535 See also Page: 536 Resetting a computer's secure channel Page: 537 Getting ready Page: 538 How to do it... Page: 539 Using Active Directory Users and Computers Page: 540 Using the Active Directory Administrative Center Page: 541 Using the command line Page: 542 Using Windows PowerShell Page: 543 How it works... Page: 544 Changing the default quota for creating computer objects Page: 545 Getting ready Page: 546 How to do it... Page: 547 Using ADSI Edit Page: 548 Using Windows PowerShell Page: 549 How it works... Page: 550 Getting the Most Out of Group Policy Page: 551 Creating a Group Policy Object (GPO) Page: 552 Getting ready Page: 553 How to do it... Page: 554 Using the Group Policy Management Console Page: 555 Using Windows PowerShell Page: 556 How it works... Page: 557 See also Page: 558 Copying a GPO Page: 559 Getting ready Page: 560 How to do it... Page: 561 Using the Group Policy Management Console Page: 562 Using Windows PowerShell Page: 563 How it works... Page: 564 There's more... Page: 565 Deleting a GPO Page: 566 Getting ready Page: 567 How to do it... Page: 568 Using the Group Policy Management Console Page: 569 Using Windows PowerShell Page: 570 How it works... Page: 571 See also Page: 572 Modifying the settings of a GPO Page: 573 Getting ready Page: 574 How to do it... Page: 575 How it works... Page: 576 Assigning scripts Page: 577 Getting ready Page: 578 How to do it... Page: 579 How it works... Page: 580 Installing applications Page: 581 Getting ready Page: 582 How to do it... Page: 583 How it works... Page: 584 Linking a GPO to an OU Page: 585 Getting ready Page: 586 How to do it... Page: 587 How it works... Page: 588 There's more... Page: 589 Blocking inheritance of GPOs on an OU Page: 590 Getting ready Page: 591 How to do it... Page: 592 How it works... Page: 593 Enforcing the settings of a GPO Link Page: 594 Getting ready Page: 595 How to do it... Page: 596 How it works... Page: 597 Applying security filters Page: 598 Getting ready Page: 599 How to do it... Page: 600 How it works... Page: 601 Creating and applying WMI Filters Page: 602 Getting ready Page: 603 How to do it... Page: 604 How it works... Page: 605 There's more... Page: 606 Configuring loopback processing Page: 607 Getting ready Page: 608 How to do it... Page: 609 How it works... Page: 610 Restoring a default GPO Page: 611 Getting ready Page: 612 How to do it... Page: 613 How it works... Page: 614 There's more... Page: 615 Creating the Group Policy Central Store Page: 616 Getting ready Page: 617 How to do it... Page: 618 How it works... Page: 619 There's more... Page: 620 Securing Active Directory Page: 621 Applying fine-grained password and account lockout policies Page: 622 Getting ready Page: 623 How to do it... Page: 624 Using the Active Directory Administrative Center Page: 625 Using the Active Directory Module for Windows PowerShell Page: 626 How it works... Page: 627 There's more... Page: 628 Backing up and restoring GPOs Page: 629 Getting ready Page: 630 How to do it... Page: 631 How it works... Page: 632 There's more... Page: 633 Backing up and restoring Active Directory Page: 634 Getting ready Page: 635 How to do it... Page: 636 How it works... Page: 637 Working with Active Directory snapshots Page: 638 Getting ready Page: 639 How to do it... Page: 640 How it works... Page: 641 There's more... Page: 642 Managing the DSRM passwords on domain controllers Page: 643 Getting ready Page: 644 How to do it... Page: 645 How it works... Page: 646 Implementing LAPS Page: 647 Getting ready Page: 648 How to do it... Page: 649 Implementing LAPS Page: 650 Extending the schema Page: 651 Setting permissions Page: 652 Creating the GPO to install the LAPS Client-side Extensions Page: 653 Linking the GPO to OUs with devices Page: 654 Managing passwords Page: 655 Viewing an administrator password Page: 656 Resetting an Administrator password Page: 657 How it works... Page: 658 See also Page: 659 Managing deleted objects Page: 660 Getting ready Page: 661 How to do it... Page: 662 Using the Active Directory Administrative Center Page: 663 Using Windows PowerShell Page: 664 How it works... Page: 665 There's more... Page: 666 See also Page: 667 Working with group Managed Service Accounts Page: 668 Getting ready Page: 669 How to do it... Page: 670 How it works... Page: 671 There's more... Page: 672 Configuring the advanced security audit policy Page: 673 Getting ready Page: 674 How to do it... Page: 675 How it works... Page: 676 Resetting the KRBTGT secret Page: 677 Getting ready Page: 678 How to do it... Page: 679 How it works... Page: 680 There's more... Page: 681 Using SCW to secure domain controllers Page: 682 Getting ready Page: 683 How to do it Page: 684 Secure a representative domain controller using SCW Page: 685 Roll-out the security settings to all domain controllers using Group Policy Page: 686 How it works... Page: 687 Leveraging the Protected Users group Page: 688 Getting ready Page: 689 How to do it... Page: 690 Using Active Directory Users and Computers Page: 691 Using the Active Directory Administrative Center Page: 692 Using Windows PowerShell Page: 693 How it works... Page: 694 Putting authentication policies and authentication policy silos to good use Page: 695 Getting ready Page: 696 How to do it... Page: 697 Enable domain controller support for claims Page: 698 Enable compound claims on devices in scope for an authentication policy Page: 699 Create an Authentication Policy Page: 700 Create an Authentication Policy Silo Page: 701 Assign the Authentication Policy Silo Page: 702 How it works... Page: 703 Configuring Extranet Smart Lock-out Page: 704 Getting ready Page: 705 How to do it... Page: 706 How it works... Page: 707 Managing Federation Page: 708 Choosing the right AD FS farm deployment method Page: 709 Getting ready Page: 710 How to do it... Page: 711 How it works... Page: 712 There's more... Page: 713 See also Page: 714 Installing the AD FS server role Page: 715 Getting ready Page: 716 How to do it... Page: 717 How it works... Page: 718 Setting up an AD FS farm with Windows Internal Database Page: 719 Getting ready Page: 720 How to do it... Page: 721 Configuring AD FS Page: 722 Checking the proper AD FS configuration Page: 723 How it works... Page: 724 There's more... Page: 725 See also Page: 726 Setting up an AD FS farm with SQL Server Page: 727 Getting ready Page: 728 How to do it... Page: 729 Creating a gMSA Page: 730 Creating the script Page: 731 Creating the databases Page: 732 Configuring AD FS Page: 733 Checking the proper AD FS configuration Page: 734 How it works... Page: 735 There's more... Page: 736 See also Page: 737 Adding additional AD FS servers to an AD FS farm Page: 738 Getting ready Page: 739 How to do it... Page: 740 How it works... Page: 741 See also Page: 742 Removing AD FS servers from an AD FS farm Page: 743 Getting ready Page: 744 How to do it... Page: 745 How it works... Page: 746 There's more... Page: 747 Creating a Relying Party Trust (RPT) Page: 748 Getting ready Page: 749 How to do it... Page: 750 How it works... Page: 751 Deleting an RPT Page: 752 Getting ready Page: 753 How to do it... Page: 754 How it works... Page: 755 Configuring branding Page: 756 Getting ready Page: 757 How to do it... Page: 758 How it works... Page: 759 Setting up a Web Application Proxy Page: 760 Getting ready Page: 761 How to do it... Page: 762 Installing the Web Application Proxy feature Page: 763 Configuring the Web Application Proxy Page: 764 Checking the proper Web Application Proxy configuration Page: 765 How it works... Page: 766 There's more... Page: 767 Decommissioning a Web Application Proxy Page: 768 Getting ready Page: 769 How to do it... Page: 770 How it works... Page: 771 Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and 3SO) Page: 772 Choosing the right authentication method Page: 773 Getting ready Page: 774 How to do it... Page: 775 How it works... Page: 776 Active Directory Federation Services or PingFederate Page: 777 Password Hash Sync Page: 778 Pass-through authentication Page: 779 Seamless Single Sign-on Page: 780 Cloud-only Page: 781 There's more... Page: 782 Verifying your DNS domain name Page: 783 Getting ready Page: 784 How to do it... Page: 785 How it works... Page: 786 Implementing Password Hash Sync with Express Settings Page: 787 Getting ready Page: 788 How to do it... Page: 789 How it works... Page: 790 Implementing Pass-through Authentication Page: 791 Getting ready Page: 792 How to do it... Page: 793 Adding the Azure AD Authentication Service to the intranet sites Page: 794 Configuring Azure AD Connect Page: 795 How it works... Page: 796 There's more... Page: 797 Implementing single sign-on to Office 365 using AD FS Page: 798 Getting ready Page: 799 How to do it... Page: 800 How it works... Page: 801 There's more... Page: 802 Managing AD FS with Azure AD Connect Page: 803 Getting ready Page: 804 How to do it... Page: 805 Reset Azure AD trust Page: 806 Federate an Azure AD domain Page: 807 Update the AD FS SSL certificate Page: 808 Deploy an AD FS server Page: 809 Add a Web Application Proxy server Page: 810 Verify federated login Page: 811 How it works... Page: 812 There's more... Page: 813 Implementing Azure Traffic Manager for AD FS geo-redundancy Page: 814 Getting ready Page: 815 How to do it... Page: 816 Configuring the Web Application Proxies for probing Page: 817 Configuring Azure Traffic Manager Page: 818 Adding DNS records Page: 819 How it works... Page: 820 There's more... Page: 821 Migrating from AD FS to Pass-through Authentication for single sign-on to Office 365 Page: 822 Getting ready Page: 823 How to do it... Page: 824 Adding the Azure AD Authentication Service to the intranet sites Page: 825 Configuring Azure AD Connect Page: 826 Checking domains in the Azure portal Page: 827 Disabling federation in Azure AD Page: 828 Deleting the Office 365 Identity Platform relying party trust Page: 829 How it works... Page: 830 There's more... Page: 831 Making Pass-through Authentication (geo)redundant Page: 832 Getting ready Page: 833 How to do it... Page: 834 Installing and configuring the PTA Agent Page: 835 Checking proper installation and configuration Page: 836 How it works... Page: 837 Handling Synchronization in a Hybrid World (Azure AD Connect) Page: 838 Choosing the right sourceAnchor Page: 839 Getting ready Page: 840 How to do it... Page: 841 How it works... Page: 842 There's more... Page: 843 Configuring staging mode Page: 844 Getting ready Page: 845 How to do it... Page: 846 How it works... Page: 847 See also Page: 848 Switching to a staging mode server Page: 849 Getting ready Page: 850 How to do it... Page: 851 How it works... Page: 852 Configuring Domain and OU filtering Page: 853 Getting ready Page: 854 How to do it... Page: 855 Configuring Azure AD Connect initially Page: 856 Reconfiguring Azure AD Connect Page: 857 How it works... Page: 858 Configuring Azure AD app and attribute filtering Page: 859 Getting ready Page: 860 How to do it... Page: 861 Configuring Azure AD Connect initially Page: 862 Reconfiguring Azure AD Connect Page: 863 How it works... Page: 864 Configuring MinSync Page: 865 Getting ready Page: 866 How to do it... Page: 867 Configuring Azure AD Connect initially Page: 868 Reconfiguring Azure AD Connect Page: 869 How it works... Page: 870 Configuring Hybrid Azure AD Join Page: 871 Getting ready Page: 872 How to do it... Page: 873 Adding the Azure AD Device Registration Service to the intranet sites Page: 874 Distributing Workplace Join for non-Windows 10 computers Page: 875 Setting the Group Policy to register for down-level Windows devices Page: 876 Link the Group Policy to the right Organizational Units Page: 877 Configuring Hybrid Azure AD Join in Azure AD Connect Page: 878 How it works... Page: 879 Configuring Device writeback Page: 880 Getting ready Page: 881 How to do it... Page: 882 How it works... Page: 883 Configuring Password writeback Page: 884 Getting ready Page: 885 How to do it... Page: 886 Configuring the proper permissions for Azure AD Connect service accounts Page: 887 Configuring Azure AD Connect Page: 888 Configuring Azure AD Connect initially Page: 889 Reconfiguring Azure AD Connect Page: 890 How it works... Page: 891 Configuring Group writeback Page: 892 Getting ready Page: 893 How to do it... Page: 894 Creating the Organizational Unit where groups are to be written back Page: 895 Configuring Azure AD Connect Page: 896 Configuring Azure AD Connect initially Page: 897 Reconfiguring Azure AD Connect Page: 898 Configuring the proper permissions for Azure AD Connect service accounts Page: 899 How it works... Page: 900 Changing the passwords for Azure AD Connects service accounts Page: 901 Getting ready Page: 902 How to do it... Page: 903 Managing the service account connecting to Active Directory Page: 904 Managing the service account connecting to Azure AD Page: 905 Managing the computer account for Seamless Single Sign-on Page: 906 How it works... Page: 907 The service account running the Azure AD Connect service Page: 908 The service account connecting to Active Directory Page: 909 The service account connecting to Azure AD Page: 910 The computer account for Seamless Single Sign-on Page: 911 Hardening Azure AD Page: 912 Setting the contact information Page: 913 Getting ready Page: 914 How to do it... Page: 915 How it works... Page: 916 Preventing non-privileged users from accessing the Azure portal Page: 917 Getting ready Page: 918 How to do it... Page: 919 How it works... Page: 920 Viewing all privileged users in Azure AD Page: 921 Getting ready Page: 922 How to do it... Page: 923 Using the Azure AD PowerShell Page: 924 Using the Azure Cloud Shell Page: 925 How it works... Page: 926 Preventing users from registering or consenting to apps Page: 927 Getting ready Page: 928 How to do it... Page: 929 How it works... Page: 930 There's more... Page: 931 Preventing users from inviting guests Page: 932 Getting ready Page: 933 How to do it... Page: 934 How it works... Page: 935 There's more... Page: 936 See also Page: 937 Configuring whitelisting or blacklisting for Azure AD B2B Page: 938 Getting ready Page: 939 How to do it... Page: 940 How it works... Page: 941 Configuring Azure AD Join and Azure AD Registration Page: 942 Getting ready Page: 943 How to do it... Page: 944 Limiting who can join Azure AD devices Page: 945 Limiting who can register Azure AD devices Page: 946 Configuring additional administrators Page: 947 Enabling Enterprise State Roaming Page: 948 How it works... Page: 949 See also Page: 950 Configuring Intune auto-enrollment upon Azure AD Join Page: 951 Getting ready Page: 952 How to do it... Page: 953 How it works... Page: 954 Configuring baseline policies Page: 955 Getting ready Page: 956 How to do it... Page: 957 How it works... Page: 958 Configuring Conditional Access Page: 959 Getting ready Page: 960 How to do it... Page: 961 How it works... Page: 962 See also Page: 963 Accessing Azure AD Connect Health Page: 964 Getting ready Page: 965 How to do it... Page: 966 How it works... Page: 967 There's more... Page: 968 Configuring Azure AD Connect Health for AD FS Page: 969 Getting ready Page: 970 How to do it... Page: 971 Downloading the agent Page: 972 Installing and configuring the agent Page: 973 Consuming the information in the Azure AD Connect Health dashboard Page: 974 How it works... Page: 975 Configuring Azure AD Connect Health for AD DS Page: 976 Getting ready Page: 977 How to do it... Page: 978 Downloading the agent Page: 979 Installing and configuring the agent Page: 980 Consuming the information in the Azure AD Connect Health dashboard Page: 981 How it works... Page: 982 Configuring Azure AD Privileged Identity Management Page: 983 Getting ready Page: 984 How to do it... Page: 985 How it works... Page: 986 There's more... Page: 987 Configuring Azure AD Identity Protection Page: 988 Getting ready Page: 989 How to do it... Page: 990 How it works... Page: 991 MFA registration Page: 992 User risk policies Page: 993 Sign-in risk policies Page: 994 There's more... Page: 995 Other Books You May Enjoy Page: 996 Leave a review - let other readers know what you think Page: 997

Description:
Learn the intricacies of managing Azure AD and Azure AD Connect, as well as Active Directory for administration on cloud and Windows Server 2019 Key Features Expert solutions for the federation, certificates, security, and monitoring with Active Directory Explore Azure AD and AD Connect for effective administration on cloud Automate security tasks using Active Directory and PowerShell Book Description Active Directory is an administration system for Windows administrators to automate network, security and access management tasks in the Windows infrastructure. This book starts off with a detailed focus on forests, domains, trusts, schemas and partitions. Next, you'll learn how to manage domain controllers, organizational units and the default containers. Going forward, you'll explore managing Active Directory sites as well as identifying and solving replication problems. The next set of chapters covers the different components of Active Directory and discusses the management of users, groups and computers. You'll also work through recipes that help you manage your Active Directory domains, manage user and group objects and computer accounts, expiring group memberships and group Managed Service Accounts (gMSAs) with PowerShell. You'll understand how to work with Group Policy and how to get the most out of it. The last set of chapters covers federation, security and monitoring. You will also learn about Azure Active Directory and how to integrate on-premises Active Directory with Azure AD. You'll discover how Azure AD Connect synchronization works, which will help you manage Azure AD. By the end of the book, you have learned about Active Directory and Azure AD in detail. What you will learn Manage new Active Directory features, such as the Recycle Bin, group Managed Service Accounts, and fine-grained password policies Work with Active Directory from the command line and use Windows PowerShell to automate tasks Create and remove forests, domains, and trusts Create groups, modify group scope and type, and manage memberships Delegate control, view and modify permissions Optimize Active Directory and Azure AD in terms of security Who this book is for This book will cater to administrators of existing Active Directory Domain Services environments and/or Azure AD tenants, looking for guidance to optimize their day-to-day effectiveness. Basic networking and Windows Server Operating System knowledge would come in handy.
ebook img

Active Directory Administration Cookbook PDF

2019·10.03 MB·English
by  Sander Berkouwer
#Computers #System Administration #General #Security #Windows Administration
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Active Directory Administration Cookbook

Title Page Page: 2 Copyright and Credits Page: 2 Active Directory Administration Cookbook Page: 4 About Packt Page: 5 Why subscribe? Page: 6 Packt.com Page: 7 Contributors Page: 8 About the author Page: 9 About the reviewer Page: 10 Packt is searching for authors like you Page: 11 Preface Page: 21 Who this book is for Page: 22 What this book covers Page: 23 To get the most out of this book Page: 24 Download the example code files Page: 25 Download the color images Page: 26 Conventions used Page: 27 Sections Page: 28 Getting ready Page: 29 How to do it... Page: 30 How it works... Page: 31 There's more... Page: 32 See also Page: 33 Get in touch Page: 34 Reviews Page: 35 Optimizing Forests, Domains, and Trusts Page: 36 Choosing between a new domain or forest Page: 37 Why would you have a new domain? Page: 38 What are the downsides of a new domain? Page: 39 Why would you create a new forest? Page: 40 What are the downsides of a new forest? Page: 41 Listing the domains in your forest Page: 42 Getting ready Page: 43 Installing the Active Directory module for Windows PowerShell on Windows Server Page: 44 Installing the Active Directory module for Windows PowerShell on Windows Page: 45 Required permissions Page: 46 How to do it... Page: 47 How it works... Page: 48 Using adprep.exe to prepare for new Active Directory functionality Page: 49 Getting ready Page: 50 Required permissions Page: 51 How to do it... Page: 52 Preparing the forest Page: 53 Preparing the forest for RODCs Page: 54 Preparing the domain Page: 55 Fixing up Group Policy permissions Page: 56 Checking the preparation replication Page: 57 How it works... Page: 58 There's more... Page: 59 Raising the domain functional level to Windows Server 2016 Page: 60 Getting ready Page: 61 Required permissions Page: 62 How to do it... Page: 63 How it works... Page: 64 Raising the forest functional level to Windows Server 2016 Page: 65 Getting ready Page: 66 Required permissions Page: 67 How to do it... Page: 68 How it works... Page: 69 Creating the right trust Page: 70 Trust direction Page: 71 Trust transitivity Page: 72 One-way or two-way trust Page: 73 Getting ready Page: 74 Required permissions Page: 75 How to do it... Page: 76 Verifying and resetting a trust Page: 77 Getting ready Page: 78 Required permissions Page: 79 How to do it... Page: 80 How it works... Page: 81 Securing a trust Page: 82 Getting ready Page: 83 Required permissions Page: 84 How to do it... Page: 85 How it works... Page: 86 There's more... Page: 87 Extending the schema Page: 88 Getting ready Page: 89 Required permissions Page: 90 How to do it... Page: 91 There's more... Page: 92 Enabling the Active Directory Recycle Bin Page: 93 Getting ready Page: 94 Required permissions Page: 95 How to do it... Page: 96 How it works... Page: 97 Managing UPN suffixes Page: 98 Getting ready Page: 99 How to do it... Page: 100 How it works... Page: 101 There's more... Page: 102 Managing Domain Controllers Page: 103 Preparing a Windows Server to become a domain controller Page: 104 Intending to do the right thing Page: 105 Dimensioning the servers properly Page: 106 Preparing the Windows Server installations Page: 107 Preconfigure the Windows Servers Page: 108 Document the passwords Page: 109 Promoting a server to a domain controller Page: 110 Getting ready Page: 111 How to do it... Page: 112 Promoting a domain controller using the wizard Page: 113 Installing the Active Directory Domain Services role Page: 114 Promoting the server to a domain controller Page: 115 Promoting a domain controller using dcpromo.exe Page: 116 Promoting a domain controller using Windows PowerShell Page: 117 Checking proper promotion Page: 118 See also Page: 119 Promoting a server to a read-only domain controller Page: 120 Getting ready Page: 121 How to do it... Page: 122 Installing the Active Directory Domain Services role Page: 123 Promoting the server to a read-only domain controller Page: 124 Promoting a read-only domain controller using dcpromo.exe Page: 125 Promoting a domain controller using Windows PowerShell Page: 126 Checking proper promotion Page: 127 How it works... Page: 128 See also Page: 129 Using Install From Media Page: 130 How to do it... Page: 131 Creating the IFM package Page: 132 Leveraging the IFM package Page: 133 Using the Active Directory Domain Services Configuration Wizard Page: 134 Using dcpromo.exe Page: 135 Using the Install-ADDSDomainController PowerShell cmdlet Page: 136 How it works... Page: 137 Using domain controller cloning Page: 138 Getting ready Page: 139 How to do it... Page: 140 Making sure all agents and software packages are cloneable Page: 141 Supplying the information for the new domain controller configuration Page: 142 Adding the domain controller to the Cloneable Domain Controllers group Page: 143 Cloning the domain controller from the hypervisor Page: 144 How it works... Page: 145 See also Page: 146 Determining whether a virtual domain controller has a VM-GenerationID Page: 147 How to do it... Page: 148 How it works... Page: 149 Demoting a domain controller Page: 150 Getting ready Page: 151 How to do it... Page: 152 Using the wizard Page: 153 Using the Active Directory module for Windows PowerShell Page: 154 How it works... Page: 155 There's more... Page: 156 Demoting a domain controller forcefully Page: 157 How to do it... Page: 158 Using the Active Directory Domain Services Configuration Wizard Page: 159 Using manual steps Page: 160 Performing metadata cleanup Page: 161 Deleting the domain controller from DNS Page: 162 Deleting the computer object for the domain controller Page: 163 Deleting the SYSVOL replication membership Page: 164 Deleting the domain controller from Active Directory Sites and Services Page: 165 Deleting an orphaned domain Page: 166 See also Page: 167 Inventory domain controllers Page: 168 How to do it... Page: 169 Using Active Directory Users and Computers to inventory domain controllers Page: 170 Using the Active Directory module for Windows PowerShell to inventory domain controllers Page: 171 Decommissioning a compromised read-only domain controller Page: 172 How to do it... Page: 173 How it works... Page: 174 Managing Active Directory Roles and Features Page: 175 About FSMO roles Page: 176 Recommended practices for FSMO roles Page: 177 Querying FSMO role placement Page: 178 Getting ready Page: 179 How to do it... Page: 180 How it works... Page: 181 Transferring FSMO roles Page: 182 Getting ready Page: 183 How to do it... Page: 184 Transferring FSMO roles using the MMC snap-ins Page: 185 Transferring FSMO roles using the ntdsutil command-line tool Page: 186 Transferring FSMO roles using Windows PowerShell Page: 187 How it works... Page: 188 Seizing FSMO roles Page: 189 Getting ready Page: 190 How to do it... Page: 191 Seizing FSMO roles using the ntdsutil command-line tool Page: 192 Seizing FSMO roles using Windows PowerShell Page: 193 How it works... Page: 194 Configuring the Primary Domain Controller emulator to synchronize time with a reliable source Page: 195 Getting ready Page: 196 How to do it... Page: 197 How it works... Page: 198 Managing time synchronization for virtual domain controllers Page: 199 Getting ready Page: 200 How to do it... Page: 201 Managing time synchronization for virtual domain controllers running on VMware vSphere Page: 202 Managing time synchronization for virtual domain controllers running on Microsoft Hyper-V Page: 203 How it works... Page: 204 Managing global catalogs Page: 205 Getting ready Page: 206 How to do it... Page: 207 How it works Page: 208 Managing Containers and Organizational Units Page: 209 Differences between OUs and containers Page: 210 Containers Page: 211 OUs Page: 212 OUs versus Active Directory domains Page: 213 Creating an OU Page: 214 Getting ready Page: 215 How to do it... Page: 216 Using the Active Directory Administrative Center Page: 217 Using the command line Page: 218 Using Windows PowerShell Page: 219 How it works... Page: 220 There's more... Page: 221 Deleting an OU Page: 222 Getting ready Page: 223 How to do it... Page: 224 Using the Active Directory Administrative Center Page: 225 Using the command line Page: 226 Using Windows PowerShell Page: 227 How it works... Page: 228 There's more... Page: 229 Modifying an OU Page: 230 Getting ready Page: 231 How to do it... Page: 232 Using the Active Directory Administrative Center Page: 233 Using the command line Page: 234 Using Windows PowerShell Page: 235 How it works... Page: 236 There's more... Page: 237 See also Page: 238 Delegating control of an OU Page: 239 Getting ready Page: 240 How to do it... Page: 241 Using Active Directory Users and Computers Page: 242 Using the command line Page: 243 How it works... Page: 244 Using the built-in groups Page: 245 Using delegation of control Page: 246 See also Page: 247 Modifying the default location for new user and computer objects Page: 248 Getting ready Page: 249 How to do it... Page: 250 How it works... Page: 251 See also Page: 252 Managing Active Directory Sites and Troubleshooting Replication Page: 253 What do Active Directory sites do? Page: 254 Recommendations Page: 255 Creating a site Page: 256 Getting ready Page: 257 How to do it... Page: 258 Using Active Directory Sites and Services Page: 259 Using Windows PowerShell Page: 260 See also Page: 261 Managing a site Page: 262 Getting ready Page: 263 How to do it... Page: 264 Using Active Directory Sites and Services Page: 265 Using Windows PowerShell Page: 266 How it works... Page: 267 See also Page: 268 Managing subnets Page: 269 Getting ready Page: 270 How to do it... Page: 271 Using Active Directory Sites and Services Page: 272 Using Windows PowerShell Page: 273 How it works... Page: 274 See also Page: 275 Creating a site link Page: 276 Getting ready Page: 277 How to do it... Page: 278 Using Active Directory Sites and Services Page: 279 Using Windows PowerShell Page: 280 How it works... Page: 281 See also Page: 282 Managing a site link Page: 283 Getting ready Page: 284 How to do it... Page: 285 Using Active Directory Sites and Services Page: 286 Using Windows PowerShell Page: 287 See also Page: 288 Modifying replication settings for an Active Directory site link Page: 289 Getting ready Page: 290 How to do it... Page: 291 Using Active Directory Sites and Services Page: 292 Using Windows PowerShell Page: 293 How it works... Page: 294 Site-link costs Page: 295 Site-link replication schedules Page: 296 See also Page: 297 Creating a site link bridge Page: 298 Getting ready Page: 299 How to do it... Page: 300 See also Page: 301 Managing bridgehead servers Page: 302 Getting ready Page: 303 How to do it... Page: 304 Using Active Directory Sites and Services Page: 305 Using Windows PowerShell Page: 306 How it works... Page: 307 See also Page: 308 Managing the Inter-site Topology Generation and Knowledge Consistency Checker Page: 309 Getting ready Page: 310 How to do it... Page: 311 Using Active Directory Sites and Services Page: 312 Using Windows PowerShell Page: 313 How it works... Page: 314 See also Page: 315 Managing universal group membership caching Page: 316 Getting ready Page: 317 How to do it... Page: 318 Using Active Directory Sites and Services Page: 319 Using Windows PowerShell Page: 320 How it works... Page: 321 See also Page: 322 Working with repadmin.exe Page: 323 Getting ready Page: 324 How to do it... Page: 325 How it works... Page: 326 See also Page: 327 Forcing replication Page: 328 Getting ready Page: 329 How to do it... Page: 330 How it works... Page: 331 See also Page: 332 Managing inbound and outbound replication Page: 333 Getting ready Page: 334 How to do it... Page: 335 How it works... Page: 336 There's more... Page: 337 See also Page: 338 Modifying the tombstone lifetime period Page: 339 Getting ready Page: 340 How to do it... Page: 341 Using ADSI Edit Page: 342 Using Windows PowerShell Page: 343 How it works... Page: 344 See also Page: 345 Managing strict replication consistency Page: 346 Getting ready Page: 347 How to do it... Page: 348 How it works... Page: 349 Upgrading SYSVOL replication from File Replication Service to Distributed File System Replication Page: 350 Getting ready Page: 351 How to do it... Page: 352 The initial state Page: 353 The prepared state Page: 354 The redirected state Page: 355 The eliminated state Page: 356 How it works... Page: 357 See also Page: 358 Checking for and remediating lingering objects Page: 359 Getting ready Page: 360 How to do it... Page: 361 How it works... Page: 362 See also Page: 363 Managing Active Directory Users Page: 364 Creating a user Page: 365 Getting ready Page: 366 How to do it... Page: 367 Using Active Directory Users and Computers Page: 368 Using the Active Directory Administrative Center Page: 369 Using command-line tools Page: 370 Using Windows PowerShell Page: 371 How it works... Page: 372 There's more... Page: 373 Deleting a user Page: 374 Getting ready Page: 375 How to do it... Page: 376 Using Active Directory Users and Computers Page: 377 Using the Active Directory Administrative Center Page: 378 Using command-line tools Page: 379 Using Windows PowerShell Page: 380 How it works... Page: 381 See also Page: 382 Modifying several users at once Page: 383 Getting ready Page: 384 How to do it... Page: 385 Using Active Directory Users and Computers Page: 386 Using the Active Directory Administrative Center Page: 387 Using Windows PowerShell Page: 388 How it works... Page: 389 There's more... Page: 390 Moving a user Page: 391 Getting ready Page: 392 How to do it... Page: 393 Using Active Directory Users and Computers Page: 394 Using the Active Directory Administrative Center Page: 395 Using command-line tools Page: 396 Using Windows PowerShell Page: 397 How it works... Page: 398 Renaming a user Page: 399 Getting ready Page: 400 How to do it... Page: 401 Using Active Directory Users and Computers Page: 402 Using the Active Directory Administrative Center Page: 403 Using command-line tools Page: 404 Using Windows PowerShell Page: 405 How it works... Page: 406 Enabling and disabling a user Page: 407 Getting ready Page: 408 How to do it... Page: 409 Using Active Directory Users and Computers Page: 410 Using the Active Directory Administrative Center Page: 411 Using command-line tools Page: 412 Using Windows PowerShell Page: 413 How it works... Page: 414 There's more... Page: 415 Finding locked-out users Page: 416 Getting ready Page: 417 How to do it... Page: 418 Using the Active Directory Administrative Center Page: 419 Using Windows PowerShell Page: 420 How it works... Page: 421 See also Page: 422 Unlocking a user Page: 423 Getting ready Page: 424 How to do it... Page: 425 Using the Active Directory Administrative Center Page: 426 Using Windows PowerShell Page: 427 Managing userAccountControl Page: 428 Getting ready Page: 429 How to do it... Page: 430 Reading the userAccountControl attribute Page: 431 Using Active Directory Users and Computers Page: 432 Using the Active Directory Administrative Center Page: 433 Using Windows PowerShell Page: 434 Setting the userAccountControl attribute Page: 435 Using ADSI Edit Page: 436 Using Windows PowerShell Page: 437 How it works... Page: 438 Using account expiration Page: 439 Getting ready Page: 440 How to do it... Page: 441 Using Active Directory Users and Computers Page: 442 Using the Active Directory Administrative Center Page: 443 Using command-line tools Page: 444 Using Windows PowerShell Page: 445 How it works... Page: 446 Managing Active Directory Groups Page: 447 Creating a group Page: 448 Getting ready Page: 449 How to do it... Page: 450 Using Active Directory Users and Computers Page: 451 Using the Active Directory Administrative Center Page: 452 Using command-line tools Page: 453 Using Windows PowerShell Page: 454 How it works... Page: 455 Group scopes Page: 456 Group types Page: 457 Deleting a group Page: 458 Getting ready Page: 459 How to do it... Page: 460 Using Active Directory Groups and Computers Page: 461 Using the Active Directory Administrative Center Page: 462 Using command-line tools Page: 463 Using Windows PowerShell Page: 464 How it works... Page: 465 Managing the direct members of a group Page: 466 Getting ready Page: 467 How to do it... Page: 468 Using Active Directory Groups and Computers Page: 469 Using the Active Directory Administrative Center Page: 470 Using Windows PowerShell Page: 471 How it works... Page: 472 Managing expiring group memberships Page: 473 Getting ready Page: 474 How to do it... Page: 475 How it works... Page: 476 Changing the scope or type of a group Page: 477 Getting ready Page: 478 How to do it... Page: 479 Using Active Directory Groups and Computers Page: 480 Using the Active Directory Administrative Center Page: 481 Using command-line tools Page: 482 Using Windows PowerShell Page: 483 How it works... Page: 484 Group scopes Page: 485 Group types Page: 486 Viewing nested group memberships Page: 487 Getting ready Page: 488 How to do it... Page: 489 How it works... Page: 490 Finding empty groups Page: 491 Getting ready Page: 492 How to do it... Page: 493 How it works... Page: 494 Managing Active Directory Computers Page: 495 Creating a computer Page: 496 Getting ready Page: 497 How to do it... Page: 498 Using Active Directory Users and Computers Page: 499 Using the Active Directory Administrative Center Page: 500 Using command-line tools Page: 501 Using Windows PowerShell Page: 502 How it works... Page: 503 There's more... Page: 504 Deleting a computer Page: 505 Getting ready Page: 506 How to do it... Page: 507 Using Active Directory Users and Computers Page: 508 Using the Active Directory Administrative Center Page: 509 Using command-line tools Page: 510 Using Windows PowerShell Page: 511 How it works... Page: 512 See also Page: 513 Joining a computer to the domain Page: 514 Getting ready Page: 515 How to do it... Page: 516 Using the GUI Page: 517 Using Windows PowerShell Page: 518 How it works... Page: 519 There's more... Page: 520 See also Page: 521 Renaming a computer Page: 522 Getting ready Page: 523 How to do it... Page: 524 Using the settings app Page: 525 Using the command line Page: 526 Using Windows PowerShell Page: 527 How it works... Page: 528 There's more... Page: 529 Testing the secure channel for a computer Page: 530 Getting ready Page: 531 How to do it... Page: 532 Using the command line Page: 533 Using Windows PowerShell Page: 534 How it works... Page: 535 See also Page: 536 Resetting a computer's secure channel Page: 537 Getting ready Page: 538 How to do it... Page: 539 Using Active Directory Users and Computers Page: 540 Using the Active Directory Administrative Center Page: 541 Using the command line Page: 542 Using Windows PowerShell Page: 543 How it works... Page: 544 Changing the default quota for creating computer objects Page: 545 Getting ready Page: 546 How to do it... Page: 547 Using ADSI Edit Page: 548 Using Windows PowerShell Page: 549 How it works... Page: 550 Getting the Most Out of Group Policy Page: 551 Creating a Group Policy Object (GPO) Page: 552 Getting ready Page: 553 How to do it... Page: 554 Using the Group Policy Management Console Page: 555 Using Windows PowerShell Page: 556 How it works... Page: 557 See also Page: 558 Copying a GPO Page: 559 Getting ready Page: 560 How to do it... Page: 561 Using the Group Policy Management Console Page: 562 Using Windows PowerShell Page: 563 How it works... Page: 564 There's more... Page: 565 Deleting a GPO Page: 566 Getting ready Page: 567 How to do it... Page: 568 Using the Group Policy Management Console Page: 569 Using Windows PowerShell Page: 570 How it works... Page: 571 See also Page: 572 Modifying the settings of a GPO Page: 573 Getting ready Page: 574 How to do it... Page: 575 How it works... Page: 576 Assigning scripts Page: 577 Getting ready Page: 578 How to do it... Page: 579 How it works... Page: 580 Installing applications Page: 581 Getting ready Page: 582 How to do it... Page: 583 How it works... Page: 584 Linking a GPO to an OU Page: 585 Getting ready Page: 586 How to do it... Page: 587 How it works... Page: 588 There's more... Page: 589 Blocking inheritance of GPOs on an OU Page: 590 Getting ready Page: 591 How to do it... Page: 592 How it works... Page: 593 Enforcing the settings of a GPO Link Page: 594 Getting ready Page: 595 How to do it... Page: 596 How it works... Page: 597 Applying security filters Page: 598 Getting ready Page: 599 How to do it... Page: 600 How it works... Page: 601 Creating and applying WMI Filters Page: 602 Getting ready Page: 603 How to do it... Page: 604 How it works... Page: 605 There's more... Page: 606 Configuring loopback processing Page: 607 Getting ready Page: 608 How to do it... Page: 609 How it works... Page: 610 Restoring a default GPO Page: 611 Getting ready Page: 612 How to do it... Page: 613 How it works... Page: 614 There's more... Page: 615 Creating the Group Policy Central Store Page: 616 Getting ready Page: 617 How to do it... Page: 618 How it works... Page: 619 There's more... Page: 620 Securing Active Directory Page: 621 Applying fine-grained password and account lockout policies Page: 622 Getting ready Page: 623 How to do it... Page: 624 Using the Active Directory Administrative Center Page: 625 Using the Active Directory Module for Windows PowerShell Page: 626 How it works... Page: 627 There's more... Page: 628 Backing up and restoring GPOs Page: 629 Getting ready Page: 630 How to do it... Page: 631 How it works... Page: 632 There's more... Page: 633 Backing up and restoring Active Directory Page: 634 Getting ready Page: 635 How to do it... Page: 636 How it works... Page: 637 Working with Active Directory snapshots Page: 638 Getting ready Page: 639 How to do it... Page: 640 How it works... Page: 641 There's more... Page: 642 Managing the DSRM passwords on domain controllers Page: 643 Getting ready Page: 644 How to do it... Page: 645 How it works... Page: 646 Implementing LAPS Page: 647 Getting ready Page: 648 How to do it... Page: 649 Implementing LAPS Page: 650 Extending the schema Page: 651 Setting permissions Page: 652 Creating the GPO to install the LAPS Client-side Extensions Page: 653 Linking the GPO to OUs with devices Page: 654 Managing passwords Page: 655 Viewing an administrator password Page: 656 Resetting an Administrator password Page: 657 How it works... Page: 658 See also Page: 659 Managing deleted objects Page: 660 Getting ready Page: 661 How to do it... Page: 662 Using the Active Directory Administrative Center Page: 663 Using Windows PowerShell Page: 664 How it works... Page: 665 There's more... Page: 666 See also Page: 667 Working with group Managed Service Accounts Page: 668 Getting ready Page: 669 How to do it... Page: 670 How it works... Page: 671 There's more... Page: 672 Configuring the advanced security audit policy Page: 673 Getting ready Page: 674 How to do it... Page: 675 How it works... Page: 676 Resetting the KRBTGT secret Page: 677 Getting ready Page: 678 How to do it... Page: 679 How it works... Page: 680 There's more... Page: 681 Using SCW to secure domain controllers Page: 682 Getting ready Page: 683 How to do it Page: 684 Secure a representative domain controller using SCW Page: 685 Roll-out the security settings to all domain controllers using Group Policy Page: 686 How it works... Page: 687 Leveraging the Protected Users group Page: 688 Getting ready Page: 689 How to do it... Page: 690 Using Active Directory Users and Computers Page: 691 Using the Active Directory Administrative Center Page: 692 Using Windows PowerShell Page: 693 How it works... Page: 694 Putting authentication policies and authentication policy silos to good use Page: 695 Getting ready Page: 696 How to do it... Page: 697 Enable domain controller support for claims Page: 698 Enable compound claims on devices in scope for an authentication policy Page: 699 Create an Authentication Policy Page: 700 Create an Authentication Policy Silo Page: 701 Assign the Authentication Policy Silo Page: 702 How it works... Page: 703 Configuring Extranet Smart Lock-out Page: 704 Getting ready Page: 705 How to do it... Page: 706 How it works... Page: 707 Managing Federation Page: 708 Choosing the right AD FS farm deployment method Page: 709 Getting ready Page: 710 How to do it... Page: 711 How it works... Page: 712 There's more... Page: 713 See also Page: 714 Installing the AD FS server role Page: 715 Getting ready Page: 716 How to do it... Page: 717 How it works... Page: 718 Setting up an AD FS farm with Windows Internal Database Page: 719 Getting ready Page: 720 How to do it... Page: 721 Configuring AD FS Page: 722 Checking the proper AD FS configuration Page: 723 How it works... Page: 724 There's more... Page: 725 See also Page: 726 Setting up an AD FS farm with SQL Server Page: 727 Getting ready Page: 728 How to do it... Page: 729 Creating a gMSA Page: 730 Creating the script Page: 731 Creating the databases Page: 732 Configuring AD FS Page: 733 Checking the proper AD FS configuration Page: 734 How it works... Page: 735 There's more... Page: 736 See also Page: 737 Adding additional AD FS servers to an AD FS farm Page: 738 Getting ready Page: 739 How to do it... Page: 740 How it works... Page: 741 See also Page: 742 Removing AD FS servers from an AD FS farm Page: 743 Getting ready Page: 744 How to do it... Page: 745 How it works... Page: 746 There's more... Page: 747 Creating a Relying Party Trust (RPT) Page: 748 Getting ready Page: 749 How to do it... Page: 750 How it works... Page: 751 Deleting an RPT Page: 752 Getting ready Page: 753 How to do it... Page: 754 How it works... Page: 755 Configuring branding Page: 756 Getting ready Page: 757 How to do it... Page: 758 How it works... Page: 759 Setting up a Web Application Proxy Page: 760 Getting ready Page: 761 How to do it... Page: 762 Installing the Web Application Proxy feature Page: 763 Configuring the Web Application Proxy Page: 764 Checking the proper Web Application Proxy configuration Page: 765 How it works... Page: 766 There's more... Page: 767 Decommissioning a Web Application Proxy Page: 768 Getting ready Page: 769 How to do it... Page: 770 How it works... Page: 771 Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and 3SO) Page: 772 Choosing the right authentication method Page: 773 Getting ready Page: 774 How to do it... Page: 775 How it works... Page: 776 Active Directory Federation Services or PingFederate Page: 777 Password Hash Sync Page: 778 Pass-through authentication Page: 779 Seamless Single Sign-on Page: 780 Cloud-only Page: 781 There's more... Page: 782 Verifying your DNS domain name Page: 783 Getting ready Page: 784 How to do it... Page: 785 How it works... Page: 786 Implementing Password Hash Sync with Express Settings Page: 787 Getting ready Page: 788 How to do it... Page: 789 How it works... Page: 790 Implementing Pass-through Authentication Page: 791 Getting ready Page: 792 How to do it... Page: 793 Adding the Azure AD Authentication Service to the intranet sites Page: 794 Configuring Azure AD Connect Page: 795 How it works... Page: 796 There's more... Page: 797 Implementing single sign-on to Office 365 using AD FS Page: 798 Getting ready Page: 799 How to do it... Page: 800 How it works... Page: 801 There's more... Page: 802 Managing AD FS with Azure AD Connect Page: 803 Getting ready Page: 804 How to do it... Page: 805 Reset Azure AD trust Page: 806 Federate an Azure AD domain Page: 807 Update the AD FS SSL certificate Page: 808 Deploy an AD FS server Page: 809 Add a Web Application Proxy server Page: 810 Verify federated login Page: 811 How it works... Page: 812 There's more... Page: 813 Implementing Azure Traffic Manager for AD FS geo-redundancy Page: 814 Getting ready Page: 815 How to do it... Page: 816 Configuring the Web Application Proxies for probing Page: 817 Configuring Azure Traffic Manager Page: 818 Adding DNS records Page: 819 How it works... Page: 820 There's more... Page: 821 Migrating from AD FS to Pass-through Authentication for single sign-on to Office 365 Page: 822 Getting ready Page: 823 How to do it... Page: 824 Adding the Azure AD Authentication Service to the intranet sites Page: 825 Configuring Azure AD Connect Page: 826 Checking domains in the Azure portal Page: 827 Disabling federation in Azure AD Page: 828 Deleting the Office 365 Identity Platform relying party trust Page: 829 How it works... Page: 830 There's more... Page: 831 Making Pass-through Authentication (geo)redundant Page: 832 Getting ready Page: 833 How to do it... Page: 834 Installing and configuring the PTA Agent Page: 835 Checking proper installation and configuration Page: 836 How it works... Page: 837 Handling Synchronization in a Hybrid World (Azure AD Connect) Page: 838 Choosing the right sourceAnchor Page: 839 Getting ready Page: 840 How to do it... Page: 841 How it works... Page: 842 There's more... Page: 843 Configuring staging mode Page: 844 Getting ready Page: 845 How to do it... Page: 846 How it works... Page: 847 See also Page: 848 Switching to a staging mode server Page: 849 Getting ready Page: 850 How to do it... Page: 851 How it works... Page: 852 Configuring Domain and OU filtering Page: 853 Getting ready Page: 854 How to do it... Page: 855 Configuring Azure AD Connect initially Page: 856 Reconfiguring Azure AD Connect Page: 857 How it works... Page: 858 Configuring Azure AD app and attribute filtering Page: 859 Getting ready Page: 860 How to do it... Page: 861 Configuring Azure AD Connect initially Page: 862 Reconfiguring Azure AD Connect Page: 863 How it works... Page: 864 Configuring MinSync Page: 865 Getting ready Page: 866 How to do it... Page: 867 Configuring Azure AD Connect initially Page: 868 Reconfiguring Azure AD Connect Page: 869 How it works... Page: 870 Configuring Hybrid Azure AD Join Page: 871 Getting ready Page: 872 How to do it... Page: 873 Adding the Azure AD Device Registration Service to the intranet sites Page: 874 Distributing Workplace Join for non-Windows 10 computers Page: 875 Setting the Group Policy to register for down-level Windows devices Page: 876 Link the Group Policy to the right Organizational Units Page: 877 Configuring Hybrid Azure AD Join in Azure AD Connect Page: 878 How it works... Page: 879 Configuring Device writeback Page: 880 Getting ready Page: 881 How to do it... Page: 882 How it works... Page: 883 Configuring Password writeback Page: 884 Getting ready Page: 885 How to do it... Page: 886 Configuring the proper permissions for Azure AD Connect service accounts Page: 887 Configuring Azure AD Connect Page: 888 Configuring Azure AD Connect initially Page: 889 Reconfiguring Azure AD Connect Page: 890 How it works... Page: 891 Configuring Group writeback Page: 892 Getting ready Page: 893 How to do it... Page: 894 Creating the Organizational Unit where groups are to be written back Page: 895 Configuring Azure AD Connect Page: 896 Configuring Azure AD Connect initially Page: 897 Reconfiguring Azure AD Connect Page: 898 Configuring the proper permissions for Azure AD Connect service accounts Page: 899 How it works... Page: 900 Changing the passwords for Azure AD Connects service accounts Page: 901 Getting ready Page: 902 How to do it... Page: 903 Managing the service account connecting to Active Directory Page: 904 Managing the service account connecting to Azure AD Page: 905 Managing the computer account for Seamless Single Sign-on Page: 906 How it works... Page: 907 The service account running the Azure AD Connect service Page: 908 The service account connecting to Active Directory Page: 909 The service account connecting to Azure AD Page: 910 The computer account for Seamless Single Sign-on Page: 911 Hardening Azure AD Page: 912 Setting the contact information Page: 913 Getting ready Page: 914 How to do it... Page: 915 How it works... Page: 916 Preventing non-privileged users from accessing the Azure portal Page: 917 Getting ready Page: 918 How to do it... Page: 919 How it works... Page: 920 Viewing all privileged users in Azure AD Page: 921 Getting ready Page: 922 How to do it... Page: 923 Using the Azure AD PowerShell Page: 924 Using the Azure Cloud Shell Page: 925 How it works... Page: 926 Preventing users from registering or consenting to apps Page: 927 Getting ready Page: 928 How to do it... Page: 929 How it works... Page: 930 There's more... Page: 931 Preventing users from inviting guests Page: 932 Getting ready Page: 933 How to do it... Page: 934 How it works... Page: 935 There's more... Page: 936 See also Page: 937 Configuring whitelisting or blacklisting for Azure AD B2B Page: 938 Getting ready Page: 939 How to do it... Page: 940 How it works... Page: 941 Configuring Azure AD Join and Azure AD Registration Page: 942 Getting ready Page: 943 How to do it... Page: 944 Limiting who can join Azure AD devices Page: 945 Limiting who can register Azure AD devices Page: 946 Configuring additional administrators Page: 947 Enabling Enterprise State Roaming Page: 948 How it works... Page: 949 See also Page: 950 Configuring Intune auto-enrollment upon Azure AD Join Page: 951 Getting ready Page: 952 How to do it... Page: 953 How it works... Page: 954 Configuring baseline policies Page: 955 Getting ready Page: 956 How to do it... Page: 957 How it works... Page: 958 Configuring Conditional Access Page: 959 Getting ready Page: 960 How to do it... Page: 961 How it works... Page: 962 See also Page: 963 Accessing Azure AD Connect Health Page: 964 Getting ready Page: 965 How to do it... Page: 966 How it works... Page: 967 There's more... Page: 968 Configuring Azure AD Connect Health for AD FS Page: 969 Getting ready Page: 970 How to do it... Page: 971 Downloading the agent Page: 972 Installing and configuring the agent Page: 973 Consuming the information in the Azure AD Connect Health dashboard Page: 974 How it works... Page: 975 Configuring Azure AD Connect Health for AD DS Page: 976 Getting ready Page: 977 How to do it... Page: 978 Downloading the agent Page: 979 Installing and configuring the agent Page: 980 Consuming the information in the Azure AD Connect Health dashboard Page: 981 How it works... Page: 982 Configuring Azure AD Privileged Identity Management Page: 983 Getting ready Page: 984 How to do it... Page: 985 How it works... Page: 986 There's more... Page: 987 Configuring Azure AD Identity Protection Page: 988 Getting ready Page: 989 How to do it... Page: 990 How it works... Page: 991 MFA registration Page: 992 User risk policies Page: 993 Sign-in risk policies Page: 994 There's more... Page: 995 Other Books You May Enjoy Page: 996 Leave a review - let other readers know what you think Page: 997

Description:
Learn the intricacies of managing Azure AD and Azure AD Connect, as well as Active Directory for administration on cloud and Windows Server 2019 Key Features Expert solutions for the federation, certificates, security, and monitoring with Active Directory Explore Azure AD and AD Connect for effective administration on cloud Automate security tasks using Active Directory and PowerShell Book Description Active Directory is an administration system for Windows administrators to automate network, security and access management tasks in the Windows infrastructure. This book starts off with a detailed focus on forests, domains, trusts, schemas and partitions. Next, you'll learn how to manage domain controllers, organizational units and the default containers. Going forward, you'll explore managing Active Directory sites as well as identifying and solving replication problems. The next set of chapters covers the different components of Active Directory and discusses the management of users, groups and computers. You'll also work through recipes that help you manage your Active Directory domains, manage user and group objects and computer accounts, expiring group memberships and group Managed Service Accounts (gMSAs) with PowerShell. You'll understand how to work with Group Policy and how to get the most out of it. The last set of chapters covers federation, security and monitoring. You will also learn about Azure Active Directory and how to integrate on-premises Active Directory with Azure AD. You'll discover how Azure AD Connect synchronization works, which will help you manage Azure AD. By the end of the book, you have learned about Active Directory and Azure AD in detail. What you will learn Manage new Active Directory features, such as the Recycle Bin, group Managed Service Accounts, and fine-grained password policies Work with Active Directory from the command line and use Windows PowerShell to automate tasks Create and remove forests, domains, and trusts Create groups, modify group scope and type, and manage memberships Delegate control, view and modify permissions Optimize Active Directory and Azure AD in terms of security Who this book is for This book will cater to administrators of existing Active Directory Domain Services environments and/or Azure AD tenants, looking for guidance to optimize their day-to-day effectiveness. Basic networking and Windows Server Operating System knowledge would come in handy.
See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users