Table Of ContentTitle Page Page: 2
Copyright and Credits Page: 2
Active Directory Administration Cookbook Page: 4
About Packt Page: 5
Why subscribe? Page: 6
Packt.com Page: 7
Contributors Page: 8
About the author Page: 9
About the reviewer Page: 10
Packt is searching for authors like you Page: 11
Preface Page: 21
Who this book is for Page: 22
What this book covers Page: 23
To get the most out of this book Page: 24
Download the example code files Page: 25
Download the color images Page: 26
Conventions used Page: 27
Sections Page: 28
Getting ready Page: 29
How to do it... Page: 30
How it works... Page: 31
There's more... Page: 32
See also Page: 33
Get in touch Page: 34
Reviews Page: 35
Optimizing Forests, Domains, and Trusts Page: 36
Choosing between a new domain or forest Page: 37
Why would you have a new domain? Page: 38
What are the downsides of a new domain? Page: 39
Why would you create a new forest? Page: 40
What are the downsides of a new forest? Page: 41
Listing the domains in your forest Page: 42
Getting ready Page: 43
Installing the Active Directory module for Windows PowerShell on Windows Server Page: 44
Installing the Active Directory module for Windows PowerShell on Windows Page: 45
Required permissions Page: 46
How to do it... Page: 47
How it works... Page: 48
Using adprep.exe to prepare for new Active Directory functionality Page: 49
Getting ready Page: 50
Required permissions Page: 51
How to do it... Page: 52
Preparing the forest Page: 53
Preparing the forest for RODCs Page: 54
Preparing the domain Page: 55
Fixing up Group Policy permissions Page: 56
Checking the preparation replication Page: 57
How it works... Page: 58
There's more... Page: 59
Raising the domain functional level to Windows Server 2016 Page: 60
Getting ready Page: 61
Required permissions Page: 62
How to do it... Page: 63
How it works... Page: 64
Raising the forest functional level to Windows Server 2016 Page: 65
Getting ready Page: 66
Required permissions Page: 67
How to do it... Page: 68
How it works... Page: 69
Creating the right trust Page: 70
Trust direction Page: 71
Trust transitivity Page: 72
One-way or two-way trust Page: 73
Getting ready Page: 74
Required permissions Page: 75
How to do it... Page: 76
Verifying and resetting a trust Page: 77
Getting ready Page: 78
Required permissions Page: 79
How to do it... Page: 80
How it works... Page: 81
Securing a trust Page: 82
Getting ready Page: 83
Required permissions Page: 84
How to do it... Page: 85
How it works... Page: 86
There's more... Page: 87
Extending the schema Page: 88
Getting ready Page: 89
Required permissions Page: 90
How to do it... Page: 91
There's more... Page: 92
Enabling the Active Directory Recycle Bin Page: 93
Getting ready Page: 94
Required permissions Page: 95
How to do it... Page: 96
How it works... Page: 97
Managing UPN suffixes Page: 98
Getting ready Page: 99
How to do it... Page: 100
How it works... Page: 101
There's more... Page: 102
Managing Domain Controllers Page: 103
Preparing a Windows Server to become a domain controller Page: 104
Intending to do the right thing Page: 105
Dimensioning the servers properly Page: 106
Preparing the Windows Server installations Page: 107
Preconfigure the Windows Servers Page: 108
Document the passwords Page: 109
Promoting a server to a domain controller Page: 110
Getting ready Page: 111
How to do it... Page: 112
Promoting a domain controller using the wizard Page: 113
Installing the Active Directory Domain Services role Page: 114
Promoting the server to a domain controller Page: 115
Promoting a domain controller using dcpromo.exe Page: 116
Promoting a domain controller using Windows PowerShell Page: 117
Checking proper promotion Page: 118
See also Page: 119
Promoting a server to a read-only domain controller Page: 120
Getting ready Page: 121
How to do it... Page: 122
Installing the Active Directory Domain Services role Page: 123
Promoting the server to a read-only domain controller Page: 124
Promoting a read-only domain controller using dcpromo.exe Page: 125
Promoting a domain controller using Windows PowerShell Page: 126
Checking proper promotion Page: 127
How it works... Page: 128
See also Page: 129
Using Install From Media Page: 130
How to do it... Page: 131
Creating the IFM package Page: 132
Leveraging the IFM package Page: 133
Using the Active Directory Domain Services Configuration Wizard Page: 134
Using dcpromo.exe Page: 135
Using the Install-ADDSDomainController PowerShell cmdlet Page: 136
How it works... Page: 137
Using domain controller cloning Page: 138
Getting ready Page: 139
How to do it... Page: 140
Making sure all agents and software packages are cloneable Page: 141
Supplying the information for the new domain controller configuration Page: 142
Adding the domain controller to the Cloneable Domain Controllers group Page: 143
Cloning the domain controller from the hypervisor Page: 144
How it works... Page: 145
See also Page: 146
Determining whether a virtual domain controller has a VM-GenerationID Page: 147
How to do it... Page: 148
How it works... Page: 149
Demoting a domain controller Page: 150
Getting ready Page: 151
How to do it... Page: 152
Using the wizard Page: 153
Using the Active Directory module for Windows PowerShell Page: 154
How it works... Page: 155
There's more... Page: 156
Demoting a domain controller forcefully Page: 157
How to do it... Page: 158
Using the Active Directory Domain Services Configuration Wizard Page: 159
Using manual steps Page: 160
Performing metadata cleanup Page: 161
Deleting the domain controller from DNS Page: 162
Deleting the computer object for the domain controller Page: 163
Deleting the SYSVOL replication membership Page: 164
Deleting the domain controller from Active Directory Sites and Services Page: 165
Deleting an orphaned domain Page: 166
See also Page: 167
Inventory domain controllers Page: 168
How to do it... Page: 169
Using Active Directory Users and Computers to inventory domain controllers Page: 170
Using the Active Directory module for Windows PowerShell to inventory domain controllers Page: 171
Decommissioning a compromised read-only domain controller Page: 172
How to do it... Page: 173
How it works... Page: 174
Managing Active Directory Roles and Features Page: 175
About FSMO roles Page: 176
Recommended practices for FSMO roles Page: 177
Querying FSMO role placement Page: 178
Getting ready Page: 179
How to do it... Page: 180
How it works... Page: 181
Transferring FSMO roles Page: 182
Getting ready Page: 183
How to do it... Page: 184
Transferring FSMO roles using the MMC snap-ins Page: 185
Transferring FSMO roles using the ntdsutil command-line tool Page: 186
Transferring FSMO roles using Windows PowerShell Page: 187
How it works... Page: 188
Seizing FSMO roles Page: 189
Getting ready Page: 190
How to do it... Page: 191
Seizing FSMO roles using the ntdsutil command-line tool Page: 192
Seizing FSMO roles using Windows PowerShell Page: 193
How it works... Page: 194
Configuring the Primary Domain Controller emulator to synchronize time with a reliable source Page: 195
Getting ready Page: 196
How to do it... Page: 197
How it works... Page: 198
Managing time synchronization for virtual domain controllers Page: 199
Getting ready Page: 200
How to do it... Page: 201
Managing time synchronization for virtual domain controllers running on VMware vSphere Page: 202
Managing time synchronization for virtual domain controllers running on Microsoft Hyper-V Page: 203
How it works... Page: 204
Managing global catalogs Page: 205
Getting ready Page: 206
How to do it... Page: 207
How it works Page: 208
Managing Containers and Organizational Units Page: 209
Differences between OUs and containers Page: 210
Containers Page: 211
OUs Page: 212
OUs versus Active Directory domains Page: 213
Creating an OU Page: 214
Getting ready Page: 215
How to do it... Page: 216
Using the Active Directory Administrative Center Page: 217
Using the command line Page: 218
Using Windows PowerShell Page: 219
How it works... Page: 220
There's more... Page: 221
Deleting an OU Page: 222
Getting ready Page: 223
How to do it... Page: 224
Using the Active Directory Administrative Center Page: 225
Using the command line Page: 226
Using Windows PowerShell Page: 227
How it works... Page: 228
There's more... Page: 229
Modifying an OU Page: 230
Getting ready Page: 231
How to do it... Page: 232
Using the Active Directory Administrative Center Page: 233
Using the command line Page: 234
Using Windows PowerShell Page: 235
How it works... Page: 236
There's more... Page: 237
See also Page: 238
Delegating control of an OU Page: 239
Getting ready Page: 240
How to do it... Page: 241
Using Active Directory Users and Computers Page: 242
Using the command line Page: 243
How it works... Page: 244
Using the built-in groups Page: 245
Using delegation of control Page: 246
See also Page: 247
Modifying the default location for new user and computer objects Page: 248
Getting ready Page: 249
How to do it... Page: 250
How it works... Page: 251
See also Page: 252
Managing Active Directory Sites and Troubleshooting Replication Page: 253
What do Active Directory sites do? Page: 254
Recommendations Page: 255
Creating a site Page: 256
Getting ready Page: 257
How to do it... Page: 258
Using Active Directory Sites and Services Page: 259
Using Windows PowerShell Page: 260
See also Page: 261
Managing a site Page: 262
Getting ready Page: 263
How to do it... Page: 264
Using Active Directory Sites and Services Page: 265
Using Windows PowerShell Page: 266
How it works... Page: 267
See also Page: 268
Managing subnets Page: 269
Getting ready Page: 270
How to do it... Page: 271
Using Active Directory Sites and Services Page: 272
Using Windows PowerShell Page: 273
How it works... Page: 274
See also Page: 275
Creating a site link Page: 276
Getting ready Page: 277
How to do it... Page: 278
Using Active Directory Sites and Services Page: 279
Using Windows PowerShell Page: 280
How it works... Page: 281
See also Page: 282
Managing a site link Page: 283
Getting ready Page: 284
How to do it... Page: 285
Using Active Directory Sites and Services Page: 286
Using Windows PowerShell Page: 287
See also Page: 288
Modifying replication settings for an Active Directory site link Page: 289
Getting ready Page: 290
How to do it... Page: 291
Using Active Directory Sites and Services Page: 292
Using Windows PowerShell Page: 293
How it works... Page: 294
Site-link costs Page: 295
Site-link replication schedules Page: 296
See also Page: 297
Creating a site link bridge Page: 298
Getting ready Page: 299
How to do it... Page: 300
See also Page: 301
Managing bridgehead servers Page: 302
Getting ready Page: 303
How to do it... Page: 304
Using Active Directory Sites and Services Page: 305
Using Windows PowerShell Page: 306
How it works... Page: 307
See also Page: 308
Managing the Inter-site Topology Generation and Knowledge Consistency Checker Page: 309
Getting ready Page: 310
How to do it... Page: 311
Using Active Directory Sites and Services Page: 312
Using Windows PowerShell Page: 313
How it works... Page: 314
See also Page: 315
Managing universal group membership caching Page: 316
Getting ready Page: 317
How to do it... Page: 318
Using Active Directory Sites and Services Page: 319
Using Windows PowerShell Page: 320
How it works... Page: 321
See also Page: 322
Working with repadmin.exe Page: 323
Getting ready Page: 324
How to do it... Page: 325
How it works... Page: 326
See also Page: 327
Forcing replication Page: 328
Getting ready Page: 329
How to do it... Page: 330
How it works... Page: 331
See also Page: 332
Managing inbound and outbound replication Page: 333
Getting ready Page: 334
How to do it... Page: 335
How it works... Page: 336
There's more... Page: 337
See also Page: 338
Modifying the tombstone lifetime period Page: 339
Getting ready Page: 340
How to do it... Page: 341
Using ADSI Edit Page: 342
Using Windows PowerShell Page: 343
How it works... Page: 344
See also Page: 345
Managing strict replication consistency Page: 346
Getting ready Page: 347
How to do it... Page: 348
How it works... Page: 349
Upgrading SYSVOL replication from File Replication Service to Distributed File System Replication Page: 350
Getting ready Page: 351
How to do it... Page: 352
The initial state Page: 353
The prepared state Page: 354
The redirected state Page: 355
The eliminated state Page: 356
How it works... Page: 357
See also Page: 358
Checking for and remediating lingering objects Page: 359
Getting ready Page: 360
How to do it... Page: 361
How it works... Page: 362
See also Page: 363
Managing Active Directory Users Page: 364
Creating a user Page: 365
Getting ready Page: 366
How to do it... Page: 367
Using Active Directory Users and Computers Page: 368
Using the Active Directory Administrative Center Page: 369
Using command-line tools Page: 370
Using Windows PowerShell Page: 371
How it works... Page: 372
There's more... Page: 373
Deleting a user Page: 374
Getting ready Page: 375
How to do it... Page: 376
Using Active Directory Users and Computers Page: 377
Using the Active Directory Administrative Center Page: 378
Using command-line tools Page: 379
Using Windows PowerShell Page: 380
How it works... Page: 381
See also Page: 382
Modifying several users at once Page: 383
Getting ready Page: 384
How to do it... Page: 385
Using Active Directory Users and Computers Page: 386
Using the Active Directory Administrative Center Page: 387
Using Windows PowerShell Page: 388
How it works... Page: 389
There's more... Page: 390
Moving a user Page: 391
Getting ready Page: 392
How to do it... Page: 393
Using Active Directory Users and Computers Page: 394
Using the Active Directory Administrative Center Page: 395
Using command-line tools Page: 396
Using Windows PowerShell Page: 397
How it works... Page: 398
Renaming a user Page: 399
Getting ready Page: 400
How to do it... Page: 401
Using Active Directory Users and Computers Page: 402
Using the Active Directory Administrative Center Page: 403
Using command-line tools Page: 404
Using Windows PowerShell Page: 405
How it works... Page: 406
Enabling and disabling a user Page: 407
Getting ready Page: 408
How to do it... Page: 409
Using Active Directory Users and Computers Page: 410
Using the Active Directory Administrative Center Page: 411
Using command-line tools Page: 412
Using Windows PowerShell Page: 413
How it works... Page: 414
There's more... Page: 415
Finding locked-out users Page: 416
Getting ready Page: 417
How to do it... Page: 418
Using the Active Directory Administrative Center Page: 419
Using Windows PowerShell Page: 420
How it works... Page: 421
See also Page: 422
Unlocking a user Page: 423
Getting ready Page: 424
How to do it... Page: 425
Using the Active Directory Administrative Center Page: 426
Using Windows PowerShell Page: 427
Managing userAccountControl Page: 428
Getting ready Page: 429
How to do it... Page: 430
Reading the userAccountControl attribute Page: 431
Using Active Directory Users and Computers Page: 432
Using the Active Directory Administrative Center Page: 433
Using Windows PowerShell Page: 434
Setting the userAccountControl attribute Page: 435
Using ADSI Edit Page: 436
Using Windows PowerShell Page: 437
How it works... Page: 438
Using account expiration Page: 439
Getting ready Page: 440
How to do it... Page: 441
Using Active Directory Users and Computers Page: 442
Using the Active Directory Administrative Center Page: 443
Using command-line tools Page: 444
Using Windows PowerShell Page: 445
How it works... Page: 446
Managing Active Directory Groups Page: 447
Creating a group Page: 448
Getting ready Page: 449
How to do it... Page: 450
Using Active Directory Users and Computers Page: 451
Using the Active Directory Administrative Center Page: 452
Using command-line tools Page: 453
Using Windows PowerShell Page: 454
How it works... Page: 455
Group scopes Page: 456
Group types Page: 457
Deleting a group Page: 458
Getting ready Page: 459
How to do it... Page: 460
Using Active Directory Groups and Computers Page: 461
Using the Active Directory Administrative Center Page: 462
Using command-line tools Page: 463
Using Windows PowerShell Page: 464
How it works... Page: 465
Managing the direct members of a group Page: 466
Getting ready Page: 467
How to do it... Page: 468
Using Active Directory Groups and Computers Page: 469
Using the Active Directory Administrative Center Page: 470
Using Windows PowerShell Page: 471
How it works... Page: 472
Managing expiring group memberships Page: 473
Getting ready Page: 474
How to do it... Page: 475
How it works... Page: 476
Changing the scope or type of a group Page: 477
Getting ready Page: 478
How to do it... Page: 479
Using Active Directory Groups and Computers Page: 480
Using the Active Directory Administrative Center Page: 481
Using command-line tools Page: 482
Using Windows PowerShell Page: 483
How it works... Page: 484
Group scopes Page: 485
Group types Page: 486
Viewing nested group memberships Page: 487
Getting ready Page: 488
How to do it... Page: 489
How it works... Page: 490
Finding empty groups Page: 491
Getting ready Page: 492
How to do it... Page: 493
How it works... Page: 494
Managing Active Directory Computers Page: 495
Creating a computer Page: 496
Getting ready Page: 497
How to do it... Page: 498
Using Active Directory Users and Computers Page: 499
Using the Active Directory Administrative Center Page: 500
Using command-line tools Page: 501
Using Windows PowerShell Page: 502
How it works... Page: 503
There's more... Page: 504
Deleting a computer Page: 505
Getting ready Page: 506
How to do it... Page: 507
Using Active Directory Users and Computers Page: 508
Using the Active Directory Administrative Center Page: 509
Using command-line tools Page: 510
Using Windows PowerShell Page: 511
How it works... Page: 512
See also Page: 513
Joining a computer to the domain Page: 514
Getting ready Page: 515
How to do it... Page: 516
Using the GUI Page: 517
Using Windows PowerShell Page: 518
How it works... Page: 519
There's more... Page: 520
See also Page: 521
Renaming a computer Page: 522
Getting ready Page: 523
How to do it... Page: 524
Using the settings app Page: 525
Using the command line Page: 526
Using Windows PowerShell Page: 527
How it works... Page: 528
There's more... Page: 529
Testing the secure channel for a computer Page: 530
Getting ready Page: 531
How to do it... Page: 532
Using the command line Page: 533
Using Windows PowerShell Page: 534
How it works... Page: 535
See also Page: 536
Resetting a computer's secure channel Page: 537
Getting ready Page: 538
How to do it... Page: 539
Using Active Directory Users and Computers Page: 540
Using the Active Directory Administrative Center Page: 541
Using the command line Page: 542
Using Windows PowerShell Page: 543
How it works... Page: 544
Changing the default quota for creating computer objects Page: 545
Getting ready Page: 546
How to do it... Page: 547
Using ADSI Edit Page: 548
Using Windows PowerShell Page: 549
How it works... Page: 550
Getting the Most Out of Group Policy Page: 551
Creating a Group Policy Object (GPO) Page: 552
Getting ready Page: 553
How to do it... Page: 554
Using the Group Policy Management Console Page: 555
Using Windows PowerShell Page: 556
How it works... Page: 557
See also Page: 558
Copying a GPO Page: 559
Getting ready Page: 560
How to do it... Page: 561
Using the Group Policy Management Console Page: 562
Using Windows PowerShell Page: 563
How it works... Page: 564
There's more... Page: 565
Deleting a GPO Page: 566
Getting ready Page: 567
How to do it... Page: 568
Using the Group Policy Management Console Page: 569
Using Windows PowerShell Page: 570
How it works... Page: 571
See also Page: 572
Modifying the settings of a GPO Page: 573
Getting ready Page: 574
How to do it... Page: 575
How it works... Page: 576
Assigning scripts Page: 577
Getting ready Page: 578
How to do it... Page: 579
How it works... Page: 580
Installing applications Page: 581
Getting ready Page: 582
How to do it... Page: 583
How it works... Page: 584
Linking a GPO to an OU Page: 585
Getting ready Page: 586
How to do it... Page: 587
How it works... Page: 588
There's more... Page: 589
Blocking inheritance of GPOs on an OU Page: 590
Getting ready Page: 591
How to do it... Page: 592
How it works... Page: 593
Enforcing the settings of a GPO Link Page: 594
Getting ready Page: 595
How to do it... Page: 596
How it works... Page: 597
Applying security filters Page: 598
Getting ready Page: 599
How to do it... Page: 600
How it works... Page: 601
Creating and applying WMI Filters Page: 602
Getting ready Page: 603
How to do it... Page: 604
How it works... Page: 605
There's more... Page: 606
Configuring loopback processing Page: 607
Getting ready Page: 608
How to do it... Page: 609
How it works... Page: 610
Restoring a default GPO Page: 611
Getting ready Page: 612
How to do it... Page: 613
How it works... Page: 614
There's more... Page: 615
Creating the Group Policy Central Store Page: 616
Getting ready Page: 617
How to do it... Page: 618
How it works... Page: 619
There's more... Page: 620
Securing Active Directory Page: 621
Applying fine-grained password and account lockout policies Page: 622
Getting ready Page: 623
How to do it... Page: 624
Using the Active Directory Administrative Center Page: 625
Using the Active Directory Module for Windows PowerShell Page: 626
How it works... Page: 627
There's more... Page: 628
Backing up and restoring GPOs Page: 629
Getting ready Page: 630
How to do it... Page: 631
How it works... Page: 632
There's more... Page: 633
Backing up and restoring Active Directory Page: 634
Getting ready Page: 635
How to do it... Page: 636
How it works... Page: 637
Working with Active Directory snapshots Page: 638
Getting ready Page: 639
How to do it... Page: 640
How it works... Page: 641
There's more... Page: 642
Managing the DSRM passwords on domain controllers Page: 643
Getting ready Page: 644
How to do it... Page: 645
How it works... Page: 646
Implementing LAPS Page: 647
Getting ready Page: 648
How to do it... Page: 649
Implementing LAPS Page: 650
Extending the schema Page: 651
Setting permissions Page: 652
Creating the GPO to install the LAPS Client-side Extensions Page: 653
Linking the GPO to OUs with devices Page: 654
Managing passwords Page: 655
Viewing an administrator password Page: 656
Resetting an Administrator password Page: 657
How it works... Page: 658
See also Page: 659
Managing deleted objects Page: 660
Getting ready Page: 661
How to do it... Page: 662
Using the Active Directory Administrative Center Page: 663
Using Windows PowerShell Page: 664
How it works... Page: 665
There's more... Page: 666
See also Page: 667
Working with group Managed Service Accounts Page: 668
Getting ready Page: 669
How to do it... Page: 670
How it works... Page: 671
There's more... Page: 672
Configuring the advanced security audit policy Page: 673
Getting ready Page: 674
How to do it... Page: 675
How it works... Page: 676
Resetting the KRBTGT secret Page: 677
Getting ready Page: 678
How to do it... Page: 679
How it works... Page: 680
There's more... Page: 681
Using SCW to secure domain controllers Page: 682
Getting ready Page: 683
How to do it Page: 684
Secure a representative domain controller using SCW Page: 685
Roll-out the security settings to all domain controllers using Group Policy Page: 686
How it works... Page: 687
Leveraging the Protected Users group Page: 688
Getting ready Page: 689
How to do it... Page: 690
Using Active Directory Users and Computers Page: 691
Using the Active Directory Administrative Center Page: 692
Using Windows PowerShell Page: 693
How it works... Page: 694
Putting authentication policies and authentication policy silos to good use Page: 695
Getting ready Page: 696
How to do it... Page: 697
Enable domain controller support for claims Page: 698
Enable compound claims on devices in scope for an authentication policy Page: 699
Create an Authentication Policy Page: 700
Create an Authentication Policy Silo Page: 701
Assign the Authentication Policy Silo Page: 702
How it works... Page: 703
Configuring Extranet Smart Lock-out Page: 704
Getting ready Page: 705
How to do it... Page: 706
How it works... Page: 707
Managing Federation Page: 708
Choosing the right AD FS farm deployment method Page: 709
Getting ready Page: 710
How to do it... Page: 711
How it works... Page: 712
There's more... Page: 713
See also Page: 714
Installing the AD FS server role Page: 715
Getting ready Page: 716
How to do it... Page: 717
How it works... Page: 718
Setting up an AD FS farm with Windows Internal Database Page: 719
Getting ready Page: 720
How to do it... Page: 721
Configuring AD FS Page: 722
Checking the proper AD FS configuration Page: 723
How it works... Page: 724
There's more... Page: 725
See also Page: 726
Setting up an AD FS farm with SQL Server Page: 727
Getting ready Page: 728
How to do it... Page: 729
Creating a gMSA Page: 730
Creating the script Page: 731
Creating the databases Page: 732
Configuring AD FS Page: 733
Checking the proper AD FS configuration Page: 734
How it works... Page: 735
There's more... Page: 736
See also Page: 737
Adding additional AD FS servers to an AD FS farm Page: 738
Getting ready Page: 739
How to do it... Page: 740
How it works... Page: 741
See also Page: 742
Removing AD FS servers from an AD FS farm Page: 743
Getting ready Page: 744
How to do it... Page: 745
How it works... Page: 746
There's more... Page: 747
Creating a Relying Party Trust (RPT) Page: 748
Getting ready Page: 749
How to do it... Page: 750
How it works... Page: 751
Deleting an RPT Page: 752
Getting ready Page: 753
How to do it... Page: 754
How it works... Page: 755
Configuring branding Page: 756
Getting ready Page: 757
How to do it... Page: 758
How it works... Page: 759
Setting up a Web Application Proxy Page: 760
Getting ready Page: 761
How to do it... Page: 762
Installing the Web Application Proxy feature Page: 763
Configuring the Web Application Proxy Page: 764
Checking the proper Web Application Proxy configuration Page: 765
How it works... Page: 766
There's more... Page: 767
Decommissioning a Web Application Proxy Page: 768
Getting ready Page: 769
How to do it... Page: 770
How it works... Page: 771
Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and 3SO) Page: 772
Choosing the right authentication method Page: 773
Getting ready Page: 774
How to do it... Page: 775
How it works... Page: 776
Active Directory Federation Services or PingFederate Page: 777
Password Hash Sync Page: 778
Pass-through authentication Page: 779
Seamless Single Sign-on Page: 780
Cloud-only Page: 781
There's more... Page: 782
Verifying your DNS domain name Page: 783
Getting ready Page: 784
How to do it... Page: 785
How it works... Page: 786
Implementing Password Hash Sync with Express Settings Page: 787
Getting ready Page: 788
How to do it... Page: 789
How it works... Page: 790
Implementing Pass-through Authentication Page: 791
Getting ready Page: 792
How to do it... Page: 793
Adding the Azure AD Authentication Service to the intranet sites Page: 794
Configuring Azure AD Connect Page: 795
How it works... Page: 796
There's more... Page: 797
Implementing single sign-on to Office 365 using AD FS Page: 798
Getting ready Page: 799
How to do it... Page: 800
How it works... Page: 801
There's more... Page: 802
Managing AD FS with Azure AD Connect Page: 803
Getting ready Page: 804
How to do it... Page: 805
Reset Azure AD trust Page: 806
Federate an Azure AD domain Page: 807
Update the AD FS SSL certificate Page: 808
Deploy an AD FS server Page: 809
Add a Web Application Proxy server Page: 810
Verify federated login Page: 811
How it works... Page: 812
There's more... Page: 813
Implementing Azure Traffic Manager for AD FS geo-redundancy Page: 814
Getting ready Page: 815
How to do it... Page: 816
Configuring the Web Application Proxies for probing Page: 817
Configuring Azure Traffic Manager Page: 818
Adding DNS records Page: 819
How it works... Page: 820
There's more... Page: 821
Migrating from AD FS to Pass-through Authentication for single sign-on to Office 365 Page: 822
Getting ready Page: 823
How to do it... Page: 824
Adding the Azure AD Authentication Service to the intranet sites Page: 825
Configuring Azure AD Connect Page: 826
Checking domains in the Azure portal Page: 827
Disabling federation in Azure AD Page: 828
Deleting the Office 365 Identity Platform relying party trust Page: 829
How it works... Page: 830
There's more... Page: 831
Making Pass-through Authentication (geo)redundant Page: 832
Getting ready Page: 833
How to do it... Page: 834
Installing and configuring the PTA Agent Page: 835
Checking proper installation and configuration Page: 836
How it works... Page: 837
Handling Synchronization in a Hybrid World (Azure AD Connect) Page: 838
Choosing the right sourceAnchor Page: 839
Getting ready Page: 840
How to do it... Page: 841
How it works... Page: 842
There's more... Page: 843
Configuring staging mode Page: 844
Getting ready Page: 845
How to do it... Page: 846
How it works... Page: 847
See also Page: 848
Switching to a staging mode server Page: 849
Getting ready Page: 850
How to do it... Page: 851
How it works... Page: 852
Configuring Domain and OU filtering Page: 853
Getting ready Page: 854
How to do it... Page: 855
Configuring Azure AD Connect initially Page: 856
Reconfiguring Azure AD Connect Page: 857
How it works... Page: 858
Configuring Azure AD app and attribute filtering Page: 859
Getting ready Page: 860
How to do it... Page: 861
Configuring Azure AD Connect initially Page: 862
Reconfiguring Azure AD Connect Page: 863
How it works... Page: 864
Configuring MinSync Page: 865
Getting ready Page: 866
How to do it... Page: 867
Configuring Azure AD Connect initially Page: 868
Reconfiguring Azure AD Connect Page: 869
How it works... Page: 870
Configuring Hybrid Azure AD Join Page: 871
Getting ready Page: 872
How to do it... Page: 873
Adding the Azure AD Device Registration Service to the intranet sites Page: 874
Distributing Workplace Join for non-Windows 10 computers Page: 875
Setting the Group Policy to register for down-level Windows devices Page: 876
Link the Group Policy to the right Organizational Units Page: 877
Configuring Hybrid Azure AD Join in Azure AD Connect Page: 878
How it works... Page: 879
Configuring Device writeback Page: 880
Getting ready Page: 881
How to do it... Page: 882
How it works... Page: 883
Configuring Password writeback Page: 884
Getting ready Page: 885
How to do it... Page: 886
Configuring the proper permissions for Azure AD Connect service accounts Page: 887
Configuring Azure AD Connect Page: 888
Configuring Azure AD Connect initially Page: 889
Reconfiguring Azure AD Connect Page: 890
How it works... Page: 891
Configuring Group writeback Page: 892
Getting ready Page: 893
How to do it... Page: 894
Creating the Organizational Unit where groups are to be written back Page: 895
Configuring Azure AD Connect Page: 896
Configuring Azure AD Connect initially Page: 897
Reconfiguring Azure AD Connect Page: 898
Configuring the proper permissions for Azure AD Connect service accounts Page: 899
How it works... Page: 900
Changing the passwords for Azure AD Connects service accounts Page: 901
Getting ready Page: 902
How to do it... Page: 903
Managing the service account connecting to Active Directory Page: 904
Managing the service account connecting to Azure AD Page: 905
Managing the computer account for Seamless Single Sign-on Page: 906
How it works... Page: 907
The service account running the Azure AD Connect service Page: 908
The service account connecting to Active Directory Page: 909
The service account connecting to Azure AD Page: 910
The computer account for Seamless Single Sign-on Page: 911
Hardening Azure AD Page: 912
Setting the contact information Page: 913
Getting ready Page: 914
How to do it... Page: 915
How it works... Page: 916
Preventing non-privileged users from accessing the Azure portal Page: 917
Getting ready Page: 918
How to do it... Page: 919
How it works... Page: 920
Viewing all privileged users in Azure AD Page: 921
Getting ready Page: 922
How to do it... Page: 923
Using the Azure AD PowerShell Page: 924
Using the Azure Cloud Shell Page: 925
How it works... Page: 926
Preventing users from registering or consenting to apps Page: 927
Getting ready Page: 928
How to do it... Page: 929
How it works... Page: 930
There's more... Page: 931
Preventing users from inviting guests Page: 932
Getting ready Page: 933
How to do it... Page: 934
How it works... Page: 935
There's more... Page: 936
See also Page: 937
Configuring whitelisting or blacklisting for Azure AD B2B Page: 938
Getting ready Page: 939
How to do it... Page: 940
How it works... Page: 941
Configuring Azure AD Join and Azure AD Registration Page: 942
Getting ready Page: 943
How to do it... Page: 944
Limiting who can join Azure AD devices Page: 945
Limiting who can register Azure AD devices Page: 946
Configuring additional administrators Page: 947
Enabling Enterprise State Roaming Page: 948
How it works... Page: 949
See also Page: 950
Configuring Intune auto-enrollment upon Azure AD Join Page: 951
Getting ready Page: 952
How to do it... Page: 953
How it works... Page: 954
Configuring baseline policies Page: 955
Getting ready Page: 956
How to do it... Page: 957
How it works... Page: 958
Configuring Conditional Access Page: 959
Getting ready Page: 960
How to do it... Page: 961
How it works... Page: 962
See also Page: 963
Accessing Azure AD Connect Health Page: 964
Getting ready Page: 965
How to do it... Page: 966
How it works... Page: 967
There's more... Page: 968
Configuring Azure AD Connect Health for AD FS Page: 969
Getting ready Page: 970
How to do it... Page: 971
Downloading the agent Page: 972
Installing and configuring the agent Page: 973
Consuming the information in the Azure AD Connect Health dashboard Page: 974
How it works... Page: 975
Configuring Azure AD Connect Health for AD DS Page: 976
Getting ready Page: 977
How to do it... Page: 978
Downloading the agent Page: 979
Installing and configuring the agent Page: 980
Consuming the information in the Azure AD Connect Health dashboard Page: 981
How it works... Page: 982
Configuring Azure AD Privileged Identity Management Page: 983
Getting ready Page: 984
How to do it... Page: 985
How it works... Page: 986
There's more... Page: 987
Configuring Azure AD Identity Protection Page: 988
Getting ready Page: 989
How to do it... Page: 990
How it works... Page: 991
MFA registration Page: 992
User risk policies Page: 993
Sign-in risk policies Page: 994
There's more... Page: 995
Other Books You May Enjoy Page: 996
Leave a review - let other readers know what you think Page: 997
Description:Learn the intricacies of managing Azure AD and Azure AD Connect, as well as Active Directory for administration on cloud and Windows Server 2019 Key Features Expert solutions for the federation, certificates, security, and monitoring with Active Directory Explore Azure AD and AD Connect for effective administration on cloud Automate security tasks using Active Directory and PowerShell Book Description Active Directory is an administration system for Windows administrators to automate network, security and access management tasks in the Windows infrastructure. This book starts off with a detailed focus on forests, domains, trusts, schemas and partitions. Next, you'll learn how to manage domain controllers, organizational units and the default containers. Going forward, you'll explore managing Active Directory sites as well as identifying and solving replication problems. The next set of chapters covers the different components of Active Directory and discusses the management of users, groups and computers. You'll also work through recipes that help you manage your Active Directory domains, manage user and group objects and computer accounts, expiring group memberships and group Managed Service Accounts (gMSAs) with PowerShell. You'll understand how to work with Group Policy and how to get the most out of it. The last set of chapters covers federation, security and monitoring. You will also learn about Azure Active Directory and how to integrate on-premises Active Directory with Azure AD. You'll discover how Azure AD Connect synchronization works, which will help you manage Azure AD. By the end of the book, you have learned about Active Directory and Azure AD in detail. What you will learn Manage new Active Directory features, such as the Recycle Bin, group Managed Service Accounts, and fine-grained password policies Work with Active Directory from the command line and use Windows PowerShell to automate tasks Create and remove forests, domains, and trusts Create groups, modify group scope and type, and manage memberships Delegate control, view and modify permissions Optimize Active Directory and Azure AD in terms of security Who this book is for This book will cater to administrators of existing Active Directory Domain Services environments and/or Azure AD tenants, looking for guidance to optimize their day-to-day effectiveness. Basic networking and Windows Server Operating System knowledge would come in handy.
