Mastering Active Directory
eBook - ePub

Mastering Active Directory

Deploy and secure infrastructures with Active Directory, Windows Server 2016, and PowerShell, 2nd Edition

Dishan Francis

Share book
  1. 786 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Mastering Active Directory

Deploy and secure infrastructures with Active Directory, Windows Server 2016, and PowerShell, 2nd Edition

Dishan Francis

Book details
Book preview
Table of contents
Citations

About This Book

Become an expert at managing enterprise identity infrastructure by leveraging Active DirectoryKey Features• Explore the new features in Active Directory Domain Service• Manage your Active Directory services for Windows Server 2016 effectively• Automate administrative tasks in Active Directory using PowerShell Core 6.xBook DescriptionActive Directory (AD) is a centralized and standardized system that automates networked management of user data, security, and distributed resources and enables inter-operation with other directories.This book will first help you brush up on the AD architecture and fundamentals, before guiding you through core components, such as sites, trust relationships, objects, and attributes. You will then explore AD schemas, LDAP, RMS, and security best practices to understand objects and components and how they can be used effectively. Next, the book will provide extensive coverage of AD Domain Services and Federation Services for Windows Server 2016, and help you explore their new features. Furthermore, you will learn to manage your identity infrastructure for a hybrid cloud setup. All this will help you design, plan, deploy, manage operations, and troubleshoot your enterprise identity infrastructure in a secure and effective manner. You'll later discover Azure AD Module, and learn to automate administrative tasks using PowerShell cmdlets. All along, this updated second edition will cover content based on the latest version of Active Directory, PowerShell 5.1 and LDAP.By the end of this book, you'll be well versed with best practices and troubleshooting techniques for improving security and performance in identity infrastructures.What you will learn• Design your Hybrid AD environment by evaluating business and technology requirements• Protect sensitive data in a hybrid environment using Azure Information Protection• Explore advanced functionalities of the schema• Learn about Flexible Single Master Operation (FSMO) roles and their placement• Install and migrate Active Directory from older versions to Active Directory 2016• Control users, groups, and devices effectively• Design your OU structure in the most effective way• Integrate Azure AD with Active Directory Domain Services for a hybrid setupWho this book is forIf you are an Active Directory administrator, system administrator, or network professional who has basic knowledge of Active Directory and is looking to become an expert in this topic, this book is for you.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Mastering Active Directory an online PDF/ePUB?
Yes, you can access Mastering Active Directory by Dishan Francis in PDF and/or ePUB format, as well as other popular books in Computer Science & System Administration. We have over one million books available in our catalogue for you to explore.

Information

Year
2019
ISBN
9781789953015

Section 1: Active Directory Planning, Design, and Installation

This section will help you to learn about the physical and logical components of Active Directory, and how those can be used to build an Active Directory environment by considering business requirements, availability, efficiency, and security. Before we dive into the management and advanced functionalities of Active Directory, we still need to learn about the technology behind a directory service, and the chapters in this section will guide you with this. Apart from that, we are also going to look into the new features of Active Directory 2016.
As we all know, organizations are moving into cloud services on an increasingly frequent basis. This changes the authentication and authorization requirements as well. Therefore, we are also going to evaluate the benefits of moving to a hybrid identity with Azure Active Directory.
This section contains the following chapters:
  • Chapter 1, Active Directory Fundamentals
  • Chapter 2, Active Directory Domain Services 2016
  • Chapter 3, Designing an Active Directory Infrastructure
  • Chapter 4, Active Directory Domain Name System
  • Chapter 5, Placing Operations Master Roles
  • Chapter 6, Migrating to Active Directory 2016

Active Directory Fundamentals

It has been two years since the release of the first edition of this book, Mastering Active Directory. First of all, I would like to thank all my readers for their valuable feedback, which encouraged me to write the second edition so soon after the first. I am sure that you will all benefit from the additional content that has been added to this new edition.
So, the biggest question is, what has changed in Active Directory? Many articles stated that there were no significant changes in Active Directory 2019 soon after its release. Is this true? Does Microsoft not want to do anything more to improve an on-premises Active Directory? Before we look for answers, let's see what has changed in the requirements for identity infrastructure.
Edwin Drake is considered the father of the petroleum industry. Back in 1859, he drilled the first oil well in Titusville, Pennsylvania. Before this, people gathered oil when it naturally rose to the surface, or when they accidentally found it in wells or mines. Nobody drilled wells for the purpose of gathering oil. Therefore, the innovation of the oil well created a whole new industry. It made a huge contribution to the second Industrial Revolution. Oil became the new currency. It created many new opportunities, new businesses, new monopolies, and new politics.
Similarly, we now live in another revolutionary period. This time, data is the new oil. More and more data is now being stored and processed using computers:
The following are the links to the articles mentioned in the preceding screenshot:
  • The Economist: https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data
  • Evening Standard: https://www.standard.co.uk/lifestyle/esmagazine/is-data-the-new-oil-how-information-became-the-fuel-of-the-future-a3740481.html
  • The Australian: https://www.theaustralian.com.au/news/inquirer/the-new-oil-data-is-the-worlds-most-valuable-resource/news-story/f386217a9c63ac5ee6e1473413e90bda
  • Forbes: https://www.forbes.com/sites/howardbaldwin/2015/03/23/drilling-into-the-value-of-data/#19693a5c65fa
When we consider identity infrastructures, our digital identities define what level of access we have, how we access data, and when we have access to the data associated with it. Our identities follow data. For over 15 years, Microsoft Active Directory has been helping organizations to store digital identities in a central repository and arrange it according to the needs of the business. When the infrastructure security boundary is smaller, it is easier to manage identities and the associated data.
But with the fast adoption of cloud technologies, our infrastructure security boundaries are expanding. With these new changes, on-premises identity infrastructures are also transforming into cloud-only and hybrid identity infrastructures. It is changing the way we manage our identities. It is changing the way we secure our identities. It is changing the way identities are contributing to data security. So, yes, to fit its purpose, Microsoft is adding more features to Azure Active Directory (Azure AD) (cloud-based identity and access management). Most of these features also support hybrid identity infrastructure environments.
Therefore, in this second edition, I am going to share more knowledge, which will help you to transform your on-premises identity infrastructure to a hybrid infrastructure. This will allow you to receive the benefits from both the Azure AD and the on-premises Active Directory. It will help you, and your organization, to face the challenges of modern identity infrastructure with confidence.
We are going to start this journey by familiarizing ourselves with the building blocks of the Microsoft Active Directory service. With that in mind, this chapter will cover the following topics:
  • Benefits of using Active Directory
  • Understanding Active Directory components
  • Understanding Active Directory objects
  • Active Directory server roles
  • Azure AD

Benefits of using Active Directory

A few years ago, I was working on an Active Directory restructuring project for a world-famous pharmaceutical company. According to the company policies, I had to travel to their headquarters to perform the project tasks. So, on a rare sunny English morning, I walked into the company's reception area. After I explained who I was and why I was there, the receptionist handed me a set of forms to fill in. The forms included questions such as my name, phone number, how long I would be there, and in which department. Once I had completed the forms, I handed them over to the receptionist, and she had to make a few calls to verify whether my visit was expected, and then confirm my access to different buildings with the respective department managers. Then, she made a magnetic card with my details on it, and handed it over to me. She instructed me on how to use it and which buildings I was allowed into.
The following diagram outlines this process:
When we think about this process, we find that it contains the functions of a directory service:
  • The forms that the receptionist handed over to me contained certain questions to help her understand who I was. They were predefined questions, and I had to answer them in order to register my information in their system. Similar to this form, in a directory service we have to provide values for specific attributes.
  • Once I had submitted the forms, she didn't hand over the magnetic card right away. She made a few calls to verify my identity, and also to confirm which buildings I would have access to. Then, my details were registered in the system, and it generated a magnetic card that had my photo and a barcode. With that, I became a part of their system, and that particular card was my unique identity within their organization. There would be no other visitor with the same barcode and identification number at the same time. Similarly, in a directory service, each identity is unique.
  • If I needed to get access to buildings, I needed to tap the card at the entrance. Could I use my name or any other card to get through? No! The locking system of the building doors only recognized me if I presented the correct card. So, having a unique identity in their system was not enough; I needed to present it in the correct way to get the required access. Likewise, in an identity infrastructure, you need to validate your identity according to the method that the system had defined. It can be a username and password, a certificate, biometric information, and so on.
  • I went to another building and tried to tap the card. Even when I used it correctly, the doors wouldn't open. The guard in the building asked for my card to check. Once I handed it over, he scanned it with a barcode reader and checked some information on his computer screen. Then he informed me that I was not allowed into that building, and he guided me to the correct building. This means that my information can be accessed from any building through their system in order to verify my identity and access permissions. In a similar way, in a directory, identities are saved in a central repository. This data can be accessed and verified from any system o...

Table of contents