Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Get in touch

1. Active Directory Fundamentals FREE CHAPTER

• Modern access management
• The future of Identity and Access Management (IAM)
• Hybrid Identity and Active Directory Domain Services
• Benefits of using Active Directory
• Understanding Active Directory components
• Understanding Active Directory objects
• Summary

2. Active Directory Domain Services 2022

• The features of AD DS 2022
• Privileged Access Management (PAM)
• What does PAM have to do with AD DS 2022?
• Windows Hello for Business
• PowerShell 7
• Summary

3. Designing an Active Directory Infrastructure

• What makes a good system?
• Gathering business requirements
• Designing the forest structure
• Creating the forest structure
• Selecting forest design models
• Designing the domain structure
• Deciding on the domain and forest functional levels
• Designing the OU structure
• Designing the physical topology of Active Directory
• Designing a hybrid identity
• Identifying business needs
• Summary

4. Active Directory Domain Name System

• What is DNS?
• Hierarchical naming structures
• How DNS works
• DNS infrastructure design
• DNS essentials
• Conditional forwarders
• DNS policies
• Secure DNS client over HTTPS (DoH)
• DNS server operation modes
• Zone transfers
• DNS delegation
• DNS service providers
• Summary

5. Placing Operations Master Roles

• FSMO roles
• Active Directory's logical and physical topology
• Best practices
• Moving FSMO roles
• Seizing FSMO roles
• Summary

6. Migrating to Active Directory 2022

• AD DS installation prerequisites
• AD DS installation methods
• AD DS deployment scenarios
• How to plan AD migrations
• Summary

7. Managing Active Directory Objects

• Tools and methods for managing objects
• AD object administration with PowerShell
• Creating computer objects
• Modifying AD objects
• Removing AD objects
• Finding objects in AD
• Preventing the accidental deletion of objects
• AD recycle bin
• Summary

8. Managing Users, Groups, and Devices

• Object attributes
• Custom attributes
• Syncing custom attributes to Azure AD
• User accounts
• Groups
• Devices and other objects
• Best practices
• Summary

9. Designing the OU Structure

• OUs in operations
• Containers vs. OUs
• Active Directory Groups vs. OUs
• OU design models
• Managing the OU structure
• Summary

10. Managing Group Policies

• Benefits of group policies
• Group Policy capabilities
• Group Policy objects
• The Group Policy template
• Group Policy processing
• Group Policy inheritance
• Group Policy conflicts
• Administrative templates
• Group Policy filtering
• Group Policy preferences
• Item-level targeting
• Loopback processing
• Group Policy best practices
• Useful group policies
• Summary

11. Active Directory Services – Part 01

• Overview of AD LDS
• Where to use LDS
• The LDS installation
• AD replication
• Sites
• Summary

12. Active Directory Services – Part 02

• Active Directory trusts
• RODCs
• Active Directory database maintenance
• Active Directory Backup and Recovery
• Summary

13. Active Directory Certificate Services

• PKI in action
• SSL certificates
• AD CS components
• Planning PKI
• PKI deployment models
• Setting up a PKI
• Certificate templates
• Requesting certificates
• Migrating AD CS from Windows Server 2008 R2 to Windows Server 2022
• AD CS disaster recovery
• Summary

14. Active Directory Federation Services

• How does AD FS work?
• AD FS components
• AD FS configuration database
• AD FS deployment topologies
• AD FS deployment
• Azure AD federation with AD FS
• Summary

15. Active Directory Rights Management Services

• What is AD RMS?
• AD RMS components
• How does AD RMS work?
• How do we deploy AD RMS?
• Azure Information Protection (AIP)
• Summary

16. Active Directory Security Best Practices

• AD authentication
• The Kerberos protocol
• Authentication in an AD environment
• Delegating permissions
• Predefined AD administrator roles
• Using object ACLs
• Using the delegate control method in AD
• Implementing fine-grained password policies
• Limitations
• Resultant Set of Policy (RSoP)
• Configuration
• Pass-the-hash attacks
• The Protected Users security group
• Restricted admin mode for RDP
• Authentication policies and authentication policy silos
• Authentication policies
• Authentication policy silos
• Creating authentication policies
• Creating authentication policy silos
• Secure LDAP
• Microsoft Local Administrator Password Solution (LAPS)
• On-prem Azure AD Password Protection
• Summary

17. Advanced AD Management with PowerShell

• AD management with PowerShell – preparation
• AD management commands and scripts
• Replication
• Replicating a specific object
• Users and groups
• Last logon time
• Last login date report
• Login failures report
• Finding the locked-out account
• Password expire report
• Review the membership of the high-level administrative groups
• Dormant accounts
• Users with the Password Never Expires setting
• Azure Active Directory PowerShell
• Installation
• General commands
• Managing users
• Managing groups
• Microsoft Graph
• Microsoft Graph Explorer
• Summary

18. Hybrid Identity

• Extending on-prem AD to Azure AD
• Evaluating the present business requirements
• Evaluating an organization's infrastructure road map
• Evaluating the security requirements
• Selecting the Azure AD version
• Federation with Azure AD
• Step-by-step guide to integrating an on-prem AD environment with Azure AD
• Creating a virtual network
• Setting up an Azure AD managed domain
• Adding DNS server details to the virtual network
• Creating a Global Administrator account for Azure AD Connect
• Setting up Azure AD Connect
• Installing the Pass-through Authentication agent
• Azure AD Connect configuration
• Syncing NTLM and Kerberos credential hashes to Azure AD
• Enabling secure LDAP (LDAPS) for an Azure AD DS managed domain
• Enable secure LDAP (LDAPS)
• Summary

19. Active Directory Audit and Monitoring

• Auditing and monitoring AD using built-in Windows tools and techniques
• Windows Event Viewer
• Custom Views
• Windows Logs
• Applications and Services Logs
• Subscriptions
• AD DS event logs
• AD DS log files
• AD audit
• Demonstration
• Setting up event subscriptions
• Security event logs from domain controllers
• Enabling advanced security audit policies
• Enforcing advanced auditing
• Reviewing events with PowerShell
• Microsoft Defender for Identity
• What is Microsoft Defender for Identity?
• Defender for Identity benefits
• Azure AD Connect Health
• Prerequisites
• Configuration
• Summary

20. Other Books You May Enjoy

21. Index