Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Mastering Active Directory Deploy and secure infrastructures with Active Directory, Windows Server 2016, and PowerShell

Product type Paperback

Published in Aug 2019

Publisher Packt

ISBN-13 9781789800203

Length 786 pages

Edition 2nd Edition

Languages

PowerShell

Tools

Active Directory Domain Services

Concepts

Infrastructure Management

Author (1):

Dishan Francis

View More author details

Table of Contents (25) Chapters

Preface

1. Section 1: Active Directory Planning, Design, and Installation FREE CHAPTER

2. Active Directory Fundamentals

3. Active Directory Domain Services 2016

4. Designing an Active Directory Infrastructure

5. Active Directory Domain Name System

6. Placing Operations Master Roles

7. Migrating to Active Directory 2016

8. Section 2: Active Directory Administration

9. Managing Active Directory Objects

10. Managing Users, Groups, and Devices

11. Designing the OU Structure

12. Managing Group Policies

13. Section 3: Active Directory Service Management

14. Active Directory Services

15. Active Directory Certificate Services

16. Active Directory Federation Services

17. Active Directory Rights Management Services

18. Section 4: Best Practices and Troubleshooting

19. Active Directory Security Best Practices

20. Advanced AD Management with PowerShell

21. Azure Active Directory Hybrid Setup

22. Active Directory Audit and Monitoring

23. Active Directory Troubleshooting

24. Other Books You May Enjoy

Leave a review - let other readers know what you think

Time-based group memberships

In the previous section, I explored PAM features in the new AD DS 2016. Time-based group membership is a part of that broader topic. It allows administrators to assign temporary group membership, which is expressed by a TTL value. This value will be added to the Kerberos ticket. It is also called the expiring links feature. When a user is assigned to a temporary group membership, their login Kerberos ticket-granting ticket (TGT) lifetime will be equal to the lowest TTL value they have. For example, let's assume that you grant temporary group membership to user A to be a member of the Domain Admin group. It is only valid for 60 minutes. But the user logs in 50 minutes after the original assignment and only has 10 minutes left as a member of the Domain Admin group. Based on this, the domain controller will issue a TGT that is only valid for 10 minutes...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Dishan Francis

Dishan Francis is an IT professional with over 15 years of experience. He was a six-time Microsoft MVP in enterprise mobility before he joined Microsoft UK as a security consultant. He has maintained the RebelAdmin technology blog over the years, with lots of useful articles that focus on on-premises Active Directory services and Azure Active Directory. He has also written for other Microsoft-managed blogs such as canitpro and ITopsTalk. When it comes to managing innovative identity infrastructure solutions to improve system stability, efficiency, and security, his level of knowledge and experience places him among the very best in the field.

See other products by Dishan Francis