Mastering Active Directory: Understand the Core Functionalities of Active Directory Services Using Microsoft Server 2016 and PowerShell (English Edition) 1787289354, 9781787289352

Table of contents :
Cover
Copyright
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Customer Feedback
Table of Contents
Preface
Chapter 1: Active Directory Fundamentals
Benefits of using Active Directory
Centralized data repository
Replication of data
High availability
Security
Auditing capabilities
Single sign-on
Schema modification
Querying and indexing
Active Directory components
Logical components
Forests
Domains
Domain trees
Organizational units
Physical components
Domain controllers
Global catalog server
Active Directory sites
Active Directory objects
Globally unique identifier and security identifier
Distinguished names
Active Directory server roles
Active Directory Domain Service
Read-only domain controllers
Active Directory Federation Services
Active Directory Lightweight Directory Services
Active Directory Rights Management Services
Active Directory Certification Services
Summary
Chapter 2: Active Directory Domain Services 2016
AD DS 2016 features
Deprecation of Windows Server 2003 domain and forest functional levels
Deprecation of File Replication Services
Privileged Access Management
What is it to do with AD DS 2016?
What is the logic behind PAM?
Time-based group memberships
Microsoft Passport
Active Directory Federation Services improvements
Time sync improvements
Summary
Chapter 3: Designing Active Directory Infrastructure
What makes a good system?
New business requirements
Correcting legacy design mistakes
Gathering business data
Defining security boundaries
Identifying the physical computer network structure
Designing the forest structure
Single forest
Multiple forest
Creating the forest structure
Autonomy
Isolation
Selecting forest design models
Organizational forest model
Resource forest model
Restricted access forest model
Designing the domain structure
Single domain model
Regional domain model
The number of domains
Deciding domain names
Forest root domain
Deciding domain and forest functional levels
Designing the OU structure
Designing the physical topology of Active Directory
Physical or virtual domain controllers
Domain controller placement
Global catalog server placement
Summary
Chapter 4: Active Directory Domain Name System
What is DNS?
Hierarchical naming structure
How DNS works
DNS essentials
DNS records
Start of authority record
A and AAAA records
NS records
MX records
Canonical name record
PTR record
SRV records
Zones
Primary zone
Secondary zone
Stub zone
Reverse lookup zone
DNS server operation modes
Zone transfers
DNS delegation
Summary
Chapter 5: Placing Operations Master Roles
FSMO roles
Schema operations master
Domain naming operations master
Primary domain controller emulator operations master
Relative ID operations master role
Infrastructure operations master
FSMO roles placement
Active Directory logical and physical topology
Connectivity
The number of domain controllers
Capacity
Moving FSMO roles
Seize FSMO roles
Summary
Chapter 6: Migrating to Active Directory 2016
Active Directory Domain Service installation prerequisites
Hardware requirements
Virtualized environment requirements
Additional requirements
Active Directory Domain Service installation methods
Active Directory Domain Service deployment scenarios
Setting up a new forest root domain
Active Directory Domain Service installation checklist for first domain controller
Design topology
Installation steps
Setting up an additional domain controller
Active Directory Domain Service installation checklist for an additional domain controller
Design topology
Installation steps
Setting up a new domain tree
Active Directory Domain Service installation checklist for a new domain tree
Design topology
Installation steps
Setting up a new child domain
Active Directory Domain Service installation checklist for a new child domain
Design topology
Installation steps
How to plan Active Directory migrations
Migration life cycle
Audit
Active Directory logical and physical topology
Active Directory health check
System Center Operation Manager and Operation Management Suite
Active Directory health checklist
Application audit
Plan
Implementation
Active Directory migration checklist
Design topology
Installation steps
Verification
Maintain
Summary
Chapter 7: Managing Active Directory Objects
Tools and methods to manage objects
Active Directory Administrative Center
The Active Directory Users and Computers MMC
Active Directory object administration with PowerShell
Creating, modifying, and removing objects in Active Directory
Creating Active Directory objects
Creating user objects
Creating computer objects
Modifying Active Directory objects
Removing Active Directory objects
Finding objects in Active Directory
Finding objects using PowerShell
Summary
Chapter 8: Managing Users, Groups, and Devices
Object attributes
Custom attributes
User accounts
Managed Service Accounts
Group Managed Service Accounts
Uninstalling Managed Service Account
Groups
Group scope
Converting groups
Setting up groups
Devices and other objects
Best practices
Summary
Chapter 9: Designing the OU Structure
OUs in operations
Organizing objects
Delegating control
Group policies
Containers versus OUs
OU design models
The container model
The object type model
The geographical model
The department model
Managing the OU structure
Delegating control
Summary
Chapter 10: Managing Group Policies
Benefits of group policies
Maintaining standards
Automating administration tasks
Preventing users from changing system settings
Flexible targeting
No modifications to target
Group Policy capabilities
Group Policy objects
Group Policy container
The Group Policy template
Group Policy processing
Group Policy inheritance
Group Policy conflicts
Group Policy mapping and status
Administrative templates
Group Policy filtering
Security filtering
WMI filtering
Group Policy preferences
Item-level targeting
Loopback processing
Group Policy best practices
Summary
Chapter 11: Active Directory Services
The AD LDS overview
Where to use LDS?
Application developments
Hosted applications
Distributed data stores for Active Directory integrated applications
Migrating from other directory services
The LDS installation
The Active Directory replication
FRS versus DFSR
Prepared state
Redirected state
Eliminated state
Active Directory sites and replication
Replication
Authentication
Service locations
Sites
Subnets
Site links
Site link bridges
Managing Active Directory sites and other components
Managing sites
Managing site links
The site cost
Inter-site transport protocols
Replication intervals
Replication schedules
Site link bridge
Bridgehead servers
Managing subnets
How does replication work?
Intra-site replications
Inter-site replications
Knowledge Consistency Checker
How update occurs ?
The update sequence number
Directory Service Agent GUID and invocation ID
The high watermark vector table
The up-to-dateness vector table
The read-only domain controllers
Active Directory database maintenance
The ntds.dit file
The edb.log file
The edb.chk file
The temp.edb file
Offline defragmentation
Active Directory backup and recovery
Preventing accidental deletion of objects
Active Directory Recycle Bin
Active Directory snapshots
Active Directory system state backup
Active Directory recovery from system state backup
Summary
Chapter 12: Active Directory Certificate Services
PKI in action
Symmetric keys versus asymmetric keys
Digital encryption
Digital signatures
Signing, encryption, and decryption
Secure Sockets Layer certificates
Types of certification authorities
How do certificates work with digital signatures and encryption?
What can we do with certificates?
Active Directory Certificate Service components
The certification authority
Certificate Enrollment Web Service
Certificate Enrollment Policy Web Service
Certification Authority Web Enrollment
Network Device Enrollment Service
Online Responder
The types of CA
Planning PKI
Internal or public CAs
Identifying the object types
Cryptographic provider
The cryptography key length
Hash algorithms
The certificate validity period
The CA hierarchy
High availability
Deciding certificate templates
The CA boundary
PKI deployment models
The single-tier model
The two-tier model
Three-tier models
Setting up PKI
Setting up a stand-alone root CA
DSConfigDN
CDP locations
AIA locations
CA time limits
CRL time limits
The new CRL
Publishing the root CA data into the Active Directory
Setting up the issuing CA
Issuing a certificate for the issuing CA
Post configuration tasks
CDP locations
AIA locations
CA and CRL time limits
Certificate templates
Requesting certificates
Summary
Chapter 13: Active Directory Federation Services
How does AD FS work?
Security Assertion Markup Language (SAML)
WS-Trust
WS-Federation
AD FS components
Federation Service
AD FS 1.0
AD FS 1.1
AD FS 2.0
AD FS 2.1
AD FS 3.0
AD FS 4.0
The Web Application Proxy
AD FS configuration database
AD FS deployment topologies
Single Federation Server
Single federation server and single Web Application Proxy server
Multiple federation servers and multiple Web Application Proxy servers with SQL Server
AD FS deployment
DNS records
SSL certificates
Installing the AD FS role
Installing WAP
Configuring the claim aware app with new federation servers
Creating a relaying party trust
Configuring the Web Application Proxy
Integrating with Azure MFA
Prerequisites
Creating a certificate in an AD FS farm to connect to Azure MFA
Enabling AD FS servers to connect with Azure Multi-Factor Auth Client
Enabling AD FS farm to use Azure MFA
Enabling Azure MFA for authentication
Summary
Chapter 14: Active Directory Rights Management Services
What is AD RMS?
AD RMS components
Active Directory Domain Services
The AD RMS cluster
Web server
SQL Server
AD RMS client
Active Directory Certificate Service
How does AD RMS work?
AD RMS deployment
Single forest – single cluster
Single forest – multiple clusters
AD RMS in multiple forests
AD RMS with AD FS
AD RMS configuration
Setting up AD RMS root cluster
Installing the AD RMS role
Configuring the AD RMS role
Testing by protecting data using the AD RMS cluster
To protect the document
Summary
Chapter 15: Active Directory Security Best Practices
Active Directory authentication
Delegating permissions
Predefined Active Directory administrator roles
Using object ACLs
Using the delegate control method in AD
Fine-grained password policies
Limitations
Resultant Set of Policy
Configuration
Pass-the-hash attacks
Protected Users security group
Restricted admin mode for RDP
Authentication policies and authentication policy silos
Authentication policies
Authentication policy silos
Creating authentication policies
Creating authentication policy silos
Just-in-time administration and just enough administration
Just-in-time administration
Just enough administration
Summary
Chapter 16: Advanced AD Management with PowerShell
AD management with PowerShell – preparation
AD management commands and scripts
Replication
Replicating a specific object
User and Groups
Last log on time
Last log in date report
Login failures report
Finding the locked out account
Password expire report
JEA
JEA configuration
Testing
Summary
Chapter 17: Azure Active Directory Hybrid Setup
What is Azure AD?
Benefits of Azure AD
Azure AD limitations
Azure AD editions
Azure AD free version
Azure AD Basic
Azure AD Premium P1
Azure AD Premium P2
Integrate Azure AD with on-premises AD
Azure AD Connect
Azure AD Connect deployment topology
Staging server
Before installing the AD Connect server
Step-by-step guide to integrate on-premises AD environment with Azure AD
Creating a virtual network
Creating an Azure AD instance
Add DNS server details to the virtual network
Create an AAD DC administrator group
Creating a global administrator account for Azure AD Connect
Add a custom domain to Azure AD
Setting up Azure AD Connect
Password synchronization
Syncing NTLM and Kerberos credential hashes to Azure AD
Manage Azure AD Domain Services using virtual server
Creating virtual server in Azure in same virtual network
Join virtual server to Azure AD
Install RSAT tools and managing Azure AD through a virtual server
Summary
Chapter 18: Active Directory Audit and Monitoring
Auditing and monitoring Active Directory using inbuilt Windows tools and techniques
Windows Event Viewer
Custom views
Windows logs
Applications and Services logs
Subscriptions
Active Directory Domain Service event logs
Active Directory Domain Service log files
Active Directory audit
Audit Directory Service Access
Audit Directory Service Changes
Audit Directory Service Replication
Audit Detailed Directory Service Replication
Demonstration
Reviewing events
Setting up event subscriptions
Security event log from domain controllers
Enabling advanced security audit policies
Enforcing advanced auditing
Reviewing events with PowerShell
Microsoft Advanced Threat Analytics
ATA benefits
ATA components
ATA center
ATA gateway
ATA Lightweight Gateway
ATA deployments
ATA deployment prerequisites
Demonstration
Installing ATA center
Installing ATA Lightweight Gateway
ATA testing
Microsoft Operations Management Suite (OMS)
Benefits of OMS
OMS services
OMS in a hybrid environment
What benefits will it have for Active Directory?
Demonstration
Enabling OMS AD solutions
Installing OMS agents
Viewing analyzed data
Collecting Windows logs for analysis
Summary
Chapter 19: Active Directory Troubleshooting
How to troubleshoot AD DS replication issues
Identifying replication issues
Event Viewer
System Center Operation Manager
Microsoft Operation Management Suite (OMS)
Troubleshooting replication issues
Lingering objects
Strict replication consistency
Removing lingering objects
DFS replication issues
Troubleshooting
Verifying the connection
SYSVOL share status
DFS replication status
DFSR crash due to dirty shutdown of the domain controller (event ID 2213)
Content freshness
Non-authoritative DFS replication
Authoritative DFS replication
How to troubleshoot Group Policy issues
Troubleshooting
Forcing Group Policy processing
Resultant Set of Policy (RSoP)
GPRESULT
Group Policy Results Wizard
Group Policy Modeling Wizard
How to troubleshoot AD DS database-related issues
Integrity checking to detect low-level database corruption
AD database recovery
Summary
Index

Citation preview

Mastering Active Directory

Understand the Core Functionalities of Active Directory Services Using Microsoft Server 2016 and PowerShell

Dishan Francis

BIRMINGHAM - MUMBAI

Mastering Active Directory Copyright © 2017 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2017 Production reference: 1280617 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78728-935-2 www.packtpub.com

Credits Author Dishan Francis

Copy Editors Yesha Gangani Alpha Singh Stuti Srivastava Madhusudan Uchil

Reviewers Daniel Dieterle David Green Florian Klaffenbach Paul Silva

Project Coordinator Virginia Dias

Acquisition Editor Heramb Bhavsar

Proofreader Safis Editing

Content Development Editor Sweeny Dias

Indexer Rekha Nair

Technical Editors Komal Karne Vishal Kamal Mewada Khushbu Sutar

Graphics Kirk D'Penha

Production Coordinator Aparna Bhagat

About the Author Dishan Francis is a technology consultant with 12 plus years of experience in the planning, design, and implementation of network technologies. His background includes hands-on experience with multiplatform and LAN/WAN environments. He has a demonstrated record of success in troubleshooting servers, increasing efficiency, and optimizing the access to and utilization of shared information. He is a specialist in extending technology services from corporate headquarters to field operations. Dishan is a dedicated and enthusiastic information technology expert who enjoys professional recognition and accreditation from several respected institutions. When it comes to managing innovative identity infrastructure solutions to improve system stability, functionality, and efficiency, his level of knowledge and experience place him among the very best in the field. He is a three-time Microsoft Most Valuable Professional Awardee in Enterprise Mobility. He is also a Microsoft Imagine Cup judge. He has maintained a technology blog called www.rebeladmin.com over the years, with useful articles that focus on Active Directory services. Also, he spends his free time mentoring students and professionals. He currently works with Frontier Technology Limited.

Acknowledgement It was a dream to write a book one day, but I didn’t expect it to happen this soon. I was writing to my blog and for Microsoft blogs for years but it is not the same when it comes to a book. Although I wrote this book, there were many behind me thoughout this journey. Without their support, it would have been an impossible task to complete. First of all, my thanks go to the great editorial team at Packt Publishing Limited, for giving me opportunity to write and publish this book—especially Heramb Bhavsar, Sweeny Dias, and Khushbu Sutar who made this whole experience smooth and fun. Also, I'd like to express my gratitude to all the reviewers and editors. Their comments made this book more valued. I would like to express my sincere appreciation to my friends in Microsoft Canada, especially Simran Chaudhry, MVP Community Program Manager, and Anthony Bartolo. They are the people who bring me to you via lots of community events, public speaking, and blogs. I would like to express my deepest gratitude to my current employer, Edwin Wong, MD of Frontier Technology Ltd, and my former employer, Dominic Macchione, CEO of Rebelnetworks Inc, for giving me opportunity to enhance my knowledge and apply it to practice. As always, I'd like to thank my lovely wife Kanchana Dilrukshi and my little girl Selena Rosemary for the support and courage they give. For months, I was only able to spend hour or less per day with them. I missed many play sessions, and swimming sessions with my daughter. I missed many family functions. But still they understood my commitment to the book and helped me to stay focused. Also, I'd like to thanks my parents for everything they did to make me who I am today. My extended gratitude goes to my parents-in-law and all other relations. Although most of them do not know about Active Directory, they were checking from time to time to see how I was doing with the book and encouraged me to stay focused and finish it.

About the Reviewers Daniel Dieterle has over 20 years of IT experience. A former Microsoft MCSE and HPcertified Network Integration Specialist, he performed server installs, administration, and services for companies throughout Upstate New York and across Northern Pennsylvania. Currently, he is an internationally published IT author who focuses on testing the security of Microsoft-based systems.

David Green is an IT professional from the South of England, with a wealth of experience from both the public and private sectors. He currently works as a senior systems consultant at the Coretek Group, who provide IT support, consultancy, and infrastructure services to businesses and education, covering on-premises, hybrid, and cloud services. Previously, David has worked in Formula One™; food manufacturing; and the education sector, where he always looked to provide robust and scalable IT solutions that contributed to business objectives. David also writes a blog where he posts solutions he finds to problems, and a fair amount of PowerShell-related content. He always tries to help where he can and generally tries to learn something useful every day. This is another opportunity David has had to contribute to a book. Previous opportunities include Getting Started with PowerShell by Michael Shepard and Active Directory with PowerShell by Uma Yellapragada. More information, including contact details, can be found on his website at http://www.tookitaway.co.uk. I'd like to thank my family, my friends, and my colleagues, who are always there for me when I need them and have helped make me the person I am today. Work, learn, play, and have fun! It's your intentions, attitude, and what you do with your opportunities that set you apart.

Florian Klaffenbach started his IT career in 2004 as a 1st and 2nd level IT support technician and IT salesman trainee for a B2B online shop. After that, he moved to a small company, working as an IT project manager planning, implementing, and integrating from industrial plants and laundries to enterprise IT. After spending a few years there, he moved to Dell Germany. There, he started from scratch as an enterprise technical support analyst, and later worked on a project to start Dell technical communities and support over social media in Europe and outside of the U.S. Currently, he is working as a solutions architect and consultant for Microsoft Infrastructure and Cloud, specializing in Microsoft Hyper-V, File Services, System Center Virtual Machine Manager, and Microsoft Azure IaaS. As well as his job, he is active as a Microsoft blogger and lecturer. He blogs, for example, on his own page, Datacenter-Flo.de, or the Brocade Germany Community. Together with a very good friend, he founded the Windows Server User Group Berlin to create network of Microsoft IT pros in Berlin. Florian maintains a very tight network with many vendors such as Cisco, Dell, and Microsoft and their communities. This has helped him to gain experience and get the best out of a solution for his customers. Since 2016, he has also been CoChairman of the Azure Community Germany. In April 2016, Microsoft made him a Microsoft Most Valuable Professional for Cloud and Datacenter Management. Florian has worked for several companies, such as Dell Germany, CGI Germany, and his first employer, TACK GmbH. Currently, he works at msg service ag as a senior consultant Microsoft Cloud infrastructure. The following are the books he has worked on: Taking Control with System Center App Controller Microsoft Azure Storage Essentials Mastering Microsoft Azure Development Mastering Microsoft Deployment Toolkit 2013 Windows Server 2016 Cookbook Implementing Azure Solutions I want to thank Packt Publishing for giving me the chance to review this book.

Paul Silva is a Microsoft technical architect, consultant, and educator from Long Island, New York. As CEO of iLyncU, Inc., Paul consults on Active Directory and Skype for Business projects worldwide, on behalf of iLyncU, Microsoft Corporation, and others. As a Microsoft Certified Trainer, Paul also delivers technical speeches and has participated in the creation of Hands-on Labs for Microsoft's yearly training events, and for the Microsoft Official Courseware. Since 1999, Paul has participated in Microsoft-sponsored speaking tours, Learning Solution events, and has launched a public service project, Learning for Loutraki, to bring technology and learning to the elementary and middle school students of Loutraki, Greece.

www.PacktPub.com For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe? Fully searchable across every book published by Packt Copy and paste, print, and bookmark content On demand and accessible via a web browser

Customer Feedback Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1787289354. If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents Preface Chapter 1: Active Directory Fundamentals Benefits of using Active Directory Centralized data repository Replication of data High availability Security Auditing capabilities Single sign-on Schema modification Querying and indexing Active Directory components Logical components Forests Domains Domain trees Organizational units

Physical components Domain controllers Global catalog server Active Directory sites

Active Directory objects Globally unique identifier and security identifier Distinguished names Active Directory server roles Active Directory Domain Service Read-only domain controllers

Active Directory Federation Services Active Directory Lightweight Directory Services Active Directory Rights Management Services Active Directory Certification Services Summary

Chapter 2: Active Directory Domain Services 2016

1 8 9 11 12 12 12 13 13 13 14 14 14 15 17 18 20 22 22 23 23 25 27 29 30 32 32 33 35 35 36 36 37

AD DS 2016 features 38 Deprecation of Windows Server 2003 domain and forest functional levels 38

Deprecation of File Replication Services Privileged Access Management What is it to do with AD DS 2016? What is the logic behind PAM?

Time-based group memberships Microsoft Passport Active Directory Federation Services improvements Time sync improvements Summary

Chapter 3: Designing Active Directory Infrastructure What makes a good system? New business requirements Correcting legacy design mistakes Gathering business data Defining security boundaries Identifying the physical computer network structure Designing the forest structure Single forest Multiple forest Creating the forest structure Autonomy Isolation

Selecting forest design models Organizational forest model Resource forest model Restricted access forest model

Designing the domain structure Single domain model Regional domain model The number of domains Deciding domain names Forest root domain Deciding domain and forest functional levels Designing the OU structure Designing the physical topology of Active Directory Physical or virtual domain controllers Domain controller placement Global catalog server placement Summary

Chapter 4: Active Directory Domain Name System [ ii ]

40 41 51 52 55 58 59 61 62 63 64 65 66 66 67 67 69 69 70 71 71 71 72 72 73 74 74 76 76 77 78 79 80 81 83 83 85 86 87 88

What is DNS? Hierarchical naming structure How DNS works DNS essentials DNS records

89 91 94 97 97 98 98 99 99 100 100 100 101 101 102 104 105 106 107 107 110

Start of authority record A and AAAA records NS records MX records Canonical name record PTR record SRV records

Zones Primary zone Secondary zone Stub zone Reverse lookup zone DNS server operation modes Zone transfers

DNS delegation Summary

Chapter 5: Placing Operations Master Roles FSMO roles Schema operations master Domain naming operations master Primary domain controller emulator operations master Relative ID operations master role Infrastructure operations master FSMO roles placement Active Directory logical and physical topology Connectivity The number of domain controllers Capacity Moving FSMO roles Seize FSMO roles Summary

Chapter 6: Migrating to Active Directory 2016 Active Directory Domain Service installation prerequisites Hardware requirements Virtualized environment requirements Additional requirements

[ iii ]

111 112 112 113 113 114 115 116 116 119 120 120 121 124 126 127 128 128 128 129

Active Directory Domain Service installation methods Active Directory Domain Service deployment scenarios Setting up a new forest root domain Active Directory Domain Service installation checklist for first domain controller Design topology Installation steps

Setting up an additional domain controller Active Directory Domain Service installation checklist for an additional domain controller Design topology Installation steps

Setting up a new domain tree Active Directory Domain Service installation checklist for a new domain tree Design topology Installation steps

Setting up a new child domain Active Directory Domain Service installation checklist for a new child domain Design topology Installation steps

How to plan Active Directory migrations Migration life cycle Audit Active Directory logical and physical topology Active Directory health check System Center Operation Manager and Operation Management Suite Active Directory health checklist Application audit Plan Implementation Active Directory migration checklist Design topology Installation steps Verification Maintain

Summary

Chapter 7: Managing Active Directory Objects Tools and methods to manage objects Active Directory Administrative Center The Active Directory Users and Computers MMC Active Directory object administration with PowerShell Creating, modifying, and removing objects in Active Directory Creating Active Directory objects Creating user objects Creating computer objects

[ iv ]

132 134 134 134 135 135 141 142 143 143 146 147 148 148 153 154 154 155 161 163 163 163 165 170 170 170 172 173 173 174 175 177 178 180 181 182 182 189 191 192 192 192 195

Modifying Active Directory objects Removing Active Directory objects Finding objects in Active Directory Finding objects using PowerShell Summary

Chapter 8: Managing Users, Groups, and Devices Object attributes Custom attributes User accounts Managed Service A