Mastering Active Directory
This course includes
Lessons
TestPrep
Lab
AI Tutor (Add-on)
Coming Soon
This product will be available
on 30-Sep-2024
Get the support you need. Enroll in our Instructor-Led Course.
Lessons
20+ Lessons |
TestPrep
1
Preface
- Who this course is for
- What this course covers
- To get the most out of this course
2
Active Directory Fundamentals
- Modern access management
- The future of Identity and Access Management (IAM)
- Hybrid Identity and Active Directory Domain Services
- Benefits of using Active Directory
- Understanding Active Directory components
- Understanding Active Directory objects
- Summary
3
Active Directory Domain Services 2022
- The features of AD DS 2022
- Privileged Access Management (PAM)
- What does PAM have to do with AD DS 2022?
- Windows Hello for Business
- PowerShell 7
- Summary
4
Designing an Active Directory Infrastructure
- What makes a good system?
- Gathering business requirements
- Designing the forest structure
- Creating the forest structure
- Selecting forest design models
- Designing the domain structure
- Deciding on the domain and forest functional levels
- Designing the OU structure
- Designing the physical topology of Active Directory
- Designing a hybrid identity
- Identifying business needs
- Summary
5
Active Directory Domain Name System
- What is DNS?
- Hierarchical naming structures
- How DNS works
- DNS infrastructure design
- DNS essentials
- Conditional forwarders
- DNS policies
- Secure DNS client over HTTPS (DoH)
- DNS server operation modes
- Zone transfers
- DNS delegation
- DNS service providers
- Summary
6
Placing Operations Master Roles
- FSMO roles
- Active Directory's logical and physical topology
- Best practices
- Moving FSMO roles
- Seizing FSMO roles
- Summary
7
Migrating to Active Directory 2022
- AD DS installation prerequisites
- AD DS installation methods
- AD DS deployment scenarios
- How to plan AD migrations
- Summary
8
Managing Active Directory Objects
- Tools and methods for managing objects
- AD object administration with PowerShell
- Creating computer objects
- Modifying AD objects
- Removing AD objects
- Finding objects in AD
- Preventing the accidental deletion of objects
- AD recycle bin
- Summary
9
Managing Users, Groups, and Devices
- Object attributes
- Custom attributes
- Syncing custom attributes to Azure AD
- User accounts
- Groups
- Devices and other objects
- Best practices
- Summary
10
Designing the OU Structure
- OUs in operations
- Containers vs. OUs
- Active Directory Groups vs. OUs
- OU design models
- Managing the OU structure
- Summary
11
Managing Group Policies
- Benefits of group policies
- Group Policy capabilities
- Group Policy objects
- The Group Policy template
- Group Policy processing
- Group Policy inheritance
- Group Policy conflicts
- Administrative templates
- Group Policy filtering
- Group Policy preferences
- Item-level targeting
- Loopback processing
- Group Policy best practices
- Useful group policies
- Summary
12
Active Directory Services – Part 01
- Overview of AD LDS
- Where to use LDS
- The LDS installation
- AD replication
- Sites
- Summary
13
Active Directory Services – Part 02
- Active Directory trusts
- RODCs
- Active Directory database maintenance
- Active Directory Backup and Recovery
- Summary
14
Active Directory Certificate Services
- PKI in action
- SSL certificates
- AD CS components
- Planning PKI
- PKI deployment models
- Setting up a PKI
- Certificate templates
- Requesting certificates
- Migrating AD CS from Windows Server 2008 R2 to Windows Server 2022
- AD CS disaster recovery
- Summary
15
Active Directory Federation Services
- How does AD FS work?
- AD FS components
- AD FS configuration database
- AD FS deployment topologies
- AD FS deployment
- Azure AD federation with AD FS
- Summary
16
Active Directory Rights Management Services
- What is AD RMS?
- AD RMS components
- How does AD RMS work?
- How do we deploy AD RMS?
- Azure Information Protection (AIP)
- Summary
17
Active Directory Security Best Practices
- AD authentication
- The Kerberos protocol
- Authentication in an AD environment
- Delegating permissions
- Predefined AD administrator roles
- Using object ACLs
- Using the delegate control method in AD
- Implementing fine-grained password policies
- Limitations
- Resultant Set of Policy (RSoP)
- Configuration
- Pass-the-hash attacks
- The Protected Users security group
- Restricted admin mode for RDP
- Authentication policies and authentication policy silos
- Authentication policies
- Authentication policy silos
- Creating authentication policies
- Creating authentication policy silos
- Secure LDAP
- Microsoft Local Administrator Password Solution (LAPS)
- On-prem Azure AD Password Protection
- Summary
18
Advanced AD Management with PowerShell
- AD management with PowerShell – preparation
- AD management commands and scripts
- Replication
- Replicating a specific object
- Users and groups
- Last logon time
- Last login date report
- Login failures report
- Finding the locked-out account
- Password expire report
- Review the membership of the high-level administrative groups
- Dormant accounts
- Users with the Password Never Expires setting
- Azure Active Directory PowerShell
- Installation
- General commands
- Managing users
- Managing groups
- Microsoft Graph
- Microsoft Graph Explorer
- Summary
19
Hybrid Identity
- Extending on-prem AD to Azure AD
- Evaluating the present business requirements
- Evaluating an organization's infrastructure road map
- Evaluating the security requirements
- Selecting the Azure AD version
- Federation with Azure AD
- Step-by-step guide to integrating an on-prem AD environment with Azure AD
- Creating a virtual network
- Setting up an Azure AD managed domain
- Adding DNS server details to the virtual network
- Creating a Global Administrator account for Azure AD Connect
- Setting up Azure AD Connect
- Installing the Pass-through Authentication agent
- Azure AD Connect configuration
- Syncing NTLM and Kerberos credential hashes to Azure AD
- Enabling secure LDAP (LDAPS) for an Azure AD DS managed domain
- Enable secure LDAP (LDAPS)
- Summary
20
Active Directory Audit and Monitoring
- Auditing and monitoring AD using built-in Windows tools and techniques
- Windows Event Viewer
- Custom Views
- Windows Logs
- Applications and Services Logs
- Subscriptions
- AD DS event logs
- AD DS log files
- AD audit
- Demonstration
- Setting up event subscriptions
- Security event logs from domain controllers
- Enabling advanced security audit policies
- Enforcing advanced auditing
- Reviewing events with PowerShell
- Microsoft Defender for Identity
- What is Microsoft Defender for Identity?
- Defender for Identity benefits
- Azure AD Connect Health
- Prerequisites
- Configuration
- Summary