售 价:¥
9.8
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
About Packt
Why subscribe?
Packt.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Get in touch
Reviews
Optimizing Forests, Domains, and Trusts
Choosing between a new domain or forest
Why would you have a new domain?
What are the downsides of a new domain?
Why would you create a new forest?
What are the downsides of a new forest?
Listing the domains in your forest
Getting ready
Installing the Active Directory module for Windows PowerShell on Windows Server
Installing the Active Directory module for Windows PowerShell on Windows
Required permissions
How to do it...
How it works...
Using adprep.exe to prepare for new Active Directory functionality
Getting ready
Required permissions
How to do it...
Preparing the forest
Preparing the forest for RODCs
Preparing the domain
Fixing up Group Policy permissions
Checking the preparation replication
How it works...
There's more...
Raising the domain functional level to Windows Server 2016
Getting ready
Required permissions
How to do it...
How it works...
Raising the forest functional level to Windows Server 2016
Getting ready
Required permissions
How to do it...
How it works...
Creating the right trust
Trust direction
Trust transitivity
One-way or two-way trust
Getting ready
Required permissions
How to do it...
Verifying and resetting a trust
Getting ready
Required permissions
How to do it...
How it works...
Securing a trust
Getting ready
Required permissions
How to do it...
How it works...
There's more...
Extending the schema
Getting ready
Required permissions
How to do it...
There's more...
Enabling the Active Directory Recycle Bin
Getting ready
Required permissions
How to do it...
How it works...
Managing UPN suffixes
Getting ready
How to do it...
How it works...
There's more...
Managing Domain Controllers
Preparing a Windows Server to become a domain controller
Intending to do the right thing
Dimensioning the servers properly
Preparing the Windows Server installations
Preconfigure the Windows Servers
Document the passwords
Promoting a server to a domain controller
Getting ready
How to do it...
Promoting a domain controller using the wizard
Installing the Active Directory Domain Services role
Promoting the server to a domain controller
Promoting a domain controller using dcpromo.exe
Promoting a domain controller using Windows PowerShell
Checking proper promotion
See also
Promoting a server to a read-only domain controller
Getting ready
How to do it...
Installing the Active Directory Domain Services role
Promoting the server to a read-only domain controller
Promoting a read-only domain controller using dcpromo.exe
Promoting a domain controller using Windows PowerShell
Checking proper promotion
How it works...
See also
Using Install From Media
How to do it...
Creating the IFM package
Leveraging the IFM package
Using the Active Directory Domain Services Configuration Wizard
Using dcpromo.exe
Using the Install-ADDSDomainController PowerShell cmdlet
How it works...
Using domain controller cloning
Getting ready
How to do it...
Making sure all agents and software packages are cloneable
Supplying the information for the new domain controller configuration
Adding the domain controller to the Cloneable Domain Controllers group
Cloning the domain controller from the hypervisor
How it works...
See also
Determining whether a virtual domain controller has a VM-GenerationID
How to do it...
How it works...
Demoting a domain controller
Getting ready
How to do it...
Using the wizard
Using the Active Directory module for Windows PowerShell
How it works...
There's more...
Demoting a domain controller forcefully
How to do it...
Using the Active Directory Domain Services Configuration Wizard
Using manual steps
Performing metadata cleanup
Deleting the domain controller from DNS
Deleting the computer object for the domain controller
Deleting the SYSVOL replication membership
Deleting the domain controller from Active Directory Sites and Services
Deleting an orphaned domain
See also
Inventory domain controllers
How to do it...
Using Active Directory Users and Computers to inventory domain controllers
Using the Active Directory module for Windows PowerShell to inventory domain controllers
Decommissioning a compromised read-only domain controller
How to do it...
How it works...
Managing Active Directory Roles and Features
About FSMO roles
Recommended practices for FSMO roles
Querying FSMO role placement
Getting ready
How to do it...
How it works...
Transferring FSMO roles
Getting ready
How to do it...
Transferring FSMO roles using the MMC snap-ins
Transferring FSMO roles using the ntdsutil command-line tool
Transferring FSMO roles using Windows PowerShell
How it works...
Seizing FSMO roles
Getting ready
How to do it...
Seizing FSMO roles using the ntdsutil command-line tool
Seizing FSMO roles using Windows PowerShell
How it works...
Configuring the Primary Domain Controller emulator to synchronize time with a reliable source
Getting ready
How to do it...
How it works...
Managing time synchronization for virtual domain controllers
Getting ready
How to do it...
Managing time synchronization for virtual domain controllers running on VMware vSphere
Managing time synchronization for virtual domain controllers running on Microsoft Hyper-V
How it works...
Managing global catalogs
Getting ready
How to do it...
How it works
Managing Containers and Organizational Units
Differences between OUs and containers
Containers
OUs
OUs versus Active Directory domains
Creating an OU
Getting ready
How to do it...
Using the Active Directory Administrative Center
Using the command line
Using Windows PowerShell
How it works...
There's more...
Deleting an OU
Getting ready
How to do it...
Using the Active Directory Administrative Center
Using the command line
Using Windows PowerShell
How it works...
There's more...
Modifying an OU
Getting ready
How to do it...
Using the Active Directory Administrative Center
Using the command line
Using Windows PowerShell
How it works...
There's more...
See also
Delegating control of an OU
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the command line
How it works...
Using the built-in groups
Using delegation of control
See also
Modifying the default location for new user and computer objects
Getting ready
How to do it...
How it works...
See also
Managing Active Directory Sites and Troubleshooting Replication
What do Active Directory sites do?
Recommendations
Creating a site
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
See also
Managing a site
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
How it works...
See also
Managing subnets
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
How it works...
See also
Creating a site link
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
How it works...
See also
Managing a site link
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
See also
Modifying replication settings for an Active Directory site link
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
How it works...
Site-link costs
Site-link replication schedules
See also
Creating a site link bridge
Getting ready
How to do it...
See also
Managing bridgehead servers
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
How it works...
See also
Managing the Inter-site Topology Generation and Knowledge Consistency Checker
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
How it works...
See also
Managing universal group membership caching
Getting ready
How to do it...
Using Active Directory Sites and Services
Using Windows PowerShell
How it works...
See also
Working with repadmin.exe
Getting ready
How to do it...
How it works...
See also
Forcing replication
Getting ready
How to do it...
How it works...
See also
Managing inbound and outbound replication
Getting ready
How to do it...
How it works...
There's more...
See also
Modifying the tombstone lifetime period
Getting ready
How to do it...
Using ADSI Edit
Using Windows PowerShell
How it works...
See also
Managing strict replication consistency
Getting ready
How to do it...
How it works...
Upgrading SYSVOL replication from File Replication Service to Distributed File System Replication
Getting ready
How to do it...
The initial state
The prepared state
The redirected state
The eliminated state
How it works...
See also
Checking for and remediating lingering objects
Getting ready
How to do it...
How it works...
See also
Managing Active Directory Users
Creating a user
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
There's more...
Deleting a user
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
See also
Modifying several users at once
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using Windows PowerShell
How it works...
There's more...
Moving a user
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
Renaming a user
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
Enabling and disabling a user
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
There's more...
Finding locked-out users
Getting ready
How to do it...
Using the Active Directory Administrative Center
Using Windows PowerShell
How it works...
See also
Unlocking a user
Getting ready
How to do it...
Using the Active Directory Administrative Center
Using Windows PowerShell
Managing userAccountControl
Getting ready
How to do it...
Reading the userAccountControl attribute
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using Windows PowerShell
Setting the userAccountControl attribute
Using ADSI Edit
Using Windows PowerShell
How it works...
Using account expiration
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
Managing Active Directory Groups
Creating a group
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
Group scopes
Group types
Deleting a group
Getting ready
How to do it...
Using Active Directory Groups and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
Managing the direct members of a group
Getting ready
How to do it...
Using Active Directory Groups and Computers
Using the Active Directory Administrative Center
Using Windows PowerShell
How it works...
Managing expiring group memberships
Getting ready
How to do it...
How it works...
Changing the scope or type of a group
Getting ready
How to do it...
Using Active Directory Groups and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
Group scopes
Group types
Viewing nested group memberships
Getting ready
How to do it...
How it works...
Finding empty groups
Getting ready
How to do it...
How it works...
Managing Active Directory Computers
Creating a computer
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
There's more...
Deleting a computer
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using command-line tools
Using Windows PowerShell
How it works...
See also
Joining a computer to the domain
Getting ready
How to do it...
Using the GUI
Using Windows PowerShell
How it works...
There's more...
See also
Renaming a computer
Getting ready
How to do it...
Using the settings app
Using the command line
Using Windows PowerShell
How it works...
There's more...
Testing the secure channel for a computer
Getting ready
How to do it...
Using the command line
Using Windows PowerShell
How it works...
See also
Resetting a computer's secure channel
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using the command line
Using Windows PowerShell
How it works...
Changing the default quota for creating computer objects
Getting ready
How to do it...
Using ADSI Edit
Using Windows PowerShell
How it works...
Getting the Most Out of Group Policy
Creating a Group Policy Object (GPO)
Getting ready
How to do it...
Using the Group Policy Management Console
Using Windows PowerShell
How it works...
See also
Copying a GPO
Getting ready
How to do it...
Using the Group Policy Management Console
Using Windows PowerShell
How it works...
There's more...
Deleting a GPO
Getting ready
How to do it...
Using the Group Policy Management Console
Using Windows PowerShell
How it works...
See also
Modifying the settings of a GPO
Getting ready
How to do it...
How it works...
Assigning scripts
Getting ready
How to do it...
How it works...
Installing applications
Getting ready
How to do it...
How it works...
Linking a GPO to an OU
Getting ready
How to do it...
How it works...
There's more...
Blocking inheritance of GPOs on an OU
Getting ready
How to do it...
How it works...
Enforcing the settings of a GPO Link
Getting ready
How to do it...
How it works...
Applying security filters
Getting ready
How to do it...
How it works...
Creating and applying WMI Filters
Getting ready
How to do it...
How it works...
There's more...
Configuring loopback processing
Getting ready
How to do it...
How it works...
Restoring a default GPO
Getting ready
How to do it...
How it works...
There's more...
Creating the Group Policy Central Store
Getting ready
How to do it...
How it works...
There's more...
Securing Active Directory
Applying fine-grained password and account lockout policies
Getting ready
How to do it...
Using the Active Directory Administrative Center
Using the Active Directory Module for Windows PowerShell
How it works...
There's more...
Backing up and restoring GPOs
Getting ready
How to do it...
How it works...
There's more...
Backing up and restoring Active Directory
Getting ready
How to do it...
How it works...
Working with Active Directory snapshots
Getting ready
How to do it...
How it works...
There's more...
Managing the DSRM passwords on domain controllers
Getting ready
How to do it...
How it works...
Implementing LAPS
Getting ready
How to do it...
Implementing LAPS
Extending the schema
Setting permissions
Creating the GPO to install the LAPS Client-side Extensions
Linking the GPO to OUs with devices
Managing passwords
Viewing an administrator password
Resetting an Administrator password
How it works...
See also
Managing deleted objects
Getting ready
How to do it...
Using the Active Directory Administrative Center
Using Windows PowerShell
How it works...
There's more...
See also
Working with group Managed Service Accounts
Getting ready
How to do it...
How it works...
There's more...
Configuring the advanced security audit policy
Getting ready
How to do it...
How it works...
Resetting the KRBTGT secret
Getting ready
How to do it...
How it works...
There's more...
Using SCW to secure domain controllers
Getting ready
How to do it
Secure a representative domain controller using SCW
Roll-out the security settings to all domain controllers using Group Policy
How it works...
Leveraging the Protected Users group
Getting ready
How to do it...
Using Active Directory Users and Computers
Using the Active Directory Administrative Center
Using Windows PowerShell
How it works...
Putting authentication policies and authentication policy silos to good use
Getting ready
How to do it...
Enable domain controller support for claims
Enable compound claims on devices in scope for an authentication policy
Create an Authentication Policy
Create an Authentication Policy Silo
Assign the Authentication Policy Silo
How it works...
Configuring Extranet Smart Lock-out
Getting ready
How to do it...
How it works...
Managing Federation
Choosing the right AD FS farm deployment method
Getting ready
How to do it...
How it works...
There's more...
See also
Installing the AD FS server role
Getting ready
How to do it...
How it works...
Setting up an AD FS farm with Windows Internal Database
Getting ready
How to do it...
Configuring AD FS
Checking the proper AD FS configuration
How it works...
There's more...
See also
Setting up an AD FS farm with SQL Server
Getting ready
How to do it...
Creating a gMSA
Creating the script
Creating the databases
Configuring AD FS
Checking the proper AD FS configuration
How it works...
There's more...
See also
Adding additional AD FS servers to an AD FS farm
Getting ready
How to do it...
How it works...
See also
Removing AD FS servers from an AD FS farm
Getting ready
How to do it...
How it works...
There's more...
Creating a Relying Party Trust (RPT)
Getting ready
How to do it...
How it works...
Deleting an RPT
Getting ready
How to do it...
How it works...
Configuring branding
Getting ready
How to do it...
How it works...
Setting up a Web Application Proxy
Getting ready
How to do it...
Installing the Web Application Proxy feature
Configuring the Web Application Proxy
Checking the proper Web Application Proxy configuration
How it works...
There's more...
Decommissioning a Web Application Proxy
Getting ready
How to do it...
How it works...
Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and 3SO)
Choosing the right authentication method
Getting ready
How to do it...
How it works...
Active Directory Federation Services or PingFederate
Password Hash Sync
Pass-through authentication
Seamless Single Sign-on
Cloud-only
There's more...
Verifying your DNS domain name
Getting ready
How to do it...
How it works...
Implementing Password Hash Sync with Express Settings
Getting ready
How to do it...
How it works...
Implementing Pass-through Authentication
Getting ready
How to do it...
Adding the Azure AD Authentication Service to the intranet sites
Configuring Azure AD Connect
How it works...
There's more...
Implementing single sign-on to Office 365 using AD FS
Getting ready
How to do it...
How it works...
There's more...
Managing AD FS with Azure AD Connect
Getting ready
How to do it...
Reset Azure AD trust
Federate an Azure AD domain
Update the AD FS SSL certificate
Deploy an AD FS server
Add a Web Application Proxy server
Verify federated login
How it works...
There's more...
Implementing Azure Traffic Manager for AD FS geo-redundancy
Getting ready
How to do it...
Configuring the Web Application Proxies for probing
Configuring Azure Traffic Manager
Adding DNS records
How it works...
There's more...
Migrating from AD FS to Pass-through Authentication for single sign-on to Office 365
Getting ready
How to do it...
Adding the Azure AD Authentication Service to the intranet sites
Configuring Azure AD Connect
Checking domains in the Azure portal
Disabling federation in Azure AD
Deleting the Office 365 Identity Platform relying party trust
How it works...
There's more...
Making Pass-through Authentication (geo)redundant
Getting ready
How to do it...
Installing and configuring the PTA Agent
Checking proper installation and configuration
How it works...
Handling Synchronization in a Hybrid World (Azure AD Connect)
Choosing the right sourceAnchor
Getting ready
How to do it...
How it works...
There's more...
Configuring staging mode
Getting ready
How to do it...
How it works...
See also
Switching to a staging mode server
Getting ready
How to do it...
How it works...
Configuring Domain and OU filtering
Getting ready
How to do it...
Configuring Azure AD Connect initially
Reconfiguring Azure AD Connect
How it works...
Configuring Azure AD app and attribute filtering
Getting ready
How to do it...
Configuring Azure AD Connect initially
Reconfiguring Azure AD Connect
How it works...
Configuring MinSync
Getting ready
How to do it...
Configuring Azure AD Connect initially
Reconfiguring Azure AD Connect
How it works...
Configuring Hybrid Azure AD Join
Getting ready
How to do it...
Adding the Azure AD Device Registration Service to the intranet sites
Distributing Workplace Join for non-Windows 10 computers
Setting the Group Policy to register for down-level Windows devices
Link the Group Policy to the right Organizational Units
Configuring Hybrid Azure AD Join in Azure AD Connect
How it works...
Configuring Device writeback
Getting ready
How to do it...
How it works...
Configuring Password writeback
Getting ready
How to do it...
Configuring the proper permissions for Azure AD Connect service accounts
Configuring Azure AD Connect
Configuring Azure AD Connect initially
Reconfiguring Azure AD Connect
How it works...
Configuring Group writeback
Getting ready
How to do it...
Creating the Organizational Unit where groups are to be written back
Configuring Azure AD Connect
Configuring Azure AD Connect initially
Reconfiguring Azure AD Connect
Configuring the proper permissions for Azure AD Connect service accounts
How it works...
Changing the passwords for Azure AD Connects service accounts
Getting ready
How to do it...
Managing the service account connecting to Active Directory
Managing the service account connecting to Azure AD
Managing the computer account for Seamless Single Sign-on
How it works...
The service account running the Azure AD Connect service
The service account connecting to Active Directory
The service account connecting to Azure AD
The computer account for Seamless Single Sign-on
Hardening Azure AD
Setting the contact information
Getting ready
How to do it...
How it works...
Preventing non-privileged users from accessing the Azure portal
Getting ready
How to do it...
How it works...
Viewing all privileged users in Azure AD
Getting ready
How to do it...
Using the Azure AD PowerShell
Using the Azure Cloud Shell
How it works...
Preventing users from registering or consenting to apps
Getting ready
How to do it...
How it works...
There's more...
Preventing users from inviting guests
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring whitelisting or blacklisting for Azure AD B2B
Getting ready
How to do it...
How it works...
Configuring Azure AD Join and Azure AD Registration
Getting ready
How to do it...
Limiting who can join Azure AD devices
Limiting who can register Azure AD devices
Configuring additional administrators
Enabling Enterprise State Roaming
How it works...
See also
Configuring Intune auto-enrollment upon Azure AD Join
Getting ready
How to do it...
How it works...
Configuring baseline policies
Getting ready
How to do it...
How it works...
Configuring Conditional Access
Getting ready
How to do it...
How it works...
See also
Accessing Azure AD Connect Health
Getting ready
How to do it...
How it works...
There's more...
Configuring Azure AD Connect Health for AD FS
Getting ready
How to do it...
Downloading the agent
Installing and configuring the agent
Consuming the information in the Azure AD Connect Health dashboard
How it works...
Configuring Azure AD Connect Health for AD DS
Getting ready
How to do it...
Downloading the agent
Installing and configuring the agent
Consuming the information in the Azure AD Connect Health dashboard
How it works...
Configuring Azure AD Privileged Identity Management
Getting ready
How to do it...
How it works...
There's more...
Configuring Azure AD Identity Protection
Getting ready
How to do it...
How it works...
MFA registration
User risk policies
Sign-in risk policies
There's more...
Other Books You May Enjoy
Leave a review - let other readers know what you think
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜
购物车
个人中心
