Yes and it is still great today for managing Active Directory
@AbdullahOllivierreIT Жыл бұрын
Part 1: • It is important to keep Active Directory secure by implementing proper password policies, setting account lockout policies, and auditing logon events. • Group Policy Objects (GPOs) can be used to enforce security policies across the domain and configure client settings. • It is recommended to delegate administrative tasks to specific groups or individuals rather than granting wide-ranging administrative permissions to everyone. • It is important to regularly review and clean up Active Directory objects, such as inactive or expired user accounts, computer accounts, and group memberships. Part 2: • The Active Directory schema defines the structure and properties of all objects in the directory and should be extended with caution. • It is important to plan and design Active Directory before deployment to ensure optimal performance and scalability. • Domain Controllers should be placed in strategic locations to ensure reliable authentication and replication. • Replication is a critical aspect of Active Directory and should be monitored and tested regularly to ensure proper functioning. • Active Directory sites should be planned and configured based on network topology and link speed to ensure efficient replication and authentication. Part 3: • Active Directory Group Policy can be used to deploy software, configure security settings, and enforce company policies. • Custom templates can be created to define security settings that are not available in the default templates. • It is important to regularly review and update Group Policy settings to ensure they remain relevant and effective. • The Group Policy Management Console (GPMC) provides a central location to manage and troubleshoot Group Policy. • Saved queries can be used to quickly retrieve information from Active Directory and create custom views. Part 4: • The MMC console can be customized with taskpads to create a personalized administration toolset. • Shell commands can be added to taskpads to provide quick access to common administrative tasks, such as remote desktop, remote command prompt, and running PowerShell scripts. • PowerShell can be integrated into the MMC console to provide additional automation capabilities. • It is important to monitor Active Directory sites for replication status and topology changes to ensure reliable authentication and replication.
@vasylvolyk Жыл бұрын
Useful. Thanks!
@reveng6705 Жыл бұрын
Many if not all stuff that is discussed in this great video also applies to AD running on Server 2019. Thanks for your work, Adam
@Adamj_1 Жыл бұрын
And Server 2022...anything on prem.
@bradzima17792 жыл бұрын
I don't suppose you have a copy of the slide deck from this presentation?
@Adamj_12 жыл бұрын
I do not. Sorry. Only the RBAC scripts on www.ajtek.ca/guides/role-based-access-security/
@tkazi Жыл бұрын
A monochrome PDF version of these are available at the following Microsoft download URL. I couldn't find the color version of these. download.microsoft.com/download/e/a/7/ea75457b-65d0-481c-b53b-d7ca2ae7ee08/s2b%20-%209.pdf
@chancemanning84182 жыл бұрын
Edit: Please take my opinion with a grain a salt. Different Environments will work better with different OU structure. Great video. Not exactly sure how that OU structure shown around minute 10-11 would be best practice? It’s not very efficient for identifying users. Having All system users under a single OU then separating out by Security Groups seems to defeat the purpose of creating any OU in general. Identity Management should be a key component when organizing your AD.
@chancemanning84182 жыл бұрын
Having OU structure of departments OR regions of those users and computers would seem to be a better fit for deploying GPO. Security groups should be identified before hand and then be made to how granular you want to make security rules. Those groups could be placed within the OUs to organize them. But then again, the set up of OUs really isn’t that important, as long as it’s standardized and capable of identity management of your users.
@Adamj_12 жыл бұрын
See the video at part 43:30 to the end. You MANAGE via saved queries. For example You couldn't care if Joe Smith was in whatever department OU that you've created, you want to have your HelpDesk team reset his password. If you create your setup like in the video, management is SIMPLE and you set the permission ONCE. If you do it the way you're saying - creating department OUs and the like, you must grant access to reset passwords in MULTIPLE OUs instead of just the 1...
@julianhamann49252 жыл бұрын
@@Adamj_1 Hey Adam, if I add a taskpad view to a saved query and then open the saved .msc as a different user (to delegate administration) then the taskpad view for the saved query is no longer visible. I have been unable to fix this issue. Is there something you need to do in order to have taskpad views in a saved query usable by other admins?
@Adamj_12 жыл бұрын
@@julianhamann4925 Just tested this - Saved a taskpad and a saved query and a taskpad to a saved query and all 3 are showing up properly when executing on a different physical server VM, different user account as a delegation would. Not sure what you are experiencing as I can't replicate it.
@karolkula91662 жыл бұрын
[Q] Where I could find more about implementation of "notification based replication between the sites"?
@dj9choco2 жыл бұрын
Dude, i never thought a regular user will fit my env because im the only it employe, and i manage all the network, computers and erp. but with the mmc properly tweaked will be safe and easy to manage all the env
@Adamj_12 жыл бұрын
Yep. Separate Admin and Regular User - even for the single IT person (I'd also argue especially for the single IT person)
@RaviSingh-lt9hi3 жыл бұрын
Ok
@omarionrobinson40203 жыл бұрын
Unfortunately Windows 9 never released ☹️
@aleJohnny3 жыл бұрын
I love you.
@omarionrobinson40203 жыл бұрын
So blunt 😍
@billherrin34653 жыл бұрын
This is the way
@andrecinelli3 жыл бұрын
2021... Thank you!
@juergenl.3 жыл бұрын
What is your website?
@AllenOlayiwola4 жыл бұрын
Never thought the MMC was this good, amazing video! Thanks for sharing.
@jerryxie7774 жыл бұрын
Thanks for your sharing, is there any new update skill for ad in windows 2019? I'm looking forward to that🥰
@gareginasatryan67614 жыл бұрын
I don’t know if he’s conflating domains with trees. Because while multi tree forests have decreased in popularity, his claim that “single domain forests” are the rage is flat out untrue. Most enterprises I’ve seen have multiple levels of subdomains.
@andreas9564 жыл бұрын
Propably differs depending on your location and field. In my experience, a majority of my clients have had single domain forests.
@xerr0n4 жыл бұрын
@@andreas956 the presentation is old, in the end hes talking about hoping that people enjoyed students to business 2011. Also note the server 2008 references in the video.....
@jerryxie7775 жыл бұрын
Great demo,I find that there are a lots of skills I don't know. Thank you😀
@KanchanaRandika5 жыл бұрын
I learned a lot in less than one hour. Brilliant presentation from Dan. Thank you for uploading!
@Kent21F15 жыл бұрын
wow ! great video !
@hisgreatness25 жыл бұрын
very good video!
@GamingCentralTV16 жыл бұрын
This is a gem microsoft vid
@mokompri6 жыл бұрын
Found this after seeing your post on Spiceworks, thanks for this.
@balla21726 жыл бұрын
What is your website? I need that my membership app
@mariams.stories6 жыл бұрын
Awesome video my friend!! just subbed to your channel 65 & i hit the bell. I hope you will support me back, good luck :)
@ilishmaach6 жыл бұрын
Do you have the script to extend the schema and assign computer ownership to users?
@Adamj_16 жыл бұрын
Please see my blog post at www.ajtek.ca/guides/role-based-access-security/
@JeanPaulFernandes6 жыл бұрын
anyone know where I can get that My Membership app? seems very useful
@Adamj_16 жыл бұрын
Contact me through my website and I can send them to you - it is part of the scripts set he talks about in the video.
@shahidzaheer19656 жыл бұрын
Hi Adam, thank you for sharing the video, could please send me the Membership apps as well? my email is [email protected] or share a link where i can download them. i need them very much. Thank you
@Adamj_16 жыл бұрын
Thank you Jason!!!
@cu8065 жыл бұрын
How does LDAP tie into all of this
@Adamj_16 жыл бұрын
Rick L, the content is still accurate and is very much the basis of what RBAC can do, how it should be setup, and it sets the foundation for how you look at things (differently). Yes, with new technologies (like cloud-based storage), the permission sets are expanded, however the underlying methodology hasn't changed in over 15 years (MS has always re-iterated AG(U)DLP, but this video expands on that notion to allow you to see what MS has been suggesting to admins for years, why it's great, but unfortunately not too many admins practice this methodology to the extent that it should be used.) Also, with reference to the remote management of servers, MS has been pushing this for years with the 'Server Core' system that was introduced in Server 2008. It still is pushed today, and with Microsoft Project Honolulu, it will re-define the toolset used to manage systems, but again, the same principals apply.
@buzzlit6 жыл бұрын
How much of this is still accurate? Have there not been significant changes since 2011?
@itassist73736 жыл бұрын
Most of this information still applies today, and most is still accurate. When he was talking about the specific hard limits of groups, and the default Token size, I wasn't sure if those are still current. One thing I know has changed is you can now assign a user a primary Computer in ADSIEdit and it no longer needs a special plugin. This is very useful for only applying policy if you are logged into your assigned PCs.
@ScottAnderson476 жыл бұрын
Found the files! download.microsoft.com/download/E/7/A/E7AE2F7C-0112-405D-B6F2-D298CB4AE969/Room%203%20-%20ITP2%20-%2013.pdf
@sadkins767 жыл бұрын
Do you have the files that were supposed to be in the OneDrive folder?
@a1767 жыл бұрын
I have been looking for this video for months now since they took it down. Thank you so much for the re-up. Gonna grab a copy of it myself while it's still here ... thx !!!!
@donaldhall75277 жыл бұрын
Hi Adam, cheers matey, can you send me all the scripts please: [email protected]