Learn Active Directory security basics: How to configure the management tool

In this learning guide, various experts review how to use Active Directory to secure your organization.

Being able to fully understand and learn Active Directory is no easy feat. Unlike most other network applications,

Active Directory is a distributed, multiple-master app that must be secured and maintained. When employees come and go, Active directory access control configuration policy settings need to be preserved properly. Replications and event logs have to be checked regularly, and Active Directory backup and security tests need to be performed. In this Active Directory learning guide, our best SearchMidmarketSecurity.com contributors offer AD tips that will help you learn Active Directory basics and assist you with the task of setting up Active Directory securely.

How to back up Active Directory domain controllers
(see link below)
To keep your Active Directory secure, you need to be prepared to quickly restore any one of the domain controllers. Make sure you know how to back up Active Directory. An AD disaster recovery plan needs to be at the top of your business continuity list, and it can be carried out with free Windows utilities, too.

Contributor Joel Snyder also reviewed the pros and cons of using disk imaging software to create Active Directory domain controller backup images.

Active Directory health check
(see link below)
Active Directory maintenance involves many ongoing tasks: checking event logs, testing, defragmenting and making sure replications are working. Learn how to check Active Directory health using the right tools. Ntdsutil, for example, can be used for degfragmenting a large Active Directory, and DCdag has almost 30 different tests that will help you check your AD security status.

Role-based access control in Active Directory
(see link below)
Network managers can segment employees based on Active Directory Group membership, including HR users, accounting department, or R&D lab teams that may need special privileges. Jennifer Jabbusch demonstrates how role-based access controls can be configured in Active Directory.

Other ways to configure Active Directory access control
(see link below)
As organizations move to more stringent change management requirements, Active Directory can be used to authenticate network managers to their switches, routers, firewalls and other infrastructure devices. Jennifer Jabbusch continues her Active Directory training and reveals how to configure Active Directory in a way that improves your network infrastructure's authentication and access control. AD, for example, can be used for both wired and wireless security purposes.

Active Directory Group Policy settings
(see link below)
Endpoint integrity enforcement can be achieved through Active Directory Group Policy settings. If you're avoiding NAC, make sure you know the top five desired endpoint integrity checks for most security and network administrators.

Cut your identity management user provisioning time

Did you know that Forefront Identity Manager synchronizes with Active Directory?

Active Directory autoenrollment
(see link below)
Joel Dubin responds to a reader's question and reveals how setting up Active Directory autoenrollment will help to automatically delete user certificates on the certificate authority (CA).

 

Need to restore Active Directory accounts? Dubin explains how ADSIEdit, LDP or DSACLS command-line tools (and three Microsoft-approved methods) will retrieve lost users.

Active Directory courses
(see link below)
Trying to learn Active Directory basics? Joel Dubin recommends ways to gain comprehensive Active Directory training, including vendor-neutral boot camps and vendor-driven deployment and implementation courses.

Send your feedback to Editor@searchmidmarketsecurity.com.

This was first published in April 2010

Dig deeper on Microsoft identity and access management

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close