Table 7.6 will show you just some of the available PowerShell commands for maintaining Active Directory. These PowerShell commands can help you do everything from unlocking disabled accounts to resetting passwords.
TABLE 7.6 PowerShell commands for Active Directory
Add- ADComputerServiceAccount | This command allows you to add service accounts to Active Directory. |
Add- ADGroupMember | This command allows you to add users to an Active Directory group. |
Disable- ADAccount | You can use this command to disable an Active Directory account. |
Enable- ADAccount | You can use this command to enable an Active Directory account. |
Get- ADComputer | This command allows you to view one or more Active Directory computers. |
Get- ADDomain | You can use this command to view an Active Directory domain. |
Get- ADFineGrainedPasswordPolicy | This command allows you to view the Active Directory fine- grained password policies. |
Get- ADGroup | You can use this command to view Active Directory groups. |
Get- ADGroupMember | This command allows you to view the users in an Active Directory group. |
Get- ADServiceAccount | You can use this command to view the Active Directory service accounts. |
Get- ADUser | This command allows you to view one or more Active Directory users. |
New- ADComputer | You can use this command to create a new Active Directory computer. |
New- ADGroup | You can use this command to create a new Active Directory group. |
New- ADServiceAccount | This command is the only way that you can create a new Managed Service Account. |
New- ADUser | You can use this command to create a new Active Directory user. |
Summary
Command | Explanation |
Set- ADAccountPassword | This command allows you to modify the password of an Active Directory account. |
Unlock- ADAccount | You can use this command to unlock an Active Directory account. |
Summary
This chapter covered the basics of implementing an Active Directory forest and domain structure, creating and configuring application data partitions, and setting the functional level of your domain and forest.
You are now familiar with how you can implement Active Directory. We carefully examined all of the necessary steps and conditions that you need to follow to install Active Directory on your network. First you need to prepare for the Domain Name System because Active Directory cannot be installed without the support of a DNS server.
You also need to verify that the computer you upgrade to a domain controller meets some basic filesystem and network connectivity requirements so that Active Directory can run smoothly and efficiently in your organization. These are some of the most common things you will have to do when you deploy Active Directory.
The chapter also covered the concept of domain functional levels, which essentially determine the kinds of domain controllers you can use in your environment.
You also learned how to install Active Directory, which you accomplish by promoting a Windows Server 2022 computer to a domain controller using Server Manager. You also learned how to verify the installation by testing Active Directory from a client computer.
This chapter covered the fundamentals of administering Active Directory. The most important part of administering Active Directory is learning about how to work with OUs. Therefore, you should be aware of the purpose of OUs; that is, they help you organize and manage the directory. For instance, think of administrative control. If you wanted to delegate rights to another administrator (such as a sales manager), you could delegate that authority to that user within the Sales OU. As the system administrator, you would retain the rights to the castle.
We also looked at how to design an OU structure from an example. The example showed you how to design a proper OU layout. You can also create, organize, and reorganize OUs if need be.
In addition, you took a look at groups and group strategies. There are different types of groups (domain local, global, and universal groups), and you should know when each group is available and when to use each group.
Finally, this chapter covered how to use the Active Directory Users and Computers tool to manage Active Directory objects. If you’re responsible for day to day system administration, there’s a good chance that you are already familiar with this tool; if not, you should be after reading this chapter. Using this tool, you learned how to work with Active Directory objects such as User, Computer, and Group objects.
Exam Essentials
Know the prerequisites for promoting a server to a domain controller. You should understand the tasks that you must complete before you attempt to upgrade a server to a domain controller. Also, you should have a good idea of the information you need in order to complete the domain controller promotion process.
Understand the steps of the Active Directory Installation Wizard. When you run the Active Directory Installation Wizard, you’ll be presented with many different choices. You should understand the effects of the various options provided in each step of the wizard.
Be familiar with the tools that you will use to administer Active Directory. Three main administrative tools are installed when you promote a Windows Server 2022 to a domain controller. Be sure that you know which tools to use for which types of tasks.
Understand the purpose of application data partitions. The idea behind application data partitions is that since you already have a directory service that can replicate all kinds of security information, you can also use it to keep track of application data. The main benefit of storing application information in Active Directory is that you can take advantage of its storage mechanism and replication topology. Applicationr elated information stored on domain controllers benefits from having fault tolerance features and availability.
Understand the purpose of OUs. OUs are used to create a hierarchical, logical organization for objects within an Active Directory domain.
Understand the concept of inheritance. By default, child OUs inherit permissions and Group Policy assignments set for parent OUs. However, these settings can be overridden for more granular control of security.
Know groups and group strategies. You can use three groups: domain local, global, and universal. Understand the group strategies and when they apply.
Understand how Active Directory objects work. Active Directory objects represent some piece of information about components within a domain. The objects themselves have attributes that describe details about them.