Table 7.6 will show you just some of the available PowerShell commands for maintaining Active Directory. These PowerShell commands can help you do everything from unlocking disabled accounts to resetting passwords.

TABLE 7.6 PowerShell commands for Active Directory

Add- ADComputerServiceAccountThis command allows you to add service accounts to Active Directory.
Add- ADGroupMemberThis command allows you to add users to an Active Directory group.
Disable- ADAccountYou can use this command to disable an Active Directory account.
Enable- ADAccountYou can use this command to enable an Active Directory account.
Get- ADComputerThis command allows you to view one or more Active Directory computers.
Get- ADDomainYou can use this command to view an Active Directory domain.
Get- ADFineGrainedPasswordPolicyThis command allows you to view the Active Directory fine- grained password policies.
Get- ADGroupYou can use this command to view Active Directory groups.
Get- ADGroupMemberThis command allows you to view the users in an Active Directory group.
Get- ADServiceAccountYou can use this command to view the Active Directory service accounts.
Get- ADUserThis command allows you to view one or more Active Directory users.
New- ADComputerYou can use this command to create a new Active Directory computer.
New- ADGroupYou can use this command to create a new Active Directory group.
New- ADServiceAccountThis command is the only way that you can create a new Managed Service Account.
New- ADUserYou can use this command to create a new Active Directory user.

Summary

CommandExplanation
Set- ADAccountPasswordThis command allows you to modify the password of an Active Directory account.
Unlock- ADAccountYou can use this command to unlock an Active Directory account.

Summary

This chapter covered the basics of implementing an Active Directory forest and domain structure, creating and configuring application data partitions, and setting the functional level of your domain and forest.

You are now familiar with how you can implement Active Directory. We carefully examined all of the necessary steps and conditions that you need to follow to install Active Directory on your network. First you need to prepare for the Domain Name System because Active Directory cannot be installed without the support of a DNS server.

You also need to verify that the computer you upgrade to a domain controller meets some basic filesystem and network connectivity requirements so that Active Directory can run smoothly and efficiently in your organization. These are some of the most common things you will have to do when you deploy Active Directory.

The chapter also covered the concept of domain functional levels, which essentially determine the kinds of domain controllers you can use in your environment.

You also learned how to install Active Directory, which you accomplish by promoting a Windows Server 2022 computer to a domain controller using Server Manager. You also learned how to verify the installation by testing Active Directory from a client computer.

This chapter covered the fundamentals of administering Active Directory. The most important part of administering Active Directory is learning about how to work with OUs. Therefore, you should be aware of the purpose of OUs; that is, they help you organize and manage the directory. For instance, think of administrative control. If you wanted to delegate rights to another administrator (such as a sales manager), you could delegate that authority to that user within the Sales OU. As the system administrator, you would retain the rights to the castle.

We also looked at how to design an OU structure from an example. The example showed you how to design a proper OU layout. You can also create, organize, and reorganize OUs if need be.

In addition, you took a look at groups and group strategies. There are different types of groups (domain local, global, and universal groups), and you should know when each group is available and when to use each group.

Finally, this chapter covered how to use the Active Directory Users and Computers tool to manage Active Directory objects. If you’re responsible for day­ to­ day system administration, there’s a good chance that you are already familiar with this tool; if not, you should be after reading this chapter. Using this tool, you learned how to work with Active Directory objects such as User, Computer, and Group objects.

Exam Essentials

Know the prerequisites for promoting a server to a domain controller. You should understand the tasks that you must complete before you attempt to upgrade a server to a domain controller. Also, you should have a good idea of the information you need in order to complete the domain controller promotion process.

Understand the steps of the Active Directory Installation Wizard. When you run the Active Directory Installation Wizard, you’ll be presented with many different choices. You should understand the effects of the various options provided in each step of the wizard.

Be familiar with the tools that you will use to administer Active Directory. Three main administrative tools are installed when you promote a Windows Server 2022 to a domain controller. Be sure that you know which tools to use for which types of tasks.

Understand the purpose of application data partitions. The idea behind application data partitions is that since you already have a directory service that can replicate all kinds of security information, you can also use it to keep track of application data. The main benefit of storing application information in Active Directory is that you can take advantage of its storage mechanism and replication topology. Application­r elated information stored on domain controllers benefits from having fault­ tolerance features and availability.

Understand the purpose of OUs. OUs are used to create a hierarchical, logical organization for objects within an Active Directory domain.

Understand the concept of inheritance. By default, child OUs inherit permissions and Group Policy assignments set for parent OUs. However, these settings can be overridden for more granular control of security.

Know groups and group strategies. You can use three groups: domain local, global, and universal. Understand the group strategies and when they apply.

Understand how Active Directory objects work. Active Directory objects represent some piece of information about components within a domain. The objects themselves have attributes that describe details about them.