Building Modern Active Directory

Break the vicious circle of designs perpetuating the errors of the past and just click next and accept the defaults implementations preventing a secure and reliable future. This book looks at the typical patterns and antipatterns in Active Directory (AD) design, deployment, and operations and provides an approach to building and operating AD that is based on engineering (analyzing and fulfilling requirements) rather than design (formulating requirements).

The book starts with an historical overview of AD and its future 25 years later. You then learn about the challenges that organizations running AD are facing today followed by understanding how to avoid them while learning modern requirements for more efficient and effective AD performance. After that, you go through business requirements influencing the AD topology along with ways to engineer information lookup to protect high-value objects. The book looks at two main protocols and the many dialects that AD offers to engineer an authentication service that fulfills modern requirements while leaving insecure legacy configurations behind. Managing AD from both the security and usability perspectives is discussed next in the book. Building, operating, and transitioning to a modern AD is demonstrated in detail. The book guides you with the next steps of your journey to achieve a secure and reliable AD.

After reading this book, you will be able to bridge the gap between the two approaches by analyzing real-world business requirements, explaining the decision-making process in both design and engineering, and ultimately providing concrete engineering guidelines for typical implementation scenarios.

What Will You Learn

• Build a modern Active Directory (AD), leaving behind design antipatterns that are not valid anymore
• Build a secure by design AD and accommodate legacy technology without compromising the overall security
• Understand advanced AD functionality such as controlling object visibility and partitioning Kerberos authentication by Authentication Policies

• Operate a modern AD, react to changing business requirements, and respond to ever-evolving security threats

  Who This Book Is For

Active Directory (AD) architects and consultants who need to provide design and engineering advice to customers; AD administrators tasked with modernizing and securing AD in their organizations; security architects wishing to learn the AD design patterns to watch out for

Covers advanced and powerful AD features such as Authentication Policies in Kerberos Contains real-life requirements, derived from over 20 years of AD implementations, migrations, and incident response Provides concrete guidelines for creating, maintaining, and migrating a modern AD

Autorentext

Evgenij Smirnov has 30 years of experience in IT and IT security consulting. Besides directory services and groupware, he has been, and is still active in, the virtualization and platform management space. One of his greatest passions is PowerShell, where he is a regular community contributor and Microsoft Most Valuable Professional (MVP). After leaving consulting to assume a position with Semperis, again in the Active Directory space, he decided to share his AD-related experience, valued by so many customers over the years, and author this book. You can reach him via: @cj_berlin on Twitter and evgenijsmirnov on LinkedIn.

Inhalt

Ch 1: Problems with AD.- Ch 2:. Modern AD.- Ch 3: Engineering Topology.- Ch 4: Engineering Lookup.- Ch 5. Engineering Authentication.- Ch 6: Engineering Authorization.- Ch 7: Engineering Configuration.- Ch 8: Engineering Administration.- Ch 9: Building a Modern AD.- Ch 10: Operating a Modern AD.- Ch 11: Transitioning to a Modern AD.- Ch 12: Conclusion.