Mastering Microsoft Active Directory deployment design and Administration

        เพิ่มประสิทธิภาพการดูแล และใช้งาน Microsoft Active Directory ซึ่งครอบคลุม Windows Server ตั้งแต่ Windows Server 2012 ไปจนถึง Windows Server 2022 ด้วยหลักสูตรการฝึกอบรม Microsoft Active Directory Deployment Design and Administration เชิงลึก  หลักสูตรนี้เป็นประตูสู่การเรียนรู้ทักษะที่จำเป็นในการออกแบบ ปรับใช้ และดูแลระบบ Microsoft Active Directory ซึ่งจะช่วยท่านเพิ่มความมั่นใจและความแม่นยำในความรู้และทักษะที่จำเป็นในการ ติดตั้ง ดูแล และแก้ไขปัญหา Active Directory สำหรับ Windows Server รุ่นต่างๆได้อย่างมั่นใจ

        ไม่ว่าท่านจะเป็นมืออาชีพด้านไอทีที่ต้องการเพิ่มพูนความเชี่ยวชาญหรือเป็นองค์กรที่ต้องการเพิ่มประสิทธิภาพความปลอดภัยและประสิทธิภาพของเครือข่าย หลักสูตรนี้มอบประสบการณ์เชิงปฏิบัติที่ท่านต้องการ ตั้งแต่แนวคิดพื้นฐานไปจนถึงเทคนิคขั้นสูง ท่านจะได้เรียนรู้วิธีการใช้โซลูชัน Active Directory ที่มีประสิทธิภาพ ปรับขนาดได้ และปลอดภัย

จำนวนวันอบรม   3 วัน

รายละเอียดหลักสูตร

1. Active Directory Fundamentals

Benefits of using Active Directory

Centralized data repository

The replication of data

High availability and Security

Auditing capabilities

Single sign-on (SSO)

Schema modification

Querying and indexing

Understanding Active Directory components

Logical components

Forests

Domains

Domain trees

Organizational units

Physical components

Domain controllers

The global catalog server

Active Directory sites

Understanding Active Directory objects

Globally unique identifiers and security identifiers

Distinguished names

Active Directory server roles

2. Active Directory Domain Services 2022

The features of AD DS 2022

The deprecation of Windows Server 2003's forest and domain functional levels

The deprecation of the File Replication service

3. Designing an Active Directory Infrastructure

Designing the forest structure

Single forest

Multiple forests

Creating the forest structure

Selecting forest design models

The organizational forest model

The resource forest model

The restricted access forest model

Designing the domain structure

Single domain

Regional domain

The branch/site domain

The number of domains

Deciding on domain names

The forest root domain

Deciding on the domain and forest functional levels

Designing the OU structure

Designing the physical topology of Active Directory

Physical or virtual domain controllers

Domain controller placement

Global catalog server placement

Designing a hybrid identity

4. Active Directory Domain Name System

Hierarchical naming structures

Top-Level Domain managers (TLD managers)

DNS infrastructure design

Integrate AD DS with existing DNS infrastructure

Disjoint naming space

Deploying AD-integrated new DNS infrastructure

DNS essentials

Zones

Primary zone

Secondary zone

Stub zones

Reverse lookup zones

Conditional forwarders

DNS policies

Secure DNS client over HTTPS (DoH)

DNS server operation modes

Zone transfers

DNS delegation

5. Placing Operations Master Roles

FSMO roles

Schema operations master

Domain-naming operations master

PDC emulator operations master

RID operations master role

Infrastructure operations master

FSMO role placement

Active Directory's logical and physical topology

Connectivity

The number of domain controllers

Capacity

Moving FSMO roles

Seizing FSMO roles

6. Migrating to Active Directory 2022

AD DS installation prerequisites

Hardware requirements

Virtualized environment requirements

Additional requirements

AD DS installation methods

AD DS deployment scenarios

Setting up a new forest root domain

AD DS installation checklist for the first domain controller

Design topology

Installation steps

Setting up an additional domain controller

AD DS installation checklist for an additional domain controller

Design topology

Installation steps

How to plan AD migrations

Migration life cycle

Auditing

AD logical and physical topology

AD health check

SCOM and Azure Sentinel

Application auditing

Implementation

AD migration checklist

Design topology

Installation steps

Maintenance

7. Managing Active Directory Objects

Tools and methods for managing objects

Windows Admin Center

Active Directory Administrative Center

The ADUC MMC

AD object administration with PowerShell

Creating, modifying, and removing objects in AD

Creating AD objects

Creating user objects

Creating computer objects

Modifying AD objects  and Removing AD objects

Finding objects in AD

Finding objects using PowerShell

Preventing the accidental deletion of objects

AD recycle bin

8. Managing Users, Groups, and Devices

Object attributes and Custom attributes

User accounts

Managed Service Accounts (MSAs)

Group Managed Service Accounts (gMSAs)

Uninstalling MSAs

Groups

Group scope

Converting groups

Setting up groups

Devices and other objects

Designing the OU Structure

OUs in operations

Organizing objects

Delegating control

Group policies

Containers vs. OUs

Active Directory Groups vs. OUs

OU design models

The container model

The object type model

The functions model

The geographical model

The department model

The hybrid model

Managing the OU structure

Delegating control

9. Managing Group Policies

Benefits of group policies

Automating administration tasks

Preventing users from changing system settings

Group Policy capabilities

Group Policy objects

The Group Policy container

The Group Policy template

Group Policy processing

Group Policy inheritance

Group Policy conflicts

Group Policy mapping and status

Administrative templates

Group Policy filtering

Security filtering

WMI filtering

Useful group policies

10. Active Directory Services

Overview of AD LDS

Where to use LDS

Hosted applications

Distributed data stores for AD-integrated applications

Migrating from other directory services

The LDS installation

AD replication

FRS versus DFSR

AD sites and replication

Replication

Authentication

Service locations

Sites

Site links and Site link bridges

Managing AD sites and other components

Managing sites and site links

Inter-site transport protocols

Replication intervals

Replication schedules

Bridgehead servers

How does replication work?

Intra-site and Inter-site replication

Inter-site replication

The KCC

How do updates occur?

The Update Sequence Number (USN)

The Directory Service Agent (DSA) GUID and invocation ID

The High Watermark Vector (HWMV) table

The Up-To-Dateness Vector (UTDV) table

11. Active Directory Services

Active Directory trusts

Trust direction

Transitive trusts vs Non-Transitive trusts

Active Directory trust types

Creating an Active Directory trust

Firewall ports

Setting Up an Active Directory Forest Trust

Active Directory database maintenance

The ntds.dit file

The edb.log file

The edb.chk file

The temp.edb file

Active Directory Backup and Recovery

Preventing the accidental deletion of objects

Active Directory Recycle Bin

Active Directory snapshots

Active Directory system state backup

12. Active Directory Certificate Services

PKI in action

Symmetric keys versus asymmetric keys

Digital encryption

Digital signatures

Signing, encryption, and decryption

SSL certificates

Types of certification authorities

How do certificates work with digital signatures and encryption?

AD CS components

Certificate Enrollment Web Service

Certificate Enrollment Policy Web Service

Certification Authority Web Enrollment

Network Device Enrollment Service

Online Responder

The types of CA

Planning PKI

Internal or public CAs

Identifying the correct object types

The cryptographic key length

Hash algorithms

The certificate validity period

The CA hierarchy

Deciding certificate templates

The CA boundary

PKI deployment models

Setting up a PKI

Setting up a standalone root CA

DSConfigDN

CDP locations

AIA locations

CA and CRL time limits

The new CRL

Publishing the root CA data to Active Directory

Setting up the issuing CA

Issuing a certificate for the issuing CA

Post-configuration tasks

CDP locations

AIA locations

CA and CRL time limits

Certificate templates

Requesting certificates

Migrating AD CS from Windows Server 2008 R2 /2012/2016/2019 to Windows Server 2022

Backing up the configuration of the existing CA

Installing an AD CS role in the new Windows 2019/2022 Server

Restoring the configuration from the previous CA

AD CS disaster recovery

Disaster recovery methods

System state backup

The certutil command utility + Registry Export

The Backup-CARoleService PowerShell cmdlet + Registry Export

13. Active Directory Federation Services

How does AD FS work?

What is a claim?

Security Assertion Markup Language (SAML)

WS-Trust and WS-Federation

AD FS components

Federation service

What is new in AD FS 2022?

The Web Application Proxy

AD FS configuration database

AD FS deployment topologies

A single federation server

A single federation server and single Web Application Proxy server

Multiple federation servers and multiple Web Application Proxy

servers with SQL Server

AD FS deployment

DNS records

SSL certificates

Installing the AD FS role

Installing WAP

Configuring the claims-aware application with new federation servers

Creating a relying party trust

Configuring the Web Application Proxy

14. Active Directory Rights Management Services

What is AD RMS?

AD RMS components

Active Directory Domain Services (AD DS)

The AD RMS cluster

The AD RMS client

Active Directory Certificate Service (AD CS)

How do we deploy AD RMS?

Single forest-single cluster

Single forest-multiple clusters

AD RMS in multiple forests

AD RMS with AD FS

AD RMS configuration

Setting up an AD RMS root cluster

Installing and Configuring the AD RMS role

Testing – protecting data using the AD RMS cluster

Testing – applying permissions to the document

15. Active Directory Security Best Practices

AD authentication

The Kerberos protocol

Authentication in an AD environment

Delegating permissions

Predefined AD administrator roles

Using object ACLs

Using the delegate control method in AD

Implementing fine-grained password policies

Resultant Set of Policy (RSoP)

Pass-the-hash attacks

The Protected Users security group

Restricted admin mode for RDP

Authentication policies and authentication policy silos

Authentication policy silos

Creating authentication policy silos

Secure LDAP

What are the characteristics of secure LDAP?

Enable secure LDAP

Microsoft Local Administrator Password Solution (LAPS)

Install Microsoft LAPS

Update the AD schema

Change computer object permissions

Assign permissions to groups for password access

Install CSE in Computers

Create a GPO for LAPS settings

16. Active Directory Audit and Monitoring

Auditing and monitoring AD using built-in

Windows Event Viewer

Custom Views

Windows Logs

Applications and Services Logs

AD DS event logs

AD DS log files

AD audit

Audit Directory Service Access

Audit Directory Service Changes

Audit Directory Service Replication

Audit Detailed Directory Service Replication

Setting up event subscriptions

Security event logs from domain controllers

Enabling advanced security audit policies

Enforcing advanced auditing

Reviewing events with PowerShell

Microsoft Defender for Identity

Connectivity to the Defender for Identity cloud service

หากท่านสนใจสามารถสอบถามเพิ่มเติมได้ที่ T. 081-6676981, 089-7767190,

02-2740864, 02-2740867

Email: This email address is being protected from spambots. You need JavaScript enabled to view it. , This email address is being protected from spambots. You need JavaScript enabled to view it. 

 Facebook.com/cyberthai        Line ID : cyberthai