Mastering Microsoft Active Directory deployment design and Administration
เพิ่มประสิทธิภาพการดูแล และใช้งาน Microsoft Active Directory ซึ่งครอบคลุม Windows Server ตั้งแต่ Windows Server 2012 ไปจนถึง Windows Server 2022 ด้วยหลักสูตรการฝึกอบรม Microsoft Active Directory Deployment Design and Administration เชิงลึก หลักสูตรนี้เป็นประตูสู่การเรียนรู้ทักษะที่จำเป็นในการออกแบบ ปรับใช้ และดูแลระบบ Microsoft Active Directory ซึ่งจะช่วยท่านเพิ่มความมั่นใจและความแม่นยำในความรู้และทักษะที่จำเป็นในการ ติดตั้ง ดูแล และแก้ไขปัญหา Active Directory สำหรับ Windows Server รุ่นต่างๆได้อย่างมั่นใจ
ไม่ว่าท่านจะเป็นมืออาชีพด้านไอทีที่ต้องการเพิ่มพูนความเชี่ยวชาญหรือเป็นองค์กรที่ต้องการเพิ่มประสิทธิภาพความปลอดภัยและประสิทธิภาพของเครือข่าย หลักสูตรนี้มอบประสบการณ์เชิงปฏิบัติที่ท่านต้องการ ตั้งแต่แนวคิดพื้นฐานไปจนถึงเทคนิคขั้นสูง ท่านจะได้เรียนรู้วิธีการใช้โซลูชัน Active Directory ที่มีประสิทธิภาพ ปรับขนาดได้ และปลอดภัย
จำนวนวันอบรม 3 วัน
รายละเอียดหลักสูตร
1. Active Directory Fundamentals
Benefits of using Active Directory
Centralized data repository
The replication of data
High availability and Security
Auditing capabilities
Single sign-on (SSO)
Schema modification
Querying and indexing
Understanding Active Directory components
Logical components
Forests
Domains
Domain trees
Organizational units
Physical components
Domain controllers
The global catalog server
Active Directory sites
Understanding Active Directory objects
Globally unique identifiers and security identifiers
Distinguished names
Active Directory server roles
2. Active Directory Domain Services 2022
The features of AD DS 2022
The deprecation of Windows Server 2003's forest and domain functional levels
The deprecation of the File Replication service
3. Designing an Active Directory Infrastructure
Designing the forest structure
Single forest
Multiple forests
Creating the forest structure
Selecting forest design models
The organizational forest model
The resource forest model
The restricted access forest model
Designing the domain structure
Single domain
Regional domain
The branch/site domain
The number of domains
Deciding on domain names
The forest root domain
Deciding on the domain and forest functional levels
Designing the OU structure
Designing the physical topology of Active Directory
Physical or virtual domain controllers
Domain controller placement
Global catalog server placement
Designing a hybrid identity
4. Active Directory Domain Name System
Hierarchical naming structures
Top-Level Domain managers (TLD managers)
DNS infrastructure design
Integrate AD DS with existing DNS infrastructure
Disjoint naming space
Deploying AD-integrated new DNS infrastructure
DNS essentials
Zones
Primary zone
Secondary zone
Stub zones
Reverse lookup zones
Conditional forwarders
DNS policies
Secure DNS client over HTTPS (DoH)
DNS server operation modes
Zone transfers
DNS delegation
5. Placing Operations Master Roles
FSMO roles
Schema operations master
Domain-naming operations master
PDC emulator operations master
RID operations master role
Infrastructure operations master
FSMO role placement
Active Directory's logical and physical topology
Connectivity
The number of domain controllers
Capacity
Moving FSMO roles
Seizing FSMO roles
6. Migrating to Active Directory 2022
AD DS installation prerequisites
Hardware requirements
Virtualized environment requirements
Additional requirements
AD DS installation methods
AD DS deployment scenarios
Setting up a new forest root domain
AD DS installation checklist for the first domain controller
Design topology
Installation steps
Setting up an additional domain controller
AD DS installation checklist for an additional domain controller
Design topology
Installation steps
How to plan AD migrations
Migration life cycle
Auditing
AD logical and physical topology
AD health check
SCOM and Azure Sentinel
Application auditing
Implementation
AD migration checklist
Design topology
Installation steps
Maintenance
7. Managing Active Directory Objects
Tools and methods for managing objects
Windows Admin Center
Active Directory Administrative Center
The ADUC MMC
AD object administration with PowerShell
Creating, modifying, and removing objects in AD
Creating AD objects
Creating user objects
Creating computer objects
Modifying AD objects and Removing AD objects
Finding objects in AD
Finding objects using PowerShell
Preventing the accidental deletion of objects
AD recycle bin
8. Managing Users, Groups, and Devices
Object attributes and Custom attributes
User accounts
Managed Service Accounts (MSAs)
Group Managed Service Accounts (gMSAs)
Uninstalling MSAs
Groups
Group scope
Converting groups
Setting up groups
Devices and other objects
Designing the OU Structure
OUs in operations
Organizing objects
Delegating control
Group policies
Containers vs. OUs
Active Directory Groups vs. OUs
OU design models
The container model
The object type model
The functions model
The geographical model
The department model
The hybrid model
Managing the OU structure
Delegating control
9. Managing Group Policies
Benefits of group policies
Automating administration tasks
Preventing users from changing system settings
Group Policy capabilities
Group Policy objects
The Group Policy container
The Group Policy template
Group Policy processing
Group Policy inheritance
Group Policy conflicts
Group Policy mapping and status
Administrative templates
Group Policy filtering
Security filtering
WMI filtering
Useful group policies
10. Active Directory Services
Overview of AD LDS
Where to use LDS
Hosted applications
Distributed data stores for AD-integrated applications
Migrating from other directory services
The LDS installation
AD replication
FRS versus DFSR
AD sites and replication
Replication
Authentication
Service locations
Sites
Site links and Site link bridges
Managing AD sites and other components
Managing sites and site links
Inter-site transport protocols
Replication intervals
Replication schedules
Bridgehead servers
How does replication work?
Intra-site and Inter-site replication
Inter-site replication
The KCC
How do updates occur?
The Update Sequence Number (USN)
The Directory Service Agent (DSA) GUID and invocation ID
The High Watermark Vector (HWMV) table
The Up-To-Dateness Vector (UTDV) table
11. Active Directory Services
Active Directory trusts
Trust direction
Transitive trusts vs Non-Transitive trusts
Active Directory trust types
Creating an Active Directory trust
Firewall ports
Setting Up an Active Directory Forest Trust
Active Directory database maintenance
The ntds.dit file
The edb.log file
The edb.chk file
The temp.edb file
Active Directory Backup and Recovery
Preventing the accidental deletion of objects
Active Directory Recycle Bin
Active Directory snapshots
Active Directory system state backup
12. Active Directory Certificate Services
PKI in action
Symmetric keys versus asymmetric keys
Digital encryption
Digital signatures
Signing, encryption, and decryption
SSL certificates
Types of certification authorities
How do certificates work with digital signatures and encryption?
AD CS components
Certificate Enrollment Web Service
Certificate Enrollment Policy Web Service
Certification Authority Web Enrollment
Network Device Enrollment Service
Online Responder
The types of CA
Planning PKI
Internal or public CAs
Identifying the correct object types
The cryptographic key length
Hash algorithms
The certificate validity period
The CA hierarchy
Deciding certificate templates
The CA boundary
PKI deployment models
Setting up a PKI
Setting up a standalone root CA
DSConfigDN
CDP locations
AIA locations
CA and CRL time limits
The new CRL
Publishing the root CA data to Active Directory
Setting up the issuing CA
Issuing a certificate for the issuing CA
Post-configuration tasks
CDP locations
AIA locations
CA and CRL time limits
Certificate templates
Requesting certificates
Migrating AD CS from Windows Server 2008 R2 /2012/2016/2019 to Windows Server 2022
Backing up the configuration of the existing CA
Installing an AD CS role in the new Windows 2019/2022 Server
Restoring the configuration from the previous CA
AD CS disaster recovery
Disaster recovery methods
System state backup
The certutil command utility + Registry Export
The Backup-CARoleService PowerShell cmdlet + Registry Export
13. Active Directory Federation Services
How does AD FS work?
What is a claim?
Security Assertion Markup Language (SAML)
WS-Trust and WS-Federation
AD FS components
Federation service
What is new in AD FS 2022?
The Web Application Proxy
AD FS configuration database
AD FS deployment topologies
A single federation server
A single federation server and single Web Application Proxy server
Multiple federation servers and multiple Web Application Proxy
servers with SQL Server
AD FS deployment
DNS records
SSL certificates
Installing the AD FS role
Installing WAP
Configuring the claims-aware application with new federation servers
Creating a relying party trust
Configuring the Web Application Proxy
14. Active Directory Rights Management Services
What is AD RMS?
AD RMS components
Active Directory Domain Services (AD DS)
The AD RMS cluster
The AD RMS client
Active Directory Certificate Service (AD CS)
How do we deploy AD RMS?
Single forest-single cluster
Single forest-multiple clusters
AD RMS in multiple forests
AD RMS with AD FS
AD RMS configuration
Setting up an AD RMS root cluster
Installing and Configuring the AD RMS role
Testing – protecting data using the AD RMS cluster
Testing – applying permissions to the document
15. Active Directory Security Best Practices
AD authentication
The Kerberos protocol
Authentication in an AD environment
Delegating permissions
Predefined AD administrator roles
Using object ACLs
Using the delegate control method in AD
Implementing fine-grained password policies
Resultant Set of Policy (RSoP)
Pass-the-hash attacks
The Protected Users security group
Restricted admin mode for RDP
Authentication policies and authentication policy silos
Authentication policy silos
Creating authentication policy silos
Secure LDAP
What are the characteristics of secure LDAP?
Enable secure LDAP
Microsoft Local Administrator Password Solution (LAPS)
Install Microsoft LAPS
Update the AD schema
Change computer object permissions
Assign permissions to groups for password access
Install CSE in Computers
Create a GPO for LAPS settings
16. Active Directory Audit and Monitoring
Auditing and monitoring AD using built-in
Windows Event Viewer
Custom Views
Windows Logs
Applications and Services Logs
AD DS event logs
AD DS log files
AD audit
Audit Directory Service Access
Audit Directory Service Changes
Audit Directory Service Replication
Audit Detailed Directory Service Replication
Setting up event subscriptions
Security event logs from domain controllers
Enabling advanced security audit policies
Enforcing advanced auditing
Reviewing events with PowerShell
Microsoft Defender for Identity
Connectivity to the Defender for Identity cloud service
หากท่านสนใจสามารถสอบถามเพิ่มเติมได้ที่ T. 081-6676981, 089-7767190,
02-2740864, 02-2740867
Email: This email address is being protected from spambots. You need JavaScript enabled to view it. , This email address is being protected from spambots. You need JavaScript enabled to view it.
Facebook.com/cyberthai Line ID : cyberthai