Streamline and modernize the way you manage Active Directory
Use Windows PowerShell to simplify and accelerate Active Directory domain controller management, whether you’re running Active Directory entirely in the cloud, on-premises, or in a hybrid environment. In this concise reference, Microsoft MVP Charlie Russel presents the commands, tested scripts, and best-practice advice you need to deploy and run Active Directory in a modern environment and to migrate smoothly to cloud or hybrid deployments wherever they offer more value.
Supercharge your productivity as an Active Directory administrator
Introduction xi Chapter 1: Deploy your first forest and domain 1 Before you start 2 Prerequisites 2 Versions 2 Code 2 Deploy your first forest 2 Configure the server IP address 3 Set the server name 6 Install Active Directory Domain Services 6 Create the forest (dcpromo) 7 Summary 14 Chapter 2: Manage DNS and DHCP 15 Manage DNS zones 16 Manage primary zones 17 Manage secondary zones 22 Manage stub zones 24 Configure conditional forwards 25 Manage zone delegation 26 Manage DNS records 26 Create name (A and AAAA) resource records 28 Create CNAME resource records 33 Create MX resource records 34Create additional resource records 34 Configure zone scavenging and aging 35 Configure record options including Time To Live (TTL) and weight 36 Manage DHCP 37 Deploy DHCP 37 Configure IPv4 38 Configure IPv6 40 Summary 41 Chapter 3: Create and manage users and groups 43 Create users 43 Create a single user 44 Add users in a batch 48 Create and manage groups 51 Create a new group 52 Add users to a group 52 Manage groups 54 Create and manage OUs 56 Create an OU 57 Add computers and users to an OU 58 Summary 62 Chapter 4: Deploy additional domain controllers 63 Deploy domain controllers 64 Configure networking 64 Install the Active Directory role on the server 67 Join the server to the domain 68 Promote a server to domain controller 68 Clone a domain controller 72 Verify the environment 72 Prepare the source domain controller 73 Create the cloned domain controller 77Manage FSMO roles 79 Transfer FSMO roles 80 Seize FSMO roles 82 Summary 83 Chapter 5: Deploy read-only domain controllers (RODCs) 85 Prepare the forest and domain 86 Staged deployment of an RODC 87 Prepare the RODC account 87 Prepare the RODC target server 89 Deploy the RODC target server 91 Non-staged deployment of an RODC 94 Prepare the RODC target server 94 Deploy the non-staged RODC target server 97 Summary 100 Chapter 6: Deploy additional domains and forests 101 Create a child domain 102 Prepare the server 102 Install the Active Directory Domain Services role 105 Create the new domain 105 Create a tree domain 108 Prepare the server 108 Install the Active Directory Domain Services role 111 Create the new domain 112 Create a new forest 114 Configure networking 114 Test the promotion to domain controller 114 Deploy the new forest 116 Create a trust 117 Create a shortcut trust 118 Create a forest trust 120 Summary 120Chapter 7: Configure service authentication and account policies 121 Manage service authentication 122 Create service accounts 122 Configure managed service accounts (MSAs) 126 Configure group managed service accounts (gMSAs) 129 Configure virtual accounts 135 Configure account policies 135 Configure domain user password policy 136 Configure password settings objects (PSOs) 137 Summary 142 Chapter 8: Back up and restore AD DS 143 Back up Active Directory 144 Windows Server Backup 144 Create offline media 152 Configure Active Directory snapshots 153 Restore Active Directory 155 Perform a non-authoritative restore 155 Perform an authoritative restore 157 Restore an object by using the Active Directory Recycle Bin 162 Restore an object by using Active Directory snapshots 164 Summary 166 Chapter 9: Manage sites and replication 167 Configure sites 168 Create a new site 168 Create a replication subnet 169 Rename a site 173 Remove a site 174 Configure Universal Group Membership Caching (UGMC) 175 Create a site link 176Manage replication 178 Set the replication schedule 179 Change the replication server 181 Summary 182 Chapter 10: Deploy Active Directory in the cloud 183 Sidebar: Types of Active Directory in the cloud 185 Install the Windows PowerShell Azure model 185 Install the Windows PowerShell Azure module 186 Load the Windows PowerShell Azure module 187 Connect to an Azure account 195 Authenticate to your Azure account 195 Set the current subscription 199 Create a VPN 199 Create self-signed certificates 199 Create a point-to-site VPN 201 Create a virtual machine 210 Connect to the subscription 210 Set a location 211 Provision a service 212 Provision a storage account 212 Create a virtual machine 213 Configure the domain controller 218 Summary 219 Index 221