Introduction
This blog post is part three of the Cyb3r-S3c's Microsoft's Active Directory Domain Services (AD DS) series. on Microsoft's Active Directory Domain Services (AD DS). In the previous blog post, we discussed exploring the foundation of ADDS, Forests and Domains. We also touch on Trust Relationships and Organizational Units (OUs) for managing and administering AD environments. Understanding AD DS is valuable for anyone working in IT, regardless of their specialty. With this knowledge, you'll be better equipped to manage, administer, and secure complex network environments. Let's dive in.
AD Object Management
AD management is a common task for IT professionals, and various tools are available to make your life easier.
Active Directory Administrative Center (ADAC)
The Active Directory Administrative Center offers an enhanced GUI based on Windows PowerShell, providing task-oriented navigation to manage AD objects. It replaces the functionality of Active Directory Users and Computers and offers a more user-friendly way of managing AD.
The ADAC enables you to perform various tasks such as:
Creating and managing user, computer, and group accounts
Creating and managing OUs
Connecting to and managing multiple domains within a single instance
Searching and filtering AD data through queries
Creating and managing fine-grained password policies
Recovering objects from the Active Directory Recycle Bin
Managing objects required for the Dynamic Access Control feature
Windows Admin Center
Windows Admin Center is a web-based console that enables you to manage server computers and Windows 10 computers. It's a preferred alternative to Remote Server Administration Tools (RSAT) for server management.
Windows Admin Center works with any modern standard-compliant browser and can be installed on computers running Windows 10 and Windows Server with Desktop Experience. However, it can't be installed on a server computer configured as an AD domain controller.
Windows Admin Center offers support for most Windows Server and Windows 10 administrative tasks, with a few exceptions. Microsoft's goal is to make it eventually support all the administrative functionality that's currently available through RSAT.
To begin using Windows Admin Center, you'll need to first download and install it from the Microsoft download website. Once installed, you'll need to enable the relevant TCP port on your local firewall. For a standalone Windows 10 computer, the default port is 6516, while on a Windows Server in gateway mode, it is TCP 443. During setup, you can customize the port settings.
The first time you run Windows Admin Center, if you're not using a certificate from a trusted certificate authority (CA), you'll be prompted to select a client certificate. It's important to choose the certificate labeled "Windows Admin Center Client" to ensure proper functionality.
Remote Server Administration Tools
Remote Server Administration Tools (RSAT) is a set of tools that allows you to remotely manage Windows Server roles and features.
RSAT provides a collection of consoles that allow you to remotely manage Windows Server roles and features. You can install these consoles on computers that are running Windows 10 or on server computers running the Server with Desktop Experience option of a Windows Server installation. Before the introduction of Windows Admin Center, RSAT consoles were the primary graphical tools for administering the Windows Server operating system.
Available Administrative Applets
The table below describes various management tools used in AD administration:
Conclusion
In conclusion, this blog post "Active Directory Fundamentals (Part Three: Object Management)" I provided a comprehensive overview of managing objects in Active Directory Domain Services using a variety of tools, such as ADAC, WAC, and RSAT. I provided insight about the AD DS structure, the relationship between users, groups, group managed service accounts, and OUs. The blog post discussed how to perform various tasks, such as performing a global search, resetting a user's password, and creating a new computer object. With the knowledge gained from this blog post hopefully you can effectively manage AD objects and perform those duties with greater efficiency.
Thank you for reading "Active Directory Fundamentals (Part Three: Object Management)" in the Active Directory Fundamentals series. If you find this content informative and you are interested in cybersecurity, please regularly check back on the Cyb3r-S3c website. For more free content, please like and subscribe to the Cyb3r-0verwatch channel. Until next time keep learning, the only way to improve is to keep learning.
/Signing Off,
Pragmat1c_0n3
Comments