Introduction xi
Chapter 1: Deploy your first forest and domain 1
Before you start 2
Prerequisites 2
Versions 2
Code 2
Deploy your first forest 2
Configure the server IP address 3
Set the server name 6
Install Active Directory Domain Services 6
Create the forest (dcpromo) 7
Summary 14
Chapter 2: Manage DNS and DHCP 15
Manage DNS zones 16
Manage primary zones 17
Manage secondary zones 22
Manage stub zones 24
Configure conditional forwards 25
Manage zone delegation 26
Manage DNS records 26
Create name (A and AAAA) resource records 28
Create CNAME resource records 33
Create MX resource records 34
Create additional resource records 34
Configure zone scavenging and aging 35
Configure record options including Time To Live (TTL) and weight 36
Manage DHCP 37
Deploy DHCP 37
Configure IPv4 38
Configure IPv6 40
Summary 41
Chapter 3: Create and manage users and groups 43
Create users 43
Create a single user 44
Add users in a batch 48
Create and manage groups 51
Create a new group 52
Add users to a group 52
Manage groups 54
Create and manage OUs 56
Create an OU 57
Add computers and users to an OU 58
Summary 62
Chapter 4: Deploy additional domain controllers 63
Deploy domain controllers 64
Configure networking 64
Install the Active Directory role on the server 67
Join the server to the domain 68
Promote a server to domain controller 68
Clone a domain controller 72
Verify the environment 72
Prepare the source domain controller 73
Create the cloned domain controller 77
Manage FSMO roles 79
Transfer FSMO roles 80
Seize FSMO roles 82
Summary 83
Chapter 5: Deploy read-only domain controllers (RODCs) 85
Prepare the forest and domain 86
Staged deployment of an RODC 87
Prepare the RODC account 87
Prepare the RODC target server 89
Deploy the RODC target server 91
Non-staged deployment of an RODC 94
Prepare the RODC target server 94
Deploy the non-staged RODC target server 97
Summary 100
Chapter 6: Deploy additional domains and forests 101
Create a child domain 102
Prepare the server 102
Install the Active Directory Domain Services role 105
Create the new domain 105
Create a tree domain 108
Prepare the server 108
Install the Active Directory Domain Services role 111
Create the new domain 112
Create a new forest 114
Configure networking 114
Test the promotion to domain controller 114
Deploy the new forest 116
Create a trust 117
Create a shortcut trust 118
Create a forest trust 120
Summary 120
Chapter 7: Configure service authentication and account policies 121
Manage service authentication 122
Create service accounts 122
Configure managed service accounts (MSAs) 126
Configure group managed service accounts (gMSAs) 129
Configure virtual accounts 135
Configure account policies 135
Configure domain user password policy 136
Configure password settings objects (PSOs) 137
Summary 142
Chapter 8: Back up and restore AD DS 143
Back up Active Directory 144
Windows Server Backup 144
Create offline media 152
Configure Active Directory snapshots 153
Restore Active Directory 155
Perform a non-authoritative restore 155
Perform an authoritative restore 157
Restore an object by using the Active Directory Recycle Bin 162
Restore an object by using Active Directory snapshots 164
Summary 166
Chapter 9: Manage sites and replication 167
Configure sites 168
Create a new site 168
Create a replication subnet 169
Rename a site 173
Remove a site 174
Configure Universal Group Membership Caching (UGMC) 175
Create a site link 176
Manage replication 178
Set the replication schedule 179
Change the replication server 181
Summary 182
Chapter 10: Deploy Active Directory in the cloud 183
Sidebar: Types of Active Directory in the cloud 185
Install the Windows PowerShell Azure model 185
Install the Windows PowerShell Azure module 186
Load the Windows PowerShell Azure module 187
Connect to an Azure account 195
Authenticate to your Azure account 195
Set the current subscription 199
Create a VPN 199
Create self-signed certificates 199
Create a point-to-site VPN 201
Create a virtual machine 210
Connect to the subscription 210
Set a location 211
Provision a service 212
Provision a storage account 212
Create a virtual machine 213
Configure the domain controller 218
Summary 219
Index 221