Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Active Directory Administration Cookbook - Second Edition

You're reading from  Active Directory Administration Cookbook - Second Edition

Product type Book
Published in Jul 2022
Publisher Packt
ISBN-13 9781803242507
Pages 696 pages
Edition 2nd Edition
Languages
Concepts
Author (1):
Sander Berkouwer Sander Berkouwer
Profile icon Sander Berkouwer
LinkedIn
Sander Berkouwer calls himself an Active Directory aficionado; he's done everything with Active Directory and Azure AD, including decommissioning. He has been MCSA, MCSE, and MCITP-certified for ages, an MCT for the past 5 years and a Microsoft Most Valuable Professional (MVP) on Directory Services and Enterprise Mobility for over a decade. Sander is also decorated with Veeam Vanguard and VMware vExpert awards for his international cross-platform knowledge, experience and passion. As the CTO at SCCT, Sander leads a team of architects performing many projects, most of them identity-related, throughout Europe.
See other products by Sander Berkouwer

Table of Contents (18) Chapters

Preface Chapter 1: Optimizing Forests, Domains, and Trusts Chapter 2: Managing Domain Controllers Chapter 3: Managing Active Directory Roles and Features Chapter 4: Managing Containers and Organizational Units Chapter 5: Managing Active Directory Sites and Troubleshooting Replication Chapter 6: Managing Active Directory Users Chapter 7: Managing Active Directory Groups Chapter 8: Managing Active Directory Computers Chapter 9: Managing DNS Chapter 10: Getting the Most Out of Group Policy Chapter 11: Securing Active Directory Chapter 12: Managing Certificates Chapter 13: Managing Federation Chapter 14: Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and DSSO) Chapter 15: Handling Synchronization in a Hybrid World (Azure AD Connect) Chapter 16: Hardening Azure AD Other Books You May Enjoy

Chapter 10: Getting the Most Out of Group Policy

Group Policy allows administrators to manage one device or many thousands of devices and/or servers through a centralized management console. You can use it to secure domain-joined devices, make them more useful for end users, and make them look and feel identical as per your organization's standards.

Granularity in Group Policy objects offers you the ability to manage these settings for devices in the entire Active Directory domain, for an Active Directory site (but please refrain from linking Group Policy objects on the site-level), per Organizational Unit (OU), and beyond that by using Windows Management Instrumentation (WMI) filters.

Group Policy has been around since the beginning of Active Directory in Windows 2000 Server. It has seen many improvements in the last two decades, such as Group Policy preferences and many new settings relating to all the new client and server operating system possibilities.

Although...

Creating a GPO

This recipe shows how to create a GPO.

Getting ready

To create a GPO, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • Delegated to create GPOs

Besides permission to create GPOs, additional permissions are needed to use a Starter GPO or link a GPO to an OU.

How to do it...

This recipe shows two ways to create a GPO:

  • Using Group Policy Management
  • Using Windows PowerShell

Using Group Policy Management

To create a GPO, perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to create the GPO.
  5. Expand the domain name and select the Group Policy Objects node:
    6. ...

Copying a GPO

This recipe shows how to copy an existing GPO to a new GPO. This is useful when you have configured the perfect GPO but want to adjust just a single setting to apply to legacy versions of the operating system or a test version in another OU.

Getting ready

To copy a GPO, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • Delegated to create GPOs and has at least read permissions on the GPO to be copied

How to do it...

This recipe shows two ways to copy a GPO:

  • Using Group Policy Management
  • Using Windows PowerShell

Using Group Policy Management

To copy a GPO, perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node...

Deleting a GPO

This recipe shows how to delete a GPO. As part of this recipe, any GPO links that are present are first deleted to ensure that no stale references occur in multi-domain environments.

Getting ready

To delete a GPO, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO
  • Delegated the Edit settings, delete, modify security permission on the GPO

How to do it...

This recipe shows two ways to delete a GPO:

  • Using Group Policy Management
  • Using Windows PowerShell

Using Group Policy Management

To delete a GPO, perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain...

Modifying the settings of a GPO

This recipe shows how to modify settings in a GPO.

Getting ready

To manage settings in a GPO, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO
  • Delegated the Edit settings or Edit settings, delete, modify security permission on the GPO

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to modify the GPO.
  5. Expand the domain name and then expand the Group Policy Objects node.
  6. Locate the GPO that you want to manage and select it.
  7. In the main pane, on the Settings tab, inspect the settings. Use the show, hide...

Assigning scripts

This recipe shows how to assign a logon script using Group Policy.

Getting ready

To manage settings for a GPO, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO
  • Delegated the Edit settings or Edit settings, delete, modify security permission on the GPO

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to assign a logon script.
  5. Expand the domain name and then expand the Group Policy Objects node.
  6. Locate the GPO that you want to manage and select it.
  7. In the left navigation pane, right-click the GPO and select Edit…...

Installing applications

This recipe shows how to install an application using Group Policy.

Getting ready

To manage settings for a GPO, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO
  • Delegated the Edit settings or Edit settings, delete, modify security permission on the GPO

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to install the application.
  5. Expand the domain name and then expand the Group Policy Objects node.
  6. Locate the GPO that you want to manage and select it.
  7. In the left navigation pane, right-click the GPO and select...

Linking a GPO to an OU

This recipe shows how to link an existing GPO to an OU.

Getting ready

To link a GPO to an OU, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO, and has the Link GPOs permission on the OU(s), site(s), and/or domain(s) where the GPO is to be linked
  • Delegated the Edit settings or Edit settings, delete, modify security permission on the GPO, and has the Link GPOs permission on the OU(s), site(s), and/or domain(s) where the GPO is to be linked

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to link the GPO.
  5. Expand the domain...

Blocking inheritance of GPOs on an OU

This recipe shows how to block inheritance of GPOs on an OU.

Getting ready

To block inheritance of GPOs on an OU, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO
  • Delegated the Edit settings or Edit settings, delete, modify security permission on the GPO

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node.
  5. Expand the domain name.
  6. Navigate to the OU where you want to configure inheritance.
  7. Right-click the OU and select Block Inheritance from the menu.

How it works...

The Block Inheritance and Enforce settings are two ways to manage how...

Enforcing the settings of a GPO Link

This recipe shows how to enforce a GPO link to ensure that its settings always apply.

Getting ready

To enforce a GPO link, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO
  • Delegated the Edit settings or Edit settings, delete, modify security permission on the GPO

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to link the GPO.
  5. Expand the domain name.
  6. Navigate to the OU where you want to enforce the GPO link.
  7. Expand the OU.
  8. Right-click the GPO link you want to enforce, and toggle Enforced on...

Applying security filters

Group Policy can be linked to OUs but, despite its name, not to groups. However, this recipe shows how a security filter can be applied so that the GPO link only applies to members of a specific group.

Getting ready

To apply security filters on a GPO, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO
  • Delegated the Edit settings or Edit settings, delete, modify security permission on the GPO

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to apply security filters to the GPO.
  5. Expand the domain name and then expand...

Creating and applying WMI filters

This recipe shows how to apply a WMI filter so that GPOs only apply to specific domain-joined devices and systems. In this recipe, a WMI filter is shown that targets the domain controller with the Primary Domain Controller Emulator (PDCE) Flexible Single Master Operations (FSMO) role only.

Getting ready

To create WMI filters on a GPO, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • Delegated the Edit settings, delete, modify security permission on the GPO

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to apply WMI Filters.
  5. Expand the domain...

Refreshing GPO settings

This recipe shows how to refresh Group Policy settings on domain-joined hosts after changing and/or adding GPOs.

This recipe shows two ways to refresh GPO settings:

  • Using Group Policy Management, centrally
  • Using the command line on a domain-joined host

Getting ready

To refresh Group Policy settings using Group Policy Management, sign in to a system with the Group Policy Management feature installed with an account that is a member of the Domain Admins group.

To refresh Group Policy settings using the command line on a domain-joined host, sign in to the host with an account that has local administrator privileges.

How to do it…

To refresh the GPO settings, choose between the two ways – using Group Policy Management and using the command line on a domain-joined host.

Using Group Policy Management

Perform these steps to refresh the GPO settings for an OU using Group Policy Management:

  1. Press Start.
    2. ...

Configuring loopback processing

This recipe shows how to configure Group Policy loopback processing.

Getting ready

To configure Group Policy loopback processing, sign in to a system with the Group Policy Management feature installed with an account that is either of the following:

  • A member of the Domain Admins group
  • The current owner of the GPO
  • Delegated the Edit settings or Edit settings, delete, modify security permission on the GPO

How to do it...

Perform the following steps:

  1. Press Start.
  2. Search for Group Policy Management and click its search result, or run gpmc.msc. The Group Policy Management window appears.
  3. In the left navigation pane, expand the Forest node.
  4. Expand the Domains node, and then navigate to the domain where you want to create the GPO.
  5. Expand the domain name and then expand the Group Policy Objects node.
  6. Locate the GPO that you want to manage and select it.
  7. In the left navigation pane, right-click the...

Restoring a default GPO

This recipe shows how to restore the Default Domain Policy and the Default Domain Controllers Policy to default settings.

Getting ready

To restore the Default Domain Policy and the Default Domain Controllers Policy to default settings, sign in to a non-read-only domain controller with an account that is a member of the Domain Admins group.

How to do it...

The dcgpofix.exe command-line utility can be used to restore the Default Domain Policy and the Default Domain Controllers Policy to their default settings.

Restoring the Default Domain Policy

Use the following command to restore the Default Domain Policy to its default settings on an elevated Command Prompt (cmd.exe):

dcgpofix.exe /target:Domain

Type Y followed by Enter twice to continue and restore the Default Domain Policy.

Restoring the Default Domain Controllers Policy

Use the following command to restore the Default Domain Controllers Policy to its default settings on an elevated...

Creating the Group Policy Central Store

This recipe shows how to configure the Group Policy Central Store in the SYSVOL to optimize Group Policy authoring and replication.

Getting ready

Implement or locate a default Windows client device with Microsoft Office and any other software that supports Group Policy management. Install language packs for the languages that are used by admins in your organization. Update this system with the latest available Windows updates.

To create the Group Policy Central Store, sign in to a non-read-only domain controller or access the SYSVOL over the network with an account that is a member of the Domain Admins group.

How to do it...

Perform the following steps:

  1. Sign in to the default Windows client device for your organization.
  2. Press Start.
  3. Search for File Explorer and select it from the search results, or run explorer.exe. The File Explorer window appears.
  4. Navigate to the Windows folder – typically, C:\Windows...
lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 18
Next Chapter arrow right
You have been reading a chapter from
Active Directory Administration Cookbook - Second Edition
Published in: Jul 2022 Publisher: Packt ISBN-13: 9781803242507
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (1)

Profile icon Sander Berkouwer
LinkedIn
Sander Berkouwer calls himself an Active Directory aficionado; he's done everything with Active Directory and Azure AD, including decommissioning. He has been MCSA, MCSE, and MCITP-certified for ages, an MCT for the past 5 years and a Microsoft Most Valuable Professional (MVP) on Directory Services and Enterprise Mobility for over a decade. Sander is also decorated with Veeam Vanguard and VMware vExpert awards for his international cross-platform knowledge, experience and passion. As the CTO at SCCT, Sander leads a team of architects performing many projects, most of them identity-related, throughout Europe.
Read more
See other products by Sander Berkouwer

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Et al.
Et al.
Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.
Aug 2023 7 hours 40 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Mastering Tableau 2023
Mastering Tableau 2023
This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.
Aug 2023 22 hours 48 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Data Engineering with AWS
Data Engineering with AWS
Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.
Oct 2023 21 hours 12 minutes
Modern Data Architecture on AWS
Modern Data Architecture on AWS
Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.
Aug 2023 14 hours 0 minutes
Practical Guide to Applied Conformal Prediction in Python
Practical Guide to Applied Conformal Prediction in Python
Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.
Dec 2023 8 hours 0 minutes
TinyML Cookbook
TinyML Cookbook
With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.
Nov 2023 22 hours 8 minutes
Right arrow icon