Anyway I can Learn AD?

Dashrender

@coliver said in Anyway I can Learn AD?:

Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.

Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.

Obsolesce

@scottalanmiller said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

What are best practices?

Some rules of thumb...

1. AD is never a foregone conclusion.
2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
3. Don't run any applications from your AD DC.
4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.

5. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

WrCombs

@Obsolesce said in Anyway I can Learn AD?:

@scottalanmiller said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

What are best practices?

Some rules of thumb...

1. AD is never a foregone conclusion.
2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
3. Don't run any applications from your AD DC.
4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.

5. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

DC= Domain Controller?

Anything i need to know about setting up a DC?

WrCombs

2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)

What would you use below 12 Devices ?

Say for a Small mechanic shop running ~8 PC's (2 at the front desk, 5 in service bays, one in the bosses office, etc.)

Obsolesce

@WrCombs said in Anyway I can Learn AD?:

@Obsolesce said in Anyway I can Learn AD?:

@scottalanmiller said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

What are best practices?

Some rules of thumb...

1. AD is never a foregone conclusion.
2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
3. Don't run any applications from your AD DC.
4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.

5. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

DC= Domain Controller?

Anything i need to know about setting up a DC?

At a basic level, it can be a single command. I'd just start with that video first, then go from there.

WrCombs

@Obsolesce said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

@Obsolesce said in Anyway I can Learn AD?:

@scottalanmiller said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

What are best practices?

Some rules of thumb...

1. AD is never a foregone conclusion.
2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
3. Don't run any applications from your AD DC.
4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.

5. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

DC= Domain Controller?

Anything i need to know about setting up a DC?

At a basic level, it can be a single command. I'd just start with that video first, then go from there.

Thanks

Dashrender

@WrCombs said in Anyway I can Learn AD?:

@Obsolesce said in Anyway I can Learn AD?:

@scottalanmiller said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

What are best practices?

Some rules of thumb...

1. AD is never a foregone conclusion.
2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
3. Don't run any applications from your AD DC.
4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.

5. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

DC= Domain Controller?

Anything i need to know about setting up a DC?

He just told you - check out Cqure or google "securing a Windows Domain Controller"

WrCombs

@Dashrender said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

@Obsolesce said in Anyway I can Learn AD?:

@scottalanmiller said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

What are best practices?

Some rules of thumb...

1. AD is never a foregone conclusion.
2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
3. Don't run any applications from your AD DC.
4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.

5. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

DC= Domain Controller?

Anything i need to know about setting up a DC?

He just told you - check out Cqure or google "securing a Windows Domain Controller"

yeah, but nothing about the initial set up, which is something I'll have to figure out.

Dashrender

@WrCombs said in Anyway I can Learn AD?:

2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)

What would you use below 12 Devices ?

Say for a Small mechanic shop running ~8 PC's (2 at the front desk, 5 in service bays, one in the bosses office, etc.)

This is the crux in my mind.

Some will say - just use a NAS or some online storage solution - like OD or OD4B or NextCloud or Dropbox, etc.

Have the users log in locally - or remove local logins completely, depending on your needed level of workstation security.

Basically you'd set them up as a LANless setup - all security comes from the applications you use, not the workstation.

Dashrender

@WrCombs said in Anyway I can Learn AD?:

@Dashrender said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

@Obsolesce said in Anyway I can Learn AD?:

@scottalanmiller said in Anyway I can Learn AD?:

@WrCombs said in Anyway I can Learn AD?:

What are best practices?

Some rules of thumb...

1. AD is never a foregone conclusion.
2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
3. Don't run any applications from your AD DC.
4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.

5. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

DC= Domain Controller?

Anything i need to know about setting up a DC?

He just told you - check out Cqure or google "securing a Windows Domain Controller"

yeah, but nothing about the initial set up, which is something I'll have to figure out.

This is something the video or book should guide you through. Though initial setup is generally pretty easy. though things are different in the 2019 days than the ol' 2016 or older days - the idea of a desktop on server is mostly gone - you can still get it, but it's not simply assumed anymore....

Dashrender

you can download virtualbox to your laptop and use that to setup an environment to play on... FYI, you shouldn't share that network to your corporate network - you could run into issues.

Obsolesce

@WrCombs you'll get so much more out of that video than from here right now. I'd go watch that and ignore this all until ur finished.

WrCombs

@Dashrender said in Anyway I can Learn AD?:

you can download virtualbox to your laptop and use that to setup an environment to play on... FYI, you shouldn't share that network to your corporate network - you could run into issues.

Yeah, i'll probably download virtualbox again, and go from there, And I'll start watching some videos about ad tonight.

WrCombs

@Obsolesce said in Anyway I can Learn AD?:

@WrCombs you'll get so much more out of that video than from here right now. I'd go watch that and ignore this all until ur finished.

i wont have time to watch that until lunch/after work .

IRJ

@coliver said in Anyway I can Learn AD?:

Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.

100% agree with this. There are better places to focus. I will catch shit for this, but you need to be going and trying to learn Office 365 in and out. If I was in a end user support role, that is the path I would be taking.

Office 365 is in higher demand than AD for marketability. It may have less jobs that reference O365 vs AD, but the pool of qualified candidates for O365 is much smaller. So therefore it is more valuable and in higher demand.

IRJ

I went on Microsoft Learn to look for some free courses for @WrCombs and Microsoft has hundreds of courses and not a single one on Active Directory.

Tons of them on Office 365 and Azure though.

https://docs.microsoft.com/en-us/learn/

IRJ

You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward

Dashrender

@IRJ said in Anyway I can Learn AD?:

You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward

While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.

Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.

JaredBusch

@Dashrender said in Anyway I can Learn AD?:

@IRJ said in Anyway I can Learn AD?:

You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward

While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.

Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.

Well setting it up should be simply running some commands. So long as that is all you are doing for a lab before "using" it, then fine. but to spend any time learning any details is 100% a waste.

IRJ

@JaredBusch said in Anyway I can Learn AD?:

@Dashrender said in Anyway I can Learn AD?:

@IRJ said in Anyway I can Learn AD?:

You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward

While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.

Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.

Well setting it up should be simply running some commands. So long as that is all you are doing for a lab before "using" it, then fine. but to spend any time learning any details is 100% a waste.

Which is part of any training videos you will watch anyway.