Anyway I can Learn AD?
-
@WrCombs said in Anyway I can Learn AD?:
@Obsolesce said in Anyway I can Learn AD?:
@scottalanmiller said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
What are best practices?
Some rules of thumb...
- AD is never a foregone conclusion.
- Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
- Don't run any applications from your AD DC.
- Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
- Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.
DC= Domain Controller?
Anything i need to know about setting up a DC?
He just told you - check out Cqure or google "securing a Windows Domain Controller"
-
@Dashrender said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
@Obsolesce said in Anyway I can Learn AD?:
@scottalanmiller said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
What are best practices?
Some rules of thumb...
- AD is never a foregone conclusion.
- Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
- Don't run any applications from your AD DC.
- Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
- Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.
DC= Domain Controller?
Anything i need to know about setting up a DC?
He just told you - check out Cqure or google "securing a Windows Domain Controller"
yeah, but nothing about the initial set up, which is something I'll have to figure out.
-
@WrCombs said in Anyway I can Learn AD?:
- Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
What would you use below 12 Devices ?
Say for a Small mechanic shop running ~8 PC's (2 at the front desk, 5 in service bays, one in the bosses office, etc.)
This is the crux in my mind.
Some will say - just use a NAS or some online storage solution - like OD or OD4B or NextCloud or Dropbox, etc.
Have the users log in locally - or remove local logins completely, depending on your needed level of workstation security.
Basically you'd set them up as a LANless setup - all security comes from the applications you use, not the workstation.
-
@WrCombs said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
@Obsolesce said in Anyway I can Learn AD?:
@scottalanmiller said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
What are best practices?
Some rules of thumb...
- AD is never a foregone conclusion.
- Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
- Don't run any applications from your AD DC.
- Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
- Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.
DC= Domain Controller?
Anything i need to know about setting up a DC?
He just told you - check out Cqure or google "securing a Windows Domain Controller"
yeah, but nothing about the initial set up, which is something I'll have to figure out.
This is something the video or book should guide you through. Though initial setup is generally pretty easy. though things are different in the 2019 days than the ol' 2016 or older days - the idea of a desktop on server is mostly gone - you can still get it, but it's not simply assumed anymore....
-
you can download virtualbox to your laptop and use that to setup an environment to play on... FYI, you shouldn't share that network to your corporate network - you could run into issues.
-
@WrCombs you'll get so much more out of that video than from here right now. I'd go watch that and ignore this all until ur finished.
-
@Dashrender said in Anyway I can Learn AD?:
you can download virtualbox to your laptop and use that to setup an environment to play on... FYI, you shouldn't share that network to your corporate network - you could run into issues.
Yeah, i'll probably download virtualbox again, and go from there, And I'll start watching some videos about ad tonight.
-
@Obsolesce said in Anyway I can Learn AD?:
@WrCombs you'll get so much more out of that video than from here right now. I'd go watch that and ignore this all until ur finished.
i wont have time to watch that until lunch/after work .
-
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
100% agree with this. There are better places to focus. I will catch shit for this, but you need to be going and trying to learn Office 365 in and out. If I was in a end user support role, that is the path I would be taking.
Office 365 is in higher demand than AD for marketability. It may have less jobs that reference O365 vs AD, but the pool of qualified candidates for O365 is much smaller. So therefore it is more valuable and in higher demand.
-
I went on Microsoft Learn to look for some free courses for @WrCombs and Microsoft has hundreds of courses and not a single one on Active Directory.
Tons of them on Office 365 and Azure though.
-
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
-
@IRJ said in Anyway I can Learn AD?:
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.
Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.
-
@Dashrender said in Anyway I can Learn AD?:
@IRJ said in Anyway I can Learn AD?:
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.
Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.
Well setting it up should be simply running some commands. So long as that is all you are doing for a lab before "using" it, then fine. but to spend any time learning any details is 100% a waste.
-
@JaredBusch said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@IRJ said in Anyway I can Learn AD?:
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.
Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.
Well setting it up should be simply running some commands. So long as that is all you are doing for a lab before "using" it, then fine. but to spend any time learning any details is 100% a waste.
Which is part of any training videos you will watch anyway.
-
@Dashrender said in Anyway I can Learn AD?:
@IRJ said in Anyway I can Learn AD?:
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.
Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.
I mean if you are bored or something then fine. If you care about advancing your IT career then its a total waste.
I did the AD thing for windows 2000 and got my MCSE in 2000. It has served me well, but that was 20 years ago. I have been involved in many architectural capacities at large companies and the AD related jobs are on the decline. AD and SCCM is phasing out.
Microsoft themselves doesnt even offer training for it anymore. Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.
-
@Dashrender said in Anyway I can Learn AD?:
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.
Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?
-
@scottalanmiller said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.
Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?
Standing out leads to more opportunity .
-
@IRJ said in Anyway I can Learn AD?:
Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.
I'm a generalist But I'd say what our slice of the world sees is a precipitous drop in usage. It was easily approaching 100% in shops of 10+ just five years ago. Now we remove it more often than we install it and penetration is above, but closer to, 50%.
-
@scottalanmiller said in Anyway I can Learn AD?:
@IRJ said in Anyway I can Learn AD?:
Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.
I'm a generalist But I'd say what our slice of the world sees is a precipitous drop in usage. It was easily approaching 100% in shops of 10+ just five years ago. Now we remove it more often than we install it and penetration is above, but closer to, 50%.
I guess I should say 1 or 2 man IT departments
-
@WrCombs said in Anyway I can Learn AD?:
@scottalanmiller said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.
Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?
Standing out leads to more opportunity .
Right which is why I would forget about doing a virtual lab with AD, and focus on technologies that matter in 2020 forward