Learn Microsoft Active Directory Advanced skills!
Vložit
- čas přidán 1. 07. 2024
- This time I take your Windows Server Active Directory skills to a whole new level. In a follow up to to my recent Microsoft Active directory video, I wanted to follow up with some essential advanced skills that’s designed to take your knowledge and skills even further. Everything from design, to deploying AD sites and managing trust relationships in domains. This is a mega deep dive session that delivers some awesome skills. In addition, this week I’m launching a new weekly Q&A session that gives you the opportunity to ask a question and I’ll answer it at the end of my session.
Visit me at www.Andymalone.org
Other videos in this series
• Active Directory Disas...
• Learn Microsoft Active...
Time codes
00:00 Introductions & Intro to Microsoft ADDS Advanced topics
03:29 Active Directory - The Theory, ADDS design, how Kerberos authentication works, multi domains, Forests, site replication
11:25 Demos: Active Directory Demos. NTDS Database, logs, SYSVOL, AD Recycle Bin
18:13 Active Directory Site Replication
29:12 Active directory domains & trusts, trust relationships, domain, forest functional levels
37:55 AD Advanced Conclusions & Question Time
• Learn Microsoft Active... - Věda a technologie
Found this a brilliant refresher for an interview! Well explained and reminded me well! Thanks Andy.
Thanks for taking the time to make this video!!
Love your videos. I see a deep sincerity in the way you do them. Like you really do enjoy IT and teaching others to get more advanced. I am refreshing my IT memory in the Active Directory and Group Policy area for a potential job interview coming up. It actually does make a big difference when someone like yourself create these videos with your type of positive attitude and promotion of learning more, plus what you said at the end was amazing. I was a forklift driver at one point in my life, years ago and moved into IT. I was lost for a while trying to go back to college and learn it but I had good teachers like yourself to encourage me and help me know I could do this, anyone can. Thank you and God Bless.
Hi Barry, I’m delighted to hear your story, thanks so much for sharing it. I’m also delighted that my content is helping you and others. That is, after all my ultimate goal. I wish you the very best of luck and please continue to update me and I wish you great success. All the best, Andy 😊
Andy, I'm so happy I found you on CZcams. Your videos are great!
Thanks Lionel and I’m delighted to hear that and too have you on board. 😊👍
One thing what you didn't teach now is really important to understand. FSMO roles. I think it's crucial to understand if you start to maintain Active Directory.
Totally agree. But given 30mins there’s only so much you can cram into a session. I’m planning a 3rd part in the near future😀 I put a lot of work into this video. I hope you enjoyed it.
@@AndyMaloneMVP I enjoyed thank you! 🙂
@@hondaman9424 I’m delighted to hear that 😊
"you migrate them before you decomission that old sbs2011" mid2022
Another great video from you. Thank you Andy!
You’re very welcome, and thanks 😊
Awesome Andy, awesome. Thank you so much. I am enhancing my knowledge in a very pleasant way thanks to you. Appreciate it!
You’re very welcome and thanks for the nice comments. I’m glad I could help
Hey Andy, I'm a seasoned IT guy specializing in Citrix Virtualization. I just wanna say that I understood your lessons more than those so-called training videos that were available like more than 10 years back. I hope there are other IT youtubers here that explains things as clear and concise as you do. Thank you for creating this channel, and I look forward to learning more from your Microsoft-related stuffs! If you can teach other IT stuffs or other IT Technologies, not just from MS, please upload them! You have a new subscriber here! Cheers! :)
Hey Rich great to have you onboard and thanks. A warm welcome to you 👍😊
Thank you so much Andy for this Active directory video. Well understood. You got a new subscriber. Am happy to join tour team. Love your English accent. 😄
Started learning new things everyday...Thank you...
You’re very welcome 😊👍
I'm never going to use this information in my helpdesk job, but it DOES provide a deeper understanding of how AD works and how what I do interact with processes.
It’s a privilege to have you to help me recover my hacked account, and I really appreciate it. I value everything that you do and I'm grateful
Thanks very much for your feedback. Regarding the next account as I’ve said multifactor authentication is the way forward here. We need to eliminate passwords as to avoid this happening in the future. You also need to have an oversight back up of your content in case this happens, and then you can recover. The best of luck, Andy
I am reallt glad that I found your channel, really good explanation, you really make your self clear in all aspects, have a good day, master
Awesome, thank you!
Hi Andy, really enjoyed it and learned a lot - many many thanks sir!!!
Delighted to hear that and you’re very welcome 😊
I have watched both of your videos on microsoft active directory and they are great. Please make a playlist on this topic
Thanks for your comment. With identities such a hot topic I decided to keep the identity track separate In its own list. Also, with so much focus primarily on the cloud, I decided to create a standalone list for server-based technology, which includes Windows server. Of course if this grows, then in time I’m sure I will separate them. Thanks so much for watching, I really do appreciate it.
Thanks please do more
great teaching skills!
Thank you Kent I appreciate it. I try my best😊
Thank you, sir😊
You’re very welcome 👍😊
thank you so much Andy, ur a Hero.
You're welcome!
@@AndyMaloneMVP btw everytime i see u and hear you i remember Thomas Geoffrey Wilkinson :)
Thanks
Thanks Andy! very good video. please upload also videos regarding the best microsoft recommended AD building domain like one root domain en 1 or 2 child domains as working domains
No worries and thanks. I’m planning a 3 and final part of this series in the not too distant future so watch out for that 😊👍
maybe i need to advance than this. 🙂Before creating a domain trust you need to make sure both domains is able to resolve DNS properly by either using DNS conditional forwarding at both sides. nice presentation overall.
Thanks Bryan absolutely and thanks for making that great point. As you can appreciate there’s only so much you can get into 30 minutes.😊
thank you =)
Andy, another super-helpful video. However, would you kindly post the link (as you mentioned) to what you termed your 'first video on AD basics' that explains LDAP and other fundamental concepts in greater depth, please? Thanks very much!
Hi Robin thanks for your message. I did put a link to the video as a card in the recording. Also I’ve just gone ahead and linked both videos with an end screen. So the first video is at the end of the second video, and vice versa. Thanks again, Andy😀
Thanks for this great video Andy. Please is it possible to create one about ADFS and ADCS?
Tha is very much. I’ll add them to my list 👍😊
Hello Andy, I really like your videos and training. You always post the videos in 4k resolution. Why is this video made in HD?
Thanks Jimmy CZcams always render them in SD, then HD and then 4k so they up load faster.
just yesterday i had to raise the level from 2003 to 2008r2, from dead to also dead, but improvements come in small batches..^^
They do indeed😄😄 But you really want to raise that level even further sooner. For security reasons I would say 👍
Andy, question for you. Do you ever plan on creating courses for microsoft certifications like MS-900 etc? the way you teach makes it easier to understand!
Yes I already have, however I cannot publicly offer them. However, if you become a patron on my Patreon site. You will have access to premium content.
The reason why SMTP is not preferred is also that it will not replicate your sysvol folder.
Thank😉 you very much for perfect explanations, I will never fail Active Directory in interviews
Yay that’s awesome😊👍🎉
Hi Andy!
I really liked this video but something left me confused:
You were talking and briefly going over transitive and nontransitive trusts, that much (I thought) was clear. Until I saw the window when defining a new trust (see the Wizard window @ 33:41). You first define whether it is transitive or nontransitive trust which you said basically means the direction the trusts from one AD to another. But in the next step asks you exactly that: define whether it's a one way or two way trust.
That means you can specify a transitive, one-way trust that shouldn't be possible according to your explanation - or it is because I misunderstood. :-) could you pleas explain? Thanks!
Hi Tobias, thanks for your question here is a great article from Microsoft Learning that I believe answer your questions learn.microsoft.com/en-us/azure/active-directory-domain-services/concepts-forest-trust
Hey Andy, can you please do a video of Exchange Online Protection?
Sure I can do that 😊👍
@@AndyMaloneMVP Looking forward to it :D
I am currently a low level exchange administrator my role is actually none of the back end org things but on the level of changes to users accounts using active directory on prem exchange and cloud exchange I am trying to learn how to be a back end administrator I was wondering where could I get on hand training to become a backend exchange administrator to level up
Microsoft Learn is the platform that you want to head too. It's packed the tools, courseware etc. Also create a free 365 account and play with exchange Online Admin. A great way to learn.
Hi Andy! Thank you for all of your A class videos! I have a question on AD replication, I would love to ask. If there is a hub and spoke topology with bridge all site links disabled, and let us say that there are three spokes and one hub. If site A is the hub and you have one site link for SiteA-SiteB, SiteA-SiteC and SiteA-SiteD. There is also one domain controller in each site. So there would be one connection object in each site. When domain controller in site B initiates replication with the hub, which is site A, domain controller in site B sends over its high watermark table for domain controller in site A together with its up to dateness vector. Based on this information, the domain controller in site A can zero in on the changes that the domain controller in site B has not received. Domain controller in site B then receives the updates, and is happy. Let us then say that the site link between site A and site B is removed, and site link between site B and site C is created. KCC will then create new connection obejcts for the domain controllers. So, what does domain controller in site B send to domain controller in site C when it initiates replication. Assuming that it has never had domain controller in site C as replication partner, I guess it does not have a high watermark table for that domain controller. So how does that initial replication take place in terms of figuring out which objects to send from domain controller in site C?
I am sorry for this long question :)
That sounds like an exam question you’re trying to solve. In essence, active directory uses a date timestamp scenario along with something called sequence numbers so whenever there is a change on a domain controller it will automatically force a replication based on the sequence number. You can control replication Through routing obviously which uses at least cost routing mechanism. Personally, I think you may be overthinking the scenario here. Keep it simple with active directory. After all, we are trying to reduce the number of the domain controllers and ultimately migrate to Microsoft Azure AD. Thanks again, and keep watching 👍
@@AndyMaloneMVP Thank you so much! I agree, the level of overthinking got the best of me. Keep up your videoes, you are by far the best and skilled instructor I have ever met!
What type of hardware does AD not communicate with, for example does it communicate with WAN routers and their point to point links?
Gosh what a question. I’m not Purview to that information and I’m pretty sure that it would be confidential for security reasons.
@@AndyMaloneMVP Let me rephrase, other than Windows devices what is AD used with?
@@tobattle you can add other devices but generally requires additional software
Does anyone know where to find a reliable step by step guide to setting up fxlogix on a ms vdi environment. The ones I’ve found are failing to load smb profile.
I’ve not done one but you could always try John Savill’s channel he’s more Azure Infastructure focussed than me 🤗
Sorry mistyped fslogix
37:19 if you had older versions of windows as domain controllers, you can't raise it while previous versions of windows exist; can't raise the functional level to 2016 while 2012 domain controllers are present 37:46 not entirely true. in a lot of cases you can lower the functional level with powershell on more recent versions of windows (I've done it)
Hi Seth Great to have you on board and thanks for your comments. You are correct and indeed all domain controllers in a domain must have the same domain functional level before you can raise the forest functional level. In terms of the PowerShell bit, I forgot to mention that. So yes you make a really useful point here. Many thanks for your contribution.
Forgive me.. but this is more ADDS 101. This content is just the fundamental basics. Nothing about klist, nltest, repadmin, netstat, ntdsutil, AD PowerShell module, transferring FSMO roles. How to fix replication when partitions don't replicate, for example.
I only have 30 mins. You could always take a class ;-p