ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Anyway I can Learn AD?

    Scheduled Pinned Locked Moved IT Discussion
    active directory domainwindows administration
    82 Posts 10 Posters 10.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • WrCombsW
      WrCombs @Obsolesce
      last edited by

      @Obsolesce said in Anyway I can Learn AD?:

      @WrCombs said in Anyway I can Learn AD?:

      @Obsolesce said in Anyway I can Learn AD?:

      @scottalanmiller said in Anyway I can Learn AD?:

      @WrCombs said in Anyway I can Learn AD?:

      What are best practices?

      Some rules of thumb...

      1. AD is never a foregone conclusion.
      2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
      3. Don't run any applications from your AD DC.
      4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
      1. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

      DC= Domain Controller?

      Anything i need to know about setting up a DC?

      At a basic level, it can be a single command. I'd just start with that video first, then go from there.

      Thanks

      1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender @WrCombs
        last edited by

        @WrCombs said in Anyway I can Learn AD?:

        @Obsolesce said in Anyway I can Learn AD?:

        @scottalanmiller said in Anyway I can Learn AD?:

        @WrCombs said in Anyway I can Learn AD?:

        What are best practices?

        Some rules of thumb...

        1. AD is never a foregone conclusion.
        2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
        3. Don't run any applications from your AD DC.
        4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
        1. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

        DC= Domain Controller?

        Anything i need to know about setting up a DC?

        He just told you - check out Cqure or google "securing a Windows Domain Controller"

        WrCombsW 1 Reply Last reply Reply Quote 0
        • WrCombsW
          WrCombs @Dashrender
          last edited by

          @Dashrender said in Anyway I can Learn AD?:

          @WrCombs said in Anyway I can Learn AD?:

          @Obsolesce said in Anyway I can Learn AD?:

          @scottalanmiller said in Anyway I can Learn AD?:

          @WrCombs said in Anyway I can Learn AD?:

          What are best practices?

          Some rules of thumb...

          1. AD is never a foregone conclusion.
          2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
          3. Don't run any applications from your AD DC.
          4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
          1. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

          DC= Domain Controller?

          Anything i need to know about setting up a DC?

          He just told you - check out Cqure or google "securing a Windows Domain Controller"

          yeah, but nothing about the initial set up, which is something I'll have to figure out.

          DashrenderD 1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @WrCombs
            last edited by

            @WrCombs said in Anyway I can Learn AD?:

            1. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)

            What would you use below 12 Devices ?

            Say for a Small mechanic shop running ~8 PC's (2 at the front desk, 5 in service bays, one in the bosses office, etc.)

            This is the crux in my mind.

            Some will say - just use a NAS or some online storage solution - like OD or OD4B or NextCloud or Dropbox, etc.

            Have the users log in locally - or remove local logins completely, depending on your needed level of workstation security.

            Basically you'd set them up as a LANless setup - all security comes from the applications you use, not the workstation.

            1 Reply Last reply Reply Quote 2
            • DashrenderD
              Dashrender @WrCombs
              last edited by

              @WrCombs said in Anyway I can Learn AD?:

              @Dashrender said in Anyway I can Learn AD?:

              @WrCombs said in Anyway I can Learn AD?:

              @Obsolesce said in Anyway I can Learn AD?:

              @scottalanmiller said in Anyway I can Learn AD?:

              @WrCombs said in Anyway I can Learn AD?:

              What are best practices?

              Some rules of thumb...

              1. AD is never a foregone conclusion.
              2. Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
              3. Don't run any applications from your AD DC.
              4. Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
              1. Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.

              DC= Domain Controller?

              Anything i need to know about setting up a DC?

              He just told you - check out Cqure or google "securing a Windows Domain Controller"

              yeah, but nothing about the initial set up, which is something I'll have to figure out.

              This is something the video or book should guide you through. Though initial setup is generally pretty easy. though things are different in the 2019 days than the ol' 2016 or older days - the idea of a desktop on server is mostly gone - you can still get it, but it's not simply assumed anymore....

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                you can download virtualbox to your laptop and use that to setup an environment to play on... FYI, you shouldn't share that network to your corporate network - you could run into issues.

                WrCombsW 1 Reply Last reply Reply Quote 1
                • ObsolesceO
                  Obsolesce
                  last edited by

                  @WrCombs you'll get so much more out of that video than from here right now. I'd go watch that and ignore this all until ur finished.

                  WrCombsW 1 Reply Last reply Reply Quote 1
                  • WrCombsW
                    WrCombs @Dashrender
                    last edited by

                    @Dashrender said in Anyway I can Learn AD?:

                    you can download virtualbox to your laptop and use that to setup an environment to play on... FYI, you shouldn't share that network to your corporate network - you could run into issues.

                    Yeah, i'll probably download virtualbox again, and go from there, And I'll start watching some videos about ad tonight.

                    1 Reply Last reply Reply Quote 0
                    • WrCombsW
                      WrCombs @Obsolesce
                      last edited by

                      @Obsolesce said in Anyway I can Learn AD?:

                      @WrCombs you'll get so much more out of that video than from here right now. I'd go watch that and ignore this all until ur finished.

                      i wont have time to watch that until lunch/after work .

                      1 Reply Last reply Reply Quote 0
                      • IRJI
                        IRJ @coliver
                        last edited by

                        @coliver said in Anyway I can Learn AD?:

                        Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.

                        100% agree with this. There are better places to focus. I will catch shit for this, but you need to be going and trying to learn Office 365 in and out. If I was in a end user support role, that is the path I would be taking.

                        Office 365 is in higher demand than AD for marketability. It may have less jobs that reference O365 vs AD, but the pool of qualified candidates for O365 is much smaller. So therefore it is more valuable and in higher demand.

                        1 Reply Last reply Reply Quote 1
                        • IRJI
                          IRJ
                          last edited by

                          I went on Microsoft Learn to look for some free courses for @WrCombs and Microsoft has hundreds of courses and not a single one on Active Directory.

                          Tons of them on Office 365 and Azure though.

                          https://docs.microsoft.com/en-us/learn/

                          1 Reply Last reply Reply Quote 0
                          • IRJI
                            IRJ
                            last edited by

                            You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward 😉

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @IRJ
                              last edited by

                              @IRJ said in Anyway I can Learn AD?:

                              You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward 😉

                              While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.

                              Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.

                              JaredBuschJ IRJI 2 Replies Last reply Reply Quote 1
                              • JaredBuschJ
                                JaredBusch @Dashrender
                                last edited by

                                @Dashrender said in Anyway I can Learn AD?:

                                @IRJ said in Anyway I can Learn AD?:

                                You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward 😉

                                While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.

                                Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.

                                Well setting it up should be simply running some commands. So long as that is all you are doing for a lab before "using" it, then fine. but to spend any time learning any details is 100% a waste.

                                IRJI 1 Reply Last reply Reply Quote 0
                                • IRJI
                                  IRJ @JaredBusch
                                  last edited by

                                  @JaredBusch said in Anyway I can Learn AD?:

                                  @Dashrender said in Anyway I can Learn AD?:

                                  @IRJ said in Anyway I can Learn AD?:

                                  You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward 😉

                                  While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.

                                  Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.

                                  Well setting it up should be simply running some commands. So long as that is all you are doing for a lab before "using" it, then fine. but to spend any time learning any details is 100% a waste.

                                  Which is part of any training videos you will watch anyway.

                                  1 Reply Last reply Reply Quote 0
                                  • IRJI
                                    IRJ @Dashrender
                                    last edited by

                                    @Dashrender said in Anyway I can Learn AD?:

                                    @IRJ said in Anyway I can Learn AD?:

                                    You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward 😉

                                    While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.

                                    Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.

                                    I mean if you are bored or something then fine. If you care about advancing your IT career then its a total waste.

                                    I did the AD thing for windows 2000 and got my MCSE in 2000. It has served me well, but that was 20 years ago. I have been involved in many architectural capacities at large companies and the AD related jobs are on the decline. AD and SCCM is phasing out.

                                    Microsoft themselves doesnt even offer training for it anymore. Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 2
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said in Anyway I can Learn AD?:

                                      @coliver said in Anyway I can Learn AD?:

                                      Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.

                                      Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.

                                      Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?

                                      WrCombsW 1 Reply Last reply Reply Quote 0
                                      • WrCombsW
                                        WrCombs @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in Anyway I can Learn AD?:

                                        @Dashrender said in Anyway I can Learn AD?:

                                        @coliver said in Anyway I can Learn AD?:

                                        Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.

                                        Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.

                                        Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?

                                        Standing out leads to more opportunity .

                                        IRJI scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @IRJ
                                          last edited by

                                          @IRJ said in Anyway I can Learn AD?:

                                          Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.

                                          I'm a generalist 🙂 But I'd say what our slice of the world sees is a precipitous drop in usage. It was easily approaching 100% in shops of 10+ just five years ago. Now we remove it more often than we install it and penetration is above, but closer to, 50%.

                                          IRJI 1 Reply Last reply Reply Quote 0
                                          • IRJI
                                            IRJ @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in Anyway I can Learn AD?:

                                            @IRJ said in Anyway I can Learn AD?:

                                            Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.

                                            I'm a generalist 🙂 But I'd say what our slice of the world sees is a precipitous drop in usage. It was easily approaching 100% in shops of 10+ just five years ago. Now we remove it more often than we install it and penetration is above, but closer to, 50%.

                                            I guess I should say 1 or 2 man IT departments

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 2 / 5
                                            • First post
                                              Last post