Managing A Hybrid Active Directory Environment Derek Melber - ManageEngine
1y ago
31 Views
1 Downloads
999.57 KB
23 Pages
Report/dmca
Download PDF

Transcription

Managing a Hybrid Active Directory EnvironmentDerek Melberderek@manageengine.com

About Your Speaker

About Derek Melber Derek Melber– Chief Technology Evangelist– MVP (AD and Group Policy)– derek@manageengine.com Online Resources– ManageEngine Active Directory Blog– Security Hardening Site– Download free Dummies book 2019 World Tour

Agenda What is hybrid?Provisioning usersDeprovisioning users

WHAT IS HYBRID?

What is Hybrid (for our definition) On-prem Active DirectoryAND Azure Active Directory (AAD)

According to Microsoft

PROVISIONING USERSEFFICIENTLY

Provisioning Users Efficiently What are our needs/requirements for new users–––––––––Least privilege group membershipSecure initial passwordDuplicate user name resolutionEmail setupUser specific details (profile, home dir, login script, etc)User account on-prem and in Azure AD/Office 365All attributes configured, including custom attributesAutomationWorkflow

Provisioning Users Efficiently: Least privilege ADUC: copy userAzure AD: manualPowershell: list groups or point to list in file

Provisioning Users Efficiently: Initial password ADUC: manually enterAzure AD: manually enterPowershell: complex to associate with user during creationRandom generators: net.exe, Powershell, excel

Provisioning Users Efficiently: Duplicate names ADUC: guessing gameAzure AD: guessing gamePowershell: complex to code

Provisioning Users Efficiently: Email setup ADUC: ClumbsyAzure AD: Exchange onlinePowershell: complex to code

Provisioning Users Efficiently: User specific settings ADUC: manualAzure AD: NO way!Powershell: complex to code

Provisioning Users Efficiently: On-prem and Azure AD ADUC: AD Connect (only on-prem attributes)Azure AD: AD Connect (only Azure AD attributes)Powershell: complex to code

Provisioning Users Efficiently: Attributes ADUC: manualAzure AD: HAHAPowershell: complex to code

Provisioning Users Efficiently: Automation ADUC: NO!Azure AD: NO!Powershell: complex to code

Provisioning Users Efficiently: Workflow ADUC: NO!Azure AD: NO!Powershell: NO!

DEPROVISIONINGUSERS

Deprovisioning Users What are our needs/requirements for removing user accounts– Delete user account on-prem AD– Delete user account in Azure AD/Office 365

Summary What is hybrid?Provisioning usersDeprovisioning users

Thank you!Derek Melberderek@manageengine.com

-Download free Dummies book 2019 World Tour About Derek Melber. Agenda What is hybrid? Provisioning users . On-prem Active Directory AND Azure Active Directory (AAD) According to Microsoft. PROVISIONING USERS EFFICIENTLY. Provisioning Users Efficiently What are our needs/requirements for new users - Least privilege .

Related Books

Why Hybrid Vehicles? - roperld

Why Hybrid Vehicles? - roperld

Active Directory - riptutorial

Active Directory - riptutorial

CHAPTER 3 Designing the Active Directory

CHAPTER 3 Designing the Active Directory

[MS-ADFSOD]: Active Directory Federation Services (AD FS .

[MS-ADFSOD]: Active Directory Federation Services (AD FS .

Active Directory - The Eye

Active Directory - The Eye

Microsoft Windows: Extending Active Directory to Oracle .

Microsoft Windows: Extending Active Directory to Oracle .

Entrust Identity as a Service and Entrust CloudControl: Integration Guide

Entrust Identity as a Service and Entrust CloudControl: Integration Guide

Securing Hybrid Active Directory Environments - Semperis

Securing Hybrid Active Directory Environments - Semperis

AWS Directory Service - docs.aws.amazon

AWS Directory Service - docs.aws.amazon

MASTERING ACTIVE DIRECTORY WITH POWERSHELL

MASTERING ACTIVE DIRECTORY WITH POWERSHELL

Offensive Active Directory 101 - OWASP

Offensive Active Directory 101 - OWASP

PopularTags

Recent Views