I REALLY miss infra work. I am trying to get back there. I am here because of the crowdstrike situation- Fortunately we were not affected, but I am interested in risk impact mitigation.
Thank you for the video, it was nostalgic to revisit the topic on AD disaster recovery. Just a note on RID master. The RID master in the domain allocates 500 RIDs to each domain controller to enable user creation on any domain controller. Once the DC consumes 250 RIDs, the RID master renews the pool. So the absence of RID master does not immediately effect user creation.
Hi Andy, Thanks for giving the quick response of my questions. It will be helpful to me in my current implementation. You are doing great job for us keep going.
Hey Andy, Thanks for your great videos. can u tell me how can i have a demo like lab to try office 365 without payment? i need to learn but it is so expensive.
You’d description of the pdc was a little odd to be honest. It’s the most important role and has a lot of functions. Windows recycle bin should only be turned on if you have done your domain functional level upgrade and don’t need to revert back to 2012 for example otherwise your screwed. Considering most people are off 2008 for DCs these days or even 2012 I would not expect this will not wppl6 to a lot
Thanks for making such a valuable content and covering all the topics. would mind sharing the links or where can i find you more videos on Infrastructure and sites that would really helps me alot.
Really liked this one as DCs are a Tier-0 focus point for us, so getting a better understanding of FSMO Roles was really helpful. One thing I would love you to a walkthrough for if possible, is how to create a basic KQL query in Sentinel, (this much I am fine with) but then create a alert that can then trigger a basic playbook that will be for sending an email to certain teams, like Infra or the SOC team. That way I can use the Playbook for other alerts that I want to be prioritised should they be triggered. Doing this in Advanced Hunting in Defender for Endpoint is made really simple, but not so much in Sentinel. Creating Playbooks is one thing that I am very weak on so would love to have you do an ELI5 type walkthrough for this.
Hi Andy, I have just been tasked with upgrading a very small office network (only four Windows 10 client PCs) plus an sbs2011 DC. As email was migrated to Microsoft 365 (Business Standard) some time ago, ADDS is now the only thing left to migrate. I had initially considered an on-prem (or perhaps hybrid) setup of server 2022 consisting of two DCs (physical + VM). However after watching your videos and realising Azure AD is already somewhat included in the subscription, it seems it would be fairly straightforward to switch to Azure AD. My only concern is that the users won’t be able to log on if the internet connection is down. It would be interesting to hear your thoughts, and if you could also kindly answer the following questions: 1. User’s domain profiles are currently stored on client PCs. Each user has their own main PC on which their ‘master profile’ is saved. However as they have occasionally logged on to each other’s PC’s, separate profiles were created on each PC. Could that potentially cause any issues whereby the server isn’t aware which profile is the ‘master profile’ and would this be determined by whichever profile the user logs in to first (after being changed to a roaming profile in AD). 2. How would the profiles be migrated to Azure AD without losing anything (would a third party tool such as ForensiT be required)? 3. If using Azure AD with user documents stored in OneDrive, would it be possible for each user to also have a home directory, for example stored on a NAS? 4. Is there an add on to the Business Standard licence which would enable endpoint manager in Azure AD? If not which licence would be required? P.S. Thanks for the very informative and well explained videos. I’m looking forward to seeing many more!
Hi Daniel. Thanks for your question. Unfortunately due to limitations in my time I’m unable to answer very long questions like this. That said, from your scenario business basic is not the correct plan to be on. You will need a minimum of business premium. As this gives you some InTune functionality. Don’t think of moving to Microsoft 365 as an upgrade, think of it as a migration. New accounts, new profiles and so on. Within Azure active directory MDM & MAM is the capability to create roaming profiles for Windows 10, 11, however at this point I’m unaware of a migration tool that would bring profiles across. If you are not yet in Microsoft 365 then my advice would be to create a couple of test accounts, create a profile and so on. Remember that Azure AD joined devices do not require a server and that this provides perfect single sign-on. I think in your situation where you have a small number of users it’s a much better option than trying to install Azure AD connect and so on. I don’t think it would bring any benefit. PS I do t think business basic supports AAD connect.
@@AndyMaloneMVP Thank you very much for taking the time to reply Andy, it’s very much appreciated and this info has definitely helped to steer me in the right direction!
Men, you're the best, I can reproduce your content In 1.5 Speed and still understand perfectlly. Amazing!!
He he I must sound like a Minion 😂
Just as I'm preparing for sc-900 - that is a nice deep-dive. Cheers from Poland.
You’re very welcome I’m delighted to hear that and good luck with the exam. Greetings from Scotland
I REALLY miss infra work. I am trying to get back there.
I am here because of the crowdstrike situation- Fortunately we were not affected, but I am interested in risk impact mitigation.
Your content is awesome Andy. Thank you. I appreciate you.
You’re very welcome 👍
Thank you for the video, it was nostalgic to revisit the topic on AD disaster recovery. Just a note on RID master. The RID master in the domain allocates 500 RIDs to each domain controller to enable user creation on any domain controller. Once the DC consumes 250 RIDs, the RID master renews the pool. So the absence of RID master does not immediately effect user creation.
Excellent VDOs Andy, Could you possibly do something on ADRES, if not already done. Thank you. Nadeem
Great suggestion!
Hi Andy,
Thanks for giving the quick response of my questions.
It will be helpful to me in my current implementation.
You are doing great job for us keep going.
You're very welcome :-)
Can the Regsvr32 schmmgmt.dll be registered from a workstation? Must it be done from a DC?
A workstation MMC and then do a remote snap in
can you do a windows server installation and active directory set up?
Sure, I can cover that
Hey Andy, Thanks for your great videos. can u tell me how can i have a demo like lab to try office 365 without payment? i need to learn but it is so expensive.
Office.com creat an e5 trial account. You’ll get 30 days. Then creat another one👍
You’d description of the pdc was a little odd to be honest. It’s the most important role and has a lot of functions.
Windows recycle bin should only be turned on if you have done your domain functional level upgrade and don’t need to revert back to 2012 for example otherwise your screwed. Considering most people are off 2008 for DCs these days or even 2012 I would not expect this will not wppl6 to a lot
Hi James thanks for the input. That’s what this channel is all about. Making a contribution 👍
Thanks for making such a valuable content and covering all the topics. would mind sharing the links or where can i find you more videos on Infrastructure and sites that would really helps me alot.
Have you looked at my On prem playlist ruclips.net/p/PLEgclf_4HA-i1viJp70XzMT64H7AXmFtl
Really liked this one as DCs are a Tier-0 focus point for us, so getting a better understanding of FSMO Roles was really helpful.
One thing I would love you to a walkthrough for if possible, is how to create a basic KQL query in Sentinel, (this much I am fine with) but then create a alert that can then trigger a basic playbook that will be for sending an email to certain teams, like Infra or the SOC team. That way I can use the Playbook for other alerts that I want to be prioritised should they be triggered.
Doing this in Advanced Hunting in Defender for Endpoint is made really simple, but not so much in Sentinel.
Creating Playbooks is one thing that I am very weak on so would love to have you do an ELI5 type walkthrough for this.
Thanks Richard delighted to hear that. So notices thanks for the suggestion 😊
We are having single forest multiple domain infrastructure in our environment
See answer
I am having issue with login issue for the users not able to login to other domain
It's either one of a few things. Trust relationships in AD Domains & trusts not transitive or it's a DNS issue. Best of luck :-)
Hi Andy,
I have just been tasked with upgrading a very small office network (only four Windows 10 client PCs) plus an sbs2011 DC.
As email was migrated to Microsoft 365 (Business Standard) some time ago, ADDS is now the only thing left to migrate.
I had initially considered an on-prem (or perhaps hybrid) setup of server 2022 consisting of two DCs (physical + VM). However after watching your videos and realising Azure AD is already somewhat included in the subscription, it seems it would be fairly straightforward to switch to Azure AD. My only concern is that the users won’t be able to log on if the internet connection is down.
It would be interesting to hear your thoughts, and if you could also kindly answer the following questions:
1. User’s domain profiles are currently stored on client PCs. Each user has their own main PC on which their ‘master profile’ is saved. However as they have occasionally logged on to each other’s PC’s, separate profiles were created on each PC. Could that potentially cause any issues whereby the server isn’t aware which profile is the ‘master profile’ and would this be determined by whichever profile the user logs in to first (after being changed to a roaming profile in AD).
2. How would the profiles be migrated to Azure AD without losing anything (would a third party tool such as ForensiT be required)?
3. If using Azure AD with user documents stored in OneDrive, would it be possible for each user to also have a home directory, for example stored on a NAS?
4. Is there an add on to the Business Standard licence which would enable endpoint manager in Azure AD? If not which licence would be required?
P.S. Thanks for the very informative and well explained videos. I’m looking forward to seeing many more!
Hi Daniel. Thanks for your question. Unfortunately due to limitations in my time I’m unable to answer very long questions like this. That said, from your scenario business basic is not the correct plan to be on. You will need a minimum of business premium. As this gives you some InTune functionality. Don’t think of moving to Microsoft 365 as an upgrade, think of it as a migration. New accounts, new profiles and so on. Within Azure active directory MDM & MAM is the capability to create roaming profiles for Windows 10, 11, however at this point I’m unaware of a migration tool that would bring profiles across. If you are not yet in Microsoft 365 then my advice would be to create a couple of test accounts, create a profile and so on. Remember that Azure AD joined devices do not require a server and that this provides perfect single sign-on. I think in your situation where you have a small number of users it’s a much better option than trying to install Azure AD connect and so on. I don’t think it would bring any benefit. PS I do t think business basic supports AAD connect.
@@AndyMaloneMVP Thank you very much for taking the time to reply Andy, it’s very much appreciated and this info has definitely helped to steer me in the right direction!
@@danielb4959 You’re very welcome Daniel and the Best of luck😊👍
Thanks so much. Can you please show me where you talked about LDAP?
Here’s a good article www.techtarget.com/searchmobilecomputing/definition/LDAP
Thank you. So basically it's just the name of the protocol used in active directory to authenticate and authorize users and groups?