Dude, i never thought a regular user will fit my env because im the only it employe, and i manage all the network, computers and erp. but with the mmc properly tweaked will be safe and easy to manage all the env
A monochrome PDF version of these are available at the following Microsoft download URL. I couldn't find the color version of these. download.microsoft.com/download/e/a/7/ea75457b-65d0-481c-b53b-d7ca2ae7ee08/s2b%20-%209.pdf
I don’t know if he’s conflating domains with trees. Because while multi tree forests have decreased in popularity, his claim that “single domain forests” are the rage is flat out untrue. Most enterprises I’ve seen have multiple levels of subdomains.
@@andreas956 the presentation is old, in the end hes talking about hoping that people enjoyed students to business 2011. Also note the server 2008 references in the video.....
Edit: Please take my opinion with a grain a salt. Different Environments will work better with different OU structure. Great video. Not exactly sure how that OU structure shown around minute 10-11 would be best practice? It’s not very efficient for identifying users. Having All system users under a single OU then separating out by Security Groups seems to defeat the purpose of creating any OU in general. Identity Management should be a key component when organizing your AD.
Having OU structure of departments OR regions of those users and computers would seem to be a better fit for deploying GPO. Security groups should be identified before hand and then be made to how granular you want to make security rules. Those groups could be placed within the OUs to organize them. But then again, the set up of OUs really isn’t that important, as long as it’s standardized and capable of identity management of your users.
See the video at part 43:30 to the end. You MANAGE via saved queries. For example You couldn't care if Joe Smith was in whatever department OU that you've created, you want to have your HelpDesk team reset his password. If you create your setup like in the video, management is SIMPLE and you set the permission ONCE. If you do it the way you're saying - creating department OUs and the like, you must grant access to reset passwords in MULTIPLE OUs instead of just the 1...
@@Adamj_1 Hey Adam, if I add a taskpad view to a saved query and then open the saved .msc as a different user (to delegate administration) then the taskpad view for the saved query is no longer visible. I have been unable to fix this issue. Is there something you need to do in order to have taskpad views in a saved query usable by other admins?
@@julianhamann4925 Just tested this - Saved a taskpad and a saved query and a taskpad to a saved query and all 3 are showing up properly when executing on a different physical server VM, different user account as a delegation would. Not sure what you are experiencing as I can't replicate it.
I learned a lot in less than one hour. Brilliant presentation from Dan. Thank you for uploading!
Many if not all stuff that is discussed in this great video also applies to AD running on Server 2019.
Thanks for your work, Adam
And Server 2022...anything on prem.
Never thought the MMC was this good, amazing video! Thanks for sharing.
This is a gem microsoft vid
2021... Thank you!
Great demo,I find that there are a lots of skills I don't know. Thank you😀
Thanks for your sharing, is there any new update skill for ad in windows 2019? I'm looking forward to that🥰
wow ! great video !
Useful. Thanks!
very good video!
[Q] Where I could find more about implementation of "notification based replication between the sites"?
Dude, i never thought a regular user will fit my env because im the only it employe, and i manage all the network, computers and erp. but with the mmc properly tweaked will be safe and easy to manage all the env
Yep. Separate Admin and Regular User - even for the single IT person (I'd also argue especially for the single IT person)
I love you.
So blunt 😍
I don't suppose you have a copy of the slide deck from this presentation?
I do not. Sorry. Only the RBAC scripts on www.ajtek.ca/guides/role-based-access-security/
A monochrome PDF version of these are available at the following Microsoft download URL. I couldn't find the color version of these.
download.microsoft.com/download/e/a/7/ea75457b-65d0-481c-b53b-d7ca2ae7ee08/s2b%20-%209.pdf
Do you have the script to extend the schema and assign computer ownership to users?
Please see my blog post at www.ajtek.ca/guides/role-based-access-security/
I don’t know if he’s conflating domains with trees. Because while multi tree forests have decreased in popularity, his claim that “single domain forests” are the rage is flat out untrue. Most enterprises I’ve seen have multiple levels of subdomains.
Propably differs depending on your location and field. In my experience, a majority of my clients have had single domain forests.
@@andreas956 the presentation is old, in the end hes talking about hoping that people enjoyed students to business 2011.
Also note the server 2008 references in the video.....
Edit: Please take my opinion with a grain a salt. Different Environments will work better with different OU structure. Great video.
Not exactly sure how that OU structure shown around minute 10-11 would be best practice? It’s not very efficient for identifying users. Having All system users under a single OU then separating out by Security Groups seems to defeat the purpose of creating any OU in general. Identity Management should be a key component when organizing your AD.
Having OU structure of departments OR regions of those users and computers would seem to be a better fit for deploying GPO. Security groups should be identified before hand and then be made to how granular you want to make security rules. Those groups could be placed within the OUs to organize them. But then again, the set up of OUs really isn’t that important, as long as it’s standardized and capable of identity management of your users.
See the video at part 43:30 to the end. You MANAGE via saved queries. For example You couldn't care if Joe Smith was in whatever department OU that you've created, you want to have your HelpDesk team reset his password. If you create your setup like in the video, management is SIMPLE and you set the permission ONCE. If you do it the way you're saying - creating department OUs and the like, you must grant access to reset passwords in MULTIPLE OUs instead of just the 1...
@@Adamj_1 Hey Adam, if I add a taskpad view to a saved query and then open the saved .msc as a different user (to delegate administration) then the taskpad view for the saved query is no longer visible. I have been unable to fix this issue. Is there something you need to do in order to have taskpad views in a saved query usable by other admins?
@@julianhamann4925 Just tested this - Saved a taskpad and a saved query and a taskpad to a saved query and all 3 are showing up properly when executing on a different physical server VM, different user account as a delegation would. Not sure what you are experiencing as I can't replicate it.