Last Updated:
April 29, 2024
How Secure Is Your Active Directory Environment?
‘Security’ This is always a sore point for any IT Admin, but it is something that they deal with on a day-to-day basis. The way that one restricts ‘exchange access’ and limits the exchange admin center activities, the same can be applied to the Active Directory. Active Directory Environment and Exchange work together, if you compromise 1 generally the other is compromised too. How often do you visit your firewall rules and see what access is granted? Do you allow every port open to your Active Directory Servers or do you limit them to port 636 for secure LDAP? Are your Active Directory Servers exposed to internet threats? Meaning, can you access it using a remote desktop to a public IP or can you open the Active Directory snap-in on a machine and connect remotely? Whatsoever, you need to look at securing your environment. It is important to put something in front of the Active Directory environment like a sonic wall or F5 and only allow DNS (port 53) or Secure LDAP (port 636). This is just the tip of the iceberg. Once you have fixed the access, you then generate a report or reports to know what is going on in your system […] read more
0 Views : 25
A Guidebook on Active Directory Security Groups
A Guidebook on Active Directory Security Groups Active Directory Security is a Microsoft Windows-enabled Directory Service that plays a vital role in Information Technology. Its services pertain to managing applications, users, data, and many other attributes of an organization’s network. Every physical and virtual data in the network of your organization is an ‘object’ in Active Directory. This data is primarily used by the Network Administrators to assign privileges to systems and to control object authentications. It is highly vulnerable to security threats, hence it is critical to secure it without any compromise. Securing the Active Directory ideally protects the following data in your organization’s network. ● User & Client Credentials ● Software Applications ● Any Organizational Level Sensitive Data It is obvious that unsecured Active Directory security can lead to a disastrous amount of data leakage. In this article, we present to you a compilation of the best practices to secure your Active Directory. Types of groups in Active Directory: The two types of groups in Active Directory are ● Distribution groups ● Security groups Distribution groups are used to create email distribution lists. (i.e, send email to a collection of users) and security groups are used to provide […] read more
0 Views : 17
How Do I Generate Reports to See What Is Happening in My AD Environment?
Active Directory Reports Generating reports in Active Directory; this is a common request by many managers and will be for years to come. Managers think that Active Directory is like a SQL database and you can run queries and pull reports. It is only partially true, you can run queries, and this is advanced PowerShell queries to perhaps pull information about a distribution group or finding all users with an attribute for instance. If you have the PowerShell skill, you can generate HTML reports from using style sheets in your PowerShell query. However, you are limited with what you can do with reporting. Example: Here is an example of a script (*this is not my own work) that is available on the internet: __________________________________________________________________________________________ $way = Read-Host ‘Do you want to export AD group membership to a file? (y/n)’ If ($way -eq “y” -Or $way -eq “Y”) { Write-Host “`nThis output will be saved to a File named: username.csv in the C:\temp folder location” $name = Read-Host “`nWhat username do you want to find the Group Membership of? “ Get-ADPrincipalGroupMembership $name | Select Name | Export-CSV -path C:\Temp\$name.csv -NoTypeInformation } Else { $name = Read-Host “`nWhat username do you […] read more
0 Views : 18