This session focused on a ton of tips and tricks for Windows and AD administration. The speaker went 100 MPH and it would be impossible to cover everything. But he will be uploading his presentation slide deck, scripts, and other goodies on his website here. He also wrote a book on Windows administration that you can buy from Amazon here. Since he will be uploading his slide deck, I’ll just touch on a few highlights to whet your appetite.
One of his main topics was role based administration of Active Directory. This can be accomplished with careful planning and no third-party tools. His method for role based AD delegation was actually very similar to a method I used with a client a few years ago. Group naming standards are very critical as well, and an organization must really adhere to them.
For a group naming convention, a convention of using a prefix to define the purpose and a suffix to define the access level. For example, on a file share you could have a group called ACL_HR-Data_Full-Access. To find all groups that apply permissions to objects you can simply search for “ACL_”. Groups that control permissions on GPOs could be called GPO_, computer groups could be COMP_.
I also learned about a feature in Active Directory called “Notification based replication.” This feature, which has been around for years, allows you to override the 15 minute site-to-site replication interval and make it near real-time. The speaker has a customer that has a 37 second global AD convergence time. Yes, any AD changes are replicated globally within 37 seconds. If you have the bandwidth between sites, this can be a great feature. You can find instructions on how to enable this feature, on a link by link case, here.
The speaker also covered many MMC customizations to make your life easier, how you can disable the local administrator account but still use it in safe mode, and a ton of other tips and tricks. Highly recommend you check out his slide deck at the link above, after he posts them. I can only image what’s in his book. Also, check out the May edition of the Windows IT Pro magazine as he has a large article in there covering many of these features.
