Improving the Security of Authentication in an AD DS Domain
When a user logs on to an Active Directory Domain Services (AD DS) domain, she enters her user name and password, and the client uses those credentials to authenticate the user—to validate the user’s identity against her Active Directory account. In Chapter 3, “Administering User Accounts,” you learned how to create and manage user accounts and their properties, including their passwords. In this chapter, you will explore the domain-side components of authentication, including the policies that specify password requirements and the auditing of authentication-related activities. You will also discover three new options to improve the security of accounts and authentication: managed service accounts’ password settings objects (PSOs, better known as fine-grained password policy); and read-only domain controllers (RODCs).
Exam objectives in this chapter:
Maintain Active Directory accounts.
Configure account policies.
Configure audit policy by using GPOs.
Configure Active Directory replication.
Configure the read-only domain controller (RODC).
Lessons in this chapter:
Lesson 1: Configuring Password and Lockout Policies
Lesson 2: Auditing Authentication
Lesson 3: Configuring Read-Only Domain Controllers
Lesson 4: Managing Service Accounts
Before You Begin
To complete the lessons in this chapter, you must have installed a domain controller named SERVER01 in the contoso.com domain.