Intriguing Points From Windows Server 2022 Book (Early Release!!!) Part10.

Fine-Grained Password Policy

In AD environment, there are a few different ways that you can enforce password policies that require certain password length, set complexity requirements on that password and defining maximum ages for passwords.

The most common and certainly easiest place to define a password policy is by using Group Policy.

Fine-grained policy allows you to configure differing password policies for different groups of people inside Active Directory.

Active Directory Recycle Bin

As the name implies, this is a container into which objects that are deleted from Active Directory move before they are permanently deleted.

Read-Only Domain Controllers

The first domain controller you set up in your network will be fully writable one. In fact, most DCs in your network will likely be fully functional and writeable.
RODCs can only have its directory data read from it. RODCs receive their directory data from other more traditional domain controllers and then utilize that data to verify authentication requests from users and computers.

Another valid use-case for an RODC is within a DMZ, a protected network where you would typically never dream of installing a full domain controller because a DMZ network is all about access restriction and keeping internal network information safe.

to be continued…


Posted

in

by

Tags: