Anyway I can Learn AD?
-
@Dashrender said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
@Obsolesce said in Anyway I can Learn AD?:
@scottalanmiller said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
What are best practices?
Some rules of thumb...
- AD is never a foregone conclusion.
- Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
- Don't run any applications from your AD DC.
- Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
- Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.
DC= Domain Controller?
Anything i need to know about setting up a DC?
He just told you - check out Cqure or google "securing a Windows Domain Controller"
yeah, but nothing about the initial set up, which is something I'll have to figure out.
-
@WrCombs said in Anyway I can Learn AD?:
- Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
What would you use below 12 Devices ?
Say for a Small mechanic shop running ~8 PC's (2 at the front desk, 5 in service bays, one in the bosses office, etc.)
This is the crux in my mind.
Some will say - just use a NAS or some online storage solution - like OD or OD4B or NextCloud or Dropbox, etc.
Have the users log in locally - or remove local logins completely, depending on your needed level of workstation security.
Basically you'd set them up as a LANless setup - all security comes from the applications you use, not the workstation.
-
@WrCombs said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
@Obsolesce said in Anyway I can Learn AD?:
@scottalanmiller said in Anyway I can Learn AD?:
@WrCombs said in Anyway I can Learn AD?:
What are best practices?
Some rules of thumb...
- AD is never a foregone conclusion.
- Never consider AD until you have at least 12 computers or users on your network (officially MS used to say 10, but that's absurdly low, 12 is more reasonable.)
- Don't run any applications from your AD DC.
- Never refer to an AD Domain Controller (DC) as a PDC or BDC, there is no such thing in the AD world and anyone using the term is very confused and is thinking of NT SAM from the 1990s which is unrelated.
- Your entire AD network, everything in it, is not any more secure than your DC. Keep your DC locked down tight, as secure as possible. There are many guidelines. Check out Cqure.
DC= Domain Controller?
Anything i need to know about setting up a DC?
He just told you - check out Cqure or google "securing a Windows Domain Controller"
yeah, but nothing about the initial set up, which is something I'll have to figure out.
This is something the video or book should guide you through. Though initial setup is generally pretty easy. though things are different in the 2019 days than the ol' 2016 or older days - the idea of a desktop on server is mostly gone - you can still get it, but it's not simply assumed anymore....
-
you can download virtualbox to your laptop and use that to setup an environment to play on... FYI, you shouldn't share that network to your corporate network - you could run into issues.
-
@WrCombs you'll get so much more out of that video than from here right now. I'd go watch that and ignore this all until ur finished.
-
@Dashrender said in Anyway I can Learn AD?:
you can download virtualbox to your laptop and use that to setup an environment to play on... FYI, you shouldn't share that network to your corporate network - you could run into issues.
Yeah, i'll probably download virtualbox again, and go from there, And I'll start watching some videos about ad tonight.
-
@Obsolesce said in Anyway I can Learn AD?:
@WrCombs you'll get so much more out of that video than from here right now. I'd go watch that and ignore this all until ur finished.
i wont have time to watch that until lunch/after work .
-
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
100% agree with this. There are better places to focus. I will catch shit for this, but you need to be going and trying to learn Office 365 in and out. If I was in a end user support role, that is the path I would be taking.
Office 365 is in higher demand than AD for marketability. It may have less jobs that reference O365 vs AD, but the pool of qualified candidates for O365 is much smaller. So therefore it is more valuable and in higher demand.
-
I went on Microsoft Learn to look for some free courses for @WrCombs and Microsoft has hundreds of courses and not a single one on Active Directory.
Tons of them on Office 365 and Azure though.
-
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
-
@IRJ said in Anyway I can Learn AD?:
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.
Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.
-
@Dashrender said in Anyway I can Learn AD?:
@IRJ said in Anyway I can Learn AD?:
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.
Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.
Well setting it up should be simply running some commands. So long as that is all you are doing for a lab before "using" it, then fine. but to spend any time learning any details is 100% a waste.
-
@JaredBusch said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@IRJ said in Anyway I can Learn AD?:
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.
Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.
Well setting it up should be simply running some commands. So long as that is all you are doing for a lab before "using" it, then fine. but to spend any time learning any details is 100% a waste.
Which is part of any training videos you will watch anyway.
-
@Dashrender said in Anyway I can Learn AD?:
@IRJ said in Anyway I can Learn AD?:
You could build a virtual lab and go through all that bullshit, or you could ask yourself how much of a chance is there that I will have to setup AD from scratch at a new company? I would say that chance is probably close to zero. Because if they dont have AD implemented today, then its not the best option for them moving forward
While this is absolutely true - without a base understanding troubleshooting can be challenging at best - damned near impossible at worst.
Scott's comment about learning NT 4.0 before AD and how helpful that was is something I completely agree with. Of course today, going that far back would be pointless.
I mean if you are bored or something then fine. If you care about advancing your IT career then its a total waste.
I did the AD thing for windows 2000 and got my MCSE in 2000. It has served me well, but that was 20 years ago. I have been involved in many architectural capacities at large companies and the AD related jobs are on the decline. AD and SCCM is phasing out.
Microsoft themselves doesnt even offer training for it anymore. Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.
-
@Dashrender said in Anyway I can Learn AD?:
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.
Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?
-
@scottalanmiller said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.
Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?
Standing out leads to more opportunity .
-
@IRJ said in Anyway I can Learn AD?:
Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.
I'm a generalist But I'd say what our slice of the world sees is a precipitous drop in usage. It was easily approaching 100% in shops of 10+ just five years ago. Now we remove it more often than we install it and penetration is above, but closer to, 50%.
-
@scottalanmiller said in Anyway I can Learn AD?:
@IRJ said in Anyway I can Learn AD?:
Of course generalists dont see the decline, because they do everything at their companies. Companies that have actual IT departments are surely phasing it out. It's nothing new either. It's been happening for years.
I'm a generalist But I'd say what our slice of the world sees is a precipitous drop in usage. It was easily approaching 100% in shops of 10+ just five years ago. Now we remove it more often than we install it and penetration is above, but closer to, 50%.
I guess I should say 1 or 2 man IT departments
-
@WrCombs said in Anyway I can Learn AD?:
@scottalanmiller said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.
Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?
Standing out leads to more opportunity .
Right which is why I would forget about doing a virtual lab with AD, and focus on technologies that matter in 2020 forward
-
@WrCombs said in Anyway I can Learn AD?:
@scottalanmiller said in Anyway I can Learn AD?:
@Dashrender said in Anyway I can Learn AD?:
@coliver said in Anyway I can Learn AD?:
Honestly there really isn't much to AD that you will encounter on a day-to-day basis. A book may be overkill for it. The YouTube videos may be a good place to start but setting up an environment and using it will be the best way to learn.
Without a book there are many aspects you'll never just bump into, especially in a small environment - like sites and domains and trusts - granted, is most SMB you won't bump into these much either (well sites might be something if you have multiple DCs in different locations)... I think a book is best to ensure a rounded view of AD.
Although you can get pretty far in your career without ever using or even seeing those things. I cover that stuff for MSPs, for example, that see them once in a blue moon. The real question is... in a field over saturated with people with AD experience, do you want to be "just another tech" or do you focus on what makes you stand out?
Standing out leads to more opportunity .
Yes, this is one of those weird statistically things that doesn't seem intuitive. It's why things like going to college, or studying the "must learn" tech rarely get you a big advantage... because everyone else is doing that. Because each person only needs a single job, not a lot of jobs, being well suited to the average job isn't actually a big deal. Even if 90% of jobs require AD experience, you don't care because 95% of applicants already have it. You'll never compete with the sea of people already doing it. Those jobs are already essentially lost to you, but who cares. What you care about is being the right candidate for the right job. For you, unless you have some weird passion about local directory servers, that means AD isn't going to be something that gets you a job.
That doesn't mean you shouldn't know the basics. But like... one to two days of learning it tops. A few hours. Make sure you aren't useless and that you don't get ruled out of a job you are otherwise ideal for because you seem to have a staggering gap in the basics.
But as to where to focus? Find the areas that interest you and really pound on them. For me, early on, there was a lot of UNIX, VPNs, and networking. Those weren't widely used things (obviously networking was) back in the mid-1990s. But I stood out because I had unique skills. So when people were hiring for those things, I was often the only candidate or one of only a few. My chances of getting a job were higher, the jobs paid better, and the jobs were more fun. I wasn't a cog that could easily be replaced, and that helped a lot.
I then shored up my resume by learning the broader field of things later. But I had a solid UNIX career pre-Linux, and pre-Windows (not before they existed, before I learned or used either.) I had a focus and it made it clear which jobs I wanted to pursue, and which ones would be interested in me.