Introduction
2023 Microsoft rebranded Azure AD to Entra ID. Azure AD name caused confusion with Active Directory (AD) which is similar but not identical.
Managing User and Service Accounts
Domain Controller can be the DNS as well
Joining Computer to a Domain
- Computer clock must be 5 mins within DC clock
CMD+R
- ncpa.cpl (network connections)
- sysdm.cpl (system properties)
To connect to domain, must use a domain user
Using OUs can create a hierarchy
Create users via a template
Security Principals
- user accounts
- computer accounts
- service accounts
Groups
- contain security principals
- can have other groups (creates hierarchy)
Service Accounts in AD
Used by computers or services
- Local System
- Network Service
Types of service accounts
- LocalService
- NetworkService
- LocalSystem (completely trusted/root)
Service accounts be managed by
- Local service account
- Group managed account (can be used across domain computers)
Types of User Accounts
- Local User Account
- Domain User Account
Service Accounts in Entra ID
Types of service accounts
- Managed Identities
- Service Principals
- User-based Service Accounts
Managed Identity
- Identity for Azure resource
- service (resource) runs under security context
- Password managed for you
- Grant access to other resources in azure
Managed Identity Types
- system assigned
- service principal created, lifecycle tied to resource
- user assigned
- standalone resource, can be used across resources
- Service Principal
- tied to an application object in Entra Id
- application object
- identity configuration (template) for app
- allows users to sign in
- can be granted access to azure resources
- application objects can be used in multiple Entra ID tenants
- application object has 1to1 with application but may have 1toMany service principals
Administering Groups and Roles
Password Management
Directory Maintenance