New Training: Administer Active Directory Domain Services
In this 7-video skill, CBT Nuggets trainer Garth Schulte teaches you how to install, configure, and manage Active Directory Domain Services (AD DS). Learn how to install a new domain controller into an existing Active Directory domain, how to create users and groups in Active Directory Domain Services, and how to assign permissions. Gain an understanding of organizational units, AGDLP and AGUDLP best practices, and common management tasks and best practices for Active Directory administrators. Watch this new Microsoft Windows Server training.
Learn Microsoft Windows Server with one of these courses:
This training includes:
52 minutes of training
You’ll learn these topics in this skill:
Introduction to Administer Active Directory Domain Services
Active Directory Domain Services Overview
Installing and Configuring Domain Controllers
Creating Users and Groups
Creating Organizational Units
Designing Groups and Assigning Permissions
Active Directory Management and Best Practices
What is AGDLP?
AGDLP defines Microsoft's recommendations when it comes to implementing role-based access control within a Windows domain. It is an acronym for "Accounts, Global Groups, Domain Local Groups and Permissions."
It stipulates that user and computer accounts should be members of the global groups that represent each organizational role. These global groups, in turn, should be members of a domain local group, which then provides access control and has permissions to various resources.
By using AGDLP, you can simplify the process of implementing user and group authorization. You can afterward change permissions by simply adding memberships to groups. Finally, it can reduce the risk of orphaned user entries in ACLs (access control lists), as all entries in the list must refer to a group.
AGDLP, though, is not without its disadvantages. As you must create its structures manually, it can be both labor intensive (and hence expensive) and prone to human error.