The backbone of enterprise identity, explained for the Linux admin: domains, trees, and forests; organizational units and delegation; the tight dependency on DNS; the global catalog and FSMO roles; replication topology and sites; accounts and groups and the security implications of nesting; and standing up a domain controller from scratch. How AD actually models an organization, what is new in Windows Server 2025, and where it bites you.
Active-Directory
-
Active Directory Domain Services Fundamentals -
Group Policy in Practice The configuration-management system every Windows shop lives on, explained for the Linux admin: GPOs and how they are processed (LSDOU and precedence), computer versus user policy, security baselines and ADMX administrative templates, loopback processing, mapped drives and login scripts, WMI filtering, and troubleshooting with gpresult and the Resultant Set of Policy. The good, the bad, the sprawl, and where it overlaps with modern Intune/MDM.
-
Integrating Linux with Active Directory Single sign-on across a mixed fleet: joining Linux hosts to a domain with realmd and SSSD, Kerberos and GSSAPI for SSH, mapping AD users and groups to POSIX, sudo rules sourced from AD, Samba for file shares and as a domain member, and the alternative of FreeIPA with an AD trust. Making one identity work everywhere without running everything on Windows.
-
Kerberos and Windows Authentication How sign-on actually works in an Active Directory world: NTLM and why it persists, Kerberos tickets (the TGT, service tickets, and the KDC), SPNs and delegation (unconstrained, constrained, and resource-based), and the attacks every defender should recognize — Kerberoasting, pass-the-hash, pass-the-ticket, and golden and silver tickets. A clear walk through the protocol and its real-world abuse, plus what Windows Server 2025 changes.