As I gain more experience at my job as an IT Specialist, more often people are coming to me for answers. So I figure why not write down some of this to see if maybe people new to the tech world or looking to get into it can have some answers.
Back when I first started as a tech, I was completely lost and no one was really willing to show or teach me anything. Everything before being a tech was just personal computer stuff, no servers or large systems to deal with. My biggest mistake was not looking into stuff for large enterprise solutions. Becoming familiar with these kinds of systems will give you an edge over most newcomers. There is also a good expectation that where your job starts and ends will blur due to more items being computerized and network capable. So to start, you should want to have an idea of what areas you will need at least some knowledge in.
The most common baseline for people I know is the Comptia A+. This gives a basic understanding of computer hardware, operating systems, and computer concepts. Most IT jobs will also want some basic understanding of networking. The most common starting point that I get with job interviews and the like is some understanding of Windows Servers and Active Directory. Other knowledge areas may also include VOIP (voice over IP), Linux, and scripting. Another common thing I find interviewers ask about is familiarity with whatever flavor of ticketing software they use. The ticketing software is always weird to me, it's usually just a website on their intranet and there are a lot of different ones. The one my work currently uses is called SysAid.
So let's start with some of the basics of an IT job. Active Directory is something I commonly hear a few short and simple questions on, but what you need to know can vary. The absolute basics you should know are how to join AD, move objects in AD, terms like DC, OU, CN, GP, LDAP, and Kerberos. You will also need to know what tools you can use to work with these. Let's start with defining terms and acronyms.
The Domain Controller is a server(s) that has AD DS (Active Directory Domain Services) installed on it. Some call this the DC, but DC can also mean Domain Component. The term OU will also be used a lot, this means Organizational Unit which is a group in AD that will often include your policies known as GP (Group Policies). The Common Name (CN) will be things like a device or username, or various built in things. Lightweight Directory Access Protocol (LDAP, pronounced el-dap) is part of the suite of software that makes up what is AD. The main reason to recognize the term LDAP is because you may come across something that needs an LDAP path. These are a pain, but there's a few tricks to using and navigating it all a little easier. The final term you should be familiar with is Kerberos. Kerberos is the authentication part of the AD software which uses what are referred to as tickets to authenticate.
Now keep that in the back of your head, it's time to discuss tools for working with AD. In most cases, you will probably be working on a desktop and not a server. To add a computer to AD from the computer itself we have a few different tools at our disposal. This can be done through the Control Panel or Powershell. To get to the menu we need for the Control Panel has a few different ways as well. You can click on the start menu and type out Control Panel, you can press Windows+R and type out Control Panel then run it, you can open up the file explorer, right click on This PC and select Properties which will jump you to the Control Panel item we need to get to. When in Control Panel, under Category view you click on System and Security, then System, or if you are in icon view there should be one at the start called System. Under Computer name, domain, and workgroup settings, you click on Change settings. On the window that pops up, there should be a button called Change... next to text about renaming the computer, click Change. From the window that pops up, you can type in a name, change the workgroup name, or select the radio button for domain and type in your domain name. After you do this, the computer will need to restart.
One thing to mention now is that some of the tools necessary for working with a domain are in the Windows Remote Server Administration Tools (RSAT). Depending on your Windows version (October 2018 and later), it may be available through Settings > Apps > Windows optional features. Just do a quick Google search to see specifically what you need.
For those that prefer a command line way of doing this, we can use Powershell commands. For this, we use the Add-Computer module. To get to an Administrative Powershell session, you can press Windows+x then a, or right click on the start menu and select Windows Powershell (Admin). From here you can run a command like so:
Add-Computer -Domain "example.domain.com" -Credential "example\your-name" -Restart
After joining a domain, it may be necessary to view any policies applied to that computer to make sure policies were applied. For this we need to look at the Active Directory Users and Computers. As usual there is a graphical (GUI) way of doing things and a command line (CLI) way of doing things. The CLI way of doing things is a bit more involved, so I am going to highlight the GUI way for now. In comes the Microsoft Management Console (MMC). The MMC uses MSC files for various interfaces to do a lot of administration on Windows, these are also called Snap-Ins. I may cover more on that later, but we will be using a few of these over the course of learning things. So for the MMC Snap-in we need to run dsa.msc with either Windows+r or a start menu search. It has a tree-style drop down menu and to move a computer from one group to another it's as simple as a drag and drop.
Once you have joined a domain or moved to a new group, settings are set through Group Policy (GP). These policies should theoretically update themselves to the computer, but when you movie it from one group to another sometimes updates may or may not work there way through. It may also be necessary to force policies through. There are a few ways to update these policies. The first is a bit more passive, restarting the computer. I have had many times where this simply does not get everything. Opening an Administrative Command Prompt or Powershell we can use the command gpupdate /force to update and optionally add the /boot option to restart or logout if it is necessary to apply certain policies. From a Powershell we have the alternative command Invoke-GPUpdate with flags -Force and -Boot. The advantage of using Powershell is we can also run the command remotely with the -Computer option, for example: Invoke-GPUpdate -Computer "example\test-computer" -Force -Boot. Personally, I try to use Powershell commands over CMD as much as possible because of the possibility to continue with remote administration and management.
If we need to view the applied policies to a computer we look at the Resultant Set of Policy (RSOP). For the RSOP MSC, we can either search for in the start menu or press Windows+r and run rsop.msc. This will open up a window that should allow you to browse through policies applied to whatever computer you are on or whatever user you are logged in with. The GUI should be easy enough to understand.
To rename a computer on the domain or remove it from the domain is as simple as being logged in as an administrator and going about the same way you joined it to the domain. Removing it from the domain just requires changing over to a workgroup.
Hopefully this guide will be helpful to people as a quick overview of some basic tech work in enterprise style environments. When I started out, I had nothing to go on, but my interview allowed me to use Google, which was nice. With any luck, I should have plenty more to add to this.
No comments:
Post a Comment