Active Directory

Infra

Find name of AD domain controller

Windows Domain Groups

Which groups am I in?

A forest is made up of one or more domains and all of the objects in the domains.

Oracle/Active Directory Integration

Quest Authentication Services (QAS)

Service Principal Names (SPN)

AD Lifecycle

AD Management

AD Troubleshooting

Find name of AD domain controller

nslookup -querytype=all _ldap._tcp.dc._msdcs.yourdomain

Or, using nslookup in interactive mode...

nslookup

set type=all

_ldap._tcp.dc._msdcs.yourdomain

Windows Domain Groups

Which groups am I in?

Try one or more of these alternative approaches...

whoami /groups

net user username /domain

gpresult /user username /r

dsquery user domainroot -name username | dsget user -memberof

Note: dsquery/dsget need "Remote Server Administration Tools" installed

Powershell

Get-ADPrincipalGroupMembership username

Note: This assumes you have the Active Directory Powershell module installed

Who is in a group?

NET GROUP "MYGROUP" /DOMAIN

dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members

dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members -expand

Powershell

Import-Module ActiveDirectory

Get-ADGroupMember "Domain Admins" -recursive | Select-Object name

SQL Server

From within SQL Server you can run...

xp_logininfo 'MYDOMAIN\MYGROUP', 'members'

Note: This assumes that the group is defined as a SQL Server Login

Best Practices

Run on Windows Server Core
Do not run other software or services on a Domain Controller
Adjust the startup order and set a BIOS password
Standardize the configuration of all domain controllers
Always start with a single forest.
Avoid an empty forest root domain
If using two-way forests trusts, consolidate forests

https://blog.netwrix.com/2017/01/31/best-practices-active-directory-forests/

Bibliography

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overviewhttps://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759186(v=ws.10)https://serverfault.com/questions/78089/find-name-of-active-directory-domain-controllerhttps://devblogs.microsoft.com/scripting/hey-scripting-guy-how-can-i-determine-the-distinguished-name-of-the-ou-where-the-logged-on-users-user-account-resides/https://www.faqforge.com/windows/run-vbscript-windows/https://ss64.com/vb/syntax-userinfo.htmlhttps://ss64.com/vb/syntax-computerinfo.htmlhttps://superuser.com/questions/611839/how-can-i-find-out-which-user-groups-my-domain-user-belongs-tohttps://blog.netwrix.com/2017/01/30/evolution-of-windows-domain-controller/https://blog.netwrix.com/2017/01/30/sysvol-directory/https://blog.netwrix.com/2017/01/31/best-practices-active-directory-forests/https://blog.netwrix.com/2017/01/31/active-directory-domain/https://blog.netwrix.com/2017/02/17/group-policy/http://www.steves-internet-guide.com/using-nslookup/https://activedirectorypro.com/dhcp-best-practices/
Toolshttps://www.oneidentity.com/products/active-roles/
RSAThttps://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee449475(v=ws.10)
Groupshttps://serverfault.com/questions/49405/command-line-to-list-users-in-a-windows-active-directory-grouphttps://stackoverflow.com/questions/1458016/get-users-non-truncated-active-directory-groups-from-command-line
Linuxhttps://www.redhat.com/sysadmin/linux-active-directory
SQL Serverhttps://docs.microsoft.com/en-us/sql/linux/sql-server-linux-active-directory-authenticationhttps://access.redhat.com/discussions/4850081 (Connect to MS SQL server using Windows Authentication)https://access.redhat.com/articles/4094741 (Tutorial: Configuring Red Hat Enterprise Linux to allow Active Directory users to login to Microsoft SQL Server 2019 leveraging a trust-level setup between Red Hat Enterprise Linux Identity Management and Microsoft Active Directory.) - PAYWALLED