IAM-1 AD Basics, PKI Smart Card login & HSM

Learn how to implement a Microsoft Active Directory domain controller to centralize logging and authentication, enable file sharing, and manage users and groups across Windows clients, with hands-on Azure labs.

Discover how Active Directory centralizes authentication and permissions by organizing users, computers, and devices as objects with attributes within a domain namespace on Windows Server domain controllers.

Define and relate domain, trees, and forests, explain the global catalog and schema, and show how trusts enable cross-domain access within an Active Directory environment.

Learn to create a Windows Server 2019 virtual machine in Azure, including choosing a subscription, resource group, region, image, size, networking, and enabling remote access via RDP with public IP.

Install the Active Directory domain services role on Windows Server 2019 and promote the server to a domain controller for the Adams Health dot online forest, with DNS integration.

Discover how DNS enables Active Directory to locate domain controllers and provide LDAP and global catalog services. Learn how computer name resolution and service records support domain join and authentication.

Learn how to join a Windows 10 desktop to a domain controller, create users and groups in Active Directory, and manage a small organization’s domain with DNS configuration in Azure.

Add a new disk to an Azure VM domain controller, initialize a volume, create a shared folder, set read/write permissions, and map it as a drive.

Learn about NTLM and Kerberos in Active Directory, password hashing with salt, and how a challenge-response authenticates users via the domain controller.

Discover Kerberos authentication using a key distribution center to issue encrypted tickets (DDT and TGT) and a service ticket with a session key for accessing resources like Microsoft Exchange Server.

Explore the basics of encryption, including symmetric and asymmetric encryption, public and private keys, and how keys encrypt and decrypt cipher text across networks.

Learn how digital signing protects data integrity and authenticity through hashing and asymmetric encryption, enabling verification of unmodified messages via public-key cryptography.

Explore how ssl certificates secure web communication using public and private keys, certificate contents, csr signing, and domain verification within the certificate authority hierarchy.

Discover how public key infrastructure enables secure data transfer and identity management through digital certificates, certificate authorities, and private keys, including ssl certificates, virtual private networks, email, and cloud apps.

Explore Microsoft Active Directory certificate services, including root and subordinate certificate authorities, web enrollment, online responder, and network device enrollment service to secure communications with PKI.

Explore the three certificate authority hierarchy types: single, two-tier, and three-tier, and how root and offline root with standalone or enterprise issuing authorities secure internal certificate services for your organization.

Learn to deploy a certificate authority using Microsoft tools and configure pre-configuration with the CAPolicy.inf policy file, covering CRL distribution points, root certificates, and CA policy settings.

Demonstrate a smart card based login workflow in a Windows environment by setting up a domain controller, offline root CA, enterprise issuing CA, web server, and client machines.

Install and configure a root certificate authority with Active Directory Certificate Services on Windows Server 2022, guided by a policy file, and set up a standalone CA.

Configure authority information access and CDP for the root CA, enabling issuer certificate downloads, and publish CRL and delta CRL via base and delta Seattle.

Publish the certificate revocation list and root certificate by setting up an IIS web server to host the CRL, AIA, and CDP for offline validation.

Create and deploy a group policy to push the root certificate into the trusted root certificate authority folder on all domain-joined computers, ensuring automatic certificate trust.

Install and configure an enterprise issuing certificate authority with AD CS, create a subordinate CA, generate a CSR, sign at the root CA, and import the signed certificate.

Understand certificate enrollment: users generate a private key and CSR, submit to a certificate authority for a signed certificate, via automatic, manual, on behalf, or web enrollment.

Demonstrate how automatic enrollment works in Active Directory Certificate Services, using group policy and certificate templates to auto enroll users and computers via domain controller or web policy servers.

Learn to configure Group Policy for automatic certificate enrollment, including enrollment policy, auto enrollment, renewal with strong validation, and the issuing authority policy module.

Create and customize certificate templates to enforce organization-wide rules, issue tailored certificates, and enable auto-enrollment through group policy and AD CS settings.

Learn to create and configure an enrollment agent to issue certificates on behalf of users, assign permissions, and manage templates for secure smart card login.

Discover certificate authority web enrollment: install and configure the web enrollment service, submit CSRs, choose templates, and download certificates for domain-joined computers and web servers.

Understand smart cards as portable, tamper-resistant wallets that store private keys and perform encryption or signing, with PIN or biometric authentication enabling Windows logon.

Demonstrates setting up a smart card login with a certificate template, issuing certificates via an enrollment agent, exporting the private key, creating a user, and enforcing smart card–only interactive logon.

Learn to manage a smart card and import a certificate using the YubiKey and YubiKey manager, then log into Windows with a smart card, including pin and optional biometric login.

Explore how OCSP, the online certificate status protocol, provides revocation checks for digital certificates via an online responder, contrasting it with CRL and certificate distribution lists.

Configure OCSP using Windows Server, Active Directory Certificate Services, and Online Responder; set up Certificate Authority, templates, and revocation information to enable online status checks.

Understand how hardware security modules perform cryptographic operations, including key management, key exchange, and encryption, while protecting private keys and offloading from software providers.

Configure an hsm with Utimaco to integrate with ad cs using cng/csp interfaces, install and configure a certificate authority, and demonstrate cryptographic service provider connections for ad cs.