Corentin
8e1b06e090
Complete Active Directory teaching environment based on dockurr/windows: - Windows Server domain controller, Windows 11 client, Debian 12 client - docker-compose orchestration, env-driven configuration - Bilingual documentation (FR + EN) for students - Dual approach (GUI + PowerShell) in every procedure - Instructor course plan and reference scripts - RDP launcher scripts for Linux, macOS and Windows Made by AcadéNice - https://acadenice.fr/
87 lines
2.4 KiB
Markdown
87 lines
2.4 KiB
Markdown
# Course plan
|
|
|
|
Instructor-facing document. Provides a session outline based on the lab,
|
|
alternating theory, demo, and student practice.
|
|
|
|
## Audience and prerequisites
|
|
|
|
- Sysadmin-track students, reskilling learners
|
|
- Networking fundamentals required (TCP/IP, DNS, DHCP)
|
|
- One workstation per learner, 16 GB RAM minimum, VT-x enabled
|
|
|
|
## Duration
|
|
|
|
- Intensive: 2 days (14h)
|
|
- Spread: six 3h half-days
|
|
|
|
## Structure
|
|
|
|
### Session 1 — Intro and setup (3h)
|
|
|
|
Goals:
|
|
|
|
- Understand what a directory is, what AD solves
|
|
- Start the lab, install Windows Server
|
|
|
|
Plan:
|
|
|
|
1. (45 min) Theory: AD history, vocabulary (forest, domain, DC, OU, GPO)
|
|
2. (15 min) Lab presentation (diagram, 3 VMs)
|
|
3. (1h30) Hands-on: lab install, start DC01, first login
|
|
|
|
Student material: `docs/etudiant/en/00-prerequisites.md` and `01-lab-startup.md`.
|
|
|
|
### Session 2 — Promotion and population (3h)
|
|
|
|
1. (45 min) Theory: FSMO roles, integrated DNS, functional levels
|
|
2. (2h) Hands-on: DC promotion, OUs, users, groups
|
|
3. (15 min) AGDLP debrief
|
|
|
|
Material: `02-dc-promotion.md`, `03-ou-users-groups.md`.
|
|
|
|
### Session 3 — GPOs (3h)
|
|
|
|
1. (1h) Theory: GPOs, inheritance, filtering, LSDOU order
|
|
2. (1h45) Hands-on: create three GPOs, verify on a client
|
|
3. (15 min) Best practices: don't overload Default Domain Policy
|
|
|
|
Material: `04-gpo.md`.
|
|
|
|
### Session 4 — Shared resources (3h)
|
|
|
|
1. (45 min) Theory: SMB, NTFS, share vs NTFS permissions
|
|
2. (2h) Hands-on: create shares, ACLs, cross-user tests
|
|
3. (15 min) AGDLP in practice
|
|
|
|
Material: `05-shares-ntfs.md`.
|
|
|
|
### Session 5 — Joining Windows clients (3h)
|
|
|
|
1. (45 min) Theory: Kerberos, secure channel, DNS constraints
|
|
2. (2h) Hands-on: join PC01, log in as AD user, test shares
|
|
3. (15 min) RDP group via GPO
|
|
|
|
Material: `06-join-windows-client.md`.
|
|
|
|
### Session 6 — Cross-OS integration (3h)
|
|
|
|
1. (30 min) Theory: realmd, sssd, Kerberos beyond Windows
|
|
2. (2h) Hands-on: join linux01, authentication tests
|
|
3. (30 min) Outlook: enterprise use cases (Linux servers joined to AD,
|
|
AD-backed ssh/sudo)
|
|
|
|
Material: `07-join-linux-client.md`.
|
|
|
|
## Assessment
|
|
|
|
Three possible formats:
|
|
|
|
1. Multiple-choice: vocabulary and concepts (30 min, 20 questions)
|
|
2. Graded lab: give an OU/group structure to set up, shares with specific
|
|
ACLs, grade via login tests
|
|
3. Mini-project: add a scenario (new department, new GPO) to the existing lab
|
|
|
|
## Solutions
|
|
|
|
Full PowerShell scripts live in `docs/formateur/corriges/`. **Do not
|
|
distribute** to learners.
|