Book description
Working with Microsoft's network directory service for the first time can be a headache for system and network administrators, IT professionals, technical project managers, and programmers alike. This authoritative guide is meant to relieve that pain. Instead of going through the graphical user interface screen by screen, O'Reilly's bestselling Active Directory tells you how to design, manage, and maintain a small, medium, or enterprise Active Directory infrastructure.
Fully updated to cover Active Directory for Windows Server 2003 SP1 and R2, this third edition is full of important updates and corrections. It's perfect for all Active Directory administrators, whether you manage a single server or a global multinational with thousands of servers.
Active Directory, 3rd Edition is divided into three parts. Part I introduces much of how Active Directory works, giving you a thorough grounding in its concepts. Some of the topics include Active Directory replication, the schema, application partitions, group policies, and interaction with DNS. Part II details the issues around properly designing the directory infrastructure. Topics include designing the namespace, creating a site topology, designing group policies for locking down client settings, auditing, permissions, backup and recovery, and a look at Microsoft's future direction with Directory Services. Part III covers how to create and manipulate users, groups, printers, and other objects that you may need in your everyday management of Active Directory.
If you want a book that lays bare the design and management of an enterprise or departmental Active Directory, then look no further. Active Directory, 3rd Edition will quickly earn its place among the books you don't want to be without.
Publisher resources
Table of contents
-
Active Directory, 3rd Edition
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
- A Note Regarding Supplemental Files
- Preface
-
I. Active Directory Basics
- 1. A Brief Introduction
-
2. Active Directory Fundamentals
- 2.1. How Objects Are Stored and Identified
- 2.2. Building Blocks
- 2.3. Summary
- 3. Naming Contexts and Application Partitions
-
4. Active Directory Schema
- 4.1. Structure of the Schema
- 4.2. Attributes (attributeSchema Objects)
- 4.3. Attribute Properties
- 4.4. Classes (classSchema Objects)
- 4.5. Summary
-
5. Site Topology and Replication
- 5.1. Site Topology
-
5.2. Data Replication
- 5.2.1. A Background to Metadata (Data That Governs the Replication Process)
- 5.2.2. How an Object's Metadata Is Modified During Replication
-
5.2.3. The Replication of a Naming Context Between Two Servers
- 5.2.3.1. Step 1: Replication with a partner is initiated
- 5.2.3.2. Step 2: The partner works out what updates to send
- 5.2.3.3. Step 3: The partner sends the updates to the initiating server
- 5.2.3.4. Step 4: The initiating server processes the updates
- 5.2.3.5. Step 5: The initiating server checks whether it is up to date
- 5.2.3.6. Recap
- 5.2.4. How Replication Conflicts Are Reconciled
- 5.3. Summary
-
6. Active Directory and DNS
- 6.1. DNS Fundamentals
- 6.2. DC Locator
- 6.3. Resource Records Used by Active Directory
- 6.4. Delegation Options
- 6.5. Active Directory Integrated DNS
- 6.6. Using Application Partitions for DNS
- 6.7. Summary
- 7. Profiles and Group Policy Primer
-
II. Designing an Active Directory Infrastructure
-
8. Designing the Namespace
- 8.1. The Complexities of a Design
- 8.2. Where to Start
- 8.3. Overview of the Design Process
- 8.4. Domain Namespace Design
- 8.5. Design of the Internal Domain Structure
- 8.6. Other Design Considerations
-
8.7. Design Examples
-
8.7.1. TwoSiteCorp
- 8.7.1.1. Step 1: Set the number of domains
- 8.7.1.2. Step 2: Design and name the tree structure
- 8.7.1.3. Step 3: Design the workstation and server-naming scheme
- 8.7.1.4. Step 4: Design the hierarchy of Organizational Units
- 8.7.1.5. Step 5: Design the users and groups
- 8.7.1.6. Step 6: Design the Global Catalog
- 8.7.1.7. Step 7: Design the application partition structure
- 8.7.1.8. Recap
-
8.7.2. RetailCorp
- 8.7.2.1. Step 1: Identify the number of domains
- 8.7.2.2. Step 2: Design and name the tree structure
- 8.7.2.3. Step 3: Design the workstation and server-naming scheme
- 8.7.2.4. Step 4: Design the hierarchy of Organizational Units
- 8.7.2.5. Step 5: Design the users and groups
- 8.7.2.6. Step 6: Design the Global Catalog
- 8.7.2.7. Step 7: Design the application partition structure
- 8.7.2.8. Recap
-
8.7.3. PetroCorp
- 8.7.3.1. Step 1: Set the number of domains
- 8.7.3.2. Step 2: Design and name the tree structure
- 8.7.3.3. Step 3: Design the workstation and server-naming scheme
- 8.7.3.4. Step 4: Design the hierarchy of Organizational Units
- 8.7.3.5. Step 5: Design the users and groups
- 8.7.3.6. Step 6: Design the Global Catalog
- 8.7.3.7. Step 7: Design the application partition structure
- 8.7.3.8. Recap
-
8.7.1. TwoSiteCorp
- 8.8. Designing for the Real World
- 8.9. Summary
-
9. Creating a Site Topology
- 9.1. Intrasite and Intersite Topologies
-
9.2. Designing Sites and Links for Replication
- 9.2.1. Step 1: Gather Background Data for Your Network
- 9.2.2. Step 2: Design the Sites
- 9.2.3. Step 3: Design the Domain Controller Locations
- 9.2.4. Step 4: Plan Intrasite Replication
- 9.2.5. Step 5: Decide How You Will Use the KCC to Your Advantage
- 9.2.6. Step 6: Create Site Links for Low-Cost, Well-Connected Links
- 9.2.7. Step 7: Create Site Links for Medium-Cost Links
- 9.2.8. Step 8: Create Site Links for High-Cost Links
- 9.2.9. Step 9: Create Site Link Bridges
- 9.2.10. Step 10: Design the Replication Schedule
- 9.3. Examples
- 9.4. Additional Resources
- 9.5. Summary
-
10. Designing Organization-Wide Group Policies
-
10.1. How GPOs Work
- 10.1.1. How GPOs Are Stored in Active Directory
- 10.1.2. How GPOs Are Used in Active Directory
- 10.1.3. Prioritizing the Application of Multiple Policies
- 10.1.4. Standard GPO Inheritance Rules in Organizational Units
- 10.1.5. Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
- 10.1.6. When Policies Apply
- 10.1.7. Local Group Policy Objects
- 10.1.8. How Existing Windows NT 4.0 System Policies Affect GPO Processing
- 10.1.9. When to Use Windows NT System Policies
- 10.1.10. Combating Slowdown Due to GPOs
- 10.1.11. The Power of Access Control Lists on Group Policy Objects
- 10.1.12. Loopback Merge Mode and Loopback Replace Mode
- 10.1.13. WMI Filtering in Windows Server 2003
- 10.1.14. How GPOs Work Across RAS and Slow Links
- 10.1.15. Summary of Policy Options
- 10.2. Managing Group Policies
- 10.3. Using GPOs to Help Design the Organizational Unit Structure
- 10.4. Debugging Group Policies
- 10.5. Summary
-
10.1. How GPOs Work
-
11. Active Directory Security: Permissions and Auditing
- 11.1. Permission Basics
- 11.2. Using the GUI to Examine Permissions
- 11.3. Using the GUI to Examine Auditing
-
11.4. Designing Permission Schemes
-
11.4.1. The Five Golden Rules of Permissions Design
- 11.4.1.1. Rule 1: Apply permissions to groups whenever possible
- 11.4.1.2. Rule 2: Design group permissions so that you have minimum duplication
- 11.4.1.3. Rule 3: Manage Advanced permissions only when absolutely necessary
- 11.4.1.4. Rule 4: Allow inheritance; do not protect sections of the domain tree from inheritance
- 11.4.1.5. Rule 5: Keep a log of unusual changes
- 11.4.2. How to Plan Permissions
- 11.4.3. Bringing Order out of Chaos
-
11.4.1. The Five Golden Rules of Permissions Design
- 11.5. Designing Auditing Schemes
- 11.6. Real-World Examples
- 11.7. Summary
- 12. Designing and Implementing Schema Extensions
- 13. Backup, Recovery, and Maintenance
- 14. Upgrading to Windows Server 2003
- 15. Upgrading to Windows Server 2003 R2
- 16. Migrating from Windows NT
- 17. Integrating Microsoft Exchange
-
18. Active Directory Application Mode (ADAM)
- 18.1. ADAM Terms
-
18.2. Differences Between AD and ADAM V1.0
- 18.2.1. Standalone Application Service
- 18.2.2. Configurable LDAP Ports
- 18.2.3. No SRV Records
- 18.2.4. No Global Catalog
- 18.2.5. Top-Level Application Partition Object Classes
- 18.2.6. Group and User Scope
- 18.2.7. FSMOs
- 18.2.8. Schema
- 18.2.9. Service Account
- 18.2.10. Configuration/Schema Partition Names
- 18.2.11. Default Directory Security
- 18.2.12. User Principal Names
- 18.2.13. Authentication
- 18.3. ADAM R2 Updates
- 18.4. ADAM R2 Installation
- 18.5. Tools
- 18.6. ADAM Schema
-
18.7. Using ADAM
- 18.7.1. Creating Application Partitions
- 18.7.2. Creating Containers
- 18.7.3. Creating Users
- 18.7.4. Creating User Proxies
- 18.7.5. Renaming Users
- 18.7.6. Creating Groups
- 18.7.7. Adding Members to Groups
- 18.7.8. Removing Members from Groups
- 18.7.9. Deleting Objects
- 18.7.10. Deleting Application Partitions
- 18.8. Summary
- 19. Interoperability, Integration, and Future Direction
-
8. Designing the Namespace
-
III. Scripting Active Directory with ADSI, ADO, and WMI
- 20. Scripting with ADSI
-
21. IADs and the Property Cache
- 21.1. The IADs Properties
- 21.2. Manipulating the Property Cache
- 21.3. Checking for Errors in VBScript
- 21.4. Summary
-
22. Using ADO for Searching
-
22.1. The First Search
- 22.1.1. Step 1: Define the Constants and Variables
- 22.1.2. Step 2: Establish an ADO Database Connection
- 22.1.3. Step 3: Open the ADO Connection
- 22.1.4. Step 4: Execute the Query
- 22.1.5. Step 5: Navigate Through the Resultset
- 22.1.6. Step 6: Close the ADO Connection
- 22.1.7. The Entire Script for a Simple Search
- 22.2. Other Ways of Connecting and Retrieving Results
- 22.3. Understanding Search Filters
- 22.4. Optimizing Searches
- 22.5. Advanced Search Function: SearchAD
- 22.6. Summary
-
22.1. The First Search
- 23. Users and Groups
-
24. Basic Exchange Tasks
- 24.1. Notes on Managing Exchange
- 24.2. Exchange Management Tools
- 24.3. Mail-Enabling Versus Mailbox-Enabling
- 24.4. Exchange Delegation
- 24.5. Mail-Enabling a User
- 24.6. Mail-Disabling a User
- 24.7. Creating and Mail-Enabling a Contact
- 24.8. Mail-Disabling a Contact
- 24.9. Mail-Enabling a Group (Distribution List)
- 24.10. Mail-Disabling a Group
- 24.11. Mailbox-Enabling a User
- 24.12. Mailbox-Disabling a User (Mailbox Deletion)
- 24.13. Purging a Disconnected Mailbox
- 24.14. Reconnecting a Disconnected Mailbox
- 24.15. Moving a Mailbox
- 24.16. Enumerating Disconnected Mailboxes
- 24.17. Viewing Mailbox Sizes and Message Counts
- 24.18. Viewing All Store Details of All Mailboxes on a Server
- 24.19. Dumping All Store Details of All Mailboxes on All Servers in Exchange Org
- 24.20. Summary
-
25. Shares and Print Queues
- 25.1. The Interface Methods and Properties
- 25.2. Creating and Manipulating Shares with ADSI
- 25.3. Enumerating Sessions and Resources
- 25.4. Manipulating Print Queues and Print Jobs
- 25.5. Summary
- 26. Permissions and Auditing
-
27. Extending the Schema and the Active Directory Snap-ins
-
27.1. Modifying the Schema with ADSI
- 27.1.1. IADsClass and IADsProperty
- 27.1.2. Creating the Mycorp-LanguagesSpoken Attribute
- 27.1.3. Creating the FinanceUser class
- 27.1.4. Finding the Schema Container and Schema FSMO
- 27.1.5. Transferring the Schema FSMO Role
- 27.1.6. Forcing a Reload of the Schema Cache
- 27.1.7. Finding Which Attributes Are in the GC for an Object
- 27.1.8. Adding an Attribute to the GC
- 27.2. Customizing the Active Directory Administrative Snap-ins
- 27.3. Summary
-
27.1. Modifying the Schema with ADSI
-
28. Using ADSI and ADO from ASP or VB
- 28.1. VBScript Limitations and Solutions
- 28.2. How to Avoid Problems When Using ADSI and ASP
- 28.3. Combining VBScript and HTML
- 28.4. Binding to Objects via Authentication
- 28.5. Incorporating Searches into ASP
- 28.6. Migrating Your ADSI Scripts from VBScript to VB
- 28.7. Summary
- 29. Scripting with WMI
- 30. Manipulating DNS
- 31. Getting Started with VB.NET and System.Directory Services
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
Product information
- Title: Active Directory, 3rd Edition
- Author(s):
- Release date: January 2006
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9780596553609
You might also like
book
Active Directory, 4th Edition
To help you take full advantage of Active Directory, this fourth edition of this bestselling book …
book
Active Directory, Second Edition
When Microsoft introduced Windows 2000, the most important change was the inclusion of Active Directory. With …
book
Active Directory Administration Cookbook - Second Edition
Simplified actionable recipes for managing Active Directory and Azure AD, as well as Azure AD Connect, …
book
Active Directory Cookbook
Those of you who run networks on Windows 2000 know the benefits of using Active Directory …