You are previewing Active Directory® Administrator's Pocket Consultant.
O'Reilly logo
Active Directory® Administrator's Pocket Consultant

Book Description

Portable and precise, this pocket-sized guide delivers immediate answers for the day-to-day administration of Active Directory in Windows Server 2008. Zero in on core support and maintenance tasks using quick-reference tables, instructions, and lists. You ll get the focused information you need to solve problems and get the job done whether at your desk or in the field! Get fast facts to: Install forests, domain trees, and child domains Add and remove writable domain controllers and deploy read-only controllers Configure, maintain, and troubleshoot global catalog servers Maintain directory and data integrity using operations masters Evaluate sites, subnets, and replication before expanding a network Establish a trust relationship between domains and between forests Maintain and recover Active Directory Domain Services Employ essential command-line utilities

Table of Contents

  1. Active Directory®: Administrator’s Pocket Consultant
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. Acknowledgments
    3. Introduction
      1. Who Is This Book For?
      2. How Is This Book Organized?
      3. Conventions Used in This Book
      4. Find Additional Content Online
      5. Support
    4. I. Implementing Active Directory
      1. 1. Overview of Active Directory
        1. Understanding Directory Services
        2. Introducing Active Directory
          1. Active Directory Domains
          2. DNS Domains
          3. Domain Controllers
        3. Active Directory Objects
          1. Active Directory Schema
          2. Active Directory Components
            1. Physical Components
            2. Logical Components
            3. Domains
            4. Trees
            5. Forests
            6. Organizational Units
        4. Managing Active Directory
          1. Working with Active Directory
          2. Active Directory Administration Tools
            1. Graphical Administration Tools
            2. Command-Line Tools
      2. 2. Installing New Forests, Domain Trees, and Child Domains
        1. Preparing for Active Directory Installation
          1. Working with Directory Containers and Partitions
          2. Establishing or Modifying Your Directory Infrastructure
          3. Establishing Functional Levels
          4. Deploying Windows Server 2008
        2. Creating Forests, Domain Trees, and Child Domains
          1. Installing the AD DS Binaries
          2. Creating New Forests
          3. Creating New Domain Trees
          4. Creating New Child Domains
      3. 3. Deploying Writable Domain Controllers
        1. Preparing to Deploy or Decommission Domain Controllers
        2. Adding Writable Domain Controllers
          1. Installing Additional Writable Domain Controllers
          2. Adding Writable Domain Controllers Using Replication
          3. Adding Writable Domain Controllers Using Installation Media
          4. Adding Writable Domain Controllers Using Answer Files or the Command Line
        3. Decommissioning Domain Controllers
          1. Preparing to Remove Domain Controllers
            1. Global catalog server
            2. Bridgehead server
            3. Operations master
          2. Removing Additional Domain Controllers
          3. Removing the Last Domain Controller
          4. Removing Domain Controllers Using Answer Files or the Command Line
        4. Forcing the Removal of Domain Controllers
          1. Restarting a Domain Controller in Directory Services Restore Mode
          2. Performing Forced Removal of Domain Controllers
          3. Cleaning Up Metadata in the Active Directory Forest
            1. Cleaning Up Server Metadata
            2. Confirming Removal of Deleted Server Objects
      4. 4. Deploying Read-Only Domain Controllers
        1. Preparing to Deploy Read-Only Domain Controllers
        2. Adding RODCs to Domains
          1. Adding RODCs Using Replication
          2. Adding RODCs Using Answer Files or the Command Line
        3. Using Staged Installations
          1. Stage 1: Creating the RODC Account and Preparing for Installation
          2. Stage 2: Attaching the RODC and Finalizing Installation
          3. Performing Staged Installations Using the Command Line or Answer Files
            1. Performing Stage 1: Creating the RODC Account
            2. Performing Stage 2: Attaching the RODC
        4. Decommissioning RODCs
        5. Setting Password Replication Policy
          1. Password Replication Policy Essentials
          2. Allowing and Denying Accounts
          3. Managing Credentials on RODCs
          4. Identifying Allowed or Denied Accounts
          5. Resetting Credentials
          6. Delegating Administrative Permissions
    5. II. Managing Active Directory Infrastructure
      1. 5. Configuring, Maintaining, and Troubleshooting Global Catalog Servers
        1. Working with Global Catalog Servers
        2. Deploying Global Catalog Servers
          1. Adding Global Catalog Servers
          2. Monitoring and Verifying Global Catalog Promotion
          3. Identifying Global Catalog Servers
          4. Restoring Global Catalog Servers
          5. Removing Global Catalog Servers
          6. Controlling SRV Record Registration
        3. Managing and Maintaining Universal Group Membership Caching
          1. Universal Group Membership Caching Essentials
          2. Enabling Universal Group Membership Caching
          3. Monitoring and Troubleshooting Universal Group Membership Caching
        4. Managing and Maintaining Replication Attributes
          1. Understanding Global Catalog Search and the Partial Attribute Set
          2. Designating Replication Attributes
          3. Monitoring and Troubleshooting Replication Attributes
        5. Managing and Maintaining Name Suffixes
          1. Configuring User Principal Name Suffixes
          2. Configuring Name Suffix Routing
      2. 6. Configuring, Maintaining, and Troubleshooting Operations Masters
        1. Operations Master Essentials
          1. Introducing Operations Masters
          2. Identifying Operations Masters
          3. Planning for Operations Masters
          4. Changing Operations Masters
        2. Working with Operations Masters
          1. Managing Domain Naming Masters
          2. Managing Infrastructure Masters
          3. Managing PDC Emulators
          4. Managing Relative ID Masters
          5. Managing Schema Masters
        3. Maintaining Operations Masters
          1. Preparing Standby Operations Masters
          2. Decommissioning Operations Masters
          3. Reducing Operations Master Workload
          4. Seizing Operations Master Roles
            1. Preparing to Seize Operations Master Roles
            2. Seizing Operations Master Roles
          5. Troubleshooting Operations Masters
      3. 7. Managing Active Directory Sites, Subnets, and Replication
        1. Implementing Sites and Subnets
          1. Working with Sites
          2. Setting Site Boundaries
        2. Replication Essentials
          1. The Replication Model
          2. Replication with Multiple Sites
          3. SYSVOL Replication
          4. Essential Services for Replication
        3. Intrasite Versus Intersite Replication
          1. Intrasite Replication
          2. Intersite Replication
        4. Developing Your Site Design
          1. Mapping Your Network Structure
          2. Designing Your Sites
          3. Designing Your Intersite Replication Topology
        5. Configuring Sites and Subnets
          1. Creating Sites
          2. Creating Subnets
          3. Adding Domain Controllers to Sites
          4. Ensuring Clients Find Domain Controllers
        6. Configuring Site Links and Intersite Replication
          1. Understanding Site Links
          2. Creating Site Links
          3. Configuring Link Replication Schedules
          4. Bridging Sites
          5. Locating and Designating Bridgehead Servers
          6. Locating ISTGs
          7. Optimizing Site Link Configurations
        7. Monitoring, Verifying, and Troubleshooting Replication
          1. Monitoring Replication
          2. Troubleshooting Replication
          3. Generating Replication Topology
          4. Verifying and Forcing Replication
    6. III. Maintaining and Recovering Active Directory
      1. 8. Managing Trusts and Authentication
        1. Active Directory Authentication and Trusts
          1. Trust Essentials
          2. Authentication Essentials
          3. Authentication Across Domain Boundaries
          4. Authentication Across Forest Boundaries
        2. Working with Domain and Forest Trusts
          1. Examining Trusts
          2. Establishing Trusts
          3. Creating External Trusts
            1. Creating a One-Way Incoming External Trust
            2. Creating a One-Way Outgoing External Trust
            3. Creating a Two-Way External Trust
          4. Creating Shortcut Trusts
            1. Creating a One-Way Incoming Shortcut Trust
            2. Creating a One-Way Outgoing Shortcut Trust
            3. Creating a Two-Way Shortcut Trust
          5. Creating Forest Trusts
            1. Creating a One-Way Incoming Forest Trust
            2. Creating a One-Way Outgoing Forest Trust
            3. Creating a Two-Way Forest Trust
          6. Creating Realm Trusts
            1. Creating a One-Way Incoming Realm Trust
            2. Creating a One-Way Outgoing Realm Trust
            3. Creating a Two-Way Realm Trust
          7. Removing Manually Created Trusts
          8. Verifying and Troubleshooting Trusts
        3. Configuring Selective Authentication
          1. Enabling or Disabling Selective Authentication for External Trusts
          2. Enabling or Disabling Selective Authentication for Forest Trusts
          3. Granting the Allowed To Authenticate Permission
      2. 9. Maintaining and Recovering Active Directory
        1. Protecting Objects from Accidental Deletion
        2. Starting and Stopping Active Directory Domain Services
        3. Setting the Functional Level of Domains and Forests
        4. Configuring Deleted Item Retention
        5. Configuring the Windows Time Service
          1. Understanding Windows Time
          2. Working with W32tm
          3. Checking the Windows Time Configuration
          4. Configuring an Authoritative Time Source
          5. Troubleshooting Windows Time Services
          6. Configuring Windows Time Settings in Group Policy
        6. Backing Up and Recovering Active Directory
          1. Active Directory Backup and Recovery Essentials
          2. Backing Up and Restoring the System State
          3. Performing a Nonauthoritative Restore of Active Directory
          4. Performing an Authoritative Restore of Active Directory
          5. Restoring Sysvol Data
          6. Recovering by Installing a New Domain Controller
        7. Maintaining the Directory Database
          1. Understanding Directory Database Operations
          2. Checking for Free Space in the Directory Database
          3. Performing Offline Defragmentation
          4. Moving the Directory Database
    7. A. Active Directory Utilities Reference
      1. DCDIAG
      2. DCGPOFIX
      3. DISKPART
      4. DSADD COMPUTER
      5. DSADD GROUP
      6. DSADD USER
      7. DSGET COMPUTER
      8. DSGET GROUP
      9. DSGET SERVER
      10. DSGET USER
      11. DSMGMT
      12. DSMOD COMPUTER
      13. DSMOD GROUP
      14. DSMOD SERVER
      15. DSMOD USER
      16. DSMOVE
      17. DSQUERY COMPUTER
      18. DSQUERY CONTACT
      19. DSQUERY GROUP
      20. DSQUERY PARTITION
      21. DSQUERY QUOTA
      22. DSQUERY SERVER
      23. DSQUERY SITE
      24. DSQUERY USER
      25. DSQUERY *
      26. DSRM
      27. ESENTUTL
      28. GET-EVENTLOG
      29. GET-PROCESS
      30. GET-SERVICE
      31. GPUPDATE
      32. IPCONFIG
      33. NET ACCOUNTS
      34. NET COMPUTER
      35. NET CONFIG SERVER
      36. NET CONFIG WORKSTATION
      37. NET CONTINUE
      38. NET FILE
      39. NET GROUP
      40. NET LOCALGROUP
      41. NET PAUSE
      42. NET PRINT
      43. NET SESSION
      44. NET SHARE
      45. NET START
      46. NET STATISTICS
      47. NET STOP
      48. NET TIME
      49. NET USE
      50. NET USER
      51. NET VIEW
      52. NETDOM ADD
      53. NETDOM COMPUTERNAME
      54. NETDOM JOIN
      55. NETDOM MOVE
      56. NETDOM MOVENT4BDC
      57. NETDOM QUERY
      58. NETDOM REMOVE
      59. NETDOM RENAMECOMPUTER
      60. NETDOM RESETPWD
      61. NETDOM RESET
      62. NETDOM TRUST
      63. NETDOM VERIFY
      64. NETSH
      65. NSLOOKUP
      66. PATH PING
      67. PING
      68. ROUTE
      69. SC CONFIG
      70. SC CONTINUE
      71. SC FAILURE
      72. SC PAUSE
      73. SC QC
      74. SC QFAILURE
      75. SC QUERY
      76. SC START
      77. SC STOP
      78. SCHTASKS /CHANGE
      79. SCHTASKS /CREATE
      80. SCHTASKS /DELETE
      81. SCHTASKS /END
      82. SCHTASKS /QUERY
      83. SCHTASKS /RUN
      84. SERVERMANAGERCMD
      85. SET
      86. SET-SERVICE
      87. SHUTDOWN
      88. STOP-PROCESS
      89. STOP-SERVICE
      90. SYSTEMINFO
      91. TASKKILL
      92. TASKLIST
      93. TRACERPT
      94. TRACERT
      95. WBADMIN
    8. B. About the Author
    9. Index
    10. SPECIAL OFFER: Upgrade this ebook with O’Reilly