In 1998, when Robbie first became involved with the Microsoft Windows 2000 Joint Development Program (JDP), very little data was available on Active Directory (AD). In the following months, and even after the initial release of Windows 2000, there were very few books or white papers to help early adopters of Active Directory get started. And some of the information that had been published was often inaccurate or misleading. Many early adopters had to learn by trial and error. As time passed, a greater number of informative books were published, which helped fill the information gap.
By the end of the second year of its release, there was an explosion of information on Active Directory. Not only were there more than 50 books published, but Microsoft also cleaned up its documentation on MSDN and its AD website. Now those sites have numerous white papers, many of which could serve as mini booklets. Other websites have popped up as well that contain a great deal of information on Active Directory. With Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, Microsoft has taken its level of documentation a step further. Extensive information on Active Directory is available directly from any Windows Server 2008 or 2012 computer in the form of the built-in help information. So, with all this data available on Active Directory in the form of published books, white papers, websites, and even from within the operating system, why would you want to purchase this book?
In the summer of 2002, Robbie was thumbing through Tom Christiansen and Nathan Torkington’s Perl Cookbook (O’Reilly), looking for help with an automation script that he was writing for Active Directory. It just so happened that there was a recipe that addressed the specific task he was trying to perform. In Cookbook parlance, a recipe provides instructions on how to solve a particular problem. We thought that since Active Directory is such a task-oriented environment, the Cookbook approach might be a very good format. After a little research, Robbie found there were books (often several) on nearly every facet of Active Directory, including introductory books, design guides, books that focused on migration, programming books, and reference books. The one type of book that he didn’t see was a task-oriented “how to” book, which is exactly what the Cookbook format provides. With this was born the first edition of Active Directory Cookbook, covering Active Directory tasks in Windows 2000 and Windows Server 2003 Active Directory.
In 2005 and again in 2008, Laura E. Hunter revised the already popular Active Directory Cookbook to include an updated range of automation options, including the use of command-line tools and scripts that had been created by active members of the Directory Services community in the years since AD was first introduced.
Based on our experience, hours of research, and nearly a decade of hanging out on Active Directory newsgroups and mailing lists, we’ve compiled more than 500 recipes that should answer the majority of “How do I do X?” questions one could pose about Active Directory. And just as in the Perl community, where the Perl Cookbook was a great addition, we believe Active Directory Cookbook, Fourth Edition, will also be a great addition to any Active Directory library.
As with many of the books in the Cookbook series, Active Directory Cookbook, Fourth Edition, can be useful to anyone who wants to deploy, administer, or automate Active Directory. This book can serve as a great reference for those who have to work with Active Directory on a day-to-day basis. For those without much programming background, the command-line and PowerShell solutions are straightforward and provide an easy way to automate repetitive administrative tasks for any administrator.
The companion to this book, Active Directory, Fifth Edition, by Brian Desmond et al. (O’Reilly), is a great choice for those wanting a thorough description of the core concepts behind Active Directory, how to design an Active Directory infrastructure, and how to automate that infrastructure using Active Directory Service Interfaces (ADSI) and Windows Management Instrumentation (WMI). Active Directory, Fifth Edition, does not necessarily detail the steps needed to accomplish every possible task within Active Directory; that is more the intended purpose of this book. These two books, along with the supplemental information referenced within each, should be sufficient to answer most questions you have about Active Directory.
This book consists of 21 chapters. Here is a brief overview of each chapter:
- Chapter 1, Getting Started
Sets the stage for the book by covering where you can find the tools used in the book, PowerShell issues to consider, and where to find additional information.
- Chapter 2, Forests, Domains, and Trusts
Covers how to create and remove forests and domains, update the domain mode or functional levels, create different types of trusts, and perform other administrative trust tasks.
- Chapter 3, Domain Controllers, Global Catalogs, and FSMOs
Covers promoting and demoting domain controllers, finding domain controllers, enabling the global catalog, and finding and managing Flexible Single Master Operation (FSMO) roles.
- Chapter 4, Searching and Manipulating Objects
Covers the basics of searching Active Directory: creating, modifying, and deleting objects; using LDAP controls; and importing and exporting data using LDAP Data Interchange Format (LDIF) and comma-separated value (CSV) files.
- Chapter 5, Organizational Units
Covers creating, moving, and deleting organizational units (OUs), and managing the objects contained within them.
- Chapter 6, Users
Covers all aspects of managing user objects, including creating, renaming, and moving user objects, resetting passwords, unlocking and modifying the profile attributes, and locating users that have certain criteria (e.g., password is about to expire).
- Chapter 7, Groups
Covers how to create groups, modify group scope and type, and manage membership.
- Chapter 8, Computer Objects
Covers creating computers, joining computers to a domain, resetting computers, and locating computers that match certain criteria (e.g., have been inactive for a number of weeks).
- Chapter 9, Group Policy Objects
Covers how to create, modify, link, copy, import, back up, restore, and delete GPOs using the Group Policy Management snap-in and scripting interface.
- Chapter 10, Schema
Covers basic schema administration tasks, such as generating object identifiers (OIDs) and
schemaIDGUIDs, how to use LDIF to extend the schema, and how to locate attributes or classes that match certain criteria (e.g., all attributes that are indexed).- Chapter 11, Site Topology
Covers how to manage sites, subnets, site links, and connection objects.
- Chapter 12, Replication
Covers how to trigger and disable the Knowledge Consistency Checker (KCC), and how to query metadata, force replication, and determine which changes have yet to replicate between domain controllers.
- Chapter 13, DNS and DHCP
Covers how to create zones and resource records, modify DNS server configuration, query DNS, and customize the resource records a domain controller dynamically registers.
- Chapter 14, Security and Authentication
Covers how to delegate control, view and modify permissions, view effective permissions, and manage Kerberos tickets.
- Chapter 15, Logging, Monitoring, and Quotas
Covers how to enable auditing, diagnostics, DNS, NetLogon, and Kerberos and GPO logging; obtain LDAP query statistics; and manage quotas.
- Chapter 16, Backup, Recovery, DIT Maintenance, and Deleted Objects
Covers how to back up Active Directory, perform authoritative and nonauthoritative restores, check DIT file integrity, perform online and offline defrags, and search for deleted objects.
- Chapter 17, Application Partitions
Covers how to create and manage application partitions.
- Chapter 18, Active Directory Lightweight Directory Service
Covers application partitions including Active Directory Lightweight Directory Services (AD LDS).
- Chapter 19, Active Directory Federation Services
Covers Active Directory Federation Services (AD FS) that are included with Windows Server 2012.
- Chapter 20, Microsoft Exchange Server 2013
Covers common administrative tasks for Exchange Server 2013.
- Chapter 21, Microsoft Forefront Identity Manager
Provides an introduction to Microsoft’s Forefront Identity Manager (FIM), a service that can be used to synchronize multiple directories, enforce data integrity within a single or multiple stores, and provide self-service password reset for end users.
The following typographical conventions are used in this book:
Constant widthIndicates classes, attributes, cmdlets, methods, objects, command-line elements, computer output, and code examples
Constant width italicIndicates placeholders (for which you substitute an actual name) in examples and in registry keys
Constant width boldIndicates user input
- Italic
Introduces new terms and example URLs, commands, file extensions, filenames, directory or folder names, and UNC pathnames
Note
This icon indicates a tip, suggestion, or general note. For example, we’ll tell you if you need to use a particular version or if an operation requires certain privileges.
Warning
This icon indicates a warning or caution. For example, we’ll tell you if Active Directory does not behave as you’d expect or if a particular operation has a negative impact on performance.
This book is here to help you get your job done. In general, if this book includes code examples, you may use the code in this book in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission.
We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: Active Directory Cookbook, Fourth Edition, by Brian Svidergol and Robbie Allen. Copyright 2013 O’Reilly Media, Inc., 978-1-449-36142-6.
If you feel your use of code examples falls outside fair use or the permission given here, feel free to contact us at permissions@oreilly.com.
Note
Safari Books Online (www.safaribooksonline.com) is an on-demand digital library that delivers expert content in both book and video form from the world’s leading authors in technology and business.
Technology professionals, software developers, web designers, and business and creative professionals use Safari Books Online as their primary resource for research, problem solving, learning, and certification training.
Safari Books Online offers a range of product mixes and pricing programs for organizations, government agencies, and individuals. Subscribers have access to thousands of books, training videos, and prepublication manuscripts in one fully searchable database from publishers like O’Reilly Media, Prentice Hall Professional, Addison-Wesley Professional, Microsoft Press, Sams, Que, Peachpit Press, Focal Press, Cisco Press, John Wiley & Sons, Syngress, Morgan Kaufmann, IBM Redbooks, Packt, Adobe Press, FT Press, Apress, Manning, New Riders, McGraw-Hill, Jones & Bartlett, Course Technology, and dozens more. For more information about Safari Books Online, please visit us online.
Please address comments and questions concerning this book to the publisher:
| O’Reilly Media, Inc. |
| 1005 Gravenstein Highway North |
| Sebastopol, CA 95472 |
| 800-998-9938 (in the United States or Canada) |
| 707-829-0515 (international or local) |
| 707-829-0104 (fax) |
We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at http://oreil.ly/active_directory_cb_4.
To comment or ask technical questions about this book, send email to bookquestions@oreilly.com.
For more information about our books, courses, conferences, and news, see our website at http://www.oreilly.com.
Find us on Facebook: http://facebook.com/oreilly
Follow us on Twitter: http://twitter.com/oreillymedia
Watch us on YouTube: http://www.youtube.com/oreillymedia
First, let me thank the authors of the original editions—Robbie and Laura—as without you guys, my job of updating the book for the Fourth Edition would not have been possible! Thankfully, I was able to start with a fantastic and well-regarded book!
Everybody from O’Reilly has been great. Special thanks go to Rachel Roumeliotis and Maria Gulick for being easy to work with and helping to move this project along. They were able to recruit some fantastic technical reviewers. Mike Kline (Directory Services MVP) provided great practical feedback to bring real-world thinking into every chapter. I really appreciated his way of looking at the solutions from an administrator’s perspective because it helped to ensure that the solutions were real-world and that the solutions involved the tools that the typical administrator uses. While I hadn’t worked with Mike before, I was familiar with his extensive work in the community. The other reviewer was Marcin Policht (Directory Services MVP). I’ve worked with Marcin on quite a few projects in the past and knew that he would be a valuable addition to the team. His technical depth and his attention to detail are really incredible, and it showed in his chapter reviews. Thanks, Mike and Marcin—without you guys, the overall quality of this edition wouldn’t have been possible!
Other people contributed in other ways. To Ken Jones, thanks for the party invite; without it, this project never would’ve come to fruition! By the way, Ken, I still often think back to our first meeting. There were eight SMEs in the room; you were running the show for the first time. The room was loud and everybody was shouting out instructions like backseat drivers. You showed incredible poise in that situation! Charles Pluta was my number-one resource when I needed anything. Charles, keep doing what you are doing and you will go far! Thanks to Elias Mereb—Elias gave me extra motivation a few years ago and that has helped to fuel me ever since. Evan Hanna—if there was something strange or unknown, he was always the man to go to. Jonathan Hopp was there for me even when he didn’t want to be! Of course, I also have to thank my wife, Lindsay, and my son, Jack, for putting up with me working seven days and seven nights a week juggling multiple projects. We can now get back to our regularly scheduled programming!
Get Active Directory Cookbook, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
