Active Directory® for Microsoft® Windows® Server 2003 Technical Reference

Book description

The in-depth technical reference for network architects and administrators implementing Active Directory® for Windows® Server 2003. Understand advanced design and deployment issues and learn the best ways to enhance network performance and productivity.

Table of contents

  1. Active Directory® for Microsoft® Windows® Server 2003 Technical Reference
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. Tables
    3. Acknowledgments
      1. Stan Reimer
      2. Mike Mulcare
    4. Introduction
      1. How This Book Is Structured
      2. Conventions Used in This Book
    5. I. Windows Server 2003 Active Directory Overview
      1. 1. Active Directory Concepts
        1. The Evolution of Microsoft Directory Services
          1. LAN Manager for OS/2 and MS-DOS
          2. Windows NT and SAM
          3. Windows 2000 and Active Directory
          4. Windows Server 2003 Domains and Active Directory
        2. Active Directory Open Standards
          1. X.500 Hierarchies
          2. Lightweight Directory Access Protocol (LDAP)
        3. Key Features and Benefits of Active Directory
          1. Centralized Directory
          2. Single Sign-On
          3. Delegated Administration
          4. Common Management Interface
          5. Integrated Security
          6. Scalability
        4. What’s New in Windows Server 2003 Active Directory
          1. Active Directory Users And Computers Improvements
          2. Levels of Functionality
          3. Domain Rename
          4. Application Directory Partitions
          5. Additional Domain Controller Installed from Backup Media
          6. Deactivation of Schema Objects
          7. Disabling Compression of Replication Traffic Between Different Sites
          8. Global Catalog Not Required for Logon
          9. Group Membership Replication Improvements
          10. Object Picker UI Improvements
          11. Lingering Object Removal Mechanism
          12. inetOrgPerson Support
        5. Summary
      2. 2. Active Directory Components
        1. Active Directory Physical Structure
          1. The Directory Data Store
          2. Domain Controllers
          3. Global Catalog Servers
          4. Operations Masters
            1. Schema Master
            2. Domain Naming Master
            3. RID Master
            4. PDC Emulator
            5. Infrastructure Master
          5. Transferring Operations Master Roles
          6. The Schema
            1. Schema Components
            2. Modifying the Schema
            3. Deactivating Schema Objects
        2. Active Directory Logical Structure
          1. Active Directory Partitions
            1. Domain Directory Partition
            2. Configuration Directory Partition
            3. Schema Directory Partition
            4. Global Catalog Partition
            5. Application Directory Partitions
          2. Domains
          3. Domain Trees
          4. Forests
          5. Trusts
            1. Transitive Trusts
            2. One-Way Trusts
            3. Forest Trusts
            4. Realm Trusts
          6. Sites
          7. Organizational Units
            1. Using OUs to Delegate Administrative Rights
            2. Using OUs to Administer Groups of Objects
        3. Summary
      3. 3. Active Directory and Domain Name System
        1. DNS Overview
          1. Hierarchical Namespace
          2. Distributed Database
          3. Name Resolution Process
          4. Resource Records
          5. DNS Domains, Zones, and Servers
            1. Domains Versus Zones
            2. Primary Name Servers
            3. Secondary Name Servers
            4. Caching-Only Name Servers
            5. Zones of Authority
            6. Delegated Zones
            7. Forwarders and Root Hints
            8. Dynamic DNS
        2. DNS and Windows Server 2003 Active Directory
          1. DNS Locator Service
            1. DNS Resource Records Registered by the Active Directory Domain Controller
            2. Active Directory Domain Controller Location Process
          2. Active Directory Integrated Zones
          3. DNS Enhancements
            1. Conditional Forwarding
            2. Stub Zones
            3. Application Directory Partitions
        3. Summary
      4. 4. Active Directory Replication and Sites
        1. Active Directory Replication Model
        2. Replication Enhancements in Windows Server 2003 Active Directory
        3. Intrasite and Intersite Replication
          1. Intrasite Replication
          2. Intersite Replication
          3. Replication Latency
          4. Urgent Replication
        4. Replication Topology Generation
          1. Knowledge Consistency Checker
          2. Connection Objects
            1. Modifying a Connection Object Created by KCC
            2. Creating a New Connection Object
          3. Intrasite Replication Topology
          4. Global Catalog Replication
          5. Intersite Replication Topology
        5. Replication Process
          1. Update Types
          2. Replicating Changes
            1. Update Sequence Numbers
            2. High-Watermark Values
            3. Up-To-Dateness Vectors and Propagation Dampening
            4. Change Stamps and Conflict Resolution
            5. Replicating Object Deletions
        6. Configuring Intersite Replication
          1. Creating Additional Sites
          2. Site Links
          3. Site Link Bridges
          4. Replication Transport Protocols
          5. Configuring Bridgehead Servers
        7. Monitoring and Troubleshooting Replication
        8. Summary
    6. II. Implementing Windows Server 2003 Active Directory
      1. 5. Designing the Active Directory Structure
        1. Designing the Forest Structure
          1. Forests and Active Directory Design
          2. Single or Multiple Forests
          3. Defining Forest Ownership
          4. Forest Change Control Policies
        2. Designing the Domain Structure
          1. Domains and Active Directory Design
          2. Determining the Number of Domains
            1. Choosing a Single Domain
            2. Choosing Multiple Domains
          3. Designing the Forest Root Domain
          4. Designing Domain Hierarchies
          5. Domain Trees and Trusts
          6. Changing the Domain Hierarchy
          7. Defining Domain Ownership
        3. Designing the DNS Infrastructure
          1. Examining the Existing DNS Infrastructure
          2. Namespace Design
            1. Internal and External DNS Namespaces
              1. Using the Same Namespace Internally and Externally
              2. Using a Different Namespace Internally and Externally
            2. Namespace Design Options
            3. Integration with the Current DNS Infrastructure
        4. Designing the Organizational Unit Structure
          1. Organizational Units and Active Directory Design
          2. Designing an OU Structure
            1. OU Design Based on Delegation of Administration
            2. OU Design Based on Group Policy Design
          3. Creating an OU Design
        5. Designing the Site Topology
          1. Sites and Active Directory Design
          2. Networking Infrastructure and Site Design
          3. Creating a Site Design
          4. Designing Server Locations
            1. Locating DNS Servers
            2. Locating Domain Controllers
            3. Locating Global Catalog Servers
            4. Locating Operations Master Servers
        6. Summary
      2. 6. Installing Active Directory
        1. Prerequisites for Installing Active Directory
          1. Hard Disk
          2. Network Connectivity
          3. DNS
          4. Administrative Permissions
        2. Active Directory Installation Options
          1. Configure Your Server Wizard
          2. Active Directory Installation Wizard (Dcpromo.exe)
          3. Unattended Installation
        3. Using the Configure Your Server Wizard
        4. Using the Active Directory Installation Wizard
          1. Operating System Compatibility
          2. Domain and Domain Controller Types
          3. Naming the Domain
          4. File Locations
          5. Verify or Install a DNS Server
          6. Selecting Default Permissions for User and Group Objects
          7. Completing the Installation
        5. Performing an Unattended Installation
        6. Installing Active Directory from Restored Backup Files
        7. Removing Active Directory
          1. Removing Additional Domain Controllers
          2. Removing the Last Domain Controller
          3. Unattended Removal of Active Directory
        8. Summary
      3. 7. Migrating to Active Directory
        1. Migration Paths
          1. The Domain Upgrade Migration Path
            1. Windows NT 4 Upgrade
            2. Windows 2000 Server Upgrade
          2. The Domain Restructure Migration Path
            1. Moving vs. Cloning
          3. The Upgrade-Then-Restructure Migration Path
        2. Determining Your Migration Path
          1. Migration Path Decision Criteria
          2. Choosing the Domain Upgrade Path
            1. Satisfaction with Current Domain Model
            2. Risk Tolerance Is Low
            3. Limited Time Available to Complete Migration
            4. Low System Uptime Required
            5. Limited Resources Available
            6. Migration Project Budget Is Small
            7. Server-Based Applications that Won’t Run on Windows Server 2003
          3. Choosing the Domain Restructure Path
            1. Not Satisfied with Current Domain Model
            2. Risk Tolerance Is High
            3. Sufficient Time Available to Complete the Migration
            4. High System Uptime Required
            5. Adequate Resources Available
            6. Unconstrained Migration Project Budget
            7. Server-Based Applications Require Windows NT Server 4 as the NOS
          4. Choosing the Upgrade-Then-Restructure Path
        3. Preparing for Migration to Active Directory
          1. Planning the Migration
            1. Document the Current Environment
            2. Creating the Deployment Script
            3. Designing the Recovery Plan
              1. Recovering from a Failed Domain Upgrade
              2. Recovering from a Failed Domain Restructure
          2. Testing the Migration Plan
          3. Conducting a Pilot Migration
        4. Upgrading the Domain
          1. Upgrading from Windows NT Server 4
            1. Before You Begin
            2. Upgrading the PDC First
              1. Verifying the Upgrade to Active Directory
            3. Upgrading the BDCs
            4. Preventing Domain Controller Overload
            5. Raising the Functional Level
          2. Upgrading from Windows 2000 Server
            1. Preparing the Forest
            2. Preparing the Domain
            3. Upgrading the Domain Controllers
        5. Restructuring the Domain
          1. Creating the Pristine Forest
            1. Raising the Functional Level
            2. Creating the Migration Account
            3. Creating the Trusts
            4. Modifying the Registry
            5. Installing Active Directory Migration Tool
            6. Enabling Auditing in the Target and Source Domains
            7. Modifying Anonymous Access to the Target Domain
          2. Migrating Account Domains
            1. Establishing Trusts
            2. Migrating Global Group Accounts
            3. Migrating User Accounts
            4. Decommissioning the Account Domain
          3. Migrating Resource Domains
            1. Additional Security Requirements
            2. Identifying Service Accounts
            3. Migrating Computer Accounts
            4. Migrating Shared Local Groups
            5. Migrating Service Accounts
            6. Decommissioning the Source Domains
        6. Upgrading then Restructuring
        7. Configuring Interforest Trusts
        8. Summary
    7. III. Administering Windows Server 2003 Active Directory
      1. 8. Active Directory Security
        1. Active Directory Security Basics
          1. Security Principals
          2. Access Control Lists
          3. Access Tokens
          4. Authentication
          5. Authorization
        2. Kerberos Security
          1. Introduction to Kerberos
          2. Kerberos Authentication
          3. Delegation of Authentication
          4. Configuring Kerberos in Windows Server 2003
          5. Integration with Public Key Infrastructure
          6. Integration with Smart Cards
          7. Interoperability with Other Kerberos Systems
        3. NTLM Security
        4. Summary
      2. 9. Delegating the Administration of Active Directory
        1. Active Directory Object Permissions
          1. Standard Permissions
          2. Special Permissions
          3. Permissions Inheritance
          4. Effective Permissions
          5. Ownership of Active Directory Objects
        2. Auditing the Use of Administrative Permissions
        3. Delegating Administrative Tasks
        4. Customized Tools for Delegated Administration
          1. Customizing the Microsoft Management Console
          2. Creating a Taskpad for Administration
        5. Planning for the Delegation of Administration
        6. Summary
      3. 10. Managing Active Directory Objects
        1. Managing Users
          1. User Objects
          2. inetOrgPerson Objects
          3. Contact Accounts
        2. Managing Groups
          1. Group Types
          2. Group Scope
          3. Creating a Security Group Design
        3. Managing Computers
        4. Managing Printer Objects
          1. Publishing Printers in Active Directory
        5. Managing Published Shared Folders
        6. Windows Server 2003 Active Directory Administration Enhancements
        7. Summary
      4. 11. Introduction to Group Policies
        1. Group Policy Overview
        2. Implementing Group Policies
          1. Creating GPOs
          2. Administering Group Policy Objects
          3. Group Policy Inheritance and Application
          4. Modifying the Default Application of Group Policies
            1. Modifying the Inheritance of Group Policies
            2. Filtering Group Policy Application
            3. Applying Group Policies to Users or Computers
            4. Disabling Group Policies
          5. Group Policy Processing
          6. Delegating Administration of GPOs
          7. Implementing Group Policies Between Domains and Forests
        3. Group Policy Management Tools
          1. RSoP Tool
          2. GPResult
          3. GPUpdate
          4. Group Policy Management Console
        4. Group Policy Design
        5. Summary
      5. 12. Using Group Policies to Manage Software
        1. Windows Installer Technology
          1. Creating a .msi file
        2. Deploying Software Using Group Policies
          1. Deploying Applications
          2. Using Group Policies to Distribute Non–Windows Installer Applications
        3. Configuring Software Package Properties
          1. Setting the Default Software Installation Properties
          2. Installing Customized Software Packages
          3. Updating an Existing Software Package
          4. Managing Software Categories
          5. Configuring File Extension Activation
          6. Removing Software Using Group Policies
        4. Using Group Policies to Configure Windows Installer
        5. Planning for Software Distribution Using Group Policies
        6. Limitations to Using Group Policies to Manage Software
        7. Summary
      6. 13. Using Group Policies to Manage Computers
        1. Desktop Management Using Group Policies
        2. Managing User Data and Profile Settings
          1. Managing User Profiles
          2. Folder Redirection
        3. Configuring Security Settings with Group Policies
          1. Configuring Domain-Level Security Policies
            1. Password Policy
            2. Account Lockout Policy
            3. Kerberos Policy
          2. Configuring Other Security Settings
          3. Software Restriction Policies
          4. Security Templates
            1. Predefined Security Templates
            2. Additional Security Configuration and Analysis Tools
        4. Administrative Templates
        5. Using Scripts to Manage the User Environment
        6. Summary
    8. IV. Maintaining Windows Server 2003 Active Directory
      1. 14. Monitoring and Maintaining Active Directory
        1. Monitoring Active Directory
          1. Why Monitor Active Directory?
            1. Benefits of Monitoring Active Directory
            2. Costs of Active Directory Monitoring
          2. How to Monitor Active Directory
            1. Establishing the Baselines and Thresholds
            2. Performance Counters and Thresholds
              1. Active Directory Performance
              2. Replication Performance Counters
              3. Security Subsystem Performance
              4. Core Operating System Performance
            3. Designing Alerts
            4. Monitoring Server Health with System Monitor
            5. Monitoring Active Directory with Event Viewer
          3. What to Monitor
            1. Monitoring Replication
        2. Active Directory Database Maintenance
          1. Garbage Collection
          2. Online Defragmentation
          3. Offline Defragmentation of the Active Directory Database
          4. Managing the Active Directory Database Using Ntdsutil
            1. Recovering the Transaction Logs
            2. Checking the Database for Integrity
            3. Semantic Database Analysis
            4. Moving Database and Transaction Log Locations
        3. Summary
      2. 15. Disaster Recovery
        1. Planning for a Disaster
        2. Active Directory Data Storage
        3. Backing Up Active Directory
        4. Restoring Active Directory
          1. Restoring Active Directory by Creating a New Domain Controller
          2. Performing a Nonauthoritative Restore
          3. Performing an Authoritative Restore
            1. Authoritative Restore Issues
            2. Authoritative Restore Procedure
          4. Restoring Sysvol Information
          5. Restoring Operations Masters and Global Catalog Servers
            1. PDC Emulator
            2. Schema Master
            3. Domain Naming Master
            4. Infrastructure Master
            5. RID Master
            6. GC Servers
        5. Summary
    9. About The Author
    10. Index
    11. SPECIAL OFFER: Upgrade this ebook with O’Reilly

Product information

  • Title: Active Directory® for Microsoft® Windows® Server 2003 Technical Reference
  • Author(s): Stan Reimer, Mike Mulcare
  • Release date: April 2003
  • Publisher(s): Microsoft Press
  • ISBN: 9780735615779