Book description
When Microsoft introduced Windows 2000, the most important change was the inclusion of Active Directory. With many great benefits, it continues to be a huge headache for network and system administrators to design, implement and support. The first edition of this book, O'Reilly's best-selling Windows 2000 Active Directory, eased their pain considerably. Now titled Active Directory, 2nd Edition, this book provides system and network administrators, IT professionals, technical project managers, and programmers with a clear, detailed look at Active Directory for both Windows 2000 and Windows Server 2003. The upgraded Active Directory that ships with Windows Server 2003 has over 100 new and enhanced features and once again, O'Reilly has the answers to puzzling questions. While Microsoft's documentation serves as an important reference, Active Directory, 2nd Edition is a guide to help the curious (and weary) understand the big picture. In addition to the technical details for implementing Active Directory, several new and significantly enhanced chapters describe the numerous features that have been updated or added in Windows Server 2003 along with coverage of new programmatic interfaces that are available to manage it. After reading the book you will be familiar with the Lightweight Directory Access Protocol (LDAP), multi-master replication, Domain Name System (DNS), Group Policy, and the Active Directory Schema, among many other topics. Authors Robbie Allen and Alistair G. Lowe-Norris are experienced veterans with real-world experience. Robbie is a Senior Systems Architect in the Advanced Services Technology Group at Cisco Systems. He was instrumental in the deployment and automation of Active Directory, DNS and DHCP at Cisco, and is now working on network automation tools. Alistair is an enterprise program manager for Microsoft U.K. and previously worked for Leicester University as the project manager and technical lead of the Rapid Deployment Program for Windows 2000. Active Directory, 2nd Edition will guide you through the maze of concepts, design issues and scripting options enabling you to get the most out of your deployment.
Table of contents
-
Active Directory, 2nd Edition
- Preface
-
I. Active Directory Basics
- 1. A Brief Introduction
- 2. Active Directory Fundamentals
- 3. Naming Contexts and Application Partitions
- 4. Active Directory Schema
- 5. Site Topology and Replication
- 6. Active Directory and DNS
- 7. Profiles and Group Policy Primer
-
II. Designing an Active Directory Infrastructure
-
8. Designing the Namespace
- The Complexities of a Design
- Where to Start
- Overview of the Design Process
- Domain Namespace Design
- Design of the Internal Domain Structure
- Other Design Considerations
-
Design Examples
-
TwoSiteCorp
- Step 1—Set the number of domains
- Step 2—Design and name the tree structure
- Step 3—Design the workstation and server naming scheme
- Step 4—Design the hierarchy of Organizational Units
- Step 5—Design the users and groups
- Step 6—Design the Global Catalog
- Step 7—Design the application partition structure
- Recap
-
RetailCorp
- Step 1—Identify the number of domains
- Step 2—Design and name the tree structure
- Step 3— Design the workstation and server naming scheme
- Step 4—Design the hierarchy of Organizational Units
- Step 5— Design the users and groups
- Step 6—Design the Global Catalog
- Step 7—Design the application partition structure
- Recap
-
PetroCorp
- Step 1—Set the number of domains
- Step 2—Design and name the tree structure
- Step 3—Design the workstation and server naming scheme
- Step 4—Design the hierarchy of Organizational Units
- Step 5—Design the users and groups
- Step 6—Design the Global Catalog
- Step 7—Design the application partition structure
- Recap
-
TwoSiteCorp
- Designing for the Real World
- Summary
-
9. Creating a Site Topology
- Intrasite and Intersite Topologies
-
Designing Sites and Links for Replication
- Step 1—Gather Background Data for Your Network
- Step 2—Design the Sites
- Step 3—Design the Domain Controller Locations
- Step 4—Plan Intrasite Replication
- Step 5—Decide How You Will Use the KCC to Your Advantage
- Step 6—Create Site Links for Low-Cost, Well-Connected Links
- Step 7—Create Site Links for Medium-Cost Links
- Step 8—Create Site Links for High-Cost Links
- Step 9—Create Site Link Bridges
- Step 10—Design the Replication Schedule
- Examples
- Summary
-
10. Designing Organization-Wide Group Policies
-
How GPOs Work
- How GPOs Are Stored in Active Directory
- How GPOs Are Used in Active Directory
- Prioritizing the Application of Multiple Policies
- Standard GPO Inheritance Rules in Organizational Units
- Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
- When Policies Apply
- Local Group Policy Objects
- How Existing Windows NT 4.0 System Policies Affect GPO Processing
- When to Use Windows NT System Policies
- Combating Slowdown Due to GPOs
- The Power of Access Control Lists on Group Policy Objects
- Loopback Merge Mode and Loopback Replace Mode
- WMI Filtering in Windows Server 2003
- How GPOs Work Across RAS and Slow Links
- Summary of Policy Options
- Managing Group Policies
- Using GPOs to Help Design the Organizational Unit Structure
- Debugging Group Policies
- Summary
-
How GPOs Work
-
11. Active Directory Security: Permissions and Auditing
- Using the GUI to Examine Permissions
- Using the GUI to Examine Auditing
-
Designing Permission Schemes
-
The Five Golden Rules of Permissions Design
- Rule 1—Apply permissions to groups whenever possible
- Rule 2—Design group permissions so that you have minimum duplication
- Rule 3—Manage Advanced permissions only when absolutely necessary
- Rule 4—Allow inheritance; do not orphan branches of the domain tree unless you have to
- Rule 5—Keep a log of unusual changes
- How to Plan Permissions
- Bringing Order Out of Chaos
-
The Five Golden Rules of Permissions Design
- Designing Auditing Schemes
-
Real-World Examples
- Hiding Specific Personal Details for All Users in an Organizational Unit from a Group
- Hiding Specific Personal Details for Some Users in an Organizational Unit from a Group
- A More Complex Hiding Problem
- Allowing Only a Specific Group of Users to Access a New Published Resource
- Restricting Users in an Organizational Unit from Viewing Properties of Users Outside That Organizational Unit
- Summary
- 12. Designing and Implementing Schema Extensions
- 13. Backup, Recovery, and Maintenance
- 14. Upgrading to Windows Server 2003
- 15. Migrating from Windows NT
- 16. Integrating Microsoft Exchange
- 17. Interoperability, Integration, and Future Direction
-
8. Designing the Namespace
-
III. Scripting Active Directory with ADSI, ADO, and WMI
- 18. Scripting with ADSI
-
19. IADs and the Property Cache
- The IADs Properties
- Manipulating the Property Cache
- Checking for Errors in VBScript
- Summary
- 20. Using ADO for Searching
- 21. Users and Groups
- 22. Manipulating Persistent and Dynamic Objects
- 23. Permissions and Auditing
-
24. Extending the Schema and the Active Directory Snap-Ins
-
Modifying the Schema with ADSI
- IADsClass and IADsProperty
- Creating the Mycorp-LanguagesSpoken attribute
- Creating the FinanceUser class
- Finding the Schema Container and Schema FSMO
- Transferring the Schema FSMO Role
- Forcing a Reload of the Schema Cache
- Finding Which Attributes Are in the GC for an Object
- Adding an Attribute to the GC
- Customizing the Active Directory Administrative Snap-ins
- Summary
-
Modifying the Schema with ADSI
- 25. Using ADSI and ADO from ASP or VB
- 26. Scripting with WMI
- 27. Manipulating DNS
- 28. Getting Started with VB.NET and System.Directory Services
- Index
- Colophon
Product information
- Title: Active Directory, Second Edition
- Author(s):
- Release date: April 2003
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9780596004668
You might also like
book
Active Directory, 3rd Edition
Working with Microsoft's network directory service for the first time can be a headache for system …
book
Active Directory, 4th Edition
To help you take full advantage of Active Directory, this fourth edition of this bestselling book …
book
Mastering Active Directory - Second Edition
Become an expert at managing enterprise identity infrastructure by leveraging Active Directory Key Features Explore the …
book
Active Directory Administration Cookbook - Second Edition
Simplified actionable recipes for managing Active Directory and Azure AD, as well as Azure AD Connect, …