Comprehensive and detailed, hands-on coverage of installing, planning, deploying
Microsoft Active Directory
Chapter 1 - Introduction to Active Directory
- Windows 2000 Active Directory
- History of Directory Services
- X.500
- LDAP
- Banyan VINES and Streettalk
- Novell NetWare Directory Services
- Active Directory
- Why a Directory?
- What Makes a Directory?
- Schema
- Class
- Attribute
- Value
- Object
- Active Directory in a Nutshell
- Physical and Logical Structure of the Active Directory
- Services That Support the Active Directory
- Summary
Chapter 2 - Installing Active Directory
- And Away We Go! Or Not
- Before You Begin
- Planning the Forest
- Choosing the Correct Hardware
- Software You Will Need
- Decisions, Decisions
- DNS
- Namespaces
- Filesystems
- Permissions Compatibility
- Directory Services Restore Mode Password
- Promoting a Server to Domain Controller
- Authorization
- Creating a New Forest
- Creating a New Tree
- Creating a Child Domain
- Creating Additional Domain Controllers
- Automating dcpromo
- After dcpromo
- New Shares
- New Files
- Default Containers
- Removing a Domain Controller
- Demotion Considerations
- dcpromo in Reverse
- Summary
- Troubleshooting
Chapter 3 - Domain Name Services
- The Need for DNS
- The Function of DNS
- Examples of Name Resolution
- Using the MMC
- Default Consoles
- Creating Custom Consoles
- Summary
- Troubleshooting
Chapter 4 - Installing and Configuring DNS
- Installing DNS
- Installing DNS Manually Through Control Panel
- Installing DNS Automatically as a Part of AD Installation
- Installing DNS Automatically Through Scripting
- Configuring DNS
- Manually Installing a Forward Lookup Zone
- Manually Installing a Reverse Lookup Zone
- Manually Installing DNS Zones Using dnscmd.exe
- Summary
- Troubleshooting
Chapter 5 - DNS Architecture
- Using the DNS MMC Snap-In
- DNS Record Types
- Zones Created by the Active Directory
- Anatomy of a DNS Lookup
- Summary
- Troubleshooting
Chapter 6 - Integrating BIND DNS with Active Directory
- BIND and the Active Directory
- Why Use BIND?
- BIND Configuration Files
- named.conf
- Forward Lookup Zone Configuration Files
- Reverse Lookup Zone Configuration Files
- root.cache
- named.local
- Zone Files After a Dynamic Update
- Delegating a Zone
- Summary
- Troubleshooting
Chapter 7 - DNS and AD Namespaces
- Namespaces
- External Namespaces
- Internal Namespaces
- Choosing an AD Namespace
- Using the Same Namespace Internally and Externally
- Using a Separate Namespace
- Finding a Domain Controller
- Summary
- Troubleshooting
Chapter 8 - Windows 2000 Name Resolution Services
- Name Resolution in Windows 2000
- NetBIOS Node Types
- Broadcast/b-node
- Point-to-Point/p-node
- Mixed/m-node and Hybrid/h-node
- The lmhosts File
- Troubleshooting lmhosts with nbtstat
- The hosts File
- WINS
- Installing and Configuring WINS
- Integrating WINS with DNS
- Summary
- Troubleshooting
Chapter 9 - Dynamic and Active Directory Integrated DNS
- Dynamic DNS
- Allowing Updates
- Dynamic DNS Step by Step
- Configuring DHCP for Dynamic Update
- AD Integrated DNS
- Viewing DNS as Active Directory Objects
- Advantages of AD-Integrated Zones
- DNS Record Aging and Scavenging
- Features of DNS Record Aging and Scavenging
- DNS Record Aging and Scavenging Parameters and Architecture
- Viewing DNS Record Aging and Scavenging Options in the MMC
- Configuring DNS Record Aging and Scavenging Options
- Summary
- Troubleshooting
Chapter 10 - Troubleshooting DNS
- DNS Troubleshooting Tools
- DNS Monitoring
- DNS Logging
- netdiag.exe
- ipconfig.exe
- General IP Troubleshooting Tools
- ping.exe
- tracert.exe
- Network Monitor
- nslookup.exe
- Summary
- Troubleshooting
Chapter 11 - Domains, Trees, and Forests
- Introduction
- Domains
- Boundaries
- Security
- Administration
- Replication
- Domain Modes
- Trees
- Forests
- Summary
- Troubleshooting
Chapter 12 - Operations Masters
- Introduction
- Forest-Wide Roles
- Schema Master
- Domain Naming Master
- Domain Roles
- Infrastructure Master
- RID Master
- PDC Emulator
- Transferring and Seizing Roles
- Transferring Roles
- Seizing Roles
- FSMO Placement
- Summary
- Troubleshooting
Chapter 13 - Active Directory Schema
- Introduction
- Schema Location
- Schema Components
- Classes
- Attributes
- Syntaxes
- Object Identifiers
- Tools for Exploring the Schema
- Modifying the Schema
- Reasons for Schema Modification
- Planning for Schema Modification
- Adding Classes and Attributes
- Schema Replication
- Deactivating Classes and Attributes
- Indexing Attributes
- Replicating Attributes to the Global Catalog
- Summary
- Troubleshooting
Chapter 14 - Active Directory Sites
- Introduction to Sites
- Architecture
- How Are Sites Used?
- Where Do Sites Live?
- How Are Domain Controllers Added to a Site?
- How Is Site Membership Determined?
- Requirements
- Creating Sites
- Server Objects
- The NTDS Settings Object
- Moving a DC to a New Site
- Site Licensing Server
- The NTDS Site Settings Object
- Summary
Chapter 15 - Site Link Objects and Connection Objects
- Introduction
- Site Link Objects
- Inter-Site Transports
- Schedules
- Replication Intervals
- Costs
- Site Link Bridges
- Connection Objects
- Connection Object Properties
- Creating Connection Objects
- Summary
Chapter 16 - Intra-Site Replication
- Introduction to Replication
- Multimaster
- Loose Consistency
- With Convergence
- Naming Contexts
- Updates
- Update Sequence Numbers
- Conflict Resolution
- Deleted Objects
- Topology Generation
- The Knowledge Consistency Checker
- The Intra-Site Replication Process
- Urgent Replication
- Account Lockout
- Change of an LSA Secret
- Password Changes
- Intra-Site Replication Management Tasks
- Using Active Directory Sites and Services to Manage Intra-Site Replication
- Using Active Directory Replication Monitor to Manage Intra-Site Replication
Chapter 17 - Inter-Site Replication
- Introduction
- Topology
- Inter-Site Topology Generator
- Bridgehead Servers
- The Replication Process
- Inter-Site Replication Management Tasks
- Repadmin
- Tuning
- Monitoring Replication
Chapter 18 - Authentication
- Enterprise Security
- Kerberos
- History of Kerberos
- Advantages of Kerberos
- Kerberos Roles in Windows 2000
- Key Distribution Center
- Authentication Service
- Ticket-Granting Service
- Kerberos Key Distribution
- Kerberos Tools
- Authenticating to the Domain
- Finding the KDC
- Logging On
- Obtaining a TGT from the KDC
- Client Request for a TGT
- Getting a Session Ticket for the Local Computer
- Completing the Logon Process
- Authenticating to Other Domains in the Tree
- Automatic Kerberos Transitive Trusts
- Managing Trusts
- How Transitive Trusts Work
- Cross-Domain Authentication Example
- Advantages to the Previous Scenario
- Explicit Trusts
- Shortcut Trusts
- Creating a Shortcut Trust
- Testing the Shortcut Trust
- To Trust or Not to Trust
- Kerberos Policy
- Enforce User Logon Restrictions
- Maximum Lifetime for a Service Ticket
- Maximum Lifetime for a User Ticket
- Maximum Lifetime for User Ticket Renewal
- Maximum Tolerance for Computer Clock Synchronization
- Summary
- Troubleshooting
Chapter 19 - Authorization
- Authorizing Access to Active Directory
- Rights Versus Permissions
- Security Components of the Active Directory
- Globally Unique Identifiers
- Security Identifiers
- Relative Identifiers
- Security Descriptor
- Access Tokens
- Groups
- Native Versus Mixed Mode
- Domain Local Groups
- Global Groups
- Universal Groups
- Computer Local Groups
- Nesting Groups
- System-Created Groups
- Authorization Step by Step
- Gathering the User's Credentials
- Getting an Access Token
- Using the Access Token
- Modifying Permissions
- Using the Security Tab
- Using the Delegation of Control Wizard
- Troubleshooting Permissions
- Summary
- Troubleshooting
Chapter 20 - Group Policy
- Introduction to Group Policy
- A Simple Group Policy Example
- Why Group Policy?
- Types of Group Policy
- Computer Group Policy
- User Group Policy
- Applying Group Policy
- Choosing Where to Assign Group Policy
- Assigning Group Policy
- Group Policy and Security Groups
- Summary
- Troubleshooting
Chapter 21 - Group Policy Sections
- Overview of Group Policy Sections
- Computer Configuration
- Software Settings
- Windows Settings
- Administrative Templates
- User Configuration
- Software Settings
- Windows Settings
- Administrative Templates
- Summary
- Troubleshooting
Chapter 22 - Managing Group Policy
- Overview of Group Policy Administration
- Features of Group Policy
- Logon Scripts
- Windows Scripting Host
- VBScript Syntax
- A Simple VBScript Example
- Sample Logon Script
- The Logon Script Line by Line
- Attaching a Logon Script Through Group Policy
- Installing Software Through Group Policy
- Windows Installer Service
- Features of Native Windows Installer Packages
- Assigning and Publishing Software Through Group Policy
- An Example of Assign and Publish
- Testing Your Group Policy
- Configuring the Software Installation Node
- Group Policy Security and Inheritance
- Group Policy Inheritance
- Group Policy Security
- Creating Exceptions to Group Policy Application
- Summary
- Troubleshooting
Chapter 23 - Group Policy Architecture
- Overview of Group Policy Architecture
- Group Policy Storage
- Group Policy Container
- Group Policy Template
- Group Policy Replication
- Group Policy Processing
- Problems with Group Policy
- Replication Issues
- Inheritance Issues
- Permissions Issues
- Summary
- Troubleshooting
Chapter 24 - User, Group, and Contact Objects
- User Objects
- Creating a User Object
- Copying an Existing User Account
- Groups
- Group Types
- Group Scope
- Creating Groups
- Modifying Groups
- Planning Group Usage
- Contacts
- Summary
- Troubleshooting
Chapter 25 - Printer, Computer, and Shared Folder Objects
- Printer Objects
- Active Directory and Printers
- Printer Location Tracking
- Managing Published Printers
- Adding a Printer
- Modifying a Printer
- Adding Printers to the Directory from Non–Windows 2000 Print
Servers
- Computer Objects
- Creating Computer Objects
- Creating a Computer Object Using VBScript
- Creating a Computer Object Using NET Commands
- Creating a Computer Object by Joining a Domain
- Summary
- Troubleshooting
Chapter 26 - Containers and Organizational Units
- Organizational Units
- Creating an OU
- Design Considerations
- Moving an OU
- Deleting an OU
- OU Design Considerations
- Containers
- Creating Container Objects
- Deleting Container Objects
- Summary
- Troubleshooting
Chapter 27 - Active Directory Database Optimization
- Introduction to the Active Directory Database
- Understanding Transactional Databases
- Active Directory Database Structure
- Database Files
- The Active Directory Database File
- Transaction Log Files
- Checkpoint Files
- Reserve Log Files
- Patch Files
- Database Maintenance
- Defragmentation
- Other Maintenance Tasks
- Summary
- Troubleshooting
Chapter 28 - Backup and Restore
- Active Directory Backup
- Microsoft Windows Backup Tool
- Restoring Active Directory
- Additional Concepts
- Offline Backup
- Determining the Date of the Last Full Backup
- Impact of the Tombstone Lifetime on Restores
- Computer Membership and Trusts
- Summary
- Troubleshooting
Chapter 29 - Migrating from NT to Active Directory
- Upgrading and Migrating
- Upgrade in Place
- Planning
- Performing the OS Upgrade
- Running dcpromo
- Testing the Upgrade
- Important Considerations When Upgrading NT Domains
- Structural Modifications
- Security Issues During the Upgrade
- Checking the Upgrade
- Consolidation by Moving Objects
- Moving Objects Inside a Domain
- Moving Objects Between Domains or Trees
- Moving Objects Between Forests
- FastLane
- Summary
- Troubleshooting
Chapter 30 - Scripting the Active Directory
- The Active Directory Services Interface
- Windows Script Host
- Using ADSI with WSH
- Creating a User
- Manipulating Groups with ADSI
- Moving Objects
- Listing and Viewing Properties
- iadstools
- Checking Group Policy Versions
- Replication Status
- Summary
- Troubleshooting
Chapter 31 - Conclusion
- Active Directory Summary
- The Future
- Whistler
- Headless Servers
- MSMQ 5.1
- Networking Changes
- Application Directory Partitions
- Improved Support for Wireless LANs
- Dynamic Objects
- Dynamic Auxiliary Classes
- Virtual List Views and Attribute Scoped Queries
- Universal Plug-and-Play
- New WinSock 2 APIs
- Windows Media Rights Manager
- .NET
- AppCenter
- Biztalk Server
- SQL Server 2000
- Host Integration Server 2000
- Internet Security and Acceleration Server 2000
- 64-Bit Windows
- Blackcomb
- Where to Go from Here...
- Online Help
- Support Tools
- Resource Kits
- msnews.microsoft.com
- http://www.microsoft.com
- Microsoft Official Curriculum
- msdn.microsoft.com
- TechEd
- The End
Index
