Active Directory, 3rd Edition
Read an excerpt:
Chapter 11: Active Directory Security- Permissions and Auditing
Excerpt provided courtesy of O'Reilly Media. Copyright © O'Reilly Media, Inc
Written permission from the publisher is required for any use of this material.
|
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - Active Directory Cookbook, 2nd Edition; Robbie Allen, et al, $31.50, 37% Off!
- Exchange Server Cookbook; Devin Ganger, et al, $27.95, 38% Off!
- Learning Windows Server 2003, 2nd Edition; Jonathan Hassell, $27.95, 38% Off!
- DNS on Windows Server 2003; Cricket Liu, et al, $32.95, 18% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
Working with Microsoft's network directory service for the first time can be a headache for system and network administrators, IT professionals, technical project managers, and programmers alike. This authoritative guide is meant to relieve that pain. Instead of going through the graphical user interface screen by screen, O'Reilly's bestselling Active Directory tells you how to design, manage, and maintain a small, medium, or enterprise Active Directory infrastructure.
Fully updated to cover Active Directory for Windows Server 2003 SP1 and R2, this third edition is full of important updates and corrections. It's perfect for all Active Directory administrators, whether you manage a single server or a global multinational with thousands of servers.
Active Directory, 3rd Edition is divided into three parts. Part I introduces much of how Active Directory works, giving you a thorough grounding in its concepts. Some of the topics include Active Directory replication, the schema, application partitions, group policies, and interaction with DNS. Part II details the issues around properly designing the directory infrastructure. Topics include designing the namespace, creating a site topology, designing group policies for locking down client settings, auditing, permissions, backup and recovery, and a look at Microsoft's future direction with Directory Services. Part III covers how to create and manipulate users, groups, printers, and other objects that you may need in your everyday management of Active Directory.
If you want a book that lays bare the design and management of an enterprise or departmental Active Directory, then look no further. Active Directory, 3rd Edition will quickly earn its place among the books you don't want to be without.
Table of Contents
Preface
Part I. Active Directory Basics
1. A Brief Introduction
Evolution of the Microsoft NOS
Windows NT Versus Active Directory
Windows 2000 Versus Windows Server 2003
Windows Server 2003 Versus Windows Server 2003 R2
Summary
2. Active Directory Fundamentals
How Objects Are Stored and Identified
Building Blocks
Summary
3. Naming Contexts and Application Partitions
Domain Naming Context
Configuration Naming Context
Schema Naming Context
Application Partitions
Summary
4. Active Directory Schema
Structure of the Schema
Attributes (attributeSchema Objects)
Attribute Properties
Classes (classSchema Objects)
Summary
5. Site Topology and Replication
Site Topology
Data Replication
Summary
6. Active Directory and DNS
DNS Fundamentals
DC Locator
Resource Records Used by Active Directory
Delegation Options
Active Directory Integrated DNS
Using Application Partitions for DNS
Summary
7. Profiles and Group Policy Primer
A Profile Primer
Capabilities of GPOs
Additional Resources
Summary
Part II. Designing an Active Directory Infrastructure
8. Designing the Namespace
The Complexities of a Design
Where to Start
Overview of the Design Process
Domain Namespace Design
Design of the Internal Domain Structure
Other Design Considerations
Design Examples
Designing for the Real World
Summary
9. Creating a Site Topology
Intrasite and Intersite Topologies
Designing Sites and Links for Replication
Examples
Additional Resources
Summary
10. Designing Organization-Wide Group Policies
How GPOs Work
Managing Group Policies
Using GPOs to Help Design the Organizational Unit Structure
Debugging Group Policies
Summary
11. Active Directory Security: Permissions and Auditing
Permission Basics
Using the GUI to Examine Permissions
Using the GUI to Examine Auditing
Designing Permission Schemes
Designing Auditing Schemes
Real-World Examples
Summary
12. Designing and Implementing Schema Extensions
Nominating Responsible People in Your Organization
Thinking of Changing the Schema
Creating Schema Extensions
Summary
13. Backup, Recovery, and Maintenance
Backing Up Active Directory
Restoring a Domain Controller
Restoring Active Directory
FSMO Recovery
DIT Maintenance
Summary
14. Upgrading to Windows Server 2003
New Features in Windows Server 2003
Differences with Windows 2000
Functional Levels Explained
Preparing for ADPrep
Upgrade Process
Post-Upgrade Tasks
Summary
15. Upgrading to Windows Server 2003 R2
New Active Directory Features in Windows Server 2003 Service Pack 1
Differences with Windows Server 2003
New Active Directory Features in Windows Server 2003 R2
Preparing for ADPrep
Service Pack 1 Upgrade Process
R2 Upgrade Process
Summary
16. Migrating from Windows NT
The Principles of Upgrading Windows NT Domains
Summary
17. Integrating Microsoft Exchange
A Quick Word About Exchange/AD Interaction
Preparing Active Directory for Exchange
Exchange 5.5 and the Active Directory Connector
Summary
18. Active Directory Application Mode (ADAM)
ADAM Terms
Differences Between AD and ADAM V1.0
ADAM R2 Updates
ADAM R2 Installation
Tools
ADAM Schema
Using ADAM
Summary
19. Interoperability, Integration, and Future Direction
Microsoft's Directory Strategy
Interoperating with Other Directories
Integrating Applications and Services
Summary
Part III. Scripting Active Directory with ADSI, ADO, and WMI
20. Scripting with ADSI
What Are All These Buzzwords?
Writing and Running Scripts
ADSI
Simple Manipulation of ADSI Objects
Further Information
Summary
21. IADs and the Property Cache
The IADs Properties
Manipulating the Property Cache
Checking for Errors in VBScript
Summary
22. Using ADO for Searching
The First Search
Other Ways of Connecting and Retrieving Results
Understanding Search Filters
Optimizing Searches
Advanced Search Function: SearchAD
Summary
23. Users and Groups
Creating a Simple User Account
Creating a Full-Featured User Account
Creating Many User Accounts
Modifying Many User Accounts
Account Unlocker Utility
Creating a Group
Adding Members to a Group
Evaluating Group Membership
Summary
24. Basic Exchange Tasks
Notes on Managing Exchange
Exchange Management Tools
Mail-Enabling Versus Mailbox-Enabling
Exchange Delegation
Mail-Enabling a User
Mail-Disabling a User
Creating and Mail-Enabling a Contact
Mail-Disabling a Contact
Mail-Enabling a Group (Distribution List)
Mail-Disabling a Group
Mailbox-Enabling a User
Mailbox-Disabling a User (Mailbox Deletion)
Purging a Disconnected Mailbox
Reconnecting a Disconnected Mailbox
Moving a Mailbox
Enumerating Disconnected Mailboxes
Viewing Mailbox Sizes and Message Counts
Viewing All Store Details of All Mailboxes on a Server
Dumping All Store Details of All Mailboxes on All Servers in Exchange Org
Summary
25. Shares and Print Queues
The Interface Methods and Properties
Creating and Manipulating Shares with ADSI
Enumerating Sessions and Resources
Manipulating Print Queues and Print Jobs
Summary
26. Permissions and Auditing
How to Create an ACE Using ADSI
A Simple ADSI Example
A Complex ADSI Example
Creating Security Descriptors
Listing the Security Descriptor of an Object
Summary
27. Extending the Schema and the Active Directory Snap-ins
Modifying the Schema with ADSI
Customizing the Active Directory Administrative Snap-ins
Summary
28. Using ADSI and ADO from ASP or VB
VBScript Limitations and Solutions
How to Avoid Problems When Using ADSI and ASP
Combining VBScript and HTML
Binding to Objects via Authentication
Incorporating Searches into ASP
Migrating Your ADSI Scripts from VBScript to VB
Summary
29. Scripting with WMI
Origins of WMI
WMI Architecture
Getting Started with WMI Scripting
WMI Tools
Manipulating Services
Querying the Event Logs
Querying AD with WMI
Monitoring Trusts
Monitoring Replication
Summary
30. Manipulating DNS
DNS Provider Overview
Manipulating DNS Server Configuration
Creating and Manipulating Zones
Creating and Manipulating Resource Records
Summary
31. Getting Started with VB.NET and System.Directory Services
The .NET Framework
Using VB.NET
Overview of System.DirectoryServices
DirectoryEntry Basics
Searching with DirectorySearcher
Manipulating Objects
Summary
Index
ABOUT THE AUTHORS:
Robbie Allen is a technical leader at Cisco Systems, where he has been involved in the deployment of Active Directory, DNS, DHCP, and several network management solutions. He enjoys working on Unix and Windows, and his favorite programming language is Perl. Robbie was named a Windows Server MVP in 2004 and 2005 for his contributions to the Windows community and the publication of several popular O'Reilly books. Robbie is currently studying at MIT in its system design and management program.
Alistair G. Lowe-Norris is an Architectural Enterprise Strategy Consultant for Microsoft UK. During the writing of the first version of this book he worked for Leicester University as the project manager and technical lead of the Rapid Deployment Program for Windows 2000. During his time there, Leicester was part of Microsoft's U.K. and U.S. Rapid Deployment Programs for Windows 2000, and was responsible for rolling out what turned out to be one of the world's largest deployments of Windows 2000 preceding release of the final product. Since 1998 he has been the technical editor and a monthly columnist for the Windows Scripting Solutions magazine and a technical editor and author for Windows & .Net Magazine (previously Windows NT Magazine and Windows 2000 Magazine). In addition he is an author and editor for various other publications and online sites worldwide. He holds various Microsoft and other accreditations and has been using Windows 2000 and its descendents daily since October 1997. He lives in Leicester, UK.
|
