Active Directory Cookbook, 2nd Edition

For the GUI and CLI solutions to mean much to you, you need access to the tools that are used in the examples. The Windows 2000 Server Resource Kit and Windows Server 2003 Resource Kit are invaluable sources of information, along with providing numerous tools that aid administrators in daily tasks. More information on the Resource Kits can be found at the following web site...

To the layperson, the title of this chapter may seem like a hodgepodge of unrelated terms. For the seasoned Active Directory administrator, however, these terms represent the most fundamental and, perhaps, most important concepts within...

Domain controllers are servers that host an Active Directory domain and provide authentication and directory services to clients. A domain controller can only be authoritative (i.e., it can only process authentication requests) for a s...

Active Directory is based on the Lightweight Directory Access Protocol ( LDAP) and supports the LDAP version 3 specification defined in RFC 2251. And while many of the AD tools and interfaces, such as ADSI, abstract and streamline LDAP...

An LDAP directory such as Active Directory stores data in a hierarchy of containers and leaf nodes called the directory information tree (DIT). Leaf nodes are end points in the tree, while containers can store other containers and le...

User accounts are some of the most frequently used objects in Active Directory; they create the means of authenticating and authorizing someone to access resources on your network. Because Windows 2000 and Windows Server 2003 systems man...

A group is a simple concept that has been used in many different types of standalone and networked systems over the years. In generic terms, a group is just a collection of objects. Groups are used most frequently in a security context...

As far as Active Directory is concerned, computers are very similar to users. In fact, computer objects inherit directly from the user object class, which is used to represent user accounts. That means that computer objects possess all o...

Some of the significant improvements in Windows Server 2003 R2 are upgrades to the file server and print server roles. Although both of these roles have been available since the early days of Windows NT and Active Directory, the R2...

Active Directory Group Policy Objects ( GPOs) can customize virtually any aspect of a computer or user's desktop. They can also be used to install applications, secure a computer, run logon/logoff or startup/shutdown scripts, and much m...

The Active Directory schema contains the blueprint for how objects are structured and secured, what data they can contain, and even how they can be viewed. Having a good understanding of the schema is paramount for any Active Directory a...

Active Directory needs information about the underlying network to determine how domain controllers should replicate and what domain controller(s) are optimal for a given client to authenticate with. This network information is often ref...

Replication is one of the most important and perhaps complex components of Active Directory. The infrastructure behind Active Directory replication, including the site topology, connection objects, and the KCC, was covered in Chapter 12....

Active Directory is tightly coupled with the Domain Name System ( DNS) name resolution service. Windows clients (running Windows 2000 or later) and domain controllers alike use DNS to locate domain controllers that are housed in a p...

The default Windows 2000 Active Directory installation was not as secure as it could have been. It allowed anonymous queries to be executed, which could take up valuable processing resources, and it did not place any requirements on en...

This chapter deals with tracking the activity and usage of various Active Directory components. When you need to troubleshoot a problem, often the first place you look is logfiles. With Active Directory, there are several different logfi...

The AD Directory Information Tree ( DIT) is implemented as a transactional database using the Extensible Storage Engine ( ESE). The primary database file is named ntds.dit and is stored in the %SystemRoot%\NTDS folder by default, b...

Active Directory domain controllers, when first installed, host exactly three predefined partitions. The Configuration naming context is replicated to all domain controllers in the forest, and contains information that is needed fo...

Active Directory Application Mode ( ADAM) was released in November 2003 on the Microsoft web site. ADAM is a lightweight LDAP platform that allows developers and administrators to work with AD objects such as users, groups, and organ...

Active Directory supports several important industry standards that allow other services and platforms to interoperate and integrate with it. The LDAP is the standards-based protocol used by all major directory service vendors for dire...

Active Directory Federation Services ( ADFS) is one of the new features available in Windows Server 2003 R2. It is used to allow single sign-on (SSO) capabilities to web applications hosted by multiple organizations without the need to...

Exchange Server 2003 is Microsoft's messaging and calendaring server application. It enables you to send and receive email and other interactive messages through computer networks. Exchange is designed to integrate directly with Micr...

Microsoft Identity Integration Server ( MIIS) is a full-featured and very powerful metadirectory service that can synchronize identity, passwords, and other identity-related data between disparate data stores such as directories, databa...