Inside Active Directory: A System Administrator's Guide
Praise for the First Edition\ “Trust me on this one...if you’re an Active Directory engineer or architect, this is the book you need. It’s the companion that’s going to help you keep your job if you’re up in the middle of the night trying to understand how something works or why it’s not working. It’s truly an amazing book.”\ \ —Scott Rachui, MCSE and Senior Active Directory Engineer, author of MCSE Exchange Server 5.5 for Dummies\ “This is the best book on Windows 2000 that I have read and...
Search in google:
Praise for the First Edition“Trust me on this one...if you’re an Active Directory engineer or architect, this is the book you need. It’s the companion that’s going to help you keep your job if you’re up in the middle of the night trying to understand how something works or why it’s not working. It’s truly an amazing book.”—Scott Rachui, MCSE and Senior Active Directory Engineer, author of MCSE Exchange Server 5.5 for Dummies“This is the best book on Windows 2000 that I have read and one of the best computer books I have ever read. The most unique quality is the excellent explanation of how to use scripting to maximize your results and minimize your effort. This book is especially well suited to the enterprise audience that has to deploy many servers (100+) and not just 1-10. If you have even a small bit of programming experience, you will really appreciate the in-depth explanations of Windows 2000 under the covers.”—Eric Chipko“Wow!! I love this book. I’d trade all my books covering Active Directory for this book in a second. The material is covered at a depth that I haven’t seen in any other book—and I’ve looked at most of them. The material is presented in a straightforward manner that doesn’t put you to sleep. An NT4 administrator could easily read this book and become an expert at Active Directory. I especially appreciated the chapter on Active Directory security.”—Brian Arkills, author of LDAP Directories ExplainedPraise for the SecondEdition“If you are committed and really desire to know what makes Active Directory tick—and with it the backbone of the latest, and greatest, generation of Windows Network Operating Systems—then there is no better guide to get you there than this book. Inside Active Directory has no equal in the breadth, depth, and scope of its value to a technical practitioner.”—Rick Kingslan, Microsoft MVP, Directory Services“Kouti and Seitsonen provide excellent coverage of topics a lot of people have difficulty understanding and setting up properly. This book supplies you with sound background theory so you can understand these concepts and at the same time gives just the right amount of detail to actually accomplish what you are trying to do.”—Harold McFarland, Editor, Readers Preference Reviews“The style of this book is very appealing. It gives sufficient detail for the experienced administrator and explains what is happening ’behind the scenes’ at each step, which is extremely helpful when problems arise. An excellent read and an essential component for any skilled administrator!”—Jeff Dunkelberger, Solutions Architect“An outstanding refresh of an already great book, Inside Active Directory, Second Edition, should be in the toolbox of any serious Active Directory administrator, architect, or developer. Inside Active Directory is one of the five books I refer to on a weekly basis. Thanks to the authors for all their hard work and dedication.”—Joe Richards, Microsoft MVP, Windows Server/Active Directory The most practical, comprehensive, and highly praised guide to Active Directory has now been fully updated for Windows Server 2003. The second edition of Inside Active Directory: A System Administrator’s Guide offers a definitive reference to the design, architecture, installation, and management of Active Directory, the cornerstone technology within Windows 2000 and Windows Server 2003 distributed networks. This new edition—based on the final release software of Windows Server 2003—emphasizes security and covers all the new features, including enhancements in replication and Group Policy, forest trusts, functional levels, and working with dynamic objects.Inside this core reference, you’ll find practical strategies for managing Active Directory, along with detailed instructions for efficiently administering your entire network operating environment. You will find detailed coverage of the following:Site basics and replication topologies, processes, and diagnostics Group Policy architecture, planning, management, and diagnostics Security and permission architecture and management scenarios Administration scripts, from basic concepts to advanced topics, including more than 50 sample scripts New cross-forest security features, including Selective Authentication, SID Filtering, and Name Suffix Routing A detailed drill-down to the schema, and practical strategies and examples for extending it Using Active Directory hierarchies to implement an effective structure for your networkThis is an indispensable reference for anyone working with Active Directory. Network operating system novices will gain a solid understanding of Active Directory, while administrators experienced in NT, NetWare, or UNIX will learn how to utilize their current skills in Active Directory. Experienced Windows 2000/Windows Server 2003 professionals will pick up advanced techniques, and developers will benefit strongly from the architecture topics. Booknews This administrator's guide outlines strategies for managing Active Directory within Windows 2000 distributed networks. It covers design, architecture, topology, deployment, and management issues. And it provides instructions for administering the entire network operating environment. The book begins with an overview, covers core features, and then explains specialized skills. Diagrams, charts, and screen captures illustrate the text. Kouti and Seitsonen are trainers and consultants. Annotation c. Book News, Inc., Portland, OR (booknews.com)
During the seven years that Windows NT was sold before Active Directory shipped as part of Windows 2000 (and consequently, as part of Windows Server 2003), administrators didn’t need to learn practically anything new, at least about the core operating system features. User and group management, domains and domain models, and resource management had been the same in all Windows NT versions.\ With the introduction of Active Directory, that all changed. There is a huge difference in managing Windows networks over the old NT administration model. Therefore, Active Directory will require quite a lot of study on the part of NT professionals.\ Despite some administrative wizards in the user interface and the new Microsoft Management Console (MMC) administration interface, implementing and administering Active Directory requires probably more learning, testing, piloting, and planning than Windows NT required.About This Book\ This book is an implementer’s and administrator’s guide to Active Directory. Throughout the book, you will learn the workings, architecture, administration, and planning of Active Directory. Depending on your needs, however, you don’t have to read this book from cover to cover, as we describe later in this preface.\ The first version of Active Directory was included in Windows 2000 (AD2000, as we call it), and the second version is included in Windows Server 2003 (AD2003, as we call it). The first edition of this book covered AD2000, and this second edition covers primarily AD2003, but secondarily also AD2000.\ The following list evaluates the appropriateness of this book for a number of potential audiences.\ \ \ \ A current NTprofessional. You are the target audience for this book. However, you may want to browse relatively quickly through any introductory pages that we have in the beginning of many chapters.\ A current NetWare or UNIX professional. Prior knowledge of Windows NT is not required to successfully learn from this book. Your earlier networking skills will most likely enable you to pick up each topic quite readily. However, you probably shouldn’t skip any introductory topics.\ A network operating systems novice. Because we tend to start each chapter with the very basics, at least in theory you can use this book to effectively learn Active Directory. Obviously, you need to invest more time reading than an experienced IT professional. You should also have a test PC that you can use to try out the different tasks and experiments that the book describes.\ A current Windows 2000/Windows Server 2003 professional. Even if you are already familiar with Active Directory, we trust that you will learn more than a few things from this book.\ A developer. This book is an administrator’s guide and not a programmer’s guide. However, the book contains more architectural topics than the average book for an administrator, so you may find this book valuable to you in addition to a programmer’s guide.\ \ For all target audiences, it is possible that you are not interested in all the advanced topics in this book, so you are free to skip any of them.\ We believe that this book has the following strengths.\ \ We present well-thought-out diagrams that help you easily comprehend the various key concepts and other topics related to Active Directory.\ At worst, a book just shows screen shots and shortly explains what is already evident from the user interface or the online Help. In contrast, this book contains thorough and accurate information on the topics it covers.\ We claim that this book contains very few errors.\ Even though this book is not a reference guide, we present many extensive reference tables.\ If you install Active Directory on a test PC, you can try out most of the tasks and experiments described in this book, whether they are written to be walkthroughs or not.\ \ We have divided the book into three parts.\ \ Part I: Background Skills (Chapters 1 and 2) gives the big picture of Active Directory so you can successfully plan and implement an Active Directory network. This part also discusses the installation of Active Directory.\ Part II: Core Skills (Chapters 3 through 7) describes the concepts, planning, and administration of both the physical and the logical structure of Active Directory. The topics presented in this part include user and group management, access control, and Group Policy. Even though Part III covers advanced skills, most chapters in this part discuss related advanced topics.\ Part III: Advanced Skills (Chapters 8 through 11) looks at advanced techniques, including the schema and scripting. Along with these topics, we also uncover many aspects of Active Directory architecture. You can probably live without the information in these chapters, but by reading them, you can greatly deepen your knowledge and understanding of Active Directory and make use of it when implementing and administering Active Directory networks.\ \ We’ll now present a short summary of each chapter. Mika wrote Chapter 2 and Chapter 7, and Sakari wrote the remaining chapters.Chapter 1: Active Directory: The Big PictureBefore going into detail, we give you a general picture of Active Directory. After you learn the concepts introduced in this chapter, you can skip freely some later chapters that you might not be interested in. However, we encourage you to browse through the table of contents of any such chapter to make sure that you are not going to unintentionally miss anything important.Chapter 2: Active Directory InstallationIn this chapter, we explain how to install Active Directory. We also describe the post-installation tasks, as well as how to automate and troubleshoot installation.Chapter 3: Managing OUs, Users, and GroupsOnce you have an Active Directory domain up and running, one obvious task is to create a user account for each user and plan how to enhance user administration by using groups and organizational units (OUs). This chapter looks at managing OUs, users, contacts, groups, and computer objects, and covers some related topics.Chapter 4: Securing Active DirectoryActive Directory has an access control mechanism that enables you to define who can read or modify what information in Active Directory. In this chapter, we explain the concepts and architecture of access control, as well as how to manage permissions in various scenarios.Chapter 5: Sites and ReplicationFor Active Directory to work efficiently when your network spans multiple geographic locations, you must plan and implement the physical structure and define it in Active Directory itself. In this chapter, we describe the concepts, management, and advanced topics of the physical structure. Some of the content is also relevant for a company with just one site.Chapter 6: Domains and ForestsActive Directory has several levels of hierarchies that you can use to implement an effective logical structure for your company network. In this chapter, we discuss whether you should use one or many domains and one or many forests, and how you should plan and manage that logical structure. We also revisit the physical structure, because it somewhat overlaps with the logical structure. In addition, we explain the anatomy of LDAP searches.Chapter 7: Group PolicyActive Directory has an extensive management architecture called “Group Policy.” You can use Group Policy to manage various aspects of Active Directory objects—for example, user desktop and server security settings. Some of the largest changes to Active Directory day-to-day management come in the form of Group Policy tools. In addition to these tools, you learn the architecture, inheritance, and processing of Group Policy in this chapter.Chapter 8: Active Directory SchemaThis chapter examines the Active Directory data model and how it is enforced by the rules of the schema. After reading this chapter, you’ll better understand how Active Directory works behind the scenes, and you’ll also gain knowledge that you can use if you are going to extend the schema.Chapter 9: Extending the SchemaOne of Active Directory’s advantages over Windows NT is that you can extend the Active Directory schema, either to accommodate directory-enabled applications or for some administrative purpose. In this chapter, we explain the considerations for extensions and describe the process itself.Chapter 10: Administration Scripts: ConceptsBy downloading scripts from the Internet or writing your own scripts and executing them, you can greatly enhance and automate administration. In this chapter, we explain how to get started with technologies such as Windows Script Host (WSH), VBScript, and Active Directory Service Interfaces (ADSI).Chapter 11: Administration Scripts: ExamplesIn this chapter, we present over 50 sample scripts along with their explanations. Outputs of many of the scripts provide some architectural information about Active Directory, and you can run those scripts without understanding what they do on each line. Therefore, you can use these scripts not only for various administrative tasks, but also to gain more knowledge about Active Directory. This chapter also introduces some additional scripting concepts, such as ActiveX Data Objects (ADO), between the sample scripts
Pt. IBackground skills1Ch. 1Active Directory : the big picture3Ch. 2Active Directory installation85Pt. IICore skills137Ch. 3Managing OUs, users, and groups139Ch. 4Securing Active Directory243Ch. 5Sites and replication373Ch. 6Domains and forests511Ch. 7Group policy629Pt. IIIAdvanced skills773Ch. 8Active Directory schema775Ch. 9Extending the schema857Ch. 10Administration scripts : concepts927Ch. 11Administration scripts : examples999
\ This administrator's guide outlines strategies for managing Active Directory within Windows 2000 distributed networks. It covers design, architecture, topology, deployment, and management issues. And it provides instructions for administering the entire network operating environment. The book begins with an overview, covers core features, and then explains specialized skills. Diagrams, charts, and screen captures illustrate the text. Kouti and Seitsonen are trainers and consultants. Annotation c. Book News, Inc., Portland, OR (booknews.com)\ \
