did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780596004644

Active Directory Cookbook for Windows Server 2003 and Windows 2000

by
  • ISBN13:

    9780596004644

  • ISBN10:

    0596004648

  • Format: Paperback
  • Copyright: 2003-09-01
  • Publisher: Oreilly & Associates Inc
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $44.95

Summary

Those of you who run networks on Windows 2000 know the benefits of using Active Directory for managing user information and permissions. You also know what a bear it can be. The newer version included with Windows Server 2003 has over 100 new and updated features to simplify deployment, but once it's in place many system administrators still find Active Directory challenging. If you're among those looking for practical hands-on support, help is here with our newActive Directory Cookbook for Windows Server 2003 & Windows 2000, a unique problem-solving guide that offers quick answers for both versions of the directory.The book contains hundreds of step-by-step solutions for both common and uncommon problems that you might encounter with Active Directory on a daily basis--including recipes to deal with the Lightweight Directory Access Protocol (LDAP), multi-master replication, Domain Name System (DNS), Group Policy, the Active Directory Schema, and many other features. Author Robbie Allen, a Senior Systems Architect at Cisco Systems and co-author of our Active Directory tutorial, based this collection of troubleshooting recipes on his own experience, along with input from Windows administrators throughout the industry. Each recipe includes a discussion to explain how and why the solution works, so you can adapt the problem-solving techniques to similar situations.If your company is considering an upgrade from Windows NT or 2000 to Windows Server 2003, theActive Directory Cookbook for Windows Server 2003 & Windows 2000will help reduce the time and trouble it takes to configure and deploy Active Directory for your network.This Cookbook is also a perfect companion to Active Directory, the tutorial that experts hail as the best source for understanding Microsoft's network directory service. While Active Directory provides the big picture,Active Directory Cookbook for Windows Server 2003 & Windows 2000gives you the quick solutions you need to cope with day-to-day dilemmas. Together, these books supply the knowledge and tools so you can get the most out of Active Directory to manage users, groups, computers, domains, organizational units, and security policies on your network.

Author Biography

Robbie Allen is a Senior Systems Architect in the Advanced Services Technology Group at Cisco Systems. He was instrumental in the deployment and automation of Active Directory, DNS, and DHCP at Cisco. Robbie enjoys working on the Unix and Windows platforms, especially when Perl is installed. He is a firm believer that all system administrators should be proficient in at least one scripting language and most of his writings preach the benefits of automation. Robbie has a web site at www.rallenhome.com.

Table of Contents

Foreword xvii
Preface xxi
Getting Started
1(12)
Where to Find the Tools
2(2)
Getting Familiar with LDIF
4(1)
Programming Notes
5(4)
Replaceable Text
9(1)
Where to Find More Information
10(3)
Forests, Domains, and Trusts
13(40)
Creating a Forest
17(1)
Removing a Forest
18(1)
Creating a Domain
19(1)
Removing a Domain
20(2)
Removing an Orphaned Domain
22(1)
Finding the Domains in a Forest
23(2)
Finding the NetBIOS Name of a Domain
25(1)
Renaming a Domain
26(1)
Changing the Mode of a Domain
27(2)
Using ADPrep to Prepare a Domain or Forest for Windows Server 2003
29(1)
Determining if ADPrep Has Completed
30(2)
Checking Whether a Windows 2000 Domain Controller Can Be Upgraded to Windows Server 2003
32(1)
Raising the Functional Level of a Windows Server 2003 Domain
33(2)
Raising the Functional Level of a Windows Server 2003 Forest
35(3)
Creating a Trust Between a Windows NT Domain and an AD Domain
38(1)
Creating a Transitive Trust Between Two AD Forests
39(2)
Creating a Shortcut Trust Between Two AD Domains
41(1)
Creating a Trust to a Kerberos Realm
42(2)
Viewing the Trusts for a Domain
44(2)
Verifying a Trust
46(2)
Resetting a Trust
48(2)
Removing a Trust
50(1)
Enabling SID Filtering for a Trust
51(1)
Finding Duplicate SIDs in a Domain
51(2)
Domain Controllers, Global Catalogs, and FSMOs
53(41)
Promoting a Domain Controller
55(1)
Promoting a Domain Controller from Media
55(2)
Demoting a Domain Controller
57(1)
Automating the Promotion or Demotion of a Domain Controller
58(1)
Troubleshooting Domain Controller Promotion or Demotion Problems
59(1)
Removing an Unsuccessfully Demoted Domain Controller
60(3)
Renaming a Domain Controller
63(1)
Finding the Domain Controllers for a Domain
64(1)
Finding the Closest Domain Controller
65(2)
Finding a Domain Controller's Site
67(1)
Moving a Domain Controller to a Different Site
68(3)
Finding the Services a Domain Controller Is Advertising
71(1)
Configuring a Domain Controller to Use an External Time Source
72(1)
Finding the Number of Logon Attempts Made Against a Domain Controller
73(1)
Enabling the /3GB Switch to Increase the LSASS Cache
74(1)
Cleaning Up Distributed Link Tracking Objects
75(1)
Enabling and Disabling the Global Catalog
76(2)
Determining if Global Catalog Promotion Is Complete
78(1)
Finding the Global Catalog Servers in a Forest
79(1)
Finding the Domain Controllers or Global Catalog Servers in a Site
80(2)
Finding Domain Controllers and Global Catalogs via DNS
82(1)
Changing the Preference for a Domain Controller
83(2)
Disabling the Global Catalog Requirement During a Windows 2000 Domain Login
85(1)
Disabling the Global Catalog Requirement During a Windows 2003 Domain Login
86(1)
Finding the FSMO Role Holders
87(2)
Transferring a FSMO Role
89(2)
Seizing a FSMO Role
91(1)
Finding the PDC Emulator FSMO Role Owner via DNS
92(2)
Searching and Manipulating Objects
94(52)
Viewing the RootDSE
95(3)
Viewing the Attributes of an Object
98(3)
Using LDAP Controls
101(3)
Using a Fast or Concurrent Bind
104(1)
Searching for Objects in a Domain
105(3)
Searching the Global Catalog
108(2)
Searching for a Large Number of Objects
110(2)
Searching with an Attribute-Scoped Query
112(2)
Searching with a Bitwise Filter
114(2)
Creating an Object
116(2)
Modifying an Object
118(3)
Modifying a Bit-Flag Attribute
121(2)
Dynamically Linking an Auxiliary Class
123(2)
Creating a Dynamic Object
125(1)
Refreshing a Dynamic Object
126(2)
Modifying the Default TTL Settings for Dynamic Objects
128(2)
Moving an Object to a Different OU or Container
130(2)
Moving an Object to a Different Domain
132(1)
Renaming an Object
133(2)
Deleting an Object
135(1)
Deleting a Container That Has Child Objects
136(1)
Viewing the Created and Last Modified Timestamp of an Object
137(2)
Modifying the Default LDAP Query Policy
139(2)
Exporting Objects to an LDIF File
141(1)
Importing Objects Using an LDIF File
142(2)
Exporting Objects to a CSV File
144(1)
Importing Objects Using a CSV File
144(2)
Organizational Units
146(17)
Creating an OU
147(1)
Enumerating the OUs in a Domain
148(2)
Enumerating the Objects in an OU
150(1)
Deleting the Objects in an OU
151(1)
Deleting an OU
152(2)
Moving the Objects in an OU to a Different OU
154(1)
Moving an OU
155(1)
Determining How Many Child Objects an OU Has
156(2)
Delegating Control of an OU
158(1)
Allowing OUs to Be Created Within Containers
159(1)
Linking a GPO to an OU
160(3)
Users
163(54)
Creating a User
164(2)
Creating a Large Number of Users
166(1)
Creating an inetOrgPerson User
167(2)
Modifying an Attribute for Several Users at Once
169(2)
Moving a User
171(1)
Renaming a User
172(1)
Copying a User
173(2)
Unlocking a User
175(1)
Finding Locked Out Users
176(1)
Troubleshooting Account Lockout Problems
177(2)
Viewing the Account Lockout and Password Policies
179(3)
Enabling and Disabling a User
182(2)
Finding Disabled Users
184(1)
Viewing a User's Group Membership
185(2)
Changing a User's Primary Group
187(2)
Transferring a User's Group Membership to Another User
189(2)
Setting a User's Password
191(1)
Setting a User's Password via LDAP
192(1)
Setting a User's Password via Kerberos
193(1)
Preventing a User from Changing His Password
193(2)
Requiring a User to Change Her Password at Next Logon
195(1)
Preventing a User's Password from Expiring
196(1)
Finding Users Whose Passwords Are About to Expire
197(4)
Setting a User's Account Options (userAccountControl)
201(2)
Setting a User's Account to Expire in the Future
203(2)
Finding Users Whose Accounts Are About to Expire
205(2)
Determining a User's Last Logon Time
207(2)
Finding Users Who Have Not Logged On Recently
209(2)
Setting a User's Profile Attributes
211(1)
Viewing a User's Managed Objects
212(1)
Modifying the Default Display Name Used When Creating Users in ADUC
213(2)
Creating a UPN Suffix for a Forest
215(2)
Groups
217(16)
Creating a Group
218(2)
Viewing the Direct Members of a Group
220(1)
Viewing the Nested Members of a Group
221(1)
Adding and Removing Members of a Group
222(2)
Moving a Group
224(1)
Changing the Scope or Type of a Group
225(1)
Delegating Control for Managing Membership of a Group
226(2)
Resolving a Primary Group ID
228(3)
Enabling Universal Group Membership Caching
231(2)
Computers
233(28)
Creating a Computer
234(2)
Creating a Computer for a Specific User or Group
236(5)
Joining a Computer to a Domain
241(3)
Moving a Computer
244(1)
Renaming a Computer
245(2)
Testing the Secure Channel for a Computer
247(1)
Resetting a Computer
248(1)
Finding Inactive or Unused Computers
249(4)
Changing the Maximum Number of Computers a User Can Join to the Domain
253(1)
Finding Computers with a Particular OS
254(2)
Binding to the Default Container for Computers
256(2)
Changing the Default Container for Computers
258(3)
Group Policy Objects (GPOs)
261(40)
Finding the GPOs in a Domain
263(1)
Creating a GPO
264(1)
Copying a GPO
265(3)
Deleting a GPO
268(1)
Viewing the Settings of a GPO
269(3)
Modifying the Settings of a GPO
272(1)
Importing Settings into a GPO
272(3)
Assigning Logon/Logoff and Startup/Shutdown Scripts in a GPO
275(1)
Installing Applications with a GPO
276(1)
Disabling the User or Computer Settings in a GPO
277(2)
Listing the Links for GPO
279(2)
Creating a GPO Link to an OU
281(2)
Blocking Inheritance of GPOs on an OU
283(2)
Applying a Security Filter to a GPO
285(3)
Creating a WMI Filter
288(1)
Applying a WMI Filter to a GPO
289(2)
Backing Up a GPO
291(3)
Restoring a GPO
294(2)
Simulating the RSoP
296(1)
Viewing the RSoP
297(2)
Refreshing GPO Settings on a Computer
299(1)
Restoring a Default GPO
299(2)
Schema
301(39)
Registering the Active Directory Schema MMC Snap-in
303(1)
Enabling Schema Updates
304(2)
Generating an OID to Use for a New Class or Attribute
306(1)
Generating a GUID to Use for a New Class or Attribute
307(1)
Extending the Schema
308(1)
Documenting Schema Extensions
309(1)
Adding a New Attribute
310(3)
Viewing an Attribute
313(2)
Adding a New Class
315(2)
Viewing a Class
317(1)
Indexing an Attribute
318(2)
Modifying the Attributes That Are Copied When Duplicating a User
320(2)
Modifying the Attributes Included with Ambiguous Name Resolution
322(2)
Adding or Removing an Attribute in the Global Catalog
324(2)
Finding the Nonreplicated and Constructed Attributes
326(3)
Finding the Linked Attributes
329(1)
Finding the Structural, Auxiliary, Abstract, and 88 Classes
330(2)
Finding the Mandatory and Optional Attributes of a Class
332(2)
Modifying the Default Security of a Class
334(1)
Deactivating Classes and Attributes
335(1)
Redefining Classes and Attributes
336(1)
Reloading the Schema Cache
337(3)
Site Topology
340(44)
Creating a Site
343(2)
Listing the Sites
345(1)
Deleting a Site
346(1)
Creating a Subnet
347(2)
Listing the Subnets
349(1)
Finding Missing Subnets
350(2)
Creating a Site Link
352(1)
Finding the Site Links for a Site
353(2)
Modifying the Sites That Are Part of a Site Link
355(1)
Modifying the Cost for a Site Link
356(1)
Disabling Site Link Transitivity or Site Link Schedules
357(2)
Creating a Site Link Bridge
359(2)
Finding the Bridgehead Servers for a Site
361(1)
Setting a Preferred Bridgehead Server for a Site
362(2)
Listing the Servers
364(1)
Moving a Domain Controller to a Different Site
365(1)
Configuring a Domain Controller to Cover Multiple Sites
366(2)
Viewing the Site Coverage for a Domain Controller
368(1)
Disabling Automatic Site Coverage for a Domain Controller
368(1)
Finding the Site for a Client
369(1)
Forcing a Host to a Particular Site
370(2)
Creating a Connection Object
372(1)
Listing the Connection Objects for a Server
373(1)
Load-Balancing Connection Objects
374(1)
Finding the ISTG for a Site
375(1)
Transferring the ISTG to Another Server
376(2)
Triggering the KCC
378(1)
Determining if the KCC Is Completing Successfully
379(1)
Disabling the KCC for a Site
380(2)
Changing the Interval at Which the KCC Runs
382(2)
Replication
384(18)
Determining if Two Domain Controllers Are in Sync
384(2)
Viewing the Replication Status of Several Domain Controllers
386(1)
Viewing Unreplicated Changes Between Two Domain Controllers
386(4)
Forcing Replication from One Domain Controller to Another
390(1)
Changing the Intra-Site Replication Interval
391(2)
Changing the Intersite Replication Interval
393(1)
Disabling Inter-Site Compression of Replication Traffic
394(1)
Checking for Potential Replication Problems
395(1)
Enabling Enhanced Logging of Replication Events
395(1)
Enabling Strict or Loose Replication Consistency
396(1)
Finding Conflict Objects
397(2)
Viewing Object Metadata
399(3)
Domain Name System (DNS)
402(30)
Creating a Forward Lookup Zone
404(1)
Creating a Reverse Lookup Zone
405(1)
Viewing a Server's Zones
406(2)
Converting a Zone to an AD-Integrated Zone
408(1)
Moving AD-Integrated Zones into an Application Partition
409(2)
Delegating Control of a Zone
411(2)
Creating and Deleting Resource Records
413(2)
Querying Resource Records
415(2)
Modifying the DNS Server Configuration
417(1)
Scavenging Old Resource Records
418(2)
Clearing the DNS Cache
420(2)
Verifying That a Domain Controller Can Register Its Resource Records
422(1)
Registering a Domain Controller's Resource Records
423(1)
Preventing a Domain Controller from Dynamically Registering All Resource Records
424(2)
Preventing a Domain Controller from Dynamically Registering Certain Resource Records
426(3)
Deregistering a Domain Controller's Resource Records
429(1)
Allowing Computers to Use a Different Domain Suffix from Their AD Domain
429(3)
Security and Authentication
432(26)
Enabling SSL/TLS
433(1)
Encrypting LDAP Traffic with SSL, TLS, or Signing
434(2)
Enabling Anonymous LDAP Access
436(2)
Restricting Hosts from Performing LDAP Queries
438(1)
Using the Delegation of Control Wizard
439(1)
Customizing the Delegation of Control Wizard
440(3)
Viewing the ACL for an Object
443(1)
Customizing the ACL Editor
444(1)
Viewing the Effective Permissions on an Object
445(1)
Changing the ACL of an Object
446(1)
Changing the Default ACL for an Object Class in the Schema
447(1)
Comparing the ACL of an Object to the Default Defined in the Schema
448(1)
Resetting an Object's ACL to the Default Defined in the Schema
448(1)
Preventing the LM Hash of a Password from Being Stored
449(1)
Enabling List Object Access Mode
450(2)
Modifying the ACL on Administrator Accounts
452(1)
Viewing and Purging Your Kerberos Tickets
453(2)
Forcing Kerberos to Use TCP
455(1)
Modifying Kerberos Settings
456(2)
Logging, Monitoring, and Quotas
458(33)
Enabling Extended dcpromo Logging
459(2)
Enabling Diagnostics Logging
461(2)
Enabling NetLogon Logging
463(1)
Enabling GPO Client Logging
464(1)
Enabling Kerberos Logging
465(2)
Enabling DNS Server Debug Logging
467(2)
Viewing DNS Server Performance Statistics
469(3)
Enabling Inefficient and Expensive LDAP Query Logging
472(2)
Using the STATS Control to View LDAP Query Statistics
474(2)
Using Perfmon to Monitor AD
476(2)
Using Perfmon Trace Logs to Monitor AD
478(3)
Enabling Auditing of Directory Access
481(1)
Creating a Quota
482(2)
Finding the Quotas Assigned to a Security Principal
484(1)
Changing How Tombstone Objects Count Against Quota Usage
485(2)
Setting the Default Quota for All Security Principals in a Partition
487(1)
Finding the Quota Usage for a Security Principal
488(3)
Backup, Recovery, DIT Maintenance, and Deleted Objects
491(26)
Backing Up Active Directory
493(1)
Restarting a Domain Controller in Directory Services Restore Mode
494(2)
Resetting the Directory Service Restore Mode Administrator Password
496(1)
Performing a Nonauthoritative Restore
497(1)
Performing an Authoritative Restore of an Object or Subtree
498(2)
Performing a Complete Authoritative Restore
500(1)
Checking the DIT File's Integrity
501(1)
Moving the DIT Files
502(1)
Repairing or Recovering the DIT
502(1)
Performing an Online Defrag Manually
503(2)
Determining How Much Whitespace Is in the DIT
505(1)
Performing an Offline Defrag to Reclaim Space
506(2)
Changing the Garbage Collection Interval
508(1)
Logging the Number of Expired Tombstone Objects
509(2)
Determining the Size of the Active Directory Database
511(1)
Searching for Deleted Objects
512(1)
Restoring a Deleted Object
513(2)
Modifying the Tombstone Lifetime for a Domain
515(2)
Application Partitions
517(22)
Creating and Deleting an Application Partition
518(3)
Finding the Application Partitions in a Forest
521(2)
Adding or Removing a Replica Server for an Application Partition
523(2)
Finding the Replica Servers for an Application Partition
525(2)
Finding the Application Partitions Hosted by a Server
527(2)
Verifying Application Partitions Are Instantiated on a Server Correctly
529(1)
Setting the Replication Notification Delay for an Application Partition
530(2)
Setting the Reference Domain for an Application Partition
532(2)
Delegating Control of Managing an Application Partition
534(5)
Interoperability and Integration
539(18)
Accessing AD from a Non-Windows Platform
539(1)
Programming with .NET
540(2)
Programming with DSML
542(1)
Programming with Perl
543(1)
Programming with Java
544(2)
Programming with Python
546(1)
Integrating with MIT Kerberos
547(1)
Integrating with Samba
548(1)
Integrating with Apache
549(1)
Replacing NIS
550(1)
Using BIND for DNS
551(1)
Authorizing a Microsoft DHCP Server
552(1)
Using VMWare for Testing AD
553(4)
Appendix: Tool List 557(18)
Index 575

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program