rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780782144413

Mastering Active Directory for Windows Server 2003 R2

by ; ;
  • ISBN13:

    9780782144413

  • ISBN10:

    0782144411

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2006-01-04
  • Publisher: Sybex
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $49.99 Save up to $0.05
  • Buy New
    $49.94
    Add to Cart Free Shipping Icon Free Shipping

    PRINT ON DEMAND: 2-4 WEEKS. THIS ITEM CANNOT BE CANCELLED OR RETURNED.

Summary

Active Directory stores information about a network's users and directories, making it easier to configure, manage, and update a network Windows Server 2003 R2 will include a new scripting engine to make Active Directory administration quicker and easier, plus a Group Policy Management Console for managing group and user accounts Geared to experienced system administrators, this book focuses on serious day-to-day needs and provides real-world solutions, including scripts that can be downloaded and implemented in any AD system

Author Biography

Brad Price, MCSE, MCT, is a technical trainer specializing in Active Directory and Exchange Server 2000 and 2003. He is the author of Active Directory Best Practices 24seven: Migrating, Designing, and Troubleshooting and MCSE: Windows Server 2003 Active Directory and Network Infrastructure Design Study Guide, both from Sybex. John Price, a Citrix Certified Administrator and Microsoft Certified Trainer, is a trainer and network engineer consultant specializing in Citrix enterprise implementations. Scott Fenstermacher is currently a network engineer for a top 200 software company. He has a degree in computer science and holds several certifications from Microsoft and other vendors, including MCSE, MCSD, and MCDBA.

Table of Contents

Introduction xxi
Part 1 Active Directory Design
1(120)
Active Directory Fundamentals
3(10)
Do I Need Active Directory?
3(1)
The Basics
4(5)
Schema
5(3)
The Two Sides of AD
8(1)
What's New in R2?
9(1)
Active Directory Application Mode (ADAM)
9(1)
Active Directory Federation Services (ADFS)
10(1)
Unix Identity Management
10(1)
Pre-Design Criteria
10(2)
Microsoft Solutions Framework
11(1)
Risk Assessment
11(1)
Coming Up Next
12(1)
Domain Name System Design
13(26)
Tied Together
13(1)
How to Resolve
14(7)
So Many Zone Types
17(3)
How to Name a Zone
20(1)
Internal and External Name Options
21(1)
Keeping Them Separate
21(1)
Identical Confusion
22(1)
Understanding the Current DNS Infrastructure
22(1)
That Other DNS Server
23(1)
Propagating the Changes
24(3)
Protecting DNS
27(6)
Limit the Dynamic Updates
27(1)
Monitor for Traffic
28(1)
Set Quotas
29(2)
Disable Recursion
31(1)
Use Appropriate Routing
32(1)
Keeping the System Accurate
33(4)
Use IPSec
33(1)
Use Secure DDNS
34(1)
Avoid Cache Poisoning
35(1)
Allow Appropriate Access
36(1)
Lock Down Transfers
36(1)
Coming Up Next
37(2)
Active Directory Forest and Domain Design
39(34)
Active Directory Forest Design Criteria
40(7)
Schema
41(1)
Schema Considerations
42(1)
Security Boundary
42(1)
Replication Boundary
43(1)
A Common Global Catalog
44(2)
Kerberos and Trusts
46(1)
Political and Administration Boundary
47(1)
Multiple Forests: Pros and Cons
47(5)
Designing with Change Control Policies in Mind
50(1)
Building a Design Based on the Standard Forest Scenarios
51(1)
Separating Extranet Applications into Their Own Forest
52(1)
Forest Functionality Mode Features in Windows 2003
52(3)
Active Directory Domain Design
55(1)
Active Directory Domain Design Criteria
55(3)
Defining Domain Requirements
56(1)
Domain Boundaries
56(2)
Defining Tree Requirements
58(1)
Multiple Domains: Pros and Cons
58(14)
DNS Requirements
59(1)
Authentication Options
60(1)
Interforest Trusts
60(3)
Domain Controller Placement
63(2)
Domain Functional Levels
65(7)
Coming Up Next
72(1)
Organizing the Physical and Logical Aspects of Active Directory
73(40)
Determining the Site Topology
73(3)
Understanding the Current Network Infrastructure
76(2)
Identifying the Current Network Infrastructure Design
76(2)
Setting Your Sites to Support the Active Directory Design
78(3)
Designing Site Links and Site Link Bridges
81(3)
Site Links
81(2)
Site Link Bridges
83(1)
Organizational Unit Design
84(10)
Designing OUs for Administrative Control
84(1)
Understanding the OU Design Options
85(5)
Understanding OU Design Criteria
90(4)
Designing OUs for Group Policy
94(18)
Understanding Company Objectives
97(3)
Creating a Simple Design
100(8)
Creating the OU Structure
108(4)
Coming Up Next
112(1)
Flexible Single Master Operations Design
113(8)
What Are the FSMO Roles?
113(4)
Schema Master
114(1)
Domain Naming Master
114(1)
Infrastructure Master
115(1)
RID Master
115(1)
PDC Emulator
116(1)
Choosing Flexible Single Master Operations Placement
117(3)
Operations Masters in a Single-Domain Forest
117(1)
Operations Masters Site Placement in a Multiple-Domain Forest
117(3)
Coming Up Next
120(1)
Part 2 Active Directory Management
121(216)
Managing Accounts: User, Group, and Computer
123(52)
Account Types
123(24)
Security Principle Accounts
123(23)
Nonsecurity Principle Accounts
146(1)
Utilities
147(26)
Active Directory Users and Computers
148(17)
Command-Line Utilities
165(8)
Coming Up Next
173(2)
Managing Access with Active Directory Services
175(46)
Active Directory Federation Services
176(20)
How It Works
177(2)
ADFS Services
179(2)
Federated Web Single Sign-On
181(15)
Configuring Clients
196(2)
Installing SSL Certificates on Clients
197(1)
Configuring Internet Explorer
197(1)
Identity Management for Unix
198(21)
Server for NIS
198(16)
Password Synchronization
214(5)
Coming Up Next
219(2)
Maintaining Organizational Units
221(28)
Organizational Units
221(6)
Components of Resources
221(6)
Granting Administrative Control
227(1)
User Rights and Permissions When Accessing Resources
227(3)
User Rights
227(1)
Security Descriptors
227(1)
DACL
228(1)
SACL
229(1)
SID
229(1)
Access Token
230(1)
Permissions
230(4)
Implicit and Explicit Permissions
231(1)
Permissions Inheritance
231(1)
Special Permissions
232(1)
Effective Permissions
233(1)
Taking Ownership
234(1)
Delegation of Control
234(5)
Designing Delegation of Control
235(1)
Implementing Delegation of Control
236(2)
Delegation Best Practices
238(1)
Auditing
239(5)
Auditing of Security Events
240(1)
Audit Object Access
241(1)
Auditing Printers and Printing
242(2)
Moving Objects in Active Directory
244(4)
Moving Objects within the Domain
244(1)
Moving Objects between Domains
244(2)
Moving Objects between Forests
246(2)
Coming Up Next
248(1)
Managing Group Policy
249(26)
Group Policy Management Tools
249(1)
Working with ADU&C or ADS&S
250(1)
ADU&C and ADS&S Differences
250(1)
Group Policy Management Console (GPMC)
251(9)
Group Policy Management Tasks
251(1)
Software Settings
251(3)
Windows Settings
254(6)
Administrative Templates
260(1)
Group Policy Inheritance
261(2)
Blocking Inheritance
261(1)
Enforcing Inheritance
262(1)
Policy Filtering
262(1)
Group Policy Storage
263(1)
Local
263(1)
Non-Local
263(1)
Group Policy Processing
264(3)
Initial Group Policy Processing
264(1)
Background Group Policy Refresh
265(1)
Manual Group Policy Refresh
266(1)
Slow Link Processing
266(1)
Client-Side Processing
267(1)
Loopback Processing
267(1)
Group Policy Troubleshooting
267(2)
Resultant Set of Policy (RSoP)
267(1)
GP Result
268(1)
GPOTool---Group Policy Verification Tool
268(1)
Practical Uses of Group Policy
269(5)
Server OU Design
269(1)
Creating a Test OU with Test Computers and Test Users
270(1)
Service Accounts
271(1)
IPSec between Root Domain Controllers and Child Domain Controllers
272(1)
Message Title and Text for Users Attempting to Log On
273(1)
Coming Up Next
274(1)
Managing Site Boundaries
275(20)
Replication within Active Directory
275(18)
Replication Topology
275(3)
Creating the Site Topology
278(3)
Setting Your Sites to Support the AD Design
281(3)
Designing Site Links and Site Link Bridges
284(5)
Optimizing Replication for a Large Network
289(1)
Knowledge Consistency Checker Optimization
289(2)
Securing Active Directory Replication
291(2)
Coming Up Next
293(2)
Managing the Flexible Single Master Operations Roles
295(22)
Identifying the Role Holders
295(8)
Active Directory Users and Computers
295(3)
Active Directory Domains and Trusts
298(1)
Active Directory Schema
298(1)
Command-Line Options
298(5)
Maintaining the Role Holders
303(13)
Maintaining the Schema Master
304(3)
Maintaining the Domain Naming Master
307(2)
Maintaining the Infrastructure Master
309(2)
Maintaining the RID Master
311(2)
Maintaining the PDC Emulator
313(2)
Failed Role Holders
315(1)
Coming Up Next
316(1)
Maintaining the Active Directory Database
317(20)
The Active Directory Database
318(15)
Defragmenting the Active Directory Database
318(4)
Using ntdsutil for Active Directory Database Troubleshooting and Repair
322(7)
Using ADSI Edit to View Directory Service Partitions
329(4)
The Active Directory Schema
333(2)
Modifying the Schema
335(1)
Coming Up Next
336(1)
Part 3 Troubleshooting Active Directory
337(112)
Microsoft's Troubleshooting Methodology for Active Directory
339(14)
High-Level Methodology
339(14)
Discover the Problem
339(2)
Explore the Conditions
341(2)
Explore Possible Problems with Microsoft Operations Manager
343(1)
Identify Possible Approaches
344(1)
Attempt a Solution
345(1)
Check for Success
346(1)
Tie Up Loose Ends
346(4)
Become Comfortable with Active Directory Tools
350(1)
Coming Up Next
351(2)
Troubleshooting Problems Related to Network Infrastructure
353(26)
Components of Network Infrastructure
353(1)
Name Resolution Methods
353(11)
Wins
354(1)
DNS
355(6)
DHCP
361(3)
Methodologies of Network Troubleshooting
364(14)
Other Issues with Troubleshooting
364(14)
Coming Up Next
378(1)
Troubleshooting Problems Related to the Active Directory Database
379(36)
Active Directory Files
379(4)
The Guts of NTDS.DIT
379(1)
What Happened to NTDS.DIT?
380(2)
Database Capacity Planning
382(1)
Troubleshooting Active Directory Replication
383(1)
Replication Overview
383(1)
Determining DNS Problems
383(3)
Verifying Replication
386(4)
Using RepAdmin
387(1)
Using ReplMon
388(1)
Using DCDiag
389(1)
Controlling Replication in Large Organizations
390(1)
Best Practices for Troubleshooting AD Replication
391(1)
Troubleshooting FSMO Roles
391(1)
FSMO Roles and Their Importance
391(4)
Schema Master
392(1)
Domain Naming Master
392(1)
Infrastructure Master
392(1)
Relative Identifier Master
393(1)
Primary Domain Controller Emulator
394(1)
Transferring and Seizing FSMO Roles
395(6)
Identifying the Current Role Holder
395(3)
Transferring the Role to Another Domain Controller
398(2)
Seizing the Role on the Standby Domain Controller
400(1)
Best Practices for Troubleshooting FSMO Roles
401(1)
Troubleshooting Logon Failures
401(1)
Auditing for Logon Problems
401(6)
Acctinfo.dll
404(2)
Kerberos Logging
406(1)
Native Mode Logon Problems
407(1)
Account Lockout Problems
408(4)
Remote Access Issues
412(1)
Are You Being Attacked?
412(1)
Controlling WAN Communication
412(1)
Best Practices for Logon and Account Lockout Troubleshooting
413(1)
Coming Up Next
413(2)
Troubleshooting Active Directory with Microsoft Operations Manager
415(34)
About Microsoft Operations Manager
415(16)
Microsoft Operations Manager 2005 Features
416(15)
Management Packs
431(16)
Computer Groups
431(4)
Discovered Groups
435(1)
Rules Groups
435(2)
Active Directory Management Pack
437(4)
DNS Management Pack
441(2)
Reporting Console
443(4)
Coming Up Next
447(2)
Part 4 Streamlining Management with Scripts
449(170)
ADSI Primer
451(60)
What Is ADSI?
451(3)
ADSI vs. Active Directory
451(1)
COM Interfaces
451(1)
ADSI Providers
452(2)
Active Directory Objects
454(6)
Properties
454(1)
Methods
454(1)
Schema
455(1)
Tools
456(2)
Inheritance
458(1)
Auxiliary Classes
459(1)
Common Active Directory Objects
460(7)
Common Properties and Methods
460(1)
Container Properties and Methods
460(2)
Organizational Units
462(1)
User Properties and Methods
463(2)
Group Properties and Methods
465(1)
Computer Properties and Methods
466(1)
The Basic ADSI Pattern
467(44)
Local Property Cache
468(1)
Binding
469(11)
Reading Data
480(2)
Saving Data
482(1)
Modifying Data
483(3)
Active Directory Data Types
486(4)
Searching for Data
490(8)
Handling Errors
498(8)
ADSI and COM Errors
506(3)
Coming Up Next
509(2)
Active Directory Scripts
511(70)
Windows Script File Basics
511(1)
VBScript Class Basics
512(4)
Scope
514(1)
Property Procedures
514(1)
Class Initialization and Termination
515(1)
Script Locations
515(1)
RootDSE Scripts
516(4)
RootDSE Class
516(2)
Viewing RootDSE Properties
518(2)
Domain Scripts
520(5)
DomainClass
520(4)
View Domain Account Policies
524(1)
View Domain Password Policies
524(1)
Active Directory Query Scripts
525(6)
QueryClass
525(4)
Using the QueryClass
529(1)
Search for User Accounts
529(1)
Search for Computer Accounts
530(1)
Search for Groups
530(1)
Search for Organizational Units
531(1)
User Scripts
531(17)
UserClass
532(10)
Create a New User
542(1)
List User Properties
542(1)
Set User Properties
543(1)
Set User Password
544(1)
Set Password Not to Expire
544(1)
Unlock a User Account
544(1)
Enable and Disable a User Account
545(1)
List Group Membership of a User
545(1)
List All Group Membership of a User
546(1)
Join the User to a Group
546(1)
Copy a User Object
546(1)
Copy Group Membership to Another User
547(1)
Move a User Object
547(1)
Group Scripts
548(9)
GroupClass
548(6)
Creating a New Group
554(1)
List Group Members
555(1)
List All Group Members
555(1)
List Group Membership of a Group
556(1)
Add a New Group Member
556(1)
Remove a Group Member
557(1)
Change the Group Manager
557(1)
Computer Scripts
557(5)
ComputerClass
557(3)
Create a Computer Account
560(1)
Move a Computer Account
561(1)
Reset a Computer Account
561(1)
Organizational Unit Scripts
562(5)
OUClass
562(3)
Create a New Organizational Unit
565(1)
Delete an Organizational Unit
566(1)
List Child Objects in Organizational Unit
566(1)
Excel Scripts
567(13)
ExcelClass
568(9)
Export Users to Excel
577(1)
Import Users from Excel
578(2)
Coming Up Next
580(1)
Monitoring Active Directory
581(38)
OutputClass
581(2)
Windows Management Instrumentation (WMI)
583(8)
WMIClass
591(4)
CPU Overload
595(2)
RegistryClass
597(6)
AD Database and Log File Free Space
603(2)
Active Directory Essential Services
605(1)
Active Directory Response Time
606(2)
Global Catalog Server Response
608(3)
Lost and Found Object Count
611(1)
PingClass
612(2)
Operation Master Response
614(3)
Monitor Trust Relationships
617(2)
Index 619

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program