Active Directory Cookbook, 2nd Edition

Larger Cover

By Robbie Allen, Laura E. Hunter

Publisher: O'Reilly Media

Released: June 2006

Pages: 992

If you're among those looking for practical hands-on support, help is here with Active Directory Cookbook, Second Edition, a unique problem-solving guide that offers quick answers for Active Directory and updated for Window Server 2003 SP1 and R2 versions.

The book contains hundreds of step-by-step solutions for both common and uncommon problems that you're likely to encounter with Active Directory on a daily basis--including recipes to deal with the Lightweight Directory Access Protocol (LDAP), ADAM, multi-master replication, Domain Name System (DNS), Group Policy, the Active Directory Schema, and many other features. Author Robbie Allen, a Technical Leader at Cisco Systems, MVP for Directory Services, and co-author of Active Directory, Third Edition and Laura E. Hunter, MVP for Windows Server-Networking and author of several books, have based this collection of troubleshooting recipes on their own experience, along with input from Windows administrators. Each recipe includes a discussion explaining how and why the solution works, so you can adapt the problem-solving techniques to similar situations.

This best selling book provides solutions to over 300 problems commonly encountered when deploying, administering, and automating Active Directory to manage users in Windows 2000 and Windows Server 2003. The recipes include:

creating domains and trusts
renaming a domain controller
finding users whose passwords are about to expire
applying a security filter to group policy objects
checking for potential replication problems
restricting hosts from performing LDAP queries
viewing DNS server performance statistics

This Cookbook is a perfect companion to Active Directory, Third Edition, the tutorial that experts hail as the best source for understanding Microsoft's directory service. While Active Directory provides the big picture, Active Directory Cookbook gives you quick solutions you need to cope with day-to-day dilemmas. Together, these books supply the knowledge and tools so you can get the most out of Active Directory to manage users, groups, computers, domains, organizational units, and security policies on your network.

Chapter 1 Getting Started
1. Approach to the Book
2. Where to Find the Tools
3. Getting Familiar with LDIF
4. Programming Notes
5. Replaceable Text
6. Where to Find More Information
Chapter 2 Forests, Domains, and Trusts
1. Introduction
2. Creating a Forest
3. Removing a Forest
4. Creating a Domain
5. Removing a Domain
6. Removing an Orphaned Domain
7. Finding the Domains in a Forest
8. Finding the NetBIOS Name of a Domain
9. Renaming a Domain
10. Raising the Domain Functional Level to Windows 2000 Native Mode
11. Raising the Functional Level of a Windows Server 2003 Domain
12. Raising the Functional Level of a Windows Server 2003 Forest
13. Using AdPrep to Prepare a Domain or Forest for Windows Server 2003
14. Determining WhetherAdPrep Has Completed
15. Checking Whether a Windows 2000 Domain Controller Can Be Upgraded to Windows Server 2003
16. Creating an External Trust
17. Creating a Transitive Trust Between Two AD Forests
18. Creating a Shortcut Trust Between Two AD Domains
19. Creating a Trust to a Kerberos Realm
20. Viewing the Trusts for a Domain
21. Verifying a Trust
22. Resetting a Trust
23. Removing a Trust
24. Enabling SID Filtering for a Trust
25. Enabling Quarantine for a Trust
26. Managing Selective Authentication for a Trust
27. Finding Duplicate SIDs in a Domain
28. Adding Additional Fields to Active Directory Users and Computers
Chapter 3 Domain Controllers, Global Catalogs, and FSMOs
1. Introduction
2. Promoting a Domain Controller
3. Promoting a Domain Controller from Media
4. Verifying the Promotion of a Domain Controller
5. Demoting a Domain Controller
6. Automating the Promotion or Demotion of a Domain Controller
7. Troubleshooting Domain Controller Promotion or Demotion Problems
8. Removing an Unsuccessfully Demoted Domain Controller
9. Renaming a Domain Controller
10. Creating an NT 4.0 BDC Object
11. Finding the Domain Controllers for a Domain
12. Finding the Closest Domain Controller
13. Finding a Domain Controller's Site
14. Moving a Domain Controller to a Different Site
15. Finding the Services a Domain Controller Is Advertising
16. Restoring a Deleted Domain Controller
17. Resetting the TCP/IP Stack on a Domain Controller
18. Configuring a Domain Controller to Use an External Time Source
19. Finding the Number of Logon Attempts Made Against a Domain Controller
20. Enabling the /3GB Switch to Increase the LSASS Cache
21. Enabling the /PAE switch to Increase the Amount of Addressable RAM
22. Cleaning Up Distributed Link Tracking Objects
23. Enabling and Disabling the Global Catalog
24. Determining Whether Global Catalog Promotion Is Complete
25. Finding the Global Catalog Servers in a Forest
26. Finding the Domain Controllers or Global Catalog Servers in a Site
27. Finding Domain Controllers and Global Catalogs via DNS
28. Changing the Preference for a Domain Controller
29. Disabling the Global Catalog Requirement During a Windows 2000 or Windows Server 2003 Domain Login
30. Enabling Universal Group Caching in Windows Server 2003
31. Finding the FSMO Role Holders
32. Transferring a FSMO Role
33. Seizing a FSMO Role
34. Finding the PDC Emulator FSMO Role Owner via DNS
35. Finding the PDC Emulator FSMO Role Owner via WINS
Chapter 4 Searching and Manipulating Objects
1. Introduction
2. Viewing the RootDSE
3. Viewing the Attributes of an Object
4. Counting Objects in Active Directory
5. Using LDAP Controls
6. Using a Fast or Concurrent Bind
7. Connecting to an Object GUID
8. Connecting to a Well-Known GUID
9. Searching for Objects in a Domain
10. Searching the Global Catalog
11. Searching for a Large Number of Objects
12. Searching with an Attribute-Scoped Query
13. Searching with a Bitwise Filter
14. Creating an Object
15. Modifying an Object
16. Modifying a Bit Flag Attribute
17. Dynamically Linking an Auxiliary Class
18. Creating a Dynamic Object
19. Refreshing a Dynamic Object
20. Modifying the Default TTL Settings for Dynamic Objects.
21. Moving an Object to a Different OU or Container
22. Moving an Object to a Different Domain
23. Referencing an External Domain
24. Renaming an Object
25. Deleting an Object
26. Deleting a Container That Has Child Objects
27. Viewing the Created and Last Modified Timestamp of an Object
28. Modifying the Default LDAP Query Policy
29. Exporting Objects to an LDIF File
30. Importing Objects Using an LDIF File
31. Exporting Objects to a CSV File
32. Importing Objects Using a CSV File
Chapter 5 Organizational Units
1. Introduction
2. Creating an OU
3. Enumerating the OUs in a Domain
4. Finding an OU
5. Enumerating the Objects in an OU
6. Deleting the Objects in an OU
7. Deleting an OU
8. Moving the Objects in an OU to a Different OU
9. Moving an OU
10. Renaming an OU
11. Modifying an OU
12. Determining Approximately How Many Child Objects an OU Has
13. Delegating Control of an OU
14. Assigning or Removing a Manager for an OU
15. Allowing OUs to Be Created Within Containers
16. Linking a GPO to an OU
Chapter 6 Users
1. Introduction
2. Modifying the Default Display Name Used When Creating Users in ADUC
3. Creating a User
4. Creating a Large Number of Users
5. Creating an inetOrgPerson User
6. Converting a user Object to an inetOrgPerson Object (or Vice Versa)
7. Modifying an Attribute for Several Users at Once
8. Setting a User's Profile Attributes
9. Moving a User
10. Redirecting Users to an Alternative OU
11. Renaming a User
12. Copying a User
13. Finding Locked Out Users
14. Unlocking a User
15. Troubleshooting Account Lockout Problems
16. Viewing the Account Lockout and Password Policies
17. Enabling and Disabling a User
18. Finding Disabled Users
19. Viewing a User's Group Membership
20. Removing All Group Memberships from a User
21. Changing a User's Primary Group
22. Transferring a User's Group Membership to Another User
23. Setting a User's Password
24. Setting a User's Password via LDAP
25. Setting a User's Password from Unix
26. Preventing a User from Changing Her Password
27. Requiring a User to Change His Password at Next Logon
28. Preventing a User's Password from Expiring
29. Finding Users Whose Passwords Are About to Expire
30. Setting a User's Account Options (userAccountControl)
31. Setting a User's Account to Expire
32. Finding Users Whose Accounts Are About to Expire
33. Determining a User's Last Logon Time
34. Finding Users Who Have Not Logged On Recently
35. Viewing a User's Permitted Logon Hours
36. Viewing a User's Managed Objects
37. Creating a UPN Suffix for a Forest
Chapter 7 Groups
1. Introduction
2. Creating a Group
3. Viewing the Permissions of a Group
4. Viewing the Direct Members of a Group
5. Viewing the Nested Members of a Group
6. Adding and Removing Members of a Group
7. Moving a Group Within a Domain
8. Moving a Group to Another Domain
9. Changing the Scope or Type of a Group
10. Modifying Group Attributes
11. Creating a Dynamic Group
12. Delegating Control for Managing Membership of a Group
13. Resolving a Primary Group ID
14. Enabling Universal Group Membership Caching
15. Restoring a Deleted Group
Chapter 8 Computers
1. Introduction
2. Creating a Computer
3. Creating a Computer for a Specific User or Group
4. Joining a Computer to a Domain
5. Moving a Computer Within the Same Domain
6. Moving a Computer to a New Domain
7. Renaming a Computer
8. Add or Remove a Computer Account from a Group
9. Testing the Secure Channel for a Computer
10. Resetting a Computer Account
11. Finding Inactive or Unused Computers
12. Changing the Maximum Number of Computers a User Can Join to the Domain
13. Modifying the Attributes of a Computer Object
14. Finding Computers with a Particular OS
15. Binding to the Default Container for Computers
16. Changing the Default Container for Computers
17. Listing All the Computer Accounts in a Domain
18. Identifying a Computer Role
Chapter 9 Printers and Shared Folders
1. Introduction
2. Installing the Print Server Role
3. Creating a Printer Filter
4. Managing Printer Drivers
5. Deploying Printers Through Group Policy
6. Publishing Printers in Active Directory
7. Installing the File Server Resource Manager
8. Managing Disk Quota Templates
9. Managing Disk Quotas
10. Managing Auto-Quotas
11. Modifying Quota Settings
12. Defining File Groups
13. Managing File-Screen Templates
14. Managing File Screens
15. Managing File-Screen Exceptions
16. Configuring File Server Reporting
17. Managing File Server Options
Chapter 10 Group Policy Objects
1. Introduction
2. Finding the GPOs in a Domain
3. Creating a GPO
4. Copying a GPO
5. Deleting a GPO
6. Viewing the Settings of a GPO
7. Modifying the Settings of a GPO
8. Importing Settings into a GPO
9. Creating a Migration Table
10. Creating Custom Group Policy Settings
11. Assigning Logon/Logoff and Startup/Shutdown Scripts in a GPO
12. Installing Applications with a GPO
13. Disabling the User or Computer Settings in a GPO
14. Listing the Links for a GPO
15. Creating a GPO Link to an OU
16. Blocking Inheritance of GPOs on an OU
17. Enforcing the Settings of a GPO Link
18. Applying a Security Filter to a GPO
19. Delegating Administration of GPOs
20. Importing a Security Template
21. Creating a WMI Filter
22. Applying a WMI Filter to a GPO
23. Configuring Loopback Processing for a GPO
24. Backing Up a GPO
25. Restoring a GPO
26. Simulating the RSoP
27. Viewing the RSoP
28. Refreshing GPO Settings on a Computer
29. Restoring a Default GPO
Chapter 11 Schema
1. Introduction
2. Registering the Active Directory Schema MMC Snap-in
3. Enabling Schema Updates
4. Generating an OID to Use for a New Class or Attribute
5. Generating a GUID to Use for a New Class or Attribute
6. Extending the Schema
7. Preparing the Schema for Upgrade
8. Documenting Schema Extensions
9. Adding a New Attribute
10. Viewing an Attribute
11. Adding a New Class
12. Viewing a Class
13. Indexing an Attribute
14. Modifying the Attributes That Are Copied When Duplicating a User
15. Adding Custom Information to ADUC
16. Modifying the Attributes Included with ANR
17. Modifying the Set of Attributes Stored on a Global Catalog
18. Finding the Nonreplicated and Constructed Attributes
19. Finding the Linked Attributes
20. Finding the Structural, Auxiliary, Abstract, and 88 Classes
21. Finding the Mandatory and Optional Attributes of a Class
22. Modifying the Default Security of a Class
23. Managing the Confidentiality Bit
24. Deactivating Classes and Attributes
25. Redefining Classes and Attributes
26. Reloading the Schema Cache
27. Managing the Schema Master FSMO
Chapter 12 Site Topology
1. Introduction
2. Creating a Site
3. Listing the Sites
4. Renaming a Site
5. Deleting a Site
6. Delegating Control of a Site
7. Configuring Universal Group Caching for a Site
8. Creating a Subnet
9. Listing the Subnets
10. Finding Missing Subnets
11. Deleting a Subnet
12. Changing a Subnet's Site Assignment
13. Creating a Site Link
14. Finding the Site Links for a Site
15. Modifying the Sites That Are Part of a Site Link
16. Modifying the Cost for a Site Link
17. Enabling Change Notification for a Site Link
18. Modifying Replication Schedules
19. Disabling Site Link Transitivity or Site Link Schedules
20. Creating a Site Link Bridge
21. Finding the Bridgehead Servers for a Site
22. Setting a Preferred Bridgehead Server for a Site
23. Listing the Servers
24. Moving a Domain Controller to a Different Site
25. Configuring a Domain Controller to Cover Multiple Sites
26. Viewing the Site Coverage for a Domain Controller
27. Disabling Automatic Site Coverage for a Domain Controller
28. Finding the Site for a Client
29. Forcing a Host into a Particular Site
30. Creating a Connection Object
31. Listing the Connection Objects for a Server
32. Load-Balancing Connection Objects
33. Finding the ISTG for a Site
34. Transferring the ISTG to Another Server
35. Triggering the KCC
36. Determining Whether the KCC Is Completing Successfully
37. Disabling the KCC for a Site
38. Changing the Interval at Which the KCC Runs
Chapter 13 Replication
1. Introduction
2. Determining Whether Two Domain Controllers Are in Sync
3. Viewing the Replication Status of Several Domain Controllers
4. Viewing Unreplicated Changes Between Two Domain Controllers
5. Forcing Replication from One Domain Controller to Another
6. Enabling and Disabling Replication
7. Changing the Intra-Site Replication Interval
8. Changing the Intra-Site Notification Delay
9. Changing the Inter-Site Replication Interval
10. Disabling Inter-Site Compression of Replication Traffic
11. Checking for Potential Replication Problems
12. Enabling Enhanced Logging of Replication Events
13. Enabling Strict or Loose Replication Consistency
14. Finding Conflict Objects
15. Finding Orphaned Objects
16. Listing the Replication Partners for a DC
17. Viewing Object Metadata
Chapter 14 DNS and DHCP
1. Introduction
2. Creating a Forward Lookup Zone
3. Creating a Reverse Lookup Zone
4. Viewing a Server's Zones
5. Converting a Zone to an AD-Integrated Zone
6. Moving AD-Integrated Zones into an Application Partition
7. Configuring Zone Transfers
8. Configuring Forwarding
9. Delegating Control of a Zone
10. Creating and Deleting Resource Records
11. Querying Resource Records
12. Modifying the DNS Server Configuration
13. Scavenging Old Resource Records
14. Clearing the DNS Cache
15. Verifying That a Domain Controller Can Register Its Resource Records
16. Enabling DNS Server Debug Logging
17. Registering a Domain Controller's Resource Records
18. Deregistering a Domain Controller's Resource Records
19. Preventing a Domain Controller from Dynamically Registering All Resource Records
20. Preventing a Domain Controller from Dynamically Registering Certain Resource Records
21. Allowing Computers to Use a Different Domain Suffix from Their AD Domain
22. Authorizing a DHCP Server
23. Locating Unauthorized DHCP Servers
24. Restricting DHCP Administrators
Chapter 15 Security and Authentication
1. Introduction
2. Enabling SSL/TLS
3. Encrypting LDAP Traffic with SSL, TLS, or Signing
4. Disabling LDAP Signing or Encryption
5. Enabling Anonymous LDAP Access
6. Restricting Hosts from Performing LDAP Queries
7. Restricting Anonymous Access to Active Directory
8. Using the Delegation of Control Wizard
9. Customizing the Delegation of Control Wizard
10. Revoking Delegated Permissions
11. Viewing the ACL for an Object
12. Customizing the ACL Editor
13. Viewing the Effective Permissions on an Object
14. Configuring Permission Inheritance
15. Changing the ACL of an Object
16. Changing the Default ACL for an Object Class in the Schema
17. Comparing the ACL of an Object to the Default Defined in the Schema
18. Resetting an Object's ACL to the Default Defined in the Schema
19. Preventing the LM Hash of a Password from Being Stored
20. Enabling Strong Domain Authentication
21. Enabling List Object Access Mode
22. Modifying the ACL on Administrator Accounts
23. Viewing and Purging Your Kerberos Tickets
24. Forcing Kerberos to Use TCP
25. Modifying Kerberos Settings
26. Viewing Access Tokens
Chapter 16 Logging, Monitoring, and Quotas
1. Introduction
2. Enabling Extended dcpromo Logging
3. Enabling Diagnostics Logging
4. Enabling NetLogon Logging
5. Enabling GPO Client Logging
6. Enabling Kerberos Logging
7. Viewing DNS Server Performance Statistics
8. Monitoring the File Replication Service
9. Monitoring the Windows Time Service
10. Enabling Inefficient and Expensive LDAP Query Logging
11. Using the STATS Control to View LDAP Query Statistics
12. Using Perfmon to Monitor AD
13. Using Perfmon Trace Logs to Monitor AD
14. Creating an Administrative Alert
15. Emailing an Administrator on a Performance Alert
16. Enabling Auditing of Directory Access
17. Enabling Auditing of Registry Keys
18. Creating a Quota
19. Finding the Quotas Assigned to a Security Principal
20. Changing How Tombstone Objects Count Against Quota Usage
21. Setting the Default Quota for All Security Principals in a Partition
22. Finding the Quota Usage for a Security Principal
Chapter 17 Backup, Recovery, DIT Maintenance, and Deleted Objects
1. Introduction
2. Backing Up Active Directory
3. Restarting a Domain Controller in Directory Services Restore Mode
4. Resetting the Directory Service Restore Mode Administrator Password
5. Performing a Nonauthoritative Restore
6. Performing an Authoritative Restore of an Object or Subtree
7. Performing a Complete Authoritative Restore
8. Checking the DIT File's Integrity
9. Moving the DIT Files
10. Repairing or Recovering the DIT
11. Performing an Online Defrag Manually
12. Performing a Database Recovery
13. Creating a Reserve File
14. Determining How Much Whitespace Is in the DIT
15. Performing an Offline Defrag to Reclaim Space
16. Changing the Garbage Collection Interval
17. Logging the Number of Expired Tombstone Objects
18. Determining the Size of the Active Directory Database
19. Searching for Deleted Objects
20. Undeleting a Single Object
21. Undeleting a Container Object
22. Modifying the Tombstone Lifetime for a Domain
Chapter 18 Application Partitions
1. Introduction
2. Creating and Deleting an Application Partition
3. Finding the Application Partitions in a Forest
4. Adding or Removing a Replica Server for an Application Partition
5. Finding the Replica Servers for an Application Partition
6. Finding the Application Partitions Hosted by a Server
7. Verifying Application Partitions Are Instantiated on a Server Correctly
8. Setting the Replication Notification Delay for an Application Partition
9. Setting the Reference Domain for an Application Partition
10. Delegating Control of Managing an Application Partition
Chapter 19 Active Directory Application Mode
1. Introduction
2. Installing ADAM
3. Creating a New ADAM Instance
4. Creating a New Replica of an ADAM Configuration Set
5. Stopping and Starting an ADAM Instance
6. Changing the Ports Used by an ADAM Instance
7. Listing the ADAM Instances Installed on a Computer
8. Extending the ADAM Schema
9. Managing ADAM Application Partitions
10. Managing ADAM Organizational Units
11. Managing ADAM Users
12. Changing the Password for an ADAM User
13. Enabling and Disabling an ADAM User
14. Managing ADAM Groups
15. Managing ADAM Group Memberships
16. Viewing and Modifying ADAM Object Attributes
17. Importing Data into an ADAM Instance
18. Configuring Intrasite Replication
19. Forcing ADAM Replication
20. Managing ADAM Permissions
Chapter 20 Interoperability and Integration
1. Introduction
2. Accessing AD from a Non-Windows Platform
3. Programming with .NET
4. Programming with DSML
5. Programming with Perl
6. Programming with Java
7. Programming with Python
8. Integrating with MIT Kerberos
9. Integrating with Samba
10. Integrating with Apache
11. Integrating with Novell Netware
12. Integrating with Macintosh
13. Replacing the Network Information Service
14. Using BIND for DNS
15. Integrating Down-level Windows Clients
16. Using VMWare for Testing AD
17. Using Virtual Server in an Active Directory Environment
Chapter 21 Active Directory Federation Services
1. Introduction
2. Installing ADFS Prerequisites
3. Installing the Federation Service
4. Configuring an Active Directory Account Store
5. Configuring an ADAM Account Store
6. Configuring an Account Partner
7. Configuring a Resource Partner
8. Creating a Claim Type
9. Configuring an Application
10. Configuring a Forest Trust
11. Configuring an Alternate UPN Suffix
12. Configuring the ADFS Web Agent
13. Enabling Logging for the ADFS Web Agent
Chapter 22 Exchange Server 2003
1. Introduction
2. Preparing Active Directory for Exchange
3. Installing the First Exchange Server
4. Installing Additional Exchange Servers
5. Installing an Exchange Service Pack
6. Creating Unattended Installation Files for Exchange and Exchange Service Pack Installations
7. Installing Exchange Management Tools
8. Delegating Exchange for the First Time
9. Stopping and Starting Exchange Server
10. Mail-Enabling a User
11. Mail-Disabling a User
12. Mailbox-Enabling a User
13. Deleting a User's Mailbox
14. Purging a Deleted Mailbox
15. Reconnecting a Deleted Mailbox
16. Enumerating Disconnected Mailboxes
17. Moving a Mailbox
18. Viewing Mailbox Sizes and Message Counts
19. Configuring Mailbox Limits
20. Mail-Enabling a Contact
21. Mail-Disabling a Contact
22. Creating a Mail-Enabled Distribution List
23. Creating a Query-Based Distribution List
24. Creating an Address List
25. Creating a Recipient Policy
26. Creating a Storage Group
27. Creating a Mailbox Store
28. Moving the Exchange Transaction Logs
29. Listing Domain Controllers and Global Catalog Servers Used by an Exchange Server
30. Mounting and Dismounting Mailbox Stores
31. Enabling Message Tracking
Chapter 23 Microsoft Identity Integration Server
1. Introduction
2. Creating the HR Database MA
3. Creating an Active Directory MA
4. Setting Up a Metaverse Object Deletion Rule
5. Setting Up Simple Import Attribute Flow—HR Database MA
6. Setting Up a Simple Export Attribute Flow to AD
7. Defining an Advanced Import Attribute Flow—HR Database MA
8. Implementing an Advanced Attribute Flow Rules Extension—HR Database MA
9. Setting Up Advanced Export Attribute Flow in Active Directory
10. Configuring a Run Profile to Do an Initial Load of Data from the HR Database MA
11. Loading Initial HR Database Data into MIIS Using a Run Profile
12. Configuring a Run Profile to Load the Container Structure from AD
13. Loading the Initial AD Container Structure into MIIS Using a Run Profile
14. Setting Up the HR Database MA to Project Objects to the Metaverse
15. Writing a Rules Extension to Provision User Objects to the ADMA from Objects in the HR Database MA
16. Creating a Run Profile for Provisioning
17. Executing the Provisioning Rule
18. Creating a Run Profile to Export Objects from the ADMA to Active Directory
19. Exporting Objects to AD Using an Export Run Profile
20. Testing Provisioning and De-Provisioning of User Accounts in AD
21. Creating a Run Profile Script
22. Creating a Controlling Script
23. Enabling Directory Synchronization from AD to the HR Database
24. Configuring a Run Profile to Load the telephoneNumber from AD
25. Loading telephoneNumber Changes from AD into MIIS Using a Delta Import and Delta Synchronization Run Profile
26. Exporting telephoneNumber Data to the HR Database
27. Using the HR Database MA Export Run Profile to Export the Telephone Number to the HR Database
28. Searching Data in the Connector Space
29. Searching Data in the Metaverse
30. Deleting Data in the Connector Space and Metaverse

Colophon

Title:

Active Directory Cookbook, 2nd Edition

By:

Robbie Allen, Laura E. Hunter

Publisher:

O'Reilly Media

Formats:

Print
Ebook
Safari Books Online

Print:

June 2006

Ebook:

June 2009

Pages:

992

Print ISBN:

978-0-596-10202-9

| ISBN 10:

0-596-10202-X

Ebook ISBN:

978-0-596-10601-0

| ISBN 10:

0-596-10601-7

Description

Table of Contents

Product Details

About the Author

Colophon

Recommended for You

Chapter 1 Getting Started

Approach to the Book

Where to Find the Tools

Getting Familiar with LDIF

Programming Notes

Replaceable Text

Where to Find More Information

Chapter 2 Forests, Domains, and Trusts

Introduction

Creating a Forest

Removing a Forest

Creating a Domain

Removing a Domain

Removing an Orphaned Domain

Finding the Domains in a Forest

Finding the NetBIOS Name of a Domain

Renaming a Domain

Raising the Domain Functional Level to Windows 2000 Native Mode

Raising the Functional Level of a Windows Server 2003 Domain

Raising the Functional Level of a Windows Server 2003 Forest

Using AdPrep to Prepare a Domain or Forest for Windows Server 2003

Determining WhetherAdPrep Has Completed

Checking Whether a Windows 2000 Domain Controller Can Be Upgraded to Windows Server 2003

Creating an External Trust

Creating a Transitive Trust Between Two AD Forests

Creating a Shortcut Trust Between Two AD Domains

Creating a Trust to a Kerberos Realm

Viewing the Trusts for a Domain

Verifying a Trust

Resetting a Trust

Removing a Trust

Enabling SID Filtering for a Trust

Enabling Quarantine for a Trust

Managing Selective Authentication for a Trust

Finding Duplicate SIDs in a Domain

Adding Additional Fields to Active Directory Users and Computers

Chapter 3 Domain Controllers, Global Catalogs, and FSMOs

Introduction

Promoting a Domain Controller

Promoting a Domain Controller from Media

Verifying the Promotion of a Domain Controller

Demoting a Domain Controller

Automating the Promotion or Demotion of a Domain Controller

Troubleshooting Domain Controller Promotion or Demotion Problems

Removing an Unsuccessfully Demoted Domain Controller

Renaming a Domain Controller

Creating an NT 4.0 BDC Object

Finding the Domain Controllers for a Domain

Finding the Closest Domain Controller

Finding a Domain Controller's Site

Moving a Domain Controller to a Different Site

Finding the Services a Domain Controller Is Advertising

Restoring a Deleted Domain Controller

Resetting the TCP/IP Stack on a Domain Controller

Configuring a Domain Controller to Use an External Time Source

Finding the Number of Logon Attempts Made Against a Domain Controller

Enabling the /3GB Switch to Increase the LSASS Cache

Enabling the /PAE switch to Increase the Amount of Addressable RAM

Cleaning Up Distributed Link Tracking Objects

Enabling and Disabling the Global Catalog

Determining Whether Global Catalog Promotion Is Complete

Finding the Global Catalog Servers in a Forest

Finding the Domain Controllers or Global Catalog Servers in a Site

Finding Domain Controllers and Global Catalogs via DNS

Changing the Preference for a Domain Controller

Disabling the Global Catalog Requirement During a Windows 2000 or Windows Server 2003 Domain Login

Enabling Universal Group Caching in Windows Server 2003

Finding the FSMO Role Holders

Transferring a FSMO Role

Seizing a FSMO Role

Finding the PDC Emulator FSMO Role Owner via DNS

Finding the PDC Emulator FSMO Role Owner via WINS

Chapter 4 Searching and Manipulating Objects

Introduction

Viewing the RootDSE

Viewing the Attributes of an Object

Counting Objects in Active Directory

Using LDAP Controls

Using a Fast or Concurrent Bind

Connecting to an Object GUID