Active Directory, 4th Edition

Active Directory, 4th Edition

by Brian Desmond, Joe Richards, Robbie Allen, Alistair G. Lowe-Norris
Released November 2008
Publisher(s): O'Reilly Media, Inc.
ISBN: 9780596554286

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

To help you take full advantage of Active Directory, this fourth edition of this bestselling book gives you a thorough grounding in Microsoft's network directory service. With Active Directory, you'll learn how to design, manage, and maintain an AD infrastructure, whether it's for a small business network or a multinational enterprise with thousands of resources, services, and users.

This detailed and highly accurate volume covers Active Directory from its origins in Windows 2000 through Windows Server 2008. But unlike typical dry references, Active Directory presents concepts in an easy-to-understand, narrative style. With this book, you will:

  • Get a complete review of all the new Windows 2008 features
  • Learn how Active Directory works with Exchange and PowerShell
  • Take advantage of the updated scripting and programming chapters to automate AD tasks
  • Learn how to be more efficient with command-line tools
  • Grasp concepts easily with the help of numerous screenshots and diagrams

Ideal for administrators, IT professionals, project managers, and programmers alike, Active Directory is not only for people getting started with AD, it's also for experienced users who need to stay up-to-date with the latest AD features in Windows Server 2008. It is no wonder this guide is the bestselling AD resource available.

Publisher resources

View/Submit Errata

Table of contents

  1. Active Directory
  2. A Note Regarding Supplemental Files
  3. Preface
    1. Intended Audience
    2. Contents of the Book
      1. Part 1, Active Directory Basics
      2. Part 2, Designing an Active Directory Infrastructure
      3. Part 3, Scripting Active Directory with ADSI, ADO, and WMI
    3. Conventions Used in This Book
    4. Using Code Examples
    5. Safari® Books Online
    6. How to Contact Us
    7. Acknowledgments
      1. For the Fourth Edition (Brian)
      2. For the Third Edition (Joe)
      3. For the Second Edition (Robbie)
      4. For the First Edition (Alistair)
  4. I. Active Directory Basics
    1. 1. A Brief Introduction
      1. Evolution of the Microsoft NOS
        1. Brief History of Directories
      2. Windows NT Versus Active Directory
      3. Windows 2000 Versus Windows Server 2003
      4. Windows Server 2003 Versus Windows Server 2003 R2
      5. Windows Server 2003 R2 Versus Windows Server 2008
      6. Summary
    2. 2. Active Directory Fundamentals
      1. How Objects Are Stored and Identified
        1. Uniquely Identifying Objects
          1. Distinguished names
          2. Examples
      2. Building Blocks
        1. Domains and Domain Trees
        2. Forests
        3. Organizational Units
        4. Global Catalog
        5. Flexible Single Master Operator (FSMO)
        6. Time Synchronization in Active Directory
        7. Domain and Forest Functional Levels
          1. Windows 2000 Domain Mode
        8. Groups
          1. Groups in Windows NT
          2. Group nesting in different functional levels
          3. Group membership across domain boundaries
          4. Converting groups
          5. Wrap-up
      3. Summary
    3. 3. Naming Contexts and Application Partitions
      1. Domain Naming Context
      2. Configuration Naming Context
      3. Schema Naming Context
      4. Application Partitions
        1. Storing Dynamic Data
      5. Summary
    4. 4. Active Directory Schema
      1. Structure of the Schema
        1. X.500 and the OID Namespace
      2. Attributes (attributeSchema Objects)
        1. Dissecting an Example Active Directory Attribute
      3. Attribute Properties
        1. Attribute Syntax
        2. System Flags
          1. Constructed attributes
          2. Category 1 objects
        3. Schema FlagsEx
        4. Search Flags
          1. Indexed attributes
          2. Ambiguous Name Resolution
          3. Preserve attribute in tombstone
          4. Tuple index
          5. Confidential
          6. Attribute change auditing
          7. Filtered attribute set
        5. Property Sets and attributeSecurityGUID
        6. Linked Attributes
      4. Classes (classSchema Objects)
        1. Object Class Category and Inheritance
        2. Dissecting an Example Active Directory Class
          1. How inheritance affects mustContain, mayContain, possSuperiors, and auxiliaryClass
          2. Viewing the user class with the Active Directory Schema snap-in
        3. Dynamically Linked Auxiliary Classes
      5. Summary
    5. 5. Site Topology and Replication
      1. Site Topology
        1. Subnets
        2. Sites
        3. Site Links
        4. Site Link Bridges
        5. Connection Objects
        6. Knowledge Consistency Checker (KCC)
        7. Site and Replication Management Tools
      2. How Replication Works
        1. A Background to Metadata
          1. Update Sequence Numbers (USN) and highestCommittedUSN
          2. Originating updates versus replicated updates
          3. DSA GUID and Invocation ID
          4. High-watermark vector (direct up-to-dateness vector)
          5. Up-to-dateness vector
          6. Recap
        2. How an Object’s Metadata Is Modified During Replication
          1. Step 1: Initial creation of a user on Server A
          2. Step 2: Replication of the originating write to DC B
          3. Step 3: Password change for the user on DC B
          4. Step 4: Password-change replication to DC A
        3. The Replication of a Naming Context Between Two Servers
          1. Step 1: Replication with a partner is initiated
          2. Step 2: The partner works out what updates to send
          3. Step 3: The partner sends the updates to the initiating server
          4. Step 4: The initiating server processes the updates
          5. Step 5: The initiating server checks whether it is up-to-date
          6. Recap
        4. How Replication Conflicts Are Reconciled
          1. Conflict due to identical attribute change
          2. Conflict due to a move or creation of an object under a now-deleted parent
          3. Conflict due to creation of objects with names that conflict
          4. Replicating the conflict resolution
      3. Summary
    6. 6. Active Directory and DNS
      1. DNS Fundamentals
        1. Zones
        2. Resource Records
        3. DDNS
        4. Global Names Zone
      2. DC Locator
      3. Resource Records Used by Active Directory
        1. Overriding SRV Record Registration
      4. Delegation Options
        1. Not Delegating the AD DNS Zones
          1. Political factors
          2. Initial setup and configuration
          3. Support and maintenance
          4. Integration issues
        2. Delegating the AD DNS Zones
          1. Political factors
          2. Initial setup and configuration
          3. Support and maintenance
          4. Integration issues
        3. DNS for Standalone AD
      5. Active Directory Integrated DNS
        1. Replication Impact
        2. Background Zone Loading
      6. Using Application Partitions for DNS
      7. Aging and Scavenging
        1. Configuring Scavenging
          1. Setting zone-specific options
          2. Enabling scavenging on the DNS server
      8. Summary
    7. 7. Read-Only Domain Controllers
      1. Prerequisites
      2. Password Replication Policies
        1. Managing the Password Replication Policy
        2. Managing RODC Theft
      3. The Client Logon Process
        1. Populating the Password Cache
      4. RODCs and Write Requests
        1. User Password Changes
        2. Computer Account Password Changes
        3. The lastLogonTimeStampAttribute
        4. Last-Logon Statistics
        5. Logon Success/Fail Information
        6. NetLogon Secure Channel Updates
        7. Replication Connection Objects
        8. DNS Updates
      5. The W32Time Service
      6. Application Compatibility
      7. RODC Placement Considerations
      8. RODCs and Replication
      9. Administrator Role Separation
      10. Summary
    8. 8. Group Policy Primer
      1. Capabilities of GPOs
        1. Group Policy Storage
          1. ADM or ADMX files
          2. How GPOs are stored in Active Directory
          3. Group Policy replication
      2. How Group Policies Work
        1. GPOs and Active Directory
        2. Prioritizing the Application of Multiple Policies
        3. Standard GPO Inheritance Rules in Organizational Units
        4. Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
          1. Summary
        5. When Policies Apply
          1. Group Policy refresh frequency
        6. Combating Slowdown Due to Group Policy
          1. Limiting the number of GPOs that apply
          2. Limiting cross-domain linking
          3. Limiting use of site policies
          4. Use simple queries in WMI filters
        7. Security Filtering and Group Policy Objects
        8. Loopback Merge Mode and Loopback Replace Mode
        9. WMI Filtering
        10. Summary of Policy Options
      3. Managing Group Policies
        1. Using the Group Policy Management Console (GPMC)
        2. Group Policy Modeling
        3. Delegation and Change Control
          1. The importance of change-control procedures
          2. Designing the delegation of GPO administration
        4. Using Starter GPOs
        5. Group Policy Backup and Restore
        6. Scripting Group Policies
      4. Troubleshooting Group Policy
        1. Group Policy Results Wizard
        2. Forcing Group Policy Updates
        3. Enabling Extra Logging
        4. Group Policy Diagnostic Best Practices Analyzer
        5. Third-Party Troubleshooting Tools
      5. Summary
    9. 9. Fine-Grained Password Policies
      1. Understanding Password Setting Objects
      2. Scenarios for Fine-Grained Password Policies
        1. Defining Password Setting Objects
          1. Defining PSO precedence
      3. Creating Password Setting Objects
        1. PSO Quick Start
        2. Building a PSO from Scratch
          1. Creating a PSO with ADSI edit
          2. Creating a PSO with PSOMgr
      4. Managing Password Settings Objects
        1. Strategies for Controlling PSO Application
          1. Applying PSOs to groups
          2. Applying PSOs to users
          3. Mixing group application and user application
        2. Managing PSO Application
          1. Applying a PSO with ADSI Edit
          2. Applying a PSO with Active Directory users and computers
          3. Applying a PSO with PSOMgr
          4. Viewing the effective PSO
      5. Delegating Management of PSOs
      6. Summary
  5. II. Designing an Active Directory Infrastructure
    1. 10. Designing the Namespace
      1. The Complexities of a Design
      2. Where to Start
      3. Overview of the Design Process
      4. Domain Namespace Design
        1. Objectives
          1. Represent the structure of your business
        2. Step 1: Decide on the Number of Domains
          1. Isolated replication
          2. Unique domain policy
          3. In-place upgrade of current domain
          4. Final notes
        3. Step 2: Design and Name the Tree Structure
          1. Choose the forest root domain
          2. Design the namespace naming scheme
          3. Create additional trees
          4. Create additional forests
          5. Arrange subdomain hierarchy
        4. Step 3: Design the Workstation and Server-Naming Scheme
      5. Design of the Internal Domain Structure
        1. Step 4: Design the Hierarchy of Organizational Units
          1. Recreating the business model
          2. Delegating full administration
          3. Delegating other rights
        2. Step 5: Design the Users and Groups
          1. Naming and placing users
          2. Naming and placing groups
          3. Creating proper security group designs
        3. Step 6: Design the Application Partition Structure
      6. Other Design Considerations
      7. Design Examples
        1. TwoSiteCorp
          1. Step 1: Set the number of domains
          2. Step 2: Design and name the tree structure
          3. Step 3: Design the workstation- and server-naming scheme
          4. Step 4: Design the hierarchy of Organizational Units
          5. Step 5: Design the users and groups
          6. Step 6: Design the application partition structure
          7. Recap
        2. RetailCorp
          1. Step 1: Identify the number of domains
          2. Step 2: Design and name the tree structure
          3. Step 3: Design the workstation- and server-naming scheme
          4. Step 4: Design the hierarchy of Organizational Units
          5. Step 5: Design the users and groups
          6. Step 6: Design the application partition structure
          7. Recap
        3. PetroCorp
          1. Step 1: Set the number of domains
          2. Step 2: Design and name the tree structure
          3. Step 3: Design the workstation- and server-naming scheme
          4. Step 4: Design the hierarchy of Organizational Units
          5. Step 5: Design the users and groups
          6. Step 6: Design the application partition structure
          7. Recap
      8. Designing for the Real World
        1. Identify the Number of Domains
        2. Design to Help Business Plans and Budget Proposals
        3. Recognizing Nirvana’s Problems
      9. Summary
    2. 11. Creating a Site Topology
      1. Intrasite and Intersite Topologies
        1. The KCC
        2. Automatic Intrasite Topology Generation by the KCC
          1. Two servers
          2. Three servers
          3. Four servers
          4. Eight servers
          5. Now what?
        3. Site Links: The Basic Building Blocks of Intersite Topologies
          1. Cost
          2. Schedule
          3. Transport
          4. When the ISTG becomes involved
        4. Site Link Bridges: The Second Building Blocks of Intersite Topologies
      2. Designing Sites and Links for Replication
        1. Step 1: Gather Background Data for Your Network
        2. Step 2: Design the Sites
        3. Step 3: Plan the Domain Controller Locations
          1. Where to put domain controllers
          2. How many domain controllers to have
          3. Placing a domain controller in more than one site
        4. Step 4: Decide How You Will Use the KCC to Your Advantage
        5. Step 5: Create Site Links
        6. Step 6: Create Site Link Bridges
      3. Examples
        1. TwoSiteCorp
        2. RetailCorp
        3. PetroCorp
      4. Additional Resources
      5. Summary
    3. 12. Designing Organization-Wide Group Policies
      1. Using GPOs to Help Design the Organizational Unit Structure
        1. Identifying Areas of Policy
        2. How GPOs Influenced a Real Organizational Unit Design
          1. The merits of collapsing the Organizational Unit structure
          2. A bridge too far
          3. Loopback mode
        3. Guidelines for Designing GPOs
      2. Summary
    4. 13. Active Directory Security: Permissions and Auditing
      1. Permission Basics
        1. Permission ACE
        2. Property Sets, Validated Writes, and Extended Rights
        3. Inherited Versus Explicit Permissions
        4. Default Security Descriptors
        5. Permission Lockdown
        6. Confidentiality Bit
        7. Protecting Objects from Accidental Deletion
      2. Using the GUI to Examine Permissions
        1. Reverting to the Default Permissions
        2. Viewing the Effective Permissions for a User or Group
        3. Using the Delegation of Control Wizard
      3. Using the GUI to Examine Auditing
      4. Designing Permission Schemes
        1. The Five Golden Rules of Permissions Design
          1. Rule 1: Apply permissions to groups whenever possible
          2. Rule 2: Design group permissions so that you have minimum duplication
          3. Rule 3: Manage Advanced permissions only when absolutely necessary
          4. Rule 4: Allow inheritance; do not protect sections of the domain tree from inheritance
          5. Rule 5: Keep a log of unusual changes
        2. How to Plan Permissions
        3. Bringing Order Out of Chaos
      5. Designing Auditing Schemes
        1. Implementing Auditing under Windows Server 2008
        2. Tracking Last Interactive Logon Information
      6. Real-World Examples
        1. Hiding Specific Personal Details for All Users in an Organizational Unit from a Group
        2. Allowing Only a Specific Group of Users to Access a New Published Resource
        3. Restricting Everyone but HR from Viewing Social Security Numbers with Confidential Access Capability
      7. Summary
    5. 14. Designing and Implementing Schema Extensions
      1. Nominating Responsible People in Your Organization
      2. Thinking of Changing the Schema
        1. Designing the Data
        2. To Change or Not to Change
        3. The Global Picture
      3. Creating Schema Extensions
        1. Running the Schema Manager MMC for the First Time
        2. The Schema Cache
        3. The Schema Master FSMO
        4. Using LDIF to Extend the Schema
        5. Checks the System Makes When You Modify the Schema
        6. Making Classes and Attributes Defunct
      4. Summary
    6. 15. Backup, Recovery, and Maintenance
      1. Backing Up Active Directory
        1. Using the NT Backup Utility
        2. Using Windows Server Backup
      2. Restoring a Domain Controller
        1. Restore from Replication
          1. Manually removing a domain controller from Active Directory
        2. Restore from Backup
        3. Install from Media
          1. Creating and using IFM media on Windows Server 2003
          2. Creating and using IFM media on Windows Server 2008
      3. Restoring Active Directory
        1. Non-Authoritative Restore
          1. Restoring with NT Backup
          2. Restoring with Windows Server Backup
        2. Partial Authoritative Restore
        3. Complete Authoritative Restore
      4. Working with Snapshots
      5. FSMO Recovery
      6. Restartable Directory Service
      7. DIT Maintenance
        1. Checking the Integrity of the DIT
        2. Reclaiming Space
        3. Changing the DS Restore Mode Admin Password
      8. Summary
    7. 16. Upgrading to Windows Server 2003
      1. New Features in Windows Server 2003
      2. Differences with Windows 2000
      3. Functional Levels Explained
        1. How to Raise the Functional Level
      4. Preparing for ADPrep
        1. ForestPrep
        2. DomainPrep
          1. GPPrep
      5. Upgrade Process
        1. Inventory Domain Controllers
        2. Inventory Clients
        3. Trial Run
        4. Prepare the Forest and Domains
          1. Exchange 2000
          2. SFU 2.0
        5. Tweak Settings
        6. Upgrade Domain Controllers
      6. Post-Upgrade Tasks
        1. Monitor
        2. Raise Functional Levels
        3. Start Implementing New Features
      7. Summary
    8. 17. Upgrading to Windows Server 2003 R2
      1. New Active Directory Features in Windows Server 2003 Service Pack 1
      2. Differences with Windows Server 2003
      3. New Active Directory Features in Windows Server 2003 R2
      4. Preparing for ADPrep
        1. ForestPrep
      5. Service Pack 1 Upgrade Process
      6. R2 Upgrade Process
        1. Prepare the Forest
        2. Upgrade Domain Controllers
      7. Summary
    9. 18. Upgrading to Windows Server 2008
      1. New Features in Windows Server 2008
      2. Differences with Windows Server 2003
      3. Preparing for ADPrep
        1. ForestPrep
        2. RODCPrep
        3. DomainPrep
          1. GPPrep
      4. Windows Server 2008 Upgrade Process
      5. Summary
    10. 19. Integrating Microsoft Exchange
      1. A Quick Word about Exchange/AD Interaction
      2. Preparing Active Directory for Exchange
        1. Setup Prerequisites
        2. PrepareLegacyExchangePermissions
        3. PrepareSchema
        4. PrepareAD
        5. PrepareDomain
        6. Active Directory Site Design and Domain Controller Placement
          1. Site topology
          2. Domain controller impact
        7. Other Considerations
      3. Mail-Enabling Objects
        1. Using the Exchange Management Console
          1. Mailbox-enabling a user
          2. Linked mailboxes
          3. Mail-enabling a group
        2. Using PowerShell
      4. Summary
    11. 20. Active Directory Lightweight Directory Service (a.k.a. ADAM)
      1. ADAM Terms
      2. Differences Between AD and ADAM V1.0
        1. Standalone Application Service
        2. Configurable LDAP Ports
        3. No SRV Records
        4. No Global Catalog
        5. Top-Level Application Partition Object Classes
        6. Group and User Scope
        7. FSMOs
        8. Schema
        9. Service Account
        10. Configuration/Schema Partition Names
        11. Default Directory Security
        12. User Principal Names
        13. Authentication
      3. ADAM R2 Updates
        1. Users in the Configuration Partition
        2. Password Reset/Change Chaining to Windows
        3. Virtual List View (VLV) Searching
        4. Confidentiality Bit
        5. New and Updated Tools
        6. Installation
        7. Authentication
        8. R2 ADAM for R2 Server Only
      4. Active Directory Lightweight Directory Services Updates
        1. GUI Tools
        2. Availability on Server Core
        3. Support for Install from Media
        4. Support for Snapshots and the Database Mounting Tool
        5. Support for Enhanced Auditing Features
      5. AD LDS Installation
        1. Installing Components
        2. Installing a New ADAM Instance
        3. Installing an ADAM Replica
      6. Tools
        1. ADAM ADSIEDIT
        2. ADAM Schema Management
        3. ADAM Install
        4. ADAMSync
        5. ADAM Uninstall
        6. AD Schema Analyzer
        7. CSVDE
        8. DSACLS
        9. DSDBUTIL
        10. DSDiag
        11. DSMgmt
        12. LDIFDE
        13. LDP
        14. RepAdmin
      7. ADAM Schema
        1. Virtual List View (VLV) Index Support
        2. Default Security Descriptors
        3. Bindable Objects and Bindable Proxy Objects
      8. Using ADAM
        1. Creating Application Partitions
        2. Creating Containers
        3. Creating Users
        4. Creating User Proxies
          1. Special considerations
        5. Renaming Users
        6. Creating Groups
        7. Adding Members to Groups
        8. Removing Members from Groups
        9. Deleting Objects
        10. Deleting Application Partitions
      9. Summary
  6. III. Scripting Active Directory with ADSI, ADO, and WMI
    1. 21. Scripting with ADSI
      1. What Are All These Buzzwords?
        1. ActiveX
        2. Windows Scripting Host (WSH)
        3. Active Server Pages (ASPs)
        4. Active Directory Service Interface (ADSI)
        5. ActiveX Data Objects (ADO)
        6. Windows Management Instrumentation (WMI)
        7. .NET and .NET Framework
        8. Writing and Running Scripts
        9. A Brief Primer on COM and WSH
        10. How to Write Scripts
        11. WSH File Formats
      2. ADSI
        1. Objects and Interfaces
        2. Namespaces, ProgIDs, and ADsPath
        3. Retrieving Objects
      3. Simple Manipulation of ADSI Objects
        1. Creating the OU
        2. Creating the Users
        3. Tearing Down What Was Created
      4. Summary
    2. 22. IADs and the Property Cache
      1. The IADs Properties
        1. Using IADs::Get and IADs::Put
        2. The Property Cache
        3. Be Careful
        4. More Complexities of Property Access: IADs::GetEx and IADs::PutEx
          1. Using IADs::GetEx
          2. Using IADs::PutEx
      2. Manipulating the Property Cache
        1. Property Cache Mechanics
        2. Adding Individual Values
        3. Adding Sets of Values
        4. Walking Through the Property Cache
          1. Approach 1: Using the IADsPropertyList::PropertyCount property method
          2. Approach 2: Using the IADsPropertyList::Next method
          3. Approach 3: Using the IADsPropertyList::Next and IADsPropertyList::Skip methods
        5. Writing the Modifications
        6. Walking the Property Cache: The Solution
        7. Walking the Property Cache Using the Formal Schema Class Definition
      3. Checking for Errors in VBScript
      4. Summary
    3. 23. Using ADO for Searching
      1. The First Search
        1. Step 1: Define the Constants and Variables
        2. Step 2: Establish an ADO Database Connection
        3. Step 3: Open the ADO Connection
        4. Step 4: Execute the Query
        5. Step 5: Navigate Through the Resultset
        6. Step 6: Close the ADO Connection
        7. The Entire Script for a Simple Search
      2. Understanding Search Filters
        1. Items Within a Filter
        2. Connecting Filters
      3. Optimizing Searches
        1. Efficient Searching
        2. ObjectClass Versus ObjectCategory
      4. Advanced Search Function: SearchAD
      5. Summary
    4. 24. Users and Groups
      1. Creating a Simple User Account
      2. Creating a Full-Featured User Account
        1. LDAP Provider
      3. Creating Many User Accounts
      4. Modifying Many User Accounts
      5. Account Unlocker Utility
      6. Creating a Group
      7. Adding Members to a Group
        1. Adding Many USER Groups to Groups
      8. Evaluating Group Membership
      9. Summary
    5. 25. Permissions and Auditing
      1. How to Create an ACE Using ADSI
        1. Trustee
        2. AccessMask
        3. AceType
        4. AceFlags
        5. Flags, ObjectType, and InheritedObjectType
      2. A Simple ADSI Example
        1. Discussion
      3. A Complex ADSI Example
        1. Discussion
          1. Unlock account
          2. Set/clear “User Must Change Password On Next Logon” flag
          3. Reset Password
        2. Making Your Own ACEs
          1. Delegate member attribute on groups
          2. Delegate ability to view Confidential Attribute
          3. How to implement other delegations
      4. Creating Security Descriptors
      5. Listing the Security Descriptor of an Object
      6. Summary
    6. 26. Extending the Schema and the Active Directory Snap-ins
      1. Modifying the Schema with ADSI
        1. IADsClass and IADsProperty
        2. Creating the Mycorp-LanguagesSpoken Attribute
        3. Creating the FinanceUser class
          1. Creating instances of the new class
        4. Finding the Schema Container and Schema FSMO
        5. Transferring the Schema FSMO Role
        6. Forcing a Reload of the Schema Cache
        7. Adding an Attribute to the Partial Attribute Set
      2. Customizing the Active Directory Administrative Snap-ins
        1. Display Specifiers
        2. Property Pages
        3. Context Menus
        4. Icons
        5. Display Names
        6. Leaf or Container
        7. Object Creation Wizard
      3. Summary
    7. 27. Scripting with WMI
      1. Origins of WMI
      2. WMI Architecture
        1. CIMOM and CIM Repository
        2. WMI Providers
      3. Getting Started with WMI Scripting
        1. Referencing an Object
        2. Enumerating Objects of a Particular Class
        3. Searching with WQL
        4. Authentication with WMI
      4. WMI Tools
        1. WMI from a Command Line
        2. WMI from the Web
        3. WMI SDK
        4. Scriptomatic Version 2.0; WMI Scripting Tool
      5. Manipulating Services
      6. Querying the Event Logs
      7. Monitoring Trusts
      8. Monitoring Replication
      9. Summary
    8. 28. Scripting DNS
      1. DNS Provider Overview
        1. Installing the DNS Provider
        2. Managing DNS with the DNS Provider
      2. Manipulating DNS Server Configuration
        1. Listing a DNS Server’s Properties
        2. Configuring a DNS server
        3. Restarting the DNS Service
        4. DNS Server Configuration Check Script
      3. Creating and Manipulating Zones
        1. Creating a Zone
        2. Configuring a Zone
        3. Listing the Zones on a Server
      4. Creating and Manipulating Resource Records
        1. Finding Resource Records in a Zone
        2. Creating Resource Records
      5. Summary
    9. 29. Programming the Directory with the .NET Framework
      1. Why .NET?
      2. Choosing a .NET Programming Language
      3. Choosing a Development Tool
        1. .NET IDE Options
        2. .NET Development Without an IDE
      4. .NET Framework Versions
        1. Which .NET Framework Comes with Which OS?
        2. Directory Programming Features by .NET Framework Release
        3. Assemblies Versus Namespaces
        4. Summary of Namespaces, Assemblies, and Framework Versions
      5. Directory Services Programming Landscape
        1. System.DirectoryServices Overview
          1. Other nice things in System.DirectoryServices
          2. System.DirectoryServices Summary
        2. System.DirectoryServices.ActiveDirectory Overview
          1. Why use System.DirectoryServices.ActiveDirectory?
          2. System.DirectoryServices.ActiveDirectory summary
        3. System.DirectoryServices.Protocols Overview
          1. Why use System.DirectoryServices.Protocols?
          2. System.DirectoryServices.Protocols summary
        4. System.DirectoryServices.AccountManagement Overview
          1. Why use System.DirectoryServices.AccountManagement?
          2. System.DirectoryServices.AccountManagement summary
      6. .NET Directory Services Programming by Example
        1. Connecting to the Directory
        2. Searching the Directory
        3. Basics of Modifying the Directory
          1. Basic add example
          2. Basic remove examples
          3. Moving and renaming objects
          4. Modifying existing objects
        4. Managing Users
          1. Managing users with System.DirectoryServices.AccountManagement
        5. Overriding SSL Server Certificate Verification with SDS.P
      7. Summary
    10. 30. PowerShell Basics
      1. Exploring the PowerShell
        1. Variables and Objects
        2. Working with Quotes
        3. Profiles
      2. Working with the Pipeline
        1. The $_ Expression
        2. Pipeline by Example
      3. Cmdlets
        1. The Cmdlet Naming Scheme
        2. Cmdlet Parameters
        3. Working with Built-in Cmdlets
          1. Get-Help
          2. Get-Command
          3. Get-Member
        4. Managing the Environment
          1. Set-Location
          2. Set-ExecutionPolicy
          3. Get-PSSnapin
          4. Add-PSSnapin
        5. Formatting Output
          1. Format-List
          2. Format-Table
          3. Out-Null
        6. Processing and Filtering Output
          1. Foreach-Object
          2. Where-Object
        7. Importing Information
          1. Get-Content
          2. Import-Csv
          3. Import-CliXml
        8. Exporting Information
          1. Export-Csv
          2. Export-CliXml
          3. Out-File
      4. Building PowerShell Scripts
        1. Arguments
        2. Functions
        3. Error Handling
        4. Flow Control
          1. Conditional Statements
          2. Loops
      5. Using WMI
      6. Summary
    11. 31. Scripting Active Directory with PowerShell
      1. Becoming Familiar with .NET
        1. DirectoryEntry
        2. DirectorySearcher
        3. Domain
        4. Forest
        5. DirectoryContext
        6. DomainController
        7. GlobalCatalog
        8. ApplicationPartition
      2. Understanding Client-Side Processing
      3. Building the Lab Build Script
        1. Setup
        2. Creating Organizational Units
        3. Creating User Accounts
        4. Creating Computer Accounts
        5. Creating Groups
          1. Adding group members
        6. Putting It All Together
      4. Working with Forests and Domains
        1. Gathering Forest Information
        2. Gathering Domain Information
      5. Understanding Group Policy
        1. Group Policy Refresh Cmdlet
        2. GPMC Cmdlets
        3. Quest Cmdlets
      6. Summary
    12. 32. Scripting Basic Exchange 2003 Tasks
      1. Notes on Managing Exchange
      2. Exchange Management Tools
      3. Mail-Enabling Versus Mailbox-Enabling
      4. Exchange Delegation
      5. Mail-Enabling a User
      6. Mail-Disabling a User
      7. Creating and Mail-Enabling a Contact
      8. Mail-Disabling a Contact
      9. Mail-Enabling a Group (Distribution List)
      10. Mail-Disabling a Group
      11. Mailbox-Enabling a User
      12. Mailbox-Disabling a User (Mailbox Deletion)
      13. Purging a Disconnected Mailbox
      14. Reconnecting a Disconnected Mailbox
      15. Moving a Mailbox
      16. Enumerating Disconnected Mailboxes
      17. Viewing Mailbox Sizes and Message Counts
      18. Viewing All Store Details of All Mailboxes on a Server
      19. Dumping All Store Details of All Mailboxes on All Servers in Exchange Org
      20. Summary
    13. 33. Scripting Basic Exchange 2007 Tasks
      1. Exchange Scripting Notes
        1. The Departure of the Recipient Update Service
        2. Mail-Enabling Versus Mailbox-Enabling
        3. Exchange Cmdlet Primer
      2. Managing Users
        1. Mailbox-Enabling a User
        2. Mailbox-Disabling a User
        3. Mail-Enabling a User
        4. Mail-Disabling a User
        5. Viewing Mailbox Properties
        6. Moving a User Mailbox
        7. Provisioning Mailboxes Out-of-Band
      3. Managing Groups
        1. Mail-Enabling a Group
        2. Mail-Disabling a Group
        3. Managing Group Membership
        4. Displaying Group Properties
      4. Summary
  7. Index
  8. About the Authors
  9. Colophon
  10. Copyright

Product information

  • Title: Active Directory, 4th Edition
  • Author(s): Brian Desmond, Joe Richards, Robbie Allen, Alistair G. Lowe-Norris
  • Release date: November 2008
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9780596554286