Home > Store

Special Edition Using Microsoft Active Directory

Register your product to gain access to bonus material or receive a coupon.

Special Edition Using Microsoft Active Directory

eBook (Adobe DRM)

  • Sorry, this book is no longer in print.
  • About Adobe DRM eBooks
  • This eBook requires the free Adobe® Digital Editions software.

    Before downloading this DRM-encrypted PDF, be sure to:

    • Install the free Adobe Digital Editions software on your machine. Adobe Digital Editions only works on Macintosh and Windows, and requires the Adobe Flash Player. Please see the official system requirements.
    • Authorize your copy of Adobe Digital Editions using your Adobe ID (select AdobeID as the eBook vendor). If you don't already have an Adobe ID, you can create one here.
Not for Sale


  • Copyright 2001
  • Dimensions: 7-3/8" x 9-1/8"
  • Edition: 1st
  • eBook (Adobe DRM)
  • ISBN-10: 0-7686-5613-3
  • ISBN-13: 978-0-7686-5613-8

Special Edition Using Microsoft Active Directory provides you with complete, in-depth coverage of the newest directory service from Microsoft. Authors Fullerton and Hudson use their previous training and administration experiences to explain how to design, implement, and troubleshoot using Active Directory. Topics covered include Domain Name Services and Active Directory, Logical and Physical Active Directory, replication, authentication, group policies, administering and managing, backup, restore, maintenance, and Active Directory Services Interface.

Sample Content

Table of Contents

1. Introduction to Active Directory.

Windows 2000 Active Directory. History of Directory Services.

X.500. LDAP. Banyan VINES and Streettalk. Novell NetWare Directory Services. Active Directory.

Why a Directory? What Makes a Directory?

Schema. Class. Attribute. Value. Object.

Active Directory in a Nutshell.

Physical and Logical Structure of the Active Directory. Services That Support the Active Directory.

2. Installing Active Directory.

And Away We Go! Or Not. Before You Begin.

Planning the Forest. Choosing the Correct Hardware. Software You Will Need.

Decisions, Decisions.

DNS. Namespaces. Filesystems. Permissions Compatibility. Directory Services Restore Mode Password.

Promoting a Server to Domain Controller.

Authorization. Creating a New Forest.

Creating a New Tree. Creating a Child Domain. Creating Additional Domain Controllers. Automating dcpromo. After dcpromo.

New Shares. New Files. Default Containers.

Removing a Domain Controller.

Demotion Considerations. dcpromo in Reverse.

3. Domain Name Services.

The Need for DNS. The Function of DNS. Examples of Name Resolution. Using the MMC.

Default Consoles. Creating Custom Consoles.

4. Installing and Configuring DNS.

Installing DNS.

Installing DNS Manually Through Control Panel. Installing DNS Automatically as a Part of AD Installation. Installing DNS Automatically Through Scripting.

Configuring DNS.

Manually Installing a Forward Lookup Zone. Manually Installing a Reverse Lookup Zone. Manually Installing DNS Zones Using dnscmd.exe.

5. DNS Architecture.

Using the DNS MMC Snap-In.

DNS Record Types. Zones Created by the Active Directory.

Anatomy of a DNS Lookup.

Forward Lookup Example.

6. Integrating BIND DNS with Active Directory.

BIND and the Active Directory. Why Use BIND? BIND Configuration Files.

named.conf. Forward Lookup Zone Configuration Files. Reverse Lookup Zone Configuration Files. root.cache. named.local.

Zone Files After a Dynamic Update. Delegating a Zone.

7. DNS and AD Namespaces.

Namespaces. External Namespaces. Internal Namespaces. Choosing an AD Namespace.

Using the Same Namespace Internally and Externally. Using a Separate Namespace.

Finding a Domain Controller.


8. Windows 2000 Name Resolution Services.

Name Resolution in Windows 2000. NetBIOS Node Types.

Broadcast/b-node. Point-to-Point/p-node. Mixed/m-node and Hybrid/h-node.

The lmhosts File.

Troubleshooting lmhosts with nbtstat.

The hosts File.



Installing and Configuring WINS. Integrating WINS with DNS.

9. Dynamic and Active Directory Integrated DNS.

Dynamic DNS.

Allowing Updates. Dynamic DNS Step by Step. Configuring DHCP for Dynamic Update.

AD Integrated DNS.

Viewing DNS as Active Directory Objects. Advantages of AD-Integrated Zones.

DNS Record Aging and Scavenging.

Features of DNS Record Aging and Scavenging. DNS Record Aging and Scavenging Parameters and Architecture. Viewing DNS Record Aging and Scavenging Options in the MMC. Configuring DNS Record Aging and Scavenging Options.

10. Troubleshooting DNS.

DNS Troubleshooting Tools.

DNS Monitoring. DNS Logging. netdiag.exe. ipconfig.exe.

General IP Troubleshooting Tools.

ping.exe. tracert.exe. Network Monitor.


11. Domains, Trees, and Forests.

Introduction. Domains.

Boundaries. Security. Administration. Replication.

Domain Modes.

Mixed Mode. Native Mode.

Trees. Forests.

12. Operations Masters.

Introduction. Forest-Wide Roles.

Schema Master. Domain Naming Master.

Domain Roles.

Infrastructure Master. RID Master. PDC Emulator.

Transferring and Seizing Roles.

Transferring Roles. Seizing Roles.

FSMO Placement.

13. Active Directory Schema.

Introduction. Schema Location. Schema Components.

Classes. Attributes. Syntaxes. Object Identifiers. Tools for Exploring the Schema.

Modifying the Schema.

Reasons for Schema Modification. Planning for Schema Modification. Adding Classes and Attributes.

Schema Replication. Deactivating Classes and Attributes.

Indexing Attributes. Replicating Attributes to the Global Catalog.

14. Active Directory Sites.

Introduction to Sites. Architecture.

How Are Sites Used? Where Do Sites Live? How Are Domain Controllers Added to a Site? How Is Site Membership Determined?



Creating Sites.

Server Objects. The NTDS Settings Object. Moving a DC to a New Site. Site Licensing Server. The NTDS Site Settings Object.

15. Site Link Objects and Connection Objects.

Introduction. Site Link Objects.

Inter-Site Transports. Schedules. Replication Intervals. Costs.

Site Link Bridges. Connection Objects.

Connection Object Properties. Creating Connection Objects.

16. Intra-Site Replication.

Introduction to Replication.

Multimaster. Loose Consistency. With Convergence. Naming Contexts. Updates. Update Sequence Numbers. Conflict Resolution.

Deleted Objects. Topology Generation. The Knowledge Consistency Checker. The Intra-Site Replication Process. Urgent Replication.

Account Lockout. Change of an LSA Secret. Password Changes.

Intra-Site Replication Management Tasks.

Using Active Directory Sites and Services to Manage Intra-Site Replication. Using Active Directory Replication Monitor to Manage Intra-Site Replication.

17. Inter-Site Replication.

Introduction. Topology.

Inter-Site Topology Generator. Bridgehead Servers.

The Replication Process.


Inter-Site Replication Management Tasks.

Repadmin. Tuning. Monitoring Replication.

18. Authentication.

Enterprise Security. Kerberos.

History of Kerberos. Advantages of Kerberos.

Kerberos Roles in Windows 2000.

Key Distribution Center. Authentication Service. Ticket-Granting Service. Kerberos Key Distribution.

Kerberos Tools.

kerbtray. klist.

Authenticating to the Domain.

Finding the KDC. Logging On. Obtaining a TGT from the KDC. Client Request for a TGT. Getting a Session Ticket for the Local Computer. Completing the Logon Process.

Authenticating to Other Domains in the Tree. Automatic Kerberos Transitive Trusts. Managing Trusts. How Transitive Trusts Work.

Cross-Domain Authentication Example. Advantages to the Previous Scenario.

Explicit Trusts. Shortcut Trusts.

Creating a Shortcut Trust. Testing the Shortcut Trust. To Trust or Not to Trust.

Kerberos Policy.

Enforce User Logon Restrictions. Maximum Lifetime for a Service Ticket. Maximum Lifetime for a User Ticket. Maximum Lifetime for User Ticket Renewal. Maximum Tolerance for Computer Clock Synchronization.

19. Authorization.

Authorizing Access to Active Directory. Rights Versus Permissions. Security Components of the Active Directory.

Globally Unique Identifiers. Security Identifiers. Relative Identifiers. Security Descriptor. Access Tokens.


Native Versus Mixed Mode. Domain Local Groups. Global Groups. Universal Groups. Computer Local Groups. Nesting Groups. System-Created Groups.

Authorization Step by Step.

Gathering the User's Credentials. Getting an Access Token. Using the Access Token.

Modifying Permissions.

Using the Security Tab. Using the Delegation of Control Wizard.

Troubleshooting Permissions.

The Basics. Tools.

20. Group Policy.

Introduction to Group Policy. A Simple Group Policy Example. Why Group Policy? Types of Group Policy.

Computer Group Policy. User Group Policy.

Applying Group Policy.

Choosing Where to Assign Group Policy. Assigning Group Policy.

Group Policy and Security Groups.

21. Group Policy Sections.

Overview of Group Policy Sections. Computer Configuration.

Software Settings. Windows Settings. Administrative Templates.

User Configuration.

Software Settings. Windows Settings. Administrative Templates.

22. Managing Group Policy.

Overview of Group Policy Administration.

The Group Policy Tab.

Features of Group Policy. Logon Scripts.

Windows Scripting Host. VBScript Syntax. A Simple VBScript Example. Sample Logon Script. The Logon Script Line by Line. Attaching a Logon Script Through Group Policy.

Installing Software Through Group Policy.

Windows Installer Service. Features of Native Windows Installer Packages. Assigning and Publishing Software Through Group Policy. An Example of Assign and Publish. Testing Your Group Policy. Configuring the Software Installation Node.

Group Policy Security and Inheritance.

Group Policy Inheritance. Group Policy Security. Creating Exceptions to Group Policy Application.

23. Group Policy Architecture.

Overview of Group Policy Architecture. Group Policy Storage.

Group Policy Container. Group Policy Template.

Group Policy Replication.

File Replication Service.

Group Policy Processing. Problems with Group Policy.

Replication Issues. Inheritance Issues. Permissions Issues.

24. User, Group, and Contact Objects.

User Objects.

Creating a User Object. Copying an Existing User Account.


Group Types. Group Scope. Creating Groups. Modifying Groups. Planning Group Usage.


25. Printer, Computer, and Shared Folder Objects.

Printer Objects.

Active Directory and Printers. Printer Location Tracking. Managing Published Printers. Adding a Printer. Modifying a Printer. Adding Printers to the Directory from Non-Windows 2000 Print Servers.

Computer Objects.

Creating Computer Objects. Creating a Computer Object Using VBScript. Creating a Computer Object Using NET Commands. Creating a Computer Object by Joining a Domain.

26. Containers and Organizational Units.

Organizational Units.

Creating an OU. Design Considerations. Moving an OU. Deleting an OU. OU Design Considerations.


Creating Container Objects. Deleting Container Objects.

27. Active Directory Database Optimization.

Introduction to the Active Directory Database.

Understanding Transactional Databases. Active Directory Database Structure.

Database Files.

The Active Directory Database File. Transaction Log Files. Checkpoint Files. Reserve Log Files. Patch Files.

Database Maintenance.

Defragmentation. Other Maintenance Tasks.

28. Backup and Restore.

Active Directory Backup.

System State.

Microsoft Windows Backup Tool. Restoring Active Directory.

Restoring from a Backup.

Additional Concepts.

Offline Backup. Determining the Date of the Last Full Backup. Impact of the Tombstone Lifetime on Restores. Computer Membership and Trusts.

29. Migrating from NT to Active Directory.

Upgrading and Migrating. Upgrade in Place.

Planning. Performing the OS Upgrade. Running dcpromo. Testing the Upgrade.

Important Considerations When Upgrading NT Domains.

Structural Modifications. Security Issues During the Upgrade. Checking the Upgrade.

Consolidation by Moving Objects.

Moving Objects Inside a Domain. Moving Objects Between Domains or Trees. Moving Objects Between Forests.


30. Scripting the Active Directory.

The Active Directory Services Interface. Windows Script Host. Using ADSI with WSH.

Creating a User. Manipulating Groups with ADSI. Moving Objects. Listing and Viewing Properties.


Checking Group Policy Versions. Replication Status.

31. Conclusion.

Active Directory Summary. The Future. Whistler.

Headless Servers. MSMQ 5.1. Networking Changes. Application Directory Partitions. Improved Support for Wireless LANs. Dynamic Objects. Dynamic Auxiliary Classes. Virtual List Views and Attribute Scoped Queries. Universal Plug-and-Play. New WinSock 2 APIs. Windows Media Rights Manager.


AppCenter. Biztalk Server. SQL Server 2000. Host Integration Server 2000. Internet Security and Acceleration Server 2000.

64-Bit Windows. Blackcomb. Where to Go from Here….

Online Help. Support Tools. Resource Kits. msnews.microsoft.com. http://www.microsoft.com. Microsoft Official Curriculum. msdn.microsoft.com. TechEd.

The End.



Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership