Special Edition Using Microsoft Active Directory provides you with complete, in-depth coverage of the newest directory service from Microsoft. Authors Fullerton and Hudson use their previous training and administration experiences to explain how to design, implement, and troubleshoot using Active Directory. Topics covered include Domain Name Services and Active Directory, Logical and Physical Active Directory, replication, authentication, group policies, administering and managing, backup, restore, maintenance, and Active Directory Services Interface.
1. Introduction to Active Directory.
Windows 2000 Active Directory. History of Directory Services.
X.500. LDAP. Banyan VINES and Streettalk. Novell NetWare Directory Services. Active Directory.
Why a Directory? What Makes a Directory?
Schema. Class. Attribute. Value. Object.
Active Directory in a Nutshell.
Physical and Logical Structure of the Active Directory. Services That Support the Active Directory.
And Away We Go! Or Not. Before You Begin.
Planning the Forest. Choosing the Correct Hardware. Software You Will Need.
DNS. Namespaces. Filesystems. Permissions Compatibility. Directory Services Restore Mode Password.
Promoting a Server to Domain Controller.
Authorization. Creating a New Forest.
Creating a New Tree. Creating a Child Domain. Creating Additional Domain Controllers. Automating dcpromo. After dcpromo.
New Shares. New Files. Default Containers.
Removing a Domain Controller.
Demotion Considerations. dcpromo in Reverse.
The Need for DNS. The Function of DNS. Examples of Name Resolution. Using the MMC.
Default Consoles. Creating Custom Consoles.
Installing DNS Manually Through Control Panel. Installing DNS Automatically as a Part of AD Installation. Installing DNS Automatically Through Scripting.
Manually Installing a Forward Lookup Zone. Manually Installing a Reverse Lookup Zone. Manually Installing DNS Zones Using dnscmd.exe.
Using the DNS MMC Snap-In.
DNS Record Types. Zones Created by the Active Directory.
Anatomy of a DNS Lookup.
Forward Lookup Example.
BIND and the Active Directory. Why Use BIND? BIND Configuration Files.
named.conf. Forward Lookup Zone Configuration Files. Reverse Lookup Zone Configuration Files. root.cache. named.local.
Zone Files After a Dynamic Update. Delegating a Zone.
Namespaces. External Namespaces. Internal Namespaces. Choosing an AD Namespace.
Using the Same Namespace Internally and Externally. Using a Separate Namespace.
Finding a Domain Controller.
Name Resolution in Windows 2000. NetBIOS Node Types.
Broadcast/b-node. Point-to-Point/p-node. Mixed/m-node and Hybrid/h-node.
The lmhosts File.
Troubleshooting lmhosts with nbtstat.
The hosts File.
Installing and Configuring WINS. Integrating WINS with DNS.
Allowing Updates. Dynamic DNS Step by Step. Configuring DHCP for Dynamic Update.
AD Integrated DNS.
Viewing DNS as Active Directory Objects. Advantages of AD-Integrated Zones.
DNS Record Aging and Scavenging.
Features of DNS Record Aging and Scavenging. DNS Record Aging and Scavenging Parameters and Architecture. Viewing DNS Record Aging and Scavenging Options in the MMC. Configuring DNS Record Aging and Scavenging Options.
DNS Troubleshooting Tools.
DNS Monitoring. DNS Logging. netdiag.exe. ipconfig.exe.
General IP Troubleshooting Tools.
ping.exe. tracert.exe. Network Monitor.
Boundaries. Security. Administration. Replication.
Mixed Mode. Native Mode.
Introduction. Forest-Wide Roles.
Schema Master. Domain Naming Master.
Infrastructure Master. RID Master. PDC Emulator.
Transferring and Seizing Roles.
Transferring Roles. Seizing Roles.
Introduction. Schema Location. Schema Components.
Classes. Attributes. Syntaxes. Object Identifiers. Tools for Exploring the Schema.
Modifying the Schema.
Reasons for Schema Modification. Planning for Schema Modification. Adding Classes and Attributes.
Schema Replication. Deactivating Classes and Attributes.
Indexing Attributes. Replicating Attributes to the Global Catalog.
Introduction to Sites. Architecture.
How Are Sites Used? Where Do Sites Live? How Are Domain Controllers Added to a Site? How Is Site Membership Determined?
Server Objects. The NTDS Settings Object. Moving a DC to a New Site. Site Licensing Server. The NTDS Site Settings Object.
Introduction. Site Link Objects.
Inter-Site Transports. Schedules. Replication Intervals. Costs.
Site Link Bridges. Connection Objects.
Connection Object Properties. Creating Connection Objects.
Introduction to Replication.
Multimaster. Loose Consistency. With Convergence. Naming Contexts. Updates. Update Sequence Numbers. Conflict Resolution.
Deleted Objects. Topology Generation. The Knowledge Consistency Checker. The Intra-Site Replication Process. Urgent Replication.
Account Lockout. Change of an LSA Secret. Password Changes.
Intra-Site Replication Management Tasks.
Using Active Directory Sites and Services to Manage Intra-Site Replication. Using Active Directory Replication Monitor to Manage Intra-Site Replication.
Inter-Site Topology Generator. Bridgehead Servers.
The Replication Process.
Inter-Site Replication Management Tasks.
Repadmin. Tuning. Monitoring Replication.
Enterprise Security. Kerberos.
History of Kerberos. Advantages of Kerberos.
Kerberos Roles in Windows 2000.
Key Distribution Center. Authentication Service. Ticket-Granting Service. Kerberos Key Distribution.
Authenticating to the Domain.
Finding the KDC. Logging On. Obtaining a TGT from the KDC. Client Request for a TGT. Getting a Session Ticket for the Local Computer. Completing the Logon Process.
Authenticating to Other Domains in the Tree. Automatic Kerberos Transitive Trusts. Managing Trusts. How Transitive Trusts Work.
Cross-Domain Authentication Example. Advantages to the Previous Scenario.
Explicit Trusts. Shortcut Trusts.
Creating a Shortcut Trust. Testing the Shortcut Trust. To Trust or Not to Trust.
Enforce User Logon Restrictions. Maximum Lifetime for a Service Ticket. Maximum Lifetime for a User Ticket. Maximum Lifetime for User Ticket Renewal. Maximum Tolerance for Computer Clock Synchronization.
Authorizing Access to Active Directory. Rights Versus Permissions. Security Components of the Active Directory.
Globally Unique Identifiers. Security Identifiers. Relative Identifiers. Security Descriptor. Access Tokens.
Native Versus Mixed Mode. Domain Local Groups. Global Groups. Universal Groups. Computer Local Groups. Nesting Groups. System-Created Groups.
Authorization Step by Step.
Gathering the User's Credentials. Getting an Access Token. Using the Access Token.
Using the Security Tab. Using the Delegation of Control Wizard.
The Basics. Tools.
Introduction to Group Policy. A Simple Group Policy Example. Why Group Policy? Types of Group Policy.
Computer Group Policy. User Group Policy.
Applying Group Policy.
Choosing Where to Assign Group Policy. Assigning Group Policy.
Group Policy and Security Groups.
Overview of Group Policy Sections. Computer Configuration.
Software Settings. Windows Settings. Administrative Templates.
Software Settings. Windows Settings. Administrative Templates.
Overview of Group Policy Administration.
The Group Policy Tab.
Features of Group Policy. Logon Scripts.
Windows Scripting Host. VBScript Syntax. A Simple VBScript Example. Sample Logon Script. The Logon Script Line by Line. Attaching a Logon Script Through Group Policy.
Installing Software Through Group Policy.
Windows Installer Service. Features of Native Windows Installer Packages. Assigning and Publishing Software Through Group Policy. An Example of Assign and Publish. Testing Your Group Policy. Configuring the Software Installation Node.
Group Policy Security and Inheritance.
Group Policy Inheritance. Group Policy Security. Creating Exceptions to Group Policy Application.
Overview of Group Policy Architecture. Group Policy Storage.
Group Policy Container. Group Policy Template.
Group Policy Replication.
File Replication Service.
Group Policy Processing. Problems with Group Policy.
Replication Issues. Inheritance Issues. Permissions Issues.
Creating a User Object. Copying an Existing User Account.
Group Types. Group Scope. Creating Groups. Modifying Groups. Planning Group Usage.
Active Directory and Printers. Printer Location Tracking. Managing Published Printers. Adding a Printer. Modifying a Printer. Adding Printers to the Directory from Non-Windows 2000 Print Servers.
Creating Computer Objects. Creating a Computer Object Using VBScript. Creating a Computer Object Using NET Commands. Creating a Computer Object by Joining a Domain.
Creating an OU. Design Considerations. Moving an OU. Deleting an OU. OU Design Considerations.
Creating Container Objects. Deleting Container Objects.
Introduction to the Active Directory Database.
Understanding Transactional Databases. Active Directory Database Structure.
The Active Directory Database File. Transaction Log Files. Checkpoint Files. Reserve Log Files. Patch Files.
Defragmentation. Other Maintenance Tasks.
Active Directory Backup.
Microsoft Windows Backup Tool. Restoring Active Directory.
Restoring from a Backup.
Offline Backup. Determining the Date of the Last Full Backup. Impact of the Tombstone Lifetime on Restores. Computer Membership and Trusts.
Upgrading and Migrating. Upgrade in Place.
Planning. Performing the OS Upgrade. Running dcpromo. Testing the Upgrade.
Important Considerations When Upgrading NT Domains.
Structural Modifications. Security Issues During the Upgrade. Checking the Upgrade.
Consolidation by Moving Objects.
Moving Objects Inside a Domain. Moving Objects Between Domains or Trees. Moving Objects Between Forests.
The Active Directory Services Interface. Windows Script Host. Using ADSI with WSH.
Creating a User. Manipulating Groups with ADSI. Moving Objects. Listing and Viewing Properties.
Checking Group Policy Versions. Replication Status.
Active Directory Summary. The Future. Whistler.
Headless Servers. MSMQ 5.1. Networking Changes. Application Directory Partitions. Improved Support for Wireless LANs. Dynamic Objects. Dynamic Auxiliary Classes. Virtual List Views and Attribute Scoped Queries. Universal Plug-and-Play. New WinSock 2 APIs. Windows Media Rights Manager.
AppCenter. Biztalk Server. SQL Server 2000. Host Integration Server 2000. Internet Security and Acceleration Server 2000.
64-Bit Windows. Blackcomb. Where to Go from Here….
Online Help. Support Tools. Resource Kits. msnews.microsoft.com. http://www.microsoft.com. Microsoft Official Curriculum. msdn.microsoft.com. TechEd.