Register your product to gain access to bonus material or receive a coupon.
Managing Enterprise Active Directory Services
- By Robbie Allen, Richard Puckett
- Published Apr 25, 2002 by Addison-Wesley Professional.
Book
- Sorry, this book is no longer in print.
Description
- Copyright 2002
- Dimensions: 7-3/8x9-1/8
- Pages: 600
- Edition: 1st
- Book
- ISBN-10: 0-672-32125-4
- ISBN-13: 978-0-672-32125-2
Active Directory, a key element of Windows 2000, is a centralized system that automates management of user data and resources and is intended to be a consolidation point for centrally managing and reducing the number of directories that companies have. Due to its complexity, managing Active Directory requires careful maintenance and monitoring. In Managing Enterprise Active Directory Services, the authors draw from their own experiences with Active Directory programming interfaces and management concepts to provide readers with an authoritative reference that will enable them to manage Active Directory services more efficiently.
Sample Content
Online Sample Chapters
Lightweight Directory Access Protocol (LDAP)
Managing Enterprise Active Directory With Lightweight Directory Access Protocol (LDAP)
Table of Contents
Introduction.
I. ACTIVE DIRECTORY MANAGEMENT BASICS.
1. Active Directory Overview.Directory Services and Active Directory.
Active Directory Benefits.
Unified Directory.
Fewer Sign-Ons.
Standards-Based.
Extensible Schema.
Scalable.
Multimaster Replication.
Granular Security model.
Group Policy.
Active Directory Challenges.
Political Challenges.
Complexity Issues.
User Migration Challenges.
Application Directory Migration Challenges.
Troubleshooting Challenges.
First Version Issues.
Summary.
2. Active Directory Management.Management Focus.
Getting Down to Basics.
Management Philosophy.
Management Applications-Build Versus Buy.
Data-Inject Versus Enter.
Servers-Centralized Versus Distributed.
Administration-Centralized Versus Distributed.
Summary.
II. ACTIVE DIRECTORY MANAGEMENT INTERFACES.
3. Lightweight Directory Access Protocol (LDAP).Overview.
LDAP as a Protocol.
LDAP as an API.
What LDAP Is Not.
LDAP's Role in Active Directory.
APIs.
C/C++.
Perl.
Visual Basic.
Java.
Tools.
LDAP Browser.
Active Directory Administration Tool (LDP).
LDIF Directory Exchange (LDIFDE).
Programming Basics.
Information and Naming Models.
Connecting, Binding, and Unbinding.
RootDSE.
Search Filters.
Searching.
Ambiguous Name Resolution.
Add, Modify, and Delete.
LDIF.
Advanced Features.
Controls.
Referrals.
Change Notification and DirSync.
Looking Ahead.
VLV support.
XML/DSML Support.
Additional Resources.
Books.
Web Sites.
RFCs.
Microsoft Documentation.
4. Active Directory Service Interfaces (ADSI).Overview.
Why ADSI?
COM Architecture.
ADSI or LDAP?
APIs.
C/C++.
Visual Basic and VBScript.
Perl.
Java.
Tools.
ADSI Edit.
ADsVW.
DsBrowse.
ADQI.
DsSrch.
Programming Basics.
IADs Class.
Connecting and Binding.
Property Cache.
Enumeration.
Searching.
Add, Modify, and Delete Objects.
Advanced Topics.
Object Security.
Advanced Binding Methods.
Looking Ahead.
Write Capability with ADO.
Attribute Scoped Query (ASQ).
ADSI or WMI?
Additional Resources.
Books.
Web Sites.
Microsoft Documentation.
5. Windows Management Instrumentation (WMI).Overview.
WBEM/CIM.
WMI.
WMI Architecture.
WMI's Role in Active Directory.
APIs.
C/C++.
Visual Basic/VBScript/Jscript/Perl.
Tools.
WMI Object Browser.
WMI CIM Studio.
WMI Control.
wbemdump.
Basics.
Namespace.
Monikers.
Enumeration.
Searching
Event Notification.
Looking Ahead.
New Providers.
DNS Provider.
Cross-Platform Client Access.
Universal Management Interface.
Additional Resources.
Books.
Web Sites.
Microsoft Documentation.
III. ACTIVE DIRECTORY MANAGEMENT COMPONENTS.
6. Windows NT Migration.Migrating to Windows 2000.
A Word About Migrations.
The Dark Side of Migrations.
Possible Migration Issues.
Effective Migration Planning.
Seven Rules for a Successful Active Directory Implementation.
Some Final Words About Migrations to Windows 2000.
Client Migrations.
Managing Client Trust Relationships.
NetJoinDomain API.
Migrating User-Specific Settings.
Windows 2000 Profile Migration.
Additional Resources.
Books.
Web Sites.
Microsoft Documentation.
7. Directory Operations.Overview.
Forests.
Trees.
Domains.
Trusts.
Naming Contexts.
Organizational Units.
Flexible Single Master of Operations (FSMO) Roles.
Tools.
netdom.
nltest.
netdiag.
dcdiag.
ntdsutil.
Active Directory MMC Snap-Ins.
Managing Domains.
Domain Objects.
Domain Controller Objects.
Managing Trusts.
Trust Objects.
Using netdom to Manage Trusts.
Managing Organizational Units (OUs).
OU Objects.
Programmatically Manipulating OUs.
Managing FSMOs.
Locating the FSMOs.
Transferring Roles.
Monitoring and Troubleshooting.
Server Promotion.
Server Demotion.
Domain Controller Services.
FSMO Availability.
Secure Channels.
File Management.
Restores.
Summary.
Additional Resources.
Books.
RFCs.
Microsoft Documentation.
8. Domain Name System (DNS).Overview.
Microsoft DNS Server.
AD-Integrated Zones.
Tools.
DnsCmd.
DNS MMC Snap-In.
nslookup.
ipconfig.
Programmatically Managing DNS.
Programmatic Interfaces into DNS.
Querying DNS.
Resource Record Manipulation.
Zone and Server Configuration.
Monitoring and Troubleshooting.
DNS Service.
Resource Record Registration.
DNS Log
Event Log.
Performance Monitor.
DnsCmd Statistics.
Summary.
Additional Resources.
Books.
RFCs.
Web Sites.
Microsoft Documentation.
9. Site Topology and ReplicationOverview.
Site Topology Management Issues.
Replication Management Issues.
Tools.
DsaStat.
Replication Diagnostics Tool (RepAdmin).
Replication Monitor (ReplMon).
Sites and Services MMC Snap-In.
Programmatically Managing Site Topology.
Site Objects.
Subnet Objects.
Site Link Objects.
Server Objects.
Programmatically Managing Replication.
Replication APIs.
Connection Objects.
Triggering the KCC.
Disabling the KCC.
Object Metadata.
Forcing Replication.
Viewing Replication Partners Information.
Monitoring and Troubleshooting.
Using RepAdmin.
Using Replication Monitor (ReplMon).
Event Log.
Performance Monitor.
Summary.
Additional Resources.
Books.
Web Sites.
Microsoft Documentation.
10. Schema.Overview.
Schema Container and FSMO.
Classes.
Attributes.
Abstract Schema.
Tools.
Schema Mgmt MMC Snap-In.
LDIFDE.
Oidgen.
Uuidgen.
SchemaDoc.
Programmatically Managing the Schema.
Locating the Schema Container.
Finding the Schema FSMO.
Transferring the Schema FSMO.
Updating the Registry to Allow Schema Updates.
Querying the Abstract Schema with ADSI.
Querying the Abstract Schema with Perl.
Deleting Schema Objects.
Importing Schema Extensions Through LDIF Files.
Extending the Schema.
Extensions for Existing Versus New Objects.
Naming Convention.
Obtaining Object Identifiers.
Obtaining Globally Unique Identifiers.
Schema Extension Questionnaire.
Dealing with Vendors.
Steps to Extend the Schema.
Understanding the Schema Cache.
Programmatically Extending the Schema with LDIF Files.
Tracking Schema Extensions.
Summary.
Additional Resources.
Books.
RFCs.
Web Sites.
Microsoft Documentation.
11. Accounts (Users, Groups, Computers, and Printers).Overview.
Business Logic.
Account Consistency and Ownership.
MetaDirectory.
Users.
Groups.
Computers.
Printers.
Managing Users, Groups, Computers, and Printers.
User Objects.
Group Objects.
Computer Objects.
Printer Objects.
Summary.
Additional Resources.
Books.
RFCs.
Web Sites.
Microsoft Documentation.
12. Security.Overview.
Kerberos...Under the Hood.
Key Distribution Centers.
Three Message Exchanges.
Authentication Service Exchange (KRB_AS_REQ/REP).
Ticket-Granting Service Exchange (KRB_TGS_REQ/REP).
Client/Server Authentication Exchange (KRB_AP_REQ/REP).
Purging the Kerberos Ticket Cache.
Auditing for Security.
How Auditing Works.
Audit Policy Components.
Configuring the Audit Policy.
Some Parting Audit Recommendations.
Event Management.
Security Descriptor Definition Language (SDDL).
Microsoft's New Security Descriptor Management APIs.
Anatomy of an SDDL.
Advanced SDDL Functions.
Schema and Rights GUIDs in the Active Directory.
Identifying GUIDs.
Common-Sense Security Recommendations.
Active Directory Recommendations.
Domain Controller Recommendations.
Summary.
Additional Resources.
Books.
RFCs.
Web Sites.
Microsoft Documentation
13. Group Policy Objects (GPOs).Overview.
Client-Side Extensions (CSEs) for Group Policy.
Tools.
GPOTOOL.
GPRESULT.
GPO API-Based Management.
GetAppliedGPOList.
GetGPOList.
Adding and Deleting Policy Links.
Summary.
Additional Resources.
Books.
Microsoft Documentation.
IV. APPENDIXES.
Appendix A. Active Directory References.Finding More Information.
Active Directory Library.
Introduction/General.
Planning, Migration, and Deployment.
Programming.
Active Directory Toolbox.
Resource Kits.
Microsoft Platform Software Development Kit (SDK).
Active Directory Web.
Active Directory.
Microsoft.
Visual Basic/VBScript.
Perl.
Active Directory Application Vendors.
Aelita.
BindView.
FastLane.
Full Armor.
NetIQ.
NetPro.
Appendix B. Indexed, GC, and ANR Attributes.Appendix C. LDAP Controls.
Appendix D. Group Policy Settings.
Index. 0672321254T04222002
Preface
In the fast-paced world of information technology (IT), staying on top of changes in the industry can be difficult, not to mention time consuming and costly. Proper staffing, training, and planning to handle migrations from old to new technologies have caused IT engineers, managers, and end users many headaches over the years. Microsoft has definitely played a part in solidifying the workforce of IT consultants by rapidly evolving its product line. Most products developed by Microsoft have a one- to three-year life expectancy with new versions or updates typically being released every few months. This does not allow a lot of time to get properly acclimated and adjusted both from a staffing and infrastructure perspective before a new version is released. Microsoft is not completely to blame for the speed of product evolution since the industry as a whole often dictates changes by introducing new technologies. A good example of this is the Extensible Markup Language (XML). As XML has gained more industry acceptance over the past few years, it has become almost a requirement for products to use it if they require data interchange between systems.
One of the biggest challenges for architects and implementers of new technologies is finding accurate and adequate information. Without proper information about a technology, implementation can be delayed and potentially done incorrectly. This results in further redeployments and migrations and eventually more frustration for the user base! Because Active Directory touches so many facets of a company's infrastructure, we cannot stress enough that implementing Active Directory right the first time is of utmost importance. Mistakes made now will be felt for years to come.
In 1999 and 2000, informative data on Active Directory was not easy to come by, primarily because Windows 2000, the operating system which Active Directory runs on, had just been released. Authoritative books, magazine articles, white papers, and Web sites were few and far between. A lot of the published information was either inadequate or downright technically wrong. Now, information on Active Directory is much more abundant. In fact, there has been such an explosion of Windows 2000 and Active Directory-related books, magazines and Web sites that it can be difficult to find exactly what you are looking for. It is our hope that this book provides some fresh data, specifically on the management aspects of Active Directory from two people that have been living and breathing Active Directory at a large, global, and dynamic company, namely Cisco Systems, for the past two years.
To date, there has not been much information published on the topic of managing Active Directory. The primary reason is people are still trying to figure out how to do it. Managing an Active Directory infrastructure is not an easy task at any level. Not only do you have to manage the typical Network Operating System (NOS)-based tasks as you did with NT 4, but Active Directory's reach extends to functions like the Domain Name System (DNS), Public Key Infrastructure (PKI), networking topology, and application directory. Typically, different groups within a company control these services, so properly designing Active Directory involves bringing together many groups that may not be familiar with each other.
Because of the integration with so many other technologies, we believe Active Directory will be one of the top two or three most important infrastructures within a company's IT department, next to the company's external Web site and Enterprise Resource Planning (ERP) systems. And because of this integration, we feel Active Directory will be one of the most complex technologies to implement and manage. Not only are there a large number of technical issues related to making Active Directory work, but significant political issues are associated with trying to work with multiple groups that are sometimes geographically and organizationally dispersed.
Intended Audience
This book is intended for Active Directory administrators who are versed in the basic concepts of Active Directory and are managing medium- and large-scale Active Directory infrastructures.
The programmatic aspects of managing Active Directory are explored extensively throughout this book, but you do not need significant programming experience to benefit from the code samples. Many of the samples discussed can be beneficial as is. For those with programming experience, the samples provide a good basis for filling your Active Directory management gaps.
Organization
This book is divided into four parts:
Part I: Active Directory Management Basics
- Chapter 1, "Active Directory Overview," covers the challenges of managing Active Directory along with an introduction to the management philosophy used by the authors to address these challenges.
- Chapter 2, "Active Directory Management," explains the terms, concepts, and methodologies around management of Active Directory.
Part II: Active Directory Management Interfaces
- Chapter 3, "Lightweight Directory Access Protocol (LDAP)," starts with a brief introduction on the history of LDAP and its importance to Active Directory and ends with an overview of LDAP programming.
- Chapter 4, "Active Directory Service Interfaces (ADSI)," explains the purpose of ADSI and provides reasons you might choose it over LDAP for programmatic access to Active Directory. The chapter ends with an overview of ADSI programming.
- Chapter 5, "Windows Management Instrumentation (WMI)," covers the WBEM/CIM initiative and how WMI fits in, details the WMI architecture, and ends with an overview of WMI programming.
Part III: Active Directory Management Components
- Chapter 6, "Windows NT Migration," covers some of the pitfalls of migrating from NT 4.0 to Active Directory and includes information on useful APIs and sample code to aid in the desktop migration process.
- Chapter 7, "Directory Operations," describes strategies for managing domains, domain controllers, and Organizational Units in Active Directory.
- Chapter 8, "Domain Name System (DNS)," briefly touches on the DNS architecture in Active Directory and details what can be done to manage it programmatically.
- Chapter 9, "Site Topology and Replication," covers the design and management of Active Directory replication including how to programmatically inject site topology.
- Chapter 10, "Schema," explains important concepts around managing the schema and contains sample code on programmatically extending the schema.
- Chapter 11, "Accounts (Users, Groups, Computers, and Printers)," details procedures for programmatically managing user, group, computer, and printer objects.
- Chapter 12, "Security," details the more complex elements of security in Active Directory, as well as methods for programmatically managing security.
- Chapter 13, "Group Policy Objects (GPOs)," covers GPO management techniques and the mechanisms required to diagnose and troubleshoot them.
Part IV: Appendixes
- Appendix A, "Active Directory References," is a detailed reference guide for Active Directory that covers the important Active Directory-related books, tools, Web sites, and vendors.
- Appendix B, "Indexed, GC, and ANR Attributes," lists default indexed, global catalog (GC), and ANR attributes along with sample code to extract those attributes programmatically.
- Appendix C, "LDAP Controls," lists supported LDAP controls in Active Directory.
- Appendix D, "Group Policy Settings," lists the available computer and user Group Policy settings.
Additional Resources
The first step in learning a new technology is to find the best resources for information. We do not intend to regurgitate a lot of information that is already available, so we will provide pointers in the Additional Resources section located at the end of each chapter, starting with Chapter 3. The Additional Resources sections will include any applicable books, Web sites, RFCs, or Microsoft documentation that may be useful for obtaining more information on a topic. In Appendix A, "Active Directory References," we provide information on the Active Directory-related books, Web sites, tools, and vendors we found useful while working with Active Directory.
0672321254P04232002
Index
Symbols
- 15 seconds Web site
A
- abstract classes
- abstract schema
- ADSI and queries
- Perl and queries
- account provisioning
- account consistency
- account ownership and
- business logic and
- groups
- MetaDirectory
- printers
- scripting and
- user information repository
- users and
- ACL, migration and
- Active Directory
- benefits of
- LDAP and
- overview
- WMI and
- Active Directory Administration Tool (LDP)
- ActiveDir.org Web site
- AD-Integrated zones
- ADM (Administrative Template) settings
- administration
- centralized versus distributed
- OUs and
- ADQI
- ADSI (Active Directory Service Interfaces)
- abstract schema queries
- ADO and, write capability
- APIs
- C/C++
- Java and
- Perl
- VBScript
- Visual Basic
- architecture
- binding
- COM and
- conditional enumeration
- connection objects
- DCs, listing
- domain trusts, listing
- enabling GC
- enumeration
- forests, listing
- FSMO location
- FSMO role transfer
- group creation
- IADs interface
- interoperability
- KCC, disabling
- LDAP comparison
- object security
- objects
- creating
- deleting
- queries
- OU creation
- printing group members
- PrintQueue object creation
- programming basics
- property cache
- reasons to use
- searches
- site link objects, creating
- site object creation
- site object deletion
- subnet object iteration
- subnet object creation
- tools
- ADQI
- ADSI Edit
- ADsVW
- DsBrowse
- DsSrch
- uPNSuffixes
- user account unlocking
- user object creation
- users, moving
- WMI (Windows Management Instrumentation)
- ADSI Edit
- ADSI SDK
- ADsVW
- Aelita Active Directory applications
- Aggregate object attributes
- anonymous binding
- ANR (Ambiguous Name Resolution)
- APIs (application programming interfaces)
- ADSI
- C/C++
- DNS and
- Microsoft DNS API
- Net\:\:DNS
- WMI DNS provider
- GPO-related
- LDAP
- replication
- DS API
- IadsTools
- security descriptor
- WMI
- applications
- management, building versus buying
- vendors
- architecture
- ADSI
- WMI
- attribute query, ADSI
- attributes
- ADSI
- Aggregate object
- ANR
- attributeTypes
- classes
- computer objects
- ditContentRules
- domain object
- extendedAttributeInfo
- extendedClassInfo
- GC
- groups
- indexed
- indexed, optimized queries
- linked
- objectClasses
- PrintQueue object
- trustedDomain objects
- users
- attributeSchema object
- attributeTypes attribute
- audit policies
- configuration
- components
- auditing
- overview
- recommendations for
- SACL and
- security and
- security audit categories
- SRM
- AUDITPOL.EXE options
- authentication
- Kerberos authentication exchange
- trusts and
- Authentication Service Request
- automation, migration and
- auxiliary classes
- ditContentRules attribute
- IADsClass and
B
- binding
- BindView Active Directory applications
- books, references
- deployment
- general
- introductory
- migration
- planning
- programming
- browsers
- LDAP Browser
- WMI Object Browser
- building management applications versus buying
- business logic, account provisioning and
C
- C++ NetJoinDomain API
- C/C++
- ADSI and
- WMI APIs
- C/C++ LDAP API
- central servers versus distributed
- centralized administration versus distributed
- channels, secure channels
- CIM (Common Information Model)
- CIMOM (CIM Object Manager)
- classes
- abstract classes
- attributes
- auxiliary
- group class
- hierarchy
- initOrgPerson object class
- organizationalperson
- perspon
- schema
- structural
- top class
- WMI DNS provider
- classSchema objects
- client migration
- NetJoinDomain API
- object collisions
- overview
- trust relationships
- user-specific settings
- CMIP (Common Management Information Protocol)
- COM, ADSI and
- Compaq Active Directory Scalability Demo Web site
- complexity
- computer accounts
- computer objects
- attributes
- creating
- IADsComputer interface
- inactive, locating
- system information
- conditional enumeration, ADSI searches and
- configuration
- audit policies
- servers, DNS
- zones, DNS
- configuration NC
- connection failures, RepAdmin and
- connection objects
- RepAdmin, displaying
- replication and
- connections
- constants, groups
- containers, schema, locating
- controller objects, domain controller objects
- controllers, domain controller services
- controls, LDAP
- CreateGPOLink API
- credentials, binding and
- cross-platform client access, WMI
- CSEs (client-side extensions) for group policies
D
- DACL flags, SDDL
- data, injecting versus entering
- DC (domain controllers)
- replication partners, displaying
- server demotion
- server promotion
- dcdiag utility
- DCPromo
- DDNS (dynamic DNS)
- defragmentation, offline
- delegation of control, OUs and
- DeleteAllGPILinks API
- DeleteGPOLink API
- deleting objects
- ADSI
- schema objects
- demoting servers, DC
- deployment, reference books
- directory services overview
- DirectPartner* function, IadsTools
- DirSync
- disabling KCC
- distributed administration versus centralized
- distributed servers versus centralized
- Distributed Systems Guide
- ditContentRules attribute
- DLLs (dynamic link libraries)
- DMTF (Distributed Management Task Force)
- DN (distinguished name)
- DN pointer method, object extension
- DNM (Domain Naming Master)
- DNS (Domain Name System)
- AD-Integrated zones
- APIs and
- Microsoft DNS API
- WMI DNS provider
- DNS MMC snap-in
- DnsCmd tool
- Perl wrapper
- event 708
- event 4000
- event 4013
- event 5773
- event 5774
- event 5775
- event 5781
- event 5789
- event 6527
- interfaces, programmatic
- ipconfig
- managing programmatically
- Microsoft DNS server
- migration and
- monitoring
- DNS log
- DnsCmd statistics
- event log
- perfmon
- resource record registration
- namespaces, trees
- nslookup
- perfmon (performance monitor)
- querying
- servers, configuration
- service
- troubleshooting
- zone configuration
- DNS log
- DNS MMC snap-in
- DNS WMI provider
- DnsCmd tool
- Perl wrapper
- statistics, monitoring and
- DnsCmd.pm
- resource records and
- zone configuration
- domain controller objects
- domain controller services
- domain controllers
- GC and
- migration and
- ReplMon
- security recommendations
- domain local groups
- domain management, domain objects
- domain naming master, FSMOs
- domain ojects
- domain trees
- domains
- forests, listing
- FQDN
- migration and
- mixed mode
- mode
- native mode
- netdom
- DS (Directory Service) APIs
- DsaStat
- DsBrowse
- DSML (Directory Services Markup Language), LDAP and
- DsReplicaConsistencyCheck function, KCC trigger
- DsReplicaGetInfo, object metadata retrieval
- DsReplicaSync, forcing replication
- DsSrch
- dynamic updates, DNS perfmon
E
- enumeration
- ADSI
- WMI
- error( ) method, Perl
- error replication, troubleshooting
- event 708, DNS
- event 4000, DNS
- event 4013, DNS
- event 5773, DNS
- event 5774, DNS
- event 5775, DNS
- event 5781, DNS
- event 5788, DNS
- event 6527, DNS
- event log
- DNS
- replication monitoring
- search script
- Event Log Provider
- event management
- ELOGDMP
- PSLOGLIST
- events, WMI
- expiration, groups
- extendedAttributeInfo attribute
- extendedClassInfo attribute
- extending schema
- GUIDs
- LDIF files
- naming convention
- objects
- creating
- modifying
- OIDs (Object Identifiers)
- process
- questionnaire
- schema cache
- tracking
- vendors
- extensible schema
- extensions, importing LDIF files and
F
- FastLane Active Directory applications
- file management
- file locations
- file repair
- integrity of files
- moving files
- offline defragmentation
- semantic checks
- filters, searches
- first version issues
- folders
- Offline Folders, migration and
- redirection, profile migration and
- forcing replication
- forests
- FQDN (fully qualified domain name)
- FSMO (Flexibile Single Master of Operations)
- availability of
- domain naming master
- IMs
- locating
- management
- PDC emulator
- RID master
- roles, transferring
- Schema master
- transferring
- fSMORoleOwner attribute
- Full Armor Active Directory applications
- functions. See also wrapper functions
- LDAP
- Microsoft DNS API
- NetJoinDomain
- Perl, AUTOLOAD function
- PurgeTKTs
- SDDL
- TriggerKCC
G
- GC (Global Catalog)
- attributes
- domain controllers and
- enabling
- searches
- Get method, IADs
- GetAppliedGPOList API
- C++ declaration
- VB declaration
- GetAppliedGPOs wrapper function
- GetDirectPartners function, IadsTools
- GetEx method, IADs
- GetGPOList API
- C++ declaration
- VB declaration
- GetGPOs wrapper function
- GetInfo method, IADs
- GetInfoEx method, IADs
- global groups
- GPO (Group Policy)
- CSEs
- OUs and
- system polices (NT) and
- tools
- GPORESULT utility
- GPOTOOL
- GPO history data, registry-based
- GPO-related APIs
- GPOTOOL
- GPRESULT utility
- granular security
- group class
- group objects
- creating
- IADsGroup interface
- Group Policy
- groups
- account provisioning and
- attributes
- constants
- domain local groups
- expiration
- global
- iterating membership
- membership
- migration and
- ownership
- policy links
- scope
- types
- universal
- users, adding/removing
- GROUP_POLICY_OBJECT
- C++ declaration
- VB declaration
- GUIDs (globally unique identifiers)
- extending schema and
- identification
- string, converting to Base64-encoded
H
- human-readability, LDIF files
I
- IADs interface, ADSI and
- IADsClass, property methods
- IADsComputer interface
- IADsGroup interface
- IADsPrintJob interface
- IADsPrintJobOperations interface
- IADsPrintQueue interface
- IADsPrintQueueOperations interface
- IADsProperty object, property methods
- IadsTools
- connection objects
- DirectPartners* function
- forcing replication
- GetDirectPartners function
- KCC, triggering
- object metadata retrieval
- IadsTools replication API
- IM (Infrastructure Master), FSMOs and
- importing, extensions, LDIF files and
- inactive computer accounts
- indexed attributes
- inetOrgPerson object class
- information models
- infrastructure, WMI
- instantiation, Visual Basic
- integrity of files
- interfaces
- DNS, programmatic
- IADsComputer interface
- IADsGroup
- IADsPrintJob
- IADsPrintJobOperations
- IADsPrintQueue interface
- IADsPrintQueueOperations interface
- IADsUser
- ipconfig tool
- iteration, group membership
J
- Java
- ADSI and
- LDAP
- JNDI (Java Naming and Directory Interface)
- Jscript, WMI and
K
- KCC (Knowledge Consistency Checker
- disabling
- TriggerKCC function
- KDC (Key Distribution Center)
- Kerberos
- Authentication Service Request
- client/server authentication exchange
- default policy
- KDC (Key Distribution Center)
- Message Exchanges
- TGS (Ticket-Granting Service)
- ticket cache, purging
L
- LabMice Web site
- LDAP (Lightweight Directory Access Protocol)
- Active Directory and
- adding objects
- ADSI comparison
- advanced features
- ANR and
- APIs
- as API
- change notification
- computer object creation
- computer object location and deletion
- controls
- deleting objects
- DirSync
- domain trusts, listing
- enabling GC
- forests, listing
- FSMO
- location
- role transfer
- function
- group creation
- KCC, disabling
- limitations
- modifying objects
- OU creation
- printing group members
- PrintQueue object creation
- programming basics
- referrals
- replication
- searches
- site link objects, creating
- site object creation
- site object deletion
- subnet object creation
- subnet object iteration
- synchronization and
- uPNSuffixes
- user account unlock
- user object creation
- users, moving
- VLV support
- XML/DSML support
- LDAP Browser
- LDIF (LDAP Data Interchange Format)
- LDIF files
- importing schema extensions
- schema extension
- LDIFDE (LDIF Directory Exchange)
- LDIFDE utility
- linked attributes
- Loadstate utility
- locking/unlocking users
- logs
- DNS log
- event log
- DNS
- replication monitoring
- server promotion
- loosely consistent multi-master replication
- LSA (Local Security Authority)
M
- managed system, WMI and
- management
- applications, building versus buying
- overview
- philosophy
- sample tasks
- management applications, WMI
- mayContain attribute, adding attributes
- membership, groups
- memory, DNS perfmon
- Message Exchanges, Kerberos
- metadata, object metadata
- RepAdmin
- replication
- MetaDirectory, account provisioning and
- methods
- IADs
- IADsClass property methods
- IADsProperty property methods
- invoking, Visual Basic
- Perl, AUTOLOAD function
- Michigan, University of
- Microsoft C LDAP API
- Microsoft DNS API
- Microsoft DNS server
- Microsoft Platform Software Development Kit (SDK)
- Microsoft Seminar Web site
- Microsoft TechNet Web site
- migrating to Windows 2000. See also client migration
- Access Control List and
- automation
- disadvantages
- DNS and
- domain controllers and
- domains and
- groups
- overview
- planning
- business issues
- complexity
- comprehensive project plan
- contingency plan
- failure examples
- pilot
- political issues
- staffing
- transition
- profile migration
- standardization
- trusts and
- USMT and
- migration
- challenges
- reference books
- mixed mode, domains
- MMC snap-ins
- modes, domains
- monikers, WMI
- monitoring
- DNS and
- DNS log
- DnsCmd statistics
- event log
- perfmon
- resource record registration
- replication. See also troubleshooting
- event log
- PerMon
- RepAdmin
- ReplMon
- DNS and
- moving users
- Mozilla::LDAP
- MSDN (Microsoft Developer Network) Web site
- multimaster replication
N
- namespaces
- ADO searches
- IIS
- LDAP
- NDS
- NWCOMPAT
- trees
- Windows NT SAM
- WMI
- naming convention, extending schema
- naming models
- native mode, domains
- NC (naming context)
- configuration NC
- schema
- NetBIOS domains
- netdiag utility
- netdom utility
- removing trusts
- resetting trusts
- trust commands
- trust management
- verifying trusts
- viewing trusts
- NetIQ Active Directory applications
- NetJoinDomain API
- client migration and
- values
- NetJoinDomain function
- NetPro Active Directory applications
- Netscape
- Netscape C LDAP API
- new( ) method, Perl
- nltest utility
- NOS (network operating system)
- nslookup tool
- NT, trusts and
- ntdsutil utility
- DC object removal
- restores
- NTLM (Windows NT LAN Manager)
- ntMixedDomain attribute
O
- object, computer objects, creating
- object collisions, client migration and
- object metadata, RepAdmin
- objectClasses attribute
- objects
- adding, LDAP
- attributeSchema
- classSchema
- computer object
- attributes
- inactive
- system information
- connection objects
- RepAdmin
- replication and
- creating, ADSI
- deleting
- ADSI
- LDAP
- domain controller objects
- domain objects
- group objects
- IADsProperty, property methods
- metadata, replication
- modifying, LDAP
- OU objects
- printer objects
- queries, ADSI
- schema extension and
- creating objects
- DN pointer method
- modifying objects
- schema objects, deleting
- security, ADSI
- server
- site link
- site objects
- subnet
- creating
- iteration
- trusts
- user objects
- creating
- IADsUser interface
- offline defragmentation
- Offline Folders, migration and
- Oidgen
- OIDs (Object Identifiers)
- OpenLDAP
- optimized queries, indexed attributes
- organizationalperson class
- OUs (Organizational Units)
- administration and
- delegation of controls
- GPOs and
- management
- manipulating programmatically
- objects
- user objects, iterating over
- output( ) method, Perl
- ownership, groups
P
- PDC (Primary Domain Controller)
- PerfMon, replication
- perfmon (DNS)
- performance monitoring, PerfMon
- Perl
- abstract schema, queries
- ADSI and
- computer object creation
- computer object location and deletion
- connection objects
- domain trusts, listing
- enabling GC
- event log search script
- forcing replication
- forests, listing
- FSMO location
- group creation
- KCC
- disabling
- triggering
- LDAP and
- methods, AUTOLOAD function
- object metadata retrieval
- OU creation
- printing group members
- PrintQueue object creation
- registry, schema updates
- SDDL retrieval script
- site link objects, creating
- site object creation
- site object deletion
- statements
- subnet object creation
- subnet object iteration
- uPNSuffixes
- user account unlock
- user object creation
- users, moving
- Visual Basic/VBScript conversion
- Web sites
- WMI and
- WMI-based event watch script
- wrappers, DnsCmd tool
- person class
- planning, reference books
- policies
- audit
- configuration
- components
- groups, links
- audit
- political challenges
- predefined
- principal name, users
- printer objects
- IADsPrintJob interface
- IADsPrintJobOperations interface
- IADsPrintQueue interface
- printers, account provisioning
- PrintQueue object, IADsPrintQueueOperations interface
- PrintQueue object attributes
- Product Support Web site
- profile migration
- profile redirection
- programmatically manipulating OUs
- programming
- ADSI
- basics
- LDAP
- WMI
- reference books
- promoting servers
- DC
- log files
- properties
- IADs class
- IADsClass property methods
- IADsProperty property methods
- property cache, ADSI
- PSLOGLIST syntax
- PurgeTKTs function
- Put method, IADs
- PutEx method, IADs
Q
- queries
- abstract schema
- ADSI and
- Perl and
- ADSI objects
- DNS
- DNS perfmon
- optimized, indexed attributes
- abstract schema
R
- RDN (relative-distinguished name)
- records, resource records
- DDNS and
- registration
- redirection
- profile migration and
- profile redirection
- references
- referrals, LDAP
- registry, schema updates and
- RepAdmin diagnostics tool
- repairing files
- replication
- connection failure, RepAdmin
- connection objects
- DC replication partners, displaying
- forcing
- KCC
- disabling
- triggering
- LDAP and
- loosely consistent, multi-master
- management issues
- managing programmatically
- monitoring
- multimaster
- object metadata
- overview
- partners, viewing
- queue size, RepAdmin and
- server differences, RepAdmin
- site connection objects
- site topology and
- tools
- DsaStat
- RepAdmin
- ReplMon (Replication Monitor)
- Sites and Services MMC snap-in
- troubleshooting
- replication APIs
- DS API
- IadsTools
- ReplMon (Replication Monitor)
- reset( ) method, Perl
- Resource Kits
- resource records
- DDNS and
- registration
- resources, ADSI
- restores
- RFC-defined standards, LDIF files
- RID master, FSMOs
- rights GUIDs, SDDL
- RootDSE (Root Directory Server Entry)
S
- SACL (System Access Control List)
- SAM (Security Accounts Manager)
- sAMAccountName
- scalability
- schema
- abstract schema
- classes
- abstract
- attributes
- auxiliary classes
- structural
- extending
- GUIDs
- LDIF files
- naming convention
- objects and
- OIDs (Object Identifiers)
- process
- questionnaire
- schema cache
- tracking
- vendors
- extensible
- extensions, importing, LDIF files and
- FSMO
- managing programattically
- NC (naming context)
- overview
- SDDL
- updates, registry
- schema container
- Schema master, FSMO
- Schema Mgmt MMC snap-in
- schema objects, deleting
- SchemaDoc
- schemaIDGUIDs, pregenerating
- scope, groups
- scripting, account provisioning and
- SDDL (Security Descriptor Definition Language)
- account/property type mapping alias
- DACL flags
- functions
- rights GUIDs
- schema
- separators
- SID conversion
- searches
- ADO, namespaces
- ADSI
- filters
- GC (Global Catalog)
- LDAP
- WMI
- secure channels
- security
- Active Directory recommendations
- auditing for
- domain controller recommendations
- granular security model
- Kerberos
- Authentication Service Request
- client/server authentication exchange
- KDC
- Message Exchanges
- TGS
- ticket cache purge
- objects, ADSI
- security descriptor APIs
- Security Audit Categories
- self-documentation, LDIF files
- semantics, file management
- server objects
- servers
- centralized versus distributed
- demoting
- differences, replication (RepAdmin)
- DNS, configuration
- Microsoft DNS server
- promoting
- ReplMon
- SetInfo method, IADs
- sign-ons
- single sign-ons
- site link objects
- site objects
- creating
- deleting
- site topology
- management issues
- managing programmatically
- overview
- programmatically computing
- server objects
- site link objects
- site objects
- subnet objects
- sites
- creating
- deleting
- Sites and Services MMC snap-in
- Sites and Services snap-in, server demotion
- Smart Cards
- snap-ins, MMC snap-ins
- SNMP (Simple Network Management Protocol)
- SNTP (Simple Network Time Protocol)
- SRM (Security Reference Monitor)
- SSL (Secure Sockets Layer)
- standardization, migration and
- standards
- statements
- netdom
- Perl
- structural classes
- subnet objects
- creating
- iteration
- Sun
- synchronization, LDAP
- system information, computer objects
T
- TCO (Total Cost of Ownership
- tests, netdiag and
- TGS (Ticket-Granting Service)
- ticket cache, purging (Kerberos)
- TLS (Transport Layer Security)
- tools
- DNS
- DnsCmd
- ipconfig
- nslookup
- DNS MMC Snap-in
- DnsCmd, Perl wrapper
- GPOs
- GPOTOOL
- GPRESULT utility
- LDIFDE
- Oidgen
- replicaton
- DsaStat
- RepAdmin
- ReplMon (Replication Monitor)
- Sites and Services MMC snap-in
- Schema Mgmt MMC snap-in
- SchemaDoc
- Uuidgen
- DNS
- top class
- tracking, schema extensions
- transactions, LDAP and
- transferring roles, FSMOs
- treees
- TriggerKCC function
- troubleshooting. See also monitoring
- challenges
- DNS
- replication errors
- trust management
- netdom
- objects
- trust relationships, client migration
- trustedDomain objects, attributes
- trusts
- authentication
- domain trees
- migration and
- netdom
- creating
- removing
- resetting
- verifying
- viewing
- NT and
- objects
- Windows 2000 and
U
- universal groups
- University of Michigan
- UNIX, GUID creation
- unlocking users
- updates, schema, registry and
- UPN (User Principal Name)
- UPN suffixes attribute
- user objects
- creating
- ADSI
- VBScript
- IADsUser interface
- OU, interating over
- values, default
- creating
- users
- account provisioning
- attributes
- groups, adding to/removing from
- inetOrgPerson object class
- moving
- principal name
- settings, client migration and
- unlocking
- user information repository
- Users and Computers snap-in, server demotion
- USMT, migrating to Windows 2000 and
- utilities
- dcdiag
- netdiag
- netdom
- nltest
- ntdsutil
- Uuidgen
- GUIDs and
V
- VB. See Visual Basic
- VBScript
- ADSI and
- connection objects
- DCs, listing
- domain trusts, listing
- enabling GC
- forests, listing
- FSMO location
- FSMO role transfer
- group creation
- KCC, disabling
- OU creation
- Perl role transfer
- printing group members
- PrintQueue object creation
- site link objects, creating
- site object creation
- site object deletion
- subnet object creation
- subnet object iteration
- system information retrieval
- uPNSuffixes
- user account unlocking
- user object creation
- users, moving
- Web sites
- WMI and
- vendors
- applications
- schema extension and
- support, LDIF files and
- verification, trusts (netdom)
- Visual Basic
- ADSI and
- forcing replication
- LDAP
- NetJoinDomain API
- object metadata retrieval
- Web sites
- WMI and
- VLV (Virtual List View) support, LDAP
W
- WBEM (Web-Based Enterprised Management)
- wbemdump
- Web sites
- Active Directory related
- client migration resources
- product support
- WIM CIM Studio
- Windows 2000, trusts and
- Windows 2000 Magazine Web site
- Windows 2000 Server Resource Kit
- Windows 2000 Server Resource Kit Supplement One
- Windows 2000 Support Tools
- Windows 2000 Web site
- Windows NT. See NT
- WINS (Windows Internet Naming Service)
- WMI (Windows Management Instrumentation)
- Active Directory and
- APIs
- architecture
- CIM and
- DNS WMI provider
- enumeration
- events
- future of
- infrastructure
- managed systems and
- management applicaitons
- monikers
- namespaces
- programming basics
- provicers
- providers
- searches
- system information retrieval
- WBEM and
- overview
- WMI Control
- WMI DNS provider
- WMI Object Browser
- WMI SDK
- WMI-based event watch script
- wrapper functions
- GetAppliedGPOs
- GetGPOs
X
- XML (Extensible Markup Language), LDAP and
Y
There are no entries in this section.
Z
- zone transfer, DNS perfmon
- zones, DNS (configuration)