Active Directory ® for Microsoft ® Windows ® Server 2003 Technical Reference

Our Pages Are Best Viewed At 800 x 600 Resolution

Return to Main Menu

Back One Page

Place Order by Mail

Contact Us

Search

Book Catagories

Professional Computing

   Certification
   Computer
   Science
   Database & ERP
   Internet
   Management
   Information Systems
   Networking
   Operating Systems
   PC Hardware
   Programming
   Security
   Telecommunications
   Video & Audio
   Web Developement

Computer Science
Academic Disciplines

Intro to Computer Science
Introduction to Programming
Data Structures
Algorithms/Advanced Data Structures
Artificial Intelligence
Compilers
Computer-Organization/Architecture
Computer Graphics
Human-Computer Interaction
Database
Internet and World Wide Web
Electronic Commerce
Mathematics for Computer Scientists
Operating Systems
Networking
Programming Languages
Software Engineering
Theory of Computation
Signals and Systems
Miscellaneous


 
Author: Stan Reimer and Mike Mulcare 

ISBN: 0-7356-1577-2 
Pages: 480 
Disk: N/A 
Stolin-Softwares Price: $49.99
Release: 04/16/2003 
Level: Int/Adv 
About the Book 
The in-depth reference for network architects and administrators implementing enterprise directory services.

Get the focused, in-depth technical expertise you need to implement and optimize your Microsoft directory services infrastructure. As two Active Directory® experts guide you through advanced design and deployment issues for the Windows® Server 2003 environment, you’ll develop a thorough understanding of the underlying concepts, architectural components, and real-world functionality of Active Directory directory service. Whether you’re upgrading from Microsoft Windows NT® 4.0 or later, or performing a clean installation, you’ll learn the best ways to exploit Active Directory capabilities for your organization—and deliver new levels of network performance and productivity. 

Get the technical drill-down you need to:

• Install, upgrade, or migrate to Active Directory
• Learn essential design considerations for DNS 
• Design Active Directory structure—forests, domains, sites, and OUs 
• Manage Active Directory objects, including users and groups
• Optimize domain controller data replication
• Use group policies to deploy software and manage desktops
• Implement authentication, Kerberos, and other security features and tools
• Monitor Active Directory replication and domain controller performance, and manage the Active Directory database 
• Perform critical maintenance and plan for disaster recovery

Related Books

Microsoft® Windows Server™2003 PKI and Certificate Security
Microsoft® Windows® Small Business Server 2003 Administrator's Companion
Microsoft® Windows Server™ 2003 Terminal Services

Table of Contents

List of Tables xii 
    Dedications xiii 
    Acknowledgments xiv 
    Introduction xv 
PART I Windows Server 2003 Active Directory Overview 
1   Active Directory Concepts
    The Evolution of Microsoft Directory Services 3 
        LAN Manager for OS/2 and MS-DOS 4 
        Windows NT and SAM  4 
        Windows 2000 and Active Directory 6 
        Windows Server 2003 Domains and Active Directory  7 
    Active Directory Open Standards 8 
        X.500 Hierarchies 8 
        Lightweight Directory Access Protocol (LDAP) 10 
    Key Features and Benefits of Active Directory  12 
        Centralized Directory 12 
        Single Sign-On 12 
        Delegated Administration 12 
        Common Management Interface 13 
        Integrated Security 13 
        Scalability 13 
    What's New in Windows Server 2003 Active Directory  14 
        Active Directory Users And Computers Improvements 14 
        Levels of Functionality 14 
        Domain Rename 15 
        Application Directory Partitions 15 
        Additional Domain Controller Installed from Backup Media 15 
        Deactivation of Schema Objects 16 
        Disabling Compression of Replication Traffic Between Different Sites 16 
        Global Catalog Not Required for Logon 16 
        Group Membership Replication Improvements 16 
        Object Picker UI Improvements 17 
        Lingering Object Removal Mechanism 17 
        inetOrgPerson Support 17 
    Summary 17 
2   Active Directory Components 19 
    Active Directory Physical Structure 19 
        The Directory Data Store  19 
        Domain Controllers  20 
        Global Catalog Servers 20 
        Operations Masters  23 
        Transferring Operations Master Roles 25 
        The Schema 26 
    Active Directory Logical Structure 31 
        Active Directory Partitions 32 
        Domains 36 
        Domain Trees 37 
        Forests 38 
        Trusts 39 
        Sites 43 
        Organizational Units 46 
    Summary 48 
3   Active Directory and Domain Name System 49 
    DNS Overview 49 
        Hierarchical Namespace 50 
        Distributed Database 51 
        Name Resolution Process 51 
        Resource Records 52 
        DNS Domains, Zones, and Servers 54 
    DNS and Windows Server 2003 Active Directory 61 
        DNS Locator Service 61 
        Active Directory Integrated Zones 66 
        DNS Enhancements 69 
    Summary 75 
4   Active Directory Replication and Sites 77 
    Active Directory Replication Model 77 
    Replication Enhancements in Windows Server 2003 Active Directory 79 
    Intrasite and Intersite Replication 80 
        Intrasite Replication 81 
        Intersite Replication 82 
        Replication Latency 83 
        Urgent Replication 83 
    Replication Topology Generation 84 
        Knowledge Consistency Checker 84 
        Connection Objects 85 
        Intrasite Replication Topology 86 
        Global Catalog Replication 91 
        Intersite Replication Topology 93 
    Replication Process 95 
        Update Types 96 
        Replicating Changes 96 
    Configuring Intersite Replication 102 
        Creating Additional Sites 103 
        Site Links 103 
        Site Link Bridges 105 
        Replication Transport Protocols 106 
        Configuring Bridgehead Servers 107 
    Monitoring and Troubleshooting Replication 108 
    Summary 110 
PART II IMPLEMENTING WINDOWS SERVER 2003 ACTIVE DIRECTORY 
5   Designing the Active Directory Structure 113 
    Designing the Forest Structure 113 
        Forests and Active Directory Design 114 
        Single or Multiple Forests 116 
        Defining Forest Ownership 119 
        Forest Change Control Policies 120 
    Designing the Domain Structure 121 
        Domains and Active Directory Design 121 
        Determining the Number of Domains 121 
        Designing the Forest Root Domain 124 
        Designing Domain Hierarchies 125 
        Domain Trees and Trusts 128 
        Changing the Domain Hierarchy 129 
        Defining Domain Ownership 130 
    Designing the DNS Infrastructure 131 
        Examining the Existing DNS Infrastructure 131 
        Namespace Design 132 
    Designing the Organizational Unit Structure 143 
        Organizational Units and Active Directory Design 143 
        Designing an OU Structure 144 
        Creating an OU Design 146 
    Designing the Site Topology 149 
        Sites and Active Directory Design 149 
        Networking Infrastructure and Site Design 150 
        Creating a Site Design 150 
        Designing Server Locations 153 
    Summary 158 
6   Installing Active Directory 159 
    Prerequisites for Installing Active Directory 159 
        Hard Disk 160 
        Network Connectivity 160 
        DNS 161 
        Administrative Permissions 163 
    Active Directory Installation Options 163 
        Configure Your Server Wizard 163 
        Active Directory Installation Wizard (Dcpromo.exe) 164 
        Unattended Installation 165 
    Using the Configure Your Server Wizard 165 
    Using the Active Directory Installation Wizard 167 
        Operating System Compatibility 168 
        Domain and Domain Controller Types 169 
        Naming the Domain 171 
        File Locations 172 
        Verify or Install a DNS Server 173 
        Selecting Default Permissions for User and Group Objects 175 
        Completing the Installation 176 
    Performing an Unattended Installation 178 
    Installing Active Directory from Restored Backup Files 179 
    Removing Active Directory 180 
        Removing Additional Domain Controllers 182 
        Removing the Last Domain Controller 183 
        Unattended Removal of Active Directory 184 
    Summary 184 
7   Migrating to Active Directory 185 
    Migration Paths 186 
        The Domain Upgrade Migration Path 187 
        The Domain Restructure Migration Path 189 
        The Upgrade-Then-Restructure Migration Path 191 
    Determining Your Migration Path 192 
        Migration Path Decision Criteria 192 
        Choosing the Domain Upgrade Path 193 
        Choosing the Domain Restructure Path 195 
        Choosing the Upgrade-Then-Restructure Path 197 
    Preparing for Migration to Active Directory 198 
        Planning the Migration 198 
        Testing the Migration Plan 204 
        Conducting a Pilot Migration 204 
    Upgrading the Domain 205 
        Upgrading from Windows NT Server 4 205
        Upgrading from Windows 2000 Server 213 
    Restructuring the Domain 215 
        Creating the Pristine Forest 217 
        Migrating Account Domains 222 
        Migrating Resource Domains 226 
    Upgrading then Restructuring 231 
    Configuring Interforest Trusts 232 
    Summary 236 
PART III Administering Windows Server 2003 Active Directory 
8   Active Directory Security 239 
    Active Directory Security Basics 239 
        Security Principals 240 
        Access Control Lists 240 
        Access Tokens 241 
        Authentication 241 
        Authorization 242 
    Kerberos Security 242 
        Introduction to Kerberos 243 
        Kerberos Authentication 245 
        Delegation of Authentication 251 
        Configuring Kerberos in Windows Server 2003 253 
        Integration with Public Key Infrastructure 254 
        Integration with Smart Cards 257 
        Interoperability with Other Kerberos Systems 258 
    NTLM Security 260 
    Summary 260 
9   Delegating the Administration of Active Directory 261 
    Active Directory Object Permissions 261 
        Standard Permissions 262 
        Special Permissions 264 
        Permissions Inheritance 268 
        Effective Permissions 270 
        Ownership of Active Directory Objects 273 
    Auditing the Use of Administrative Permissions 274 
    Delegating Administrative Tasks 276 
    Customized Tools for Delegated Administration 280 
        Customizing the Microsoft Management Console 280 
        Creating a Taskpad for Administration 281 
    Planning for the Delegation of Administration 282 
    Summary 283 
10   Managing Active Directory Objects 285 
    Managing Users 285 
        User Objects 285 
        inetOrgPerson Objects 290 
        Contact Accounts 291 
    Managing Groups 292 
        Group Types 292 
        Group Scope 293 
        Creating a Security Group Design 296 
    Managing Computers 299 
    Managing Printer Objects 301 
        Publishing Printers in Active Directory 301 
    Managing Published Shared Folders 304 
    Windows Server 2003 Active Directory Administration Enhancements 305 
    Summary 306 
11   Introduction to Group Policies 307 
    Group Policy Overview 308 
    Implementing Group Policies 311 
        Creating GPOs 312 
        Administering Group Policy Objects 313 
        Group Policy Inheritance and Application 314 
        Modifying the Default Application of Group Policies 316 
        Group Policy Processing 321 
        Delegating Administration of GPOs 326 
        Implementing Group Policies Between Domains and Forests 327 
    Group Policy Management Tools 328 
        RSoP Tool 328 
        GPResult 329 
        GPUpdate 330 
        Group Policy Management Console 330 
    Group Policy Design 332 
    Summary 333 
12   Using Group Policies to Manage Software 335 
    Windows Installer Technology 336 
        Creating a .msi file 336 
    Deploying Software Using Group Policies 337 
        Deploying Applications 338 
        Using Group Policies to Distribute Non-Windows Installer Applications 341 
    Configuring Software Package Properties 343 
        Setting the Default Software Installation Properties 345 
        Installing Customized Software Packages 345 
        Updating an Existing Software Package 347 
        Managing Software Categories 349 
        Configuring File Extension Activation 350 
        Removing Software Using Group Policies 351 
    Using Group Policies to Configure Windows Installer 352 
    Planning for Software Distribution Using Group Policies 354 
    Limitations to Using Group Policies to Manage Software 357 
    Summary 359 
13   Using Group Policies to Manage Computers 361 
    Desktop Management Using Group Policies 362 
    Managing User Data and Profile Settings 364 
        Managing User Profiles 364 
        Folder Redirection 368 
    Configuring Security Settings with Group Policies 372 
        Configuring Domain-Level Security Policies 372 
        Configuring Other Security Settings 377 
        Software Restriction Policies 379 
        Security Templates 382 
    Administrative Templates 385 
    Using Scripts to Manage the User Environment 389 
    Summary 391 
PART IV Maintaining Windows Server 2003 Active Directory 
14   Monitoring and Maintaining Active Directory 395 
    Monitoring Active Directory 395 
        Why Monitor Active Directory? 396 
        How to Monitor Active Directory 398 
        What to Monitor 410 
    Active Directory Database Maintenance 411 
        Garbage Collection 411 
        Online Defragmentation 413 
        Offline Defragmentation of the Active Directory Database 414 
        Managing the Active Directory Database Using Ntdsutil 415 
    Summary 417 
15   Disaster Recovery 419 
    Planning for a Disaster 419 
    Active Directory Data Storage 420 
    Backing Up Active Directory 423 
    Restoring Active Directory 424 
        Restoring Active Directory by Creating a New Domain Controller 425 
        Performing a Nonauthoritative Restore 429 
        Performing an Authoritative Restore 431 
        Restoring Sysvol Information 433 
        Restoring Operations Masters and Global Catalog Servers 435 
    Summary 440 
INDEX 441 
 
 

Tables
2 2-1. Domain Functional Levels 22 
  2-2. Forest Functional Levels 22 
  2-3. Group Policy Setting Types 48 
3 3-1. Common Resource Records in Windows Server 2003 DNS 53 
  3-2. The SRV Record Components 62 
  3-3. A Subset of the DsGetDcName Flag Parameter Values 65 
4 4-1. Replication Rings in a Complex Site 89 
5 5-1. Linking Network Bandwidth to Site Link Costs 151 
6 6-1. Enabling Client OSs to Log On to Active Directory 168 
9 9-1. Special Permissions Configuration Columns 264 
10 10-1. Account Properties for a User Object 288 
  10-2. Username Uniqueness Requirements 289 
  10-3. Active Directory Group Scopes 294 
11 11-1. Group Policy Options 308 
  11-2. The Contents of the Group Policy Template 310 
  11-3. Configuring GPO Settings 314 
  11-4. GPMC Configuration Options 331 
12 12-1. Deployment Options for a Software Package 343 
  12-2. Group Policy Setting Options for Windows Installer 353 
13 13-1. Top-Level Containers in Default Domain Policy 363 
  13-2. Configuring User Profiles Using the Group Policy Object Editor 366 
  13-3. Password Policies 373 
  13-4. Account Lockout Policies 374 
  13-5. Kerberos Policies 375 
  13-6. Security Settings in Group Policies 378 
  13-7. An Administrative Templates Sampler 386 
  13-8. Default Templates Loaded in Windows Server 2003 388 
  13-9. Components of a Template Option 389 
14 14-1. Core Active Directory Functions and Services 400 
  14-2. Replication Performance Counters 401 
  14-3. Key Security Volumes 402 
  14-4. Core Operating System Indicators 402



Have a special request? Send inquires to Customer Service

 

 Business Software | Operating Systems & Servers | Development Tools | Internet Technologies |  Home Productivity
Reference Software | Microsoft Press | Home Page