Table Of ContentActive Directory
Brian Desmond
Joe Richards
Robbie Allen
Alistair G. Lowe-Norris
Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo
Special Upgrade Offer
If you purchased this ebook directly from oreilly.com, you have the following
benefits:
DRM-free ebooks—use your ebooks across devices without restrictions or
limitations
Multiple formats—use on your laptop, tablet, or phone
Lifetime access, with free updates
Dropbox syncing—your files, anywhere
If you purchased this ebook from another retailer, you can upgrade your ebook
to take advantage of all these benefits for just $4.99. Click here to access your
ebook upgrade.
Please note that upgrade offers are not available from sample content.
Preface
Active Directory is a common repository for information about objects that
reside on the network, such as users, groups, computers, printers, applications,
and files. The default Active Directory schema supports numerous attributes for
each object class that can be used to store a variety of information. Access
control lists (ACLs) are also stored with each object, which allows you to
maintain permissions for who can access and manage the object. Having a single
source for this information makes it more accessible and easier to manage;
however, accomplishing this requires a significant amount of knowledge on such
topics as the Lightweight Directory Access Protocol (LDAP), Kerberos, the
Domain Name System (DNS), multimaster replication, group policies, and data
partitioning, to name a few. This book will be your guide through this maze of
technologies, showing you how to deploy a scalable and reliable Active
Directory infrastructure.
This book is a major update to the very successful fourth edition. All of the
existing chapters have been brought up to date through Windows Server 2012, in
addition to updates in concepts and approaches to managing Active Directory
and script updates. There are five new chapters (Chapter 3, Chapter 7,
Chapter 10, Chapter 19, and Chapter 21) to explain features or concepts not
covered in previous editions. These chapters include in-depth coverage of
management tools, LDAP query syntax, Kerberos, Active Directory Federation
Services (ADFS), and more.
This book describes Active Directory in depth, but not in the traditional way of
going through the graphical user interface screen by screen. Instead, the book
sets out to tell administrators how to design, manage, and maintain a small,
medium, or enterprise Active Directory infrastructure.
We begin in general terms with how Active Directory works, giving you a
thorough grounding in its concepts. Some of the topics include Active Directory
replication, the schema, application partitions, group policies, interaction with
DNS, domain controllers, password policies, Kerberos, and LDAP.
Next, we describe in copious detail the issues around properly designing the
directory infrastructure. Topics include in-depth looks at designing the
namespace, creating a site topology, designing group policies, auditing,
permissions, Dynamic Access Control (DAC), backup and recovery, Active
Directory Lightweight Directory Services (AD LDS, formerly ADAM),
upgrading Active Directory, and ADFS.
If you’re simply looking for in-depth coverage of how to use the Microsoft
Management Console (MMC) snap-ins or Resource Kit tools, look elsewhere.
However, if you want a book that lays bare the design and management of an
enterprise or departmental Active Directory, you need not look any further.
1. Intended Audience
This book is intended for all Active Directory administrators, whether you
manage a single server or a global multinational with thousands of servers. Even
if you have a previous edition, you will find this fifth edition to be full of
updates and corrections and a worthy addition to your “good” bookshelf: the
bookshelf next to your PC with the books you really read that are all dog-eared
with soda drink spills and pizza grease on them. To get the most out of the book,
you will probably find it useful to have a server running Windows Server 2012
available so that you can check out various items as we point them out.
2. Contents of the Book
Chapter 1, A Brief Introduction
Reviews the evolution of the Microsoft network operating system (NOS)and
some of the major features and benefits of Active Directory.
Chapter 2, Active Directory Fundamentals
Provides a high-level look at how objects are stored in Active Directory and
explains some of the internal structures and concepts that it relies on.
Chapter 3, Active Directory Management Tools
Demonstrates how to use the various MMC snap-ins and management tools
Demonstrates how to use the various MMC snap-ins and management tools
that are commonly used by Active Directory administrators.
Chapter 4, Naming Contexts and Application Partitions
Reviews the predefined naming contexts within Active Directory, what is
contained within each, and the purpose of application partitions.
Chapter 5, Active Directory Schema
Describes how the blueprint for each object and each object’s attributes are
stored in Active Directory.
Chapter 6, Site Topology and Active Directory Replication
Details how the actual replication process for data takes place between
domain controllers.
Chapter 7, Searching Active Directory
Explains the LDAP query syntax used for gathering data from Active
Directory.
Chapter 8, Active Directory and DNS
Describes the importance of the Domain Name System and what it is used
for within Active Directory.
Chapter 9, Domain Controllers
Describes the deployment and operation of writable and read-only domain
controllers (RODCs) as well as the impacts of hardware virtualization on
Active Directory.
Chapter 10, Authentication and Security Protocols
Describes the Kerberos security protocol that is fundamental to Active
Directory, as well as managed service accounts.
Chapter 11, Group Policy Primer
Provides a detailed introduction to the capabilities of group policy objects
Provides a detailed introduction to the capabilities of group policy objects
and how to manage them.
Chapter 12, Fine-Grained Password Policies
Gives comprehensive coverage of how to design, implement, and manage
fine-grained password policies.
Chapter 13, Designing the Active Directory Structure
Introduces the steps and techniques involved in properly preparing a design
that reduces the number of domains and increases administrative control
through the use of organizational unit(s).
Chapter 14, Creating a Site Topology
Shows you how to design a representation of your physical infrastructure
within Active Directory to gain very fine-grained control over intrasite and
intersite replication.
Chapter 15, Planning for Group Policy
Explains how group policy objects function in Active Directory and how you
can properly design an Active Directory structure to make the most effective
use of these functions.
Chapter 16, Active Directory Security: Permissions and Auditing
Describes how you can design effective security for all areas of your Active
Directory infrastructure, both in terms of access to objects and their
properties; includes information on how to design effective security access
logging in any areas you choose. This chapter also covers Dynamic Access
Control.
Chapter 17, Designing and Implementing Schema Extensions
Covers procedures for extending the classes and attributes in the Active
Directory schema.
Chapter 18, Backup, Recovery, and Maintenance
Describes how you can back up and restore Active Directory, from the entire
directory down to the object level.
Chapter 19, Upgrading Active Directory
Discusses the features introduced in each version of Active Directory,
followed by an outline of how you can upgrade your existing Active
Directory infrastructure to Windows Server 2012.
Chapter 20, Active Directory Lightweight Directory Services
Introduces Active Directory Lightweight Directory Services.
Chapter 21, Active Directory Federation Services
Introduces Active Directory Federation Services.
Appendix A
Starts off by providing some background information on the .NET
Framework and then dives into several examples using the
System.DirectoryServices namespaces with VB.NET.
3. Conventions Used in This Book
The following typographical conventions are used in this book:
Constant width
Indicates command-line input, computer output, registry keys and values,
objects, methods, namespaces, and code examples.
Constant width italic
Indicates text that should be replaced with user-supplied values.
Constant width bold
Indicates user input.
Indicates user input.
Italic
Introduces new terms and indicates URLs, commands, command-line
utilities and switches, file extensions, filenames, directory or folder names,
and UNC pathnames.
NOTE
Indicates a tip, suggestion, or general note. For example, we’ll tell you if you need to use a
particular version or if an operation requires certain privileges.
WARNING
Indicates a warning or caution. For example, we’ll tell you if Active Directory does not behave
as you’d expect or if a particular operation has a negative impact on performance.
Using Code Examples
This book is here to help you get your job done. In general, if this book includes
code examples, you may use the code in your programs and documentation. You
do not need to contact us for permission unless you’re reproducing a significant
portion of the code. For example, writing a program that uses several chunks of
code from this book does not require permission. Selling or distributing a CD-
ROM of examples from O’Reilly books does require permission. Answering a
question by citing this book and quoting example code does not require
permission. Incorporating a significant amount of example code from this book
into your product’s documentation does require permission.
We appreciate, but do not require, attribution. An attribution usually includes the
title, author, publisher, and ISBN. For example: “Active Directory by Brian
Desmond, Joe Richards, Robbie Allen, and Alistair G. Lowe-Norris (O’Reilly).
Copyright 2013 Brian Desmond, Joe Richards, Robbie Allen, and Alistair Lowe-
Norris, 978-1-449-32002-7.”
If you feel your use of code examples falls outside fair use or the permission
given above, feel free to contact us at [email protected].
Safari® Books Online
Safari Books Online (www.safaribooksonline.com) is an on-demand digital
library that delivers expert content in both book and video form from the world’s
leading authors in technology and business.
Technology professionals, software developers, web designers, and business and
creative professionals use Safari Books Online as their primary resource for
research, problem solving, learning, and certification training.
Safari Books Online offers a range of product mixes and pricing programs for
organizations, government agencies, and individuals. Subscribers have access to
thousands of books, training videos, and prepublication manuscripts in one fully
searchable database from publishers like O’Reilly Media, Prentice Hall
Professional, Addison-Wesley Professional, Microsoft Press, Sams, Que,
Peachpit Press, Focal Press, Cisco Press, John Wiley & Sons, Syngress, Morgan
Kaufmann, IBM Redbooks, Packt, Adobe Press, FT Press, Apress, Manning,
New Riders, McGraw-Hill, Jones & Bartlett, Course Technology, and dozens
more. For more information about Safari Books Online, please visit us online.
How to Contact Us
Please address comments and questions concerning this book to the publisher:
O’Reilly Media, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
800-998-9938 (in the United States or Canada)
707-829-0515 (international or local)
707-829-0104 (fax)
We have a web page for this book, where we list errata, examples, and any
additional information. You can access this page at
http://oreil.ly/Active_Dir_5E.
