Preface | p. xvii |
Introduction to Active Directory | p. 1 |
Migrating from NT 3.51 and NT 4 to Active Directory | p. 41 |
Server Migration Strategies | p. 43 |
Primary Domain Controllers (PDCs) | p. 51 |
Changes Required When Upgrading a Domain Controller | p. 54 |
Backup Domain Controllers (BDCs) | p. 54 |
Member Servers | p. 57 |
Promoting Member Servers with Dcpromo | p. 57 |
Upgrading with the Windows 2000 Setup Wizard | p. 58 |
Installing Active Directory Services | p. 61 |
Interim Mixed Domains | p. 64 |
Mixed Mode | p. 65 |
Native Mode | p. 66 |
Migrating Components | p. 67 |
Using Organizational Units (OUs) to Create a Hierarchical Structure | p. 67 |
User Accounts | p. 69 |
Machine Accounts | p. 70 |
Nested Groups | p. 71 |
Global Groups | p. 72 |
Delegating Administrative Authority | p. 73 |
Insert into the Replication Topology | p. 74 |
Migrating from Novell Directory Services | p. 75 |
Upgrade Clients to Windows 2000 Professional | p. 77 |
Active Directory Naming Strategies | p. 85 |
What Is DNS? | p. 87 |
How DNS Zones Function | p. 89 |
Active Directory's Integration with DNS | p. 91 |
How Active Directory Uses DNS | p. 94 |
Planning Active Directory and DNS | p. 98 |
Forest Plan | p. 100 |
Domain and DNS Strategy | p. 102 |
Root Domain | p. 103 |
About Domains | p. 104 |
DNS Servers | p. 104 |
Organizational Units (OUs) | p. 105 |
Site Topology | p. 107 |
Naming Conventions | p. 107 |
Defining DNS Names | p. 108 |
Defining DNS Zones | p. 112 |
Naming Conventions for Active Directory | p. 114 |
Migrating an Existing Exchange Server Design | p. 114 |
Migrating an Existing Novell Directory Services Design | p. 115 |
Virtual Containers | p. 115 |
Designing a Domain Structure | p. 119 |
Designing Active Directory | p. 123 |
Forest Plan | p. 124 |
Tekkietech.com | p. 124 |
Insurance, Inc. | p. 126 |
Domain Plan Including DNS Strategy | p. 126 |
Tekkietech.com | p. 129 |
Insurance, Inc. | p. 130 |
Organizational Unit Strategy | p. 132 |
Tekkietech.com | p. 132 |
Insurance, Inc. | p. 134 |
Site Topology | p. 134 |
Tekkietech.com | p. 136 |
Insurance, Inc. | p. 138 |
Organizational Unit Structure | p. 138 |
OU Objects in the Active Directory | p. 138 |
Group Policy and OUs | p. 138 |
Delegating Administration | p. 140 |
Implementing a Domain | p. 149 |
Installing the First Domain in Active Directory | p. 151 |
Active Directory Wizard | p. 153 |
Integrating DNS into the Active Directory | p. 162 |
Configuring DNS | p. 163 |
Active Directory Integrated Zones | p. 165 |
About Zones | p. 166 |
Service Resource Record Registration | p. 168 |
Creating Organizational Units | p. 169 |
Managing Objects in Active Directory | p. 171 |
Managing User Accounts | p. 171 |
Managing Groups | p. 173 |
Managing Computers | p. 174 |
Common Object Management | p. 178 |
Nesting Groups | p. 178 |
Role-Based Administration | p. 179 |
Microsoft Management Console | p. 179 |
Administrative Roles | p. 180 |
Building Trees and Forests | p. 185 |
Forest Characteristics | p. 187 |
Common Schema | p. 188 |
Common Configuration | p. 188 |
Global Catalog | p. 188 |
Contiguous Namespace | p. 189 |
Trust Relationships | p. 190 |
Transitive Bidirectional Trust | p. 191 |
Trusts that Cross Forests | p. 192 |
Trust Utilities | p. 193 |
Planning a Forest Structure | p. 198 |
The Domain Tree Structure | p. 201 |
Adding a Child Domain | p. 203 |
Sizing the Active Directory Store | p. 203 |
Managing the Forest | p. 208 |
Modifying the Schema | p. 217 |
About Objects and Attributes | p. 218 |
Planning Schema Modifications | p. 219 |
Why Modify the Schema? | p. 220 |
When to Modify the Schema | p. 220 |
Who Should Modify the Schema? | p. 222 |
Schema Management Console | p. 223 |
Flexible Single Master Operation | p. 223 |
How to Modify the Schema | p. 226 |
Class | p. 226 |
Attributes | p. 234 |
System Checks After Schema Modification | p. 236 |
Schema Container | p. 237 |
The Cache | p. 239 |
Schema Utilities | p. 240 |
Querying the Active Directory | p. 241 |
Display Specifiers | p. 242 |
Planning and Implementing Sites | p. 247 |
The Function of Sites in Active Directory | p. 248 |
Default-First-Site-Name | p. 251 |
Replicated Active Directory Components | p. 252 |
Domain Partitions | p. 252 |
Global Catalog | p. 253 |
Schema and Configuration Containers | p. 254 |
Site Replication Components | p. 254 |
Site Objects | p. 255 |
Connection Objects | p. 256 |
Site Links | p. 257 |
Site Link Bridges | p. 258 |
Replication Protocols | p. 259 |
Replication in Active Directory | p. 261 |
Replication Topology | p. 262 |
Planning a Site Structure | p. 265 |
Placing Domain Controllers | p. 269 |
Where to Place Global Catalog Servers | p. 270 |
Implementing a Site Structure in Active Directory | p. 271 |
Replication Utilities | p. 276 |
Replication Monitor (REPLMON) | p. 276 |
Replication Administrator (REPADMIN) | p. 277 |
DSASTAT | p. 277 |
Understanding Time Synchronization in Active Directory | p. 278 |
Intellimirror | p. 285 |
What Are Group Policies? | p. 287 |
How Group Policies Are Applied | p. 290 |
Refresh Interval | p. 290 |
Blocking and Enforcing | p. 291 |
Group Policy Information Storage | p. 293 |
Administrative Templates | p. 294 |
Registry.pol | p. 296 |
Group Policy Settings | p. 296 |
Computer Configuration | p. 297 |
User Configuration | p. 297 |
Designing a Group Policy Strategy | p. 299 |
Group Policy in WAN Environments | p. 302 |
Implementing Group Policy Strategies | p. 303 |
Configuring Group Policy Objects | p. 304 |
Link a Group Policy Object to a Container | p. 306 |
Adding Scripts | p. 310 |
Deploying Applications | p. 312 |
Folder Redirection | p. 317 |
Keeping Groups from Growing Over Time | p. 320 |
Troubleshooting Group Policies | p. 321 |
Policy Does Not Execute | p. 321 |
Policy Executes in the Wrong Way | p. 323 |
Logging On Takes a Long Time | p. 323 |
Security | p. 324 |
Groups | p. 324 |
Group Strategy | p. 328 |
Seeing Security Features in Active Directory Users and Computers | p. 328 |
Domain Security Console | p. 329 |
Account Policies | p. 330 |
Local Policies | p. 333 |
Event Log | p. 334 |
Restricted Groups | p. 334 |
System Services | p. 335 |
Registry | p. 335 |
Filesystem | p. 336 |
Public Key Policies | p. 336 |
IP Security Policies on Active Directory | p. 336 |
Security Templates | p. 336 |
Object Protection | p. 337 |
Access Control Lists (ACLs) | p. 337 |
Access Control Entries (ACEs) | p. 338 |
Security Descriptor | p. 339 |
Security Identifier (SID) | p. 340 |
Security Model | p. 341 |
Kerberos | p. 341 |
Public Key Infrastructure (PKI) | p. 342 |
Smart Cards | p. 342 |
IP Security | p. 343 |
Publishing | p. 347 |
Deciding What to Publish | p. 348 |
Sharing Folders | p. 349 |
Publishing a Folder in the Active Directory | p. 350 |
Browsing and Querying for Shared Folders | p. 353 |
Overview of DFS and EFS | p. 357 |
Publishing a Printer in the Active Directory | p. 359 |
Interfacing with Active Directory | p. 360 |
ADSI | p. 361 |
RPC | p. 363 |
Windows Sockets | p. 363 |
DCOM | p. 364 |
Exchange Server Active Directory Connector | p. 364 |
Novell Directory Service Synchronization | p. 366 |
Plugging into Active Directory | p. 369 |
Microsoft's Metadirectory | p. 370 |
VIA Architecture | p. 374 |
Mission Critical's Migration Tool | p. 376 |
Deploying Active Directory-Enabled Clients | p. 376 |
Best Practices | p. 377 |
Deploying DSClient | p. 377 |
Cisco | p. 379 |
CNS/AD | p. 380 |
What CNS/AD Does | p. 382 |
Fastlane Technologies | p. 384 |
DM/Reporter | p. 384 |
DM/Administrator | p. 386 |
DM/Manager | p. 387 |
DM/Developer | p. 390 |
DM/Consolidator | p. 391 |
SAP | p. 391 |
Active Directory for Windows 2000 Fast-Track | p. 395 |
What Active Directory Is, and Why You Need to Know About It | p. 396 |
Demote a DC | p. 397 |
Policy-Based Administration | p. 397 |
Decentralized Administration | p. 397 |
Improved Security | p. 398 |
Important Features and Design Changes | p. 398 |
Scalability of Forests, Domains, Organizational Units, and Sites | p. 398 |
Extensibility of the Schema | p. 402 |
Multi-Master Domain Controllers | p. 402 |
Intellimirror | p. 404 |
Kerberos Trusts | p. 405 |
Use of Standard Protocols | p. 407 |
Accessibility of Resources | p. 408 |
Industries and Companies Affected by Windows 2000 | p. 410 |
Technology Vendors and Partners | p. 410 |
Competitors | p. 411 |
Customers | p. 412 |
And ... Microsoft Itself | p. 413 |
Advantages and Disadvantages of Active Directory | p. 413 |
Advantages with the Active Directory | p. 413 |
Problems with the Active Directory | p. 414 |
Disaster Recovery for Active Directory | p. 419 |
Modeling Sites with Disaster Recovery in Mind | p. 421 |
Avoiding Disasters | p. 425 |
Universal Power Source | p. 425 |
RAID | p. 426 |
Clustering | p. 427 |
File Replication Service | p. 428 |
Distributed File Service (Dfs) | p. 428 |
The Active Directory Database File Structure | p. 429 |
Backup | p. 431 |
Creating an Emergency Repair Disk | p. 433 |
Recovering a Failed Domain Controller | p. 434 |
Authoritative Restore of Deleted Objects | p. 435 |
Startup Options | p. 436 |
The Recovery Console | p. 438 |
Secrets | p. 441 |
Lesser Known Management Shortcuts | p. 442 |
Upgrading DNS and Supporting DNS Dynamic Update Protocol | p. 442 |
Creating a Custom Microsoft Management Console (MMC) | p. 442 |
PDC Emulation and Native Mode | p. 443 |
How Active Directory Prevents Unnecessary Replication | p. 445 |
Under-Documented Functions/Procedure | p. 446 |
How an LDAP Query Accesses Active Directory | p. 446 |
Software Installation | p. 447 |
How to Create and Configure a Dfs Root | p. 449 |
Informational Message | p. 450 |
Renaming | p. 450 |
Quick Application of an Updated Group Policy | p. 451 |
DNS Migrations | p. 451 |
DNS Best Practices | p. 453 |
For Experts Only | p. 453 |
Add a Server to Two Different Sites Simultaneously | p. 453 |
Removing Phantom Objects | p. 454 |
Phantom Domains | p. 455 |
Transferring FSMO Roles | p. 456 |
Troubleshooting Tips | p. 460 |
Avoiding Errors When Migrating a Domain | p. 460 |
Remote Procedure Call (RPC) Errors | p. 460 |
Index | p. 463 |
Table of Contents provided by Syndetics. All Rights Reserved. |