Windows 2000 Active Directory

( 1 )


Get a jump on the all-new Windows 2000 directory service Window 2000's Active Directory identifies all resources on a network,making them accessible to users and application u something previous versions of NT lacked. Windows 2000 Active Directory,by Joe Casad,shows you how to to use Active Directory to reduce the total cost of running a network by controlling all the directories and devices on a network from one location,under one platform. This unique,in-depth treatment gives you specific cost-saving tips and ...
See more details below
$46.17 price
(Save 5%)$48.95 List Price
Other sellers (Paperback)
  • All (18) from $1.99   
  • New (7) from $16.50   
  • Used (11) from $1.99   
Sending request ...


Get a jump on the all-new Windows 2000 directory service Window 2000's Active Directory identifies all resources on a network,making them accessible to users and application u something previous versions of NT lacked. Windows 2000 Active Directory,by Joe Casad,shows you how to to use Active Directory to reduce the total cost of running a network by controlling all the directories and devices on a network from one location,under one platform. This unique,in-depth treatment gives you specific cost-saving tips and examples. You learn how to set up Active Directory. . . handle security. . . . distinguish domains trees and interoperate Active Directory with NT and NetWare,TCP/IP and DNS. . . write scripts to automate administrative tasks. . . support applications. . . customize schema. . . and more.

Your practical guide to Active Directory - the most important new feature of Windows 2000.

Administer and customize your Active Directory network with the secrets revealed in this comprehensive volume. Windows 2000 Active Directory provides hands-on details about Active Directory,the multi-master directory service at the heart of the Windows 2000 network. This practical study of Active Directory provides a balanced discussion that delves into the theory and serves as a practical desktop reference. If you are looking for the straight facts on how to administer Active Directory,look inside. This single-volume reference explains how to plan,deploy,configure,manage,and customize the Active Directory environment. Plus,you'll get eight pages of color blueprints that illustrate core Active Directory concepts.

  • Manage and monitor the Active Directoryreplication process
  • Customize and manipulate the Active Directory schema to create new object classes and attributes
  • Understand Kerberos authentication and how it operates on Windows 2000 networks
  • Create and manage group policy objects for efficient,granular administration of network resources
  • Secure network communications through Windows 2000's IP security
  • Backup and reset the Active Directory database
  • Configure Active Directory domains,trusts,sites,site links,and site link bridges
  • Administer Active Directory through command-line tools provided with the Windows 2000 Support Tools and the Windows 2000 Resource Kit
Read More Show Less

Product Details

  • ISBN-13: 9780072123234
  • Publisher: McGraw-Hill Companies, The
  • Publication date: 4/13/2000
  • Series: Network Professional's Library Series
  • Pages: 604
  • Product dimensions: 7.50 (w) x 9.25 (h) x 1.25 (d)

Meet the Author

Joe Casad is an MCSE, engineer, and consultant who has authored and co-authored more than a dozen books on computer networking and systems administration. He is the former managing editor of Network Administrator magazine and is currently the technical editor of SysAdmin magazine.
Read More Show Less

Read an Excerpt

Chapter 1: The Active Directory Environment

Active Directory is a vast and intricate architecture designed to simplify the life of the network administrator. Microsoft insists that Active Directory makes a Windows 2000 network easier to understand and manage. But what is it? According to Microsoft, Active Directory is a directory service, and a directory service is "an information source and the services required for making that information source available to users." But this is only part of what Microsoft means by Active Directory. The real Active Directory is a structure-a paradigm for the network and a way of doing business.

Simply put, Active Directory is three things:

A database

A collection of services that access that database A network environment that exploits the possibilities of that database to provide better, more manageable, and more logical Microsoft networks The rest is details, and those details are the subject of this book. Active Directory is so big, so all encompassing, and so different from anything that preceded it, that it is difficult to know where to begin to describe it. Most descriptions begin with a long list of terms and concepts related to the Active Directory infrastructure. Those terms and concepts are certainly important, and you'll be learning more about them in later chapters. But concepts are of little use without a context, and the best context to begin this study of Active Directory is the context from which it arose: the Windows NT domain.

Active Directory grew out of Windows NT's domain architecture, and many elements of the NT domain are present in its framework. But Active Directory is something more than NT domain architecture. It isn't just an update-it's a whole new approach to networking.

Windows NT went far for an operating system developed wholly from scratch only a few years ago. Windows NT Server 4 was a huge seller that captured a large percent of the corporate networking market. And yet, Microsoft was well aware that NT had certain limitations, like these: Inflexible security system The permission system offered only limited granularity. It was difficult to organize the domain into smaller units. NT did allow resource domains, in which an administrator could control the resources in a local area, but the domain trust system was confusing and anything but seamless, and all the little clouds with one-way arrows in NT Enterprise classes ultimately did not clear up the confusion.

  • Outdated naming system The NetBIOS naming system built into Microsoft networks was out of step with the world. Microsoft supporters and detractors often share the presumption that Microsoft's conventions will someday become the world's conventions, but when it comes to naming resources, the world and the Internet were too big even for Microsoft. The growth of the Web-based technologies has made it increasingly difficult for Microsoft to justify basing its networks around NetBIOS rather than universally accepted and Internet-ready Domain Name System (DNS).
  • Insufficient fault tolerance and bandwidth management The special status of the primary domain controller (PDC) caused special problems when the PDC went offline. A backup domain controller (BDC) could be promoted, but promoting the BDC required human intervention. The PDC/BDC system also posed additional limitations for domains with multiple sites connected through slow wide area network (WAN) links.
  • No informational context The NT domain, with its focus on network security, did only part of what a modern directory service is capable of doing and suffered from the missed opportunity to use its elaborate structure and services to support other types of functions. Inelegant interface Objects, and the tools that managed objects, were confusing and conceptually inconsistent.
A look at how Active Directory addresses these limitations is the best way to begin this study of the Active Directory environment.

Flexible Security

As Figure 1-1 shows, Active Directory supports a new feature that was entirely missing from Windows NT: the organizational unit or OU. An OU is a container that you can create at any time just because you need a container. This container concept is reminiscent of Novell NetWare. You can place many different types of objects inside an OU container: printers, computers, domain controllers, and even users.

OUs create opportunities for subgrouping within a domain that were missing from Windows NT. You can place all users and computers of a single office into a separate OU and delegate authority for those objects to an OU administrator. The OU administrator can then manage users and resources even though he or she may not have access to similar resources in other parts of the domain. Alternatively, you can create position-based OUs, in which users and resources are organized by department rather than by geography...

Read More Show Less

Table of Contents

Acknowledgments xxi
Introduction xxiii
Part I Introducing Active Directory
1 The Active Directory Environment 3
What is Active Directory? 4
Flexible Security 6
DNS Integration 8
Fault Tolerance and Bandwidth Management 10
The Data Storehouse 12
Uniform Interface 15
Summary 16
2 Active Directory Concepts 17
Mixed Mode and Native Mode 19
A Closer Look at the Active Directory Network 21
Operations Masters 23
Multiple Domains 27
Naming Objects in Active Directory 31
Summary 36
Part II Setting Up Your Network
3 Active Directory with TCP/IP and DNS 39
Active Directory and DNS 40
How DNS Works 40
The DNS Namespace 45
Understanding Zones 46
Active Directory--Integrated Zones 48
Dynamic Updates 48
How Active Directory Uses DNS 50
Installing DNS Server 52
Configuring DNS 53
Migrating DNS Data to Windows 2000 DNS Server 67
Interoperating with Other DNS Servers 68
Sites and Subnets in Active Directory 69
Subnets and Sites 70
Configuring Active Directory Sites 71
Defining Active Directory Subnets 74
Placing Servers in Sites 76
Summary 79
4 Understanding Replication 81
Replication and Active Directory 82
Replication Topology 91
Replication and the KCC 92
Connection Objects 93
Managing Intrasite Replication 94
Viewing Connection Objects and Properties 96
Creating a New Connection Object 98
Checking the Replication Topology 100
Forcing Replication Manually 101
Intersite Replication 102
Configuring Site Links 104
Configuring Site Link Bridges 109
Configuring a Preferred Bridgehead Server 113
Managing and Monitoring Replication 115
Repadmin 115
Replication Monitor 117
Performance Monitor 129
Network Monitor 131
Summary 132
5 Users and Groups 133
A Quick Look at Windows NT and Windows 2000 Security 134
Understanding Groups 135
Distribution Groups 136
Security Groups 136
Predefined and Built-In Groups 140
Managing Users and Groups 142
Creating New Users 143
Adding or Removing Users from Groups 146
Viewing and Modifying User Properties 149
Moving Users 154
Deleting, Disabling, and Renaming User Accounts 156
Creating or Deleting a User Principal Name (UPN) Suffix 157
Creating Groups 159
Adding or Removing Groups from Other Groups 161
Viewing and Modifying Group Properties 162
Moving Groups 163
Deleting Groups 163
Assigning Permissions 164
Ownership 167
Setting Inheritance 168
Delegation of Control 170
Summary 172
6 Group Policy 173
What Is Group Policy? 174
A Look at Policy in Active Directory 176
Local Policy 176
Default Policy 178
Group Policy Objects 179
System Policy 179
Setting Up Group Policy 180
How Group Policies Are Processed 184
Where Group Policies Are Stored 186
How Group Policies Interact 187
Creating a Group Policy Snap-In 188
Understanding Group Policy Options 191
Templates 192
Links 194
Filtering Group Policy 195
Setting Group Policies that Control Group Policy 197
Specifying a Domain Controller 197
Group Policy Strategies 201
Summary 203
7 Setting Up Active Directory 205
The Deployment Process 206
Do You Really Need Active Directory? 207
Planning and Implementing a Test Site 209
Planning and Implementing a Pilot Site 211
Planning Your Active Directory Network 212
Axioms, Tips, and Best Practices 215
Planning Your Active Directory Rollout 222
Executing Your Active Directory Rollout 230
Active Directory System Requirements 231
Installing Windows 2000 232
Important Setup Procedures 250
Installing the Windows 2000 Support Tools 250
Switching to Native Mode 251
Configuring Global Catalog Servers 252
Creating an OU 252
Delegating Control of an OU 253
Moving Objects 254
Demoting a Domain Controller 254
Summary 255
8 Managing Active Directory 257
Backing Up and Restoring the Active Directory 258
Backing Up System State Data 260
Replication Restore 261
Nonauthoritative Restore 262
Authoritative Restore 264
Modifying the Directory 265
Managing Files and Folders in Active Directory 280
Publishing Folders 280
Managing Files and Folders through Group Policy 283
Managing Printers in Active Directory 286
Managing Software in Active Directory 289
Assigning Software 291
Publishing Software 293
Creating a .zap File 294
Configuring Software Installation Policy Properties 295
Managing the User Desktop Through Group Policy 297
Folder Redirection 298
Managing Operations Masters 300
Reassigning the Schema Master 300
Reassigning the Domain Naming Master 301
Reassigning the RID Master, PDC Emulator, or Infrastructure Master 302
Summary 303
9 Active Directory Clients 305
Understanding Client Options 306
Windows 2000 Professional Hardware Requirements 308
Windows 2000 Clients 311
Windows NT Clients 312
Windows 95/98 Clients 312
Clients from Other Networking Systems 314
Address Book 315
Managing Clients 316
Computer Management Tool 317
AD Users and Computers 318
Managing the Network from Clients 331
Summary 333
Part III Mastering Active Directory
10 Active Directory Schema 337
What Is the Schema? 338
Attributes, Syntaxes, and Schema Classes 341
The Schema Cache 346
Modifying the Schema 349
Schema Changes and the Schema Master 351
Generating an X.500 Object ID 354
Working with Active Directory Schema 356
Working with ADSI Editor 372
Summary 376
11 Active Directory Security 377
Kerberos 378
What Is Kerberos? 379
How Does Kerberos Work in Windows 2000? 384
Configuring Kerberos 387
Interoperating Windows 2000 Kerberos 394
What Kerberos Doesn't Prevent 397
Understanding Security Policy 398
Account Policies 400
Local Policies 402
Event Log 405
Restricted Groups 405
System Services 407
Registry 408
File System 410
Public Key Policies 411
IP Security Policies 411
Summary 432
12 Scripting Active Directory 433
Scripting in the Active Directory Environment 434
Interfaces 435
What Is Windows Scripting Host? 438
Configuring Script Files 439
cscript.exe 442
wscript.exe 443
Setting the Default Scripting Host 444
Debugging Scripts 444
Logon Scripts 446
User Logon Scripts 447
Policy Scripts 448
Built-in Scripts 451
Executing Scripts Automatically 452
Running UNIX Scripts in Windows 2000 457
Summary 458
13 Interoperating Windows 2000 459
Windows 2000 and NetWare 460
Configuring Windows 2000 for NetWare 460
Services for NetWare 473
Windows 2000 and UNIX-Based Systems 474
Connectivity Utilities 476
Interoperating Printers with UNIX 488
Telnet Server 490
Simple TCP/IP Services 496
Services for UNIX 497
Windows 2000 and Macintosh 498
File Services for Macintosh 500
Print Services for Macintosh 510
Supporting AppleTalk 515
Active Directory in the Microsoft Exchange Environment 519
Organizing and Optimizing Connection Agreements 524
Implementing an Exchange Server Connection 525
Managing the Active Directory Connector 532
Summary 535
Index 537
Read More Show Less

Customer Reviews

Average Rating 4
( 1 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted June 23, 2000

    Read Cover to Cover, Then Use It As A Reference Tool

    This is a great cover to cover reference if you are looking for a clear understanding of the Windows 2000 Active Directory. This book explains Active Directory components as well as gives you the insight on how it all works together. The facts and hands-on examples will help a novice as well as the MCSE in your organization. I only have one fault with this book. The editor did not catch the double words and other minor errors.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)