Windows 2000 Active Directory

Windows 2000 Active Directory

Paperback

$48.60 $54.00 Save 10% Current price is $48.6, Original price is $54. You Save 10%.
Choose Expedited Shipping at checkout for guaranteed delivery by Thursday, January 24

Product Details

ISBN-13: 9780072123234
Publisher: McGraw-Hill Companies, The
Publication date: 04/13/2000
Series: Network Professional's Library Series
Pages: 604
Product dimensions: 7.50(w) x 9.25(h) x 1.22(d)

About the Author


Joe Casad is an MCSE, engineer, and consultant who has authored and co-authored more than a dozen books on computer networking and systems administration. He is the former managing editor of Network Administrator magazine and is currently the technical editor of SysAdmin magazine.

Read an Excerpt


Chapter 1: The Active Directory Environment

Active Directory is a vast and intricate architecture designed to simplify the life of the network administrator. Microsoft insists that Active Directory makes a Windows 2000 network easier to understand and manage. But what is it? According to Microsoft, Active Directory is a directory service, and a directory service is "an information source and the services required for making that information source available to users." But this is only part of what Microsoft means by Active Directory. The real Active Directory is a structure-a paradigm for the network and a way of doing business.

Simply put, Active Directory is three things:

A database

A collection of services that access that database A network environment that exploits the possibilities of that database to provide better, more manageable, and more logical Microsoft networks The rest is details, and those details are the subject of this book. Active Directory is so big, so all encompassing, and so different from anything that preceded it, that it is difficult to know where to begin to describe it. Most descriptions begin with a long list of terms and concepts related to the Active Directory infrastructure. Those terms and concepts are certainly important, and you'll be learning more about them in later chapters. But concepts are of little use without a context, and the best context to begin this study of Active Directory is the context from which it arose: the Windows NT domain.

Active Directory grew out of Windows NT's domain architecture, and many elements of the NT domain are present in its framework. But Active Directory is something more than NT domain architecture. It isn't just an update-it's a whole new approach to networking.

Windows NT went far for an operating system developed wholly from scratch only a few years ago. Windows NT Server 4 was a huge seller that captured a large percent of the corporate networking market. And yet, Microsoft was well aware that NT had certain limitations, like these: Inflexible security system The permission system offered only limited granularity. It was difficult to organize the domain into smaller units. NT did allow resource domains, in which an administrator could control the resources in a local area, but the domain trust system was confusing and anything but seamless, and all the little clouds with one-way arrows in NT Enterprise classes ultimately did not clear up the confusion.

  • Outdated naming system The NetBIOS naming system built into Microsoft networks was out of step with the world. Microsoft supporters and detractors often share the presumption that Microsoft's conventions will someday become the world's conventions, but when it comes to naming resources, the world and the Internet were too big even for Microsoft. The growth of the Web-based technologies has made it increasingly difficult for Microsoft to justify basing its networks around NetBIOS rather than universally accepted and Internet-ready Domain Name System (DNS).
  • Insufficient fault tolerance and bandwidth management The special status of the primary domain controller (PDC) caused special problems when the PDC went offline. A backup domain controller (BDC) could be promoted, but promoting the BDC required human intervention. The PDC/BDC system also posed additional limitations for domains with multiple sites connected through slow wide area network (WAN) links.
  • No informational context The NT domain, with its focus on network security, did only part of what a modern directory service is capable of doing and suffered from the missed opportunity to use its elaborate structure and services to support other types of functions. Inelegant interface Objects, and the tools that managed objects, were confusing and conceptually inconsistent.
A look at how Active Directory addresses these limitations is the best way to begin this study of the Active Directory environment.

Flexible Security

As Figure 1-1 shows, Active Directory supports a new feature that was entirely missing from Windows NT: the organizational unit or OU. An OU is a container that you can create at any time just because you need a container. This container concept is reminiscent of Novell NetWare. You can place many different types of objects inside an OU container: printers, computers, domain controllers, and even users.

OUs create opportunities for subgrouping within a domain that were missing from Windows NT. You can place all users and computers of a single office into a separate OU and delegate authority for those objects to an OU administrator. The OU administrator can then manage users and resources even though he or she may not have access to similar resources in other parts of the domain. Alternatively, you can create position-based OUs, in which users and resources are organized by department rather than by geography...

Table of Contents

Acknowledgmentsxxi
Introductionxxiii
Part IIntroducing Active Directory
1The Active Directory Environment3
What is Active Directory?4
Flexible Security6
DNS Integration8
Fault Tolerance and Bandwidth Management10
The Data Storehouse12
Uniform Interface15
Summary16
2Active Directory Concepts17
Mixed Mode and Native Mode19
A Closer Look at the Active Directory Network21
Operations Masters23
Multiple Domains27
Naming Objects in Active Directory31
Summary36
Part IISetting Up Your Network
3Active Directory with TCP/IP and DNS39
Active Directory and DNS40
How DNS Works40
The DNS Namespace45
Understanding Zones46
Active Directory--Integrated Zones48
Dynamic Updates48
How Active Directory Uses DNS50
Installing DNS Server52
Configuring DNS53
Migrating DNS Data to Windows 2000 DNS Server67
Interoperating with Other DNS Servers68
Sites and Subnets in Active Directory69
Subnets and Sites70
Configuring Active Directory Sites71
Defining Active Directory Subnets74
Placing Servers in Sites76
Summary79
4Understanding Replication81
Replication and Active Directory82
Replication Topology91
Replication and the KCC92
Connection Objects93
Managing Intrasite Replication94
Viewing Connection Objects and Properties96
Creating a New Connection Object98
Checking the Replication Topology100
Forcing Replication Manually101
Intersite Replication102
Configuring Site Links104
Configuring Site Link Bridges109
Configuring a Preferred Bridgehead Server113
Managing and Monitoring Replication115
Repadmin115
Replication Monitor117
Performance Monitor129
Network Monitor131
Summary132
5Users and Groups133
A Quick Look at Windows NT and Windows 2000 Security134
Understanding Groups135
Distribution Groups136
Security Groups136
Predefined and Built-In Groups140
Managing Users and Groups142
Creating New Users143
Adding or Removing Users from Groups146
Viewing and Modifying User Properties149
Moving Users154
Deleting, Disabling, and Renaming User Accounts156
Creating or Deleting a User Principal Name (UPN) Suffix157
Creating Groups159
Adding or Removing Groups from Other Groups161
Viewing and Modifying Group Properties162
Moving Groups163
Deleting Groups163
Assigning Permissions164
Ownership167
Setting Inheritance168
Delegation of Control170
Summary172
6Group Policy173
What Is Group Policy?174
A Look at Policy in Active Directory176
Local Policy176
Default Policy178
Group Policy Objects179
System Policy179
Setting Up Group Policy180
How Group Policies Are Processed184
Where Group Policies Are Stored186
How Group Policies Interact187
Creating a Group Policy Snap-In188
Understanding Group Policy Options191
Templates192
Links194
Filtering Group Policy195
Setting Group Policies that Control Group Policy197
Specifying a Domain Controller197
Group Policy Strategies201
Summary203
7Setting Up Active Directory205
The Deployment Process206
Do You Really Need Active Directory?207
Planning and Implementing a Test Site209
Planning and Implementing a Pilot Site211
Planning Your Active Directory Network212
Axioms, Tips, and Best Practices215
Planning Your Active Directory Rollout222
Executing Your Active Directory Rollout230
Active Directory System Requirements231
Installing Windows 2000232
Important Setup Procedures250
Installing the Windows 2000 Support Tools250
Switching to Native Mode251
Configuring Global Catalog Servers252
Creating an OU252
Delegating Control of an OU253
Moving Objects254
Demoting a Domain Controller254
Summary255
8Managing Active Directory257
Backing Up and Restoring the Active Directory258
Backing Up System State Data260
Replication Restore261
Nonauthoritative Restore262
Authoritative Restore264
Modifying the Directory265
Managing Files and Folders in Active Directory280
Publishing Folders280
Managing Files and Folders through Group Policy283
Managing Printers in Active Directory286
Managing Software in Active Directory289
Assigning Software291
Publishing Software293
Creating a .zap File294
Configuring Software Installation Policy Properties295
Managing the User Desktop Through Group Policy297
Folder Redirection298
Managing Operations Masters300
Reassigning the Schema Master300
Reassigning the Domain Naming Master301
Reassigning the RID Master, PDC Emulator, or Infrastructure Master302
Summary303
9Active Directory Clients305
Understanding Client Options306
Windows 2000 Professional Hardware Requirements308
Windows 2000 Clients311
Windows NT Clients312
Windows 95/98 Clients312
Clients from Other Networking Systems314
Address Book315
Managing Clients316
Computer Management Tool317
AD Users and Computers318
Managing the Network from Clients331
Summary333
Part IIIMastering Active Directory
10Active Directory Schema337
What Is the Schema?338
Attributes, Syntaxes, and Schema Classes341
The Schema Cache346
Modifying the Schema349
Schema Changes and the Schema Master351
Generating an X.500 Object ID354
Working with Active Directory Schema356
Working with ADSI Editor372
Summary376
11Active Directory Security377
Kerberos378
What Is Kerberos?379
How Does Kerberos Work in Windows 2000?384
Configuring Kerberos387
Interoperating Windows 2000 Kerberos394
What Kerberos Doesn't Prevent397
Understanding Security Policy398
Account Policies400
Local Policies402
Event Log405
Restricted Groups405
System Services407
Registry408
File System410
Public Key Policies411
IP Security Policies411
Summary432
12Scripting Active Directory433
Scripting in the Active Directory Environment434
Interfaces435
What Is Windows Scripting Host?438
Configuring Script Files439
cscript.exe442
wscript.exe443
Setting the Default Scripting Host444
Debugging Scripts444
Logon Scripts446
User Logon Scripts447
Policy Scripts448
Built-in Scripts451
Executing Scripts Automatically452
Running UNIX Scripts in Windows 2000457
Summary458
13Interoperating Windows 2000459
Windows 2000 and NetWare460
Configuring Windows 2000 for NetWare460
Services for NetWare473
Windows 2000 and UNIX-Based Systems474
Connectivity Utilities476
Interoperating Printers with UNIX488
Telnet Server490
Simple TCP/IP Services496
Services for UNIX497
Windows 2000 and Macintosh498
File Services for Macintosh500
Print Services for Macintosh510
Supporting AppleTalk515
Active Directory in the Microsoft Exchange Environment519
Organizing and Optimizing Connection Agreements524
Implementing an Exchange Server Connection525
Managing the Active Directory Connector532
Summary535
Index537

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews

Windows 2000 Active Directory 4 out of 5 based on 0 ratings. 1 reviews.
Guest More than 1 year ago
This is a great cover to cover reference if you are looking for a clear understanding of the Windows 2000 Active Directory. This book explains Active Directory components as well as gives you the insight on how it all works together. The facts and hands-on examples will help a novice as well as the MCSE in your organization. I only have one fault with this book. The editor did not catch the double words and other minor errors.