Home   FAQs   New Arrivals   Specials   Pricing & Shipping   Location   Corporate Services   Why Choose Bookware?  
 Search:   
Call our store: 9955 5567 (from within Sydney) or 1800 734 567 (from outside Sydney)
 View Cart   Check Out   
 
Browse by Subject
 TAFE Accounting
 TAFE I.T./Computing
 TAFE - Other
I.T
 .NET
 Windows 8
 Adobe CS6
 Cisco
 CCNA 2012
 CCNP 2012
 Java
 VB
 ASP
 Web Design
 E-Commerce
 Project Management
 ITIL
 Macintosh
 Mobile Devices
 Linux
 Windows Server 2012
 SQL Server 2012
 SAP
Certification
 MCITP
 MCTS
Economics and Business
 Accounting
 Business Information Systems
 Economics
 Finance
 Management
 Marketing
 TAX
 Human Resources
Academic
 Law
 Nursing
 Medical
 Psychology
 Engineering

Active Directory Cookbook

by: Svidergol, Brian

Notify me when in stock

On-line Price: $79.99 (includes GST)

Paperback package 800

20%Off Retail Price

You save: $20.00

This item is available to backorder. Usually ships within 7 - 10 working days

Retail Price: $99.99

Publisher: O'REILLY,15.05.13

Category: ACTIVE DIRECTORY Level:

ISBN: 1449361420
ISBN13: 9781449361426

Add to Shopping Cart

Take the guesswork out of deploying, administering, and automating Active Directory. With hundreds of proven recipes, the updated edition of this popular cookbook provides quick, step-by-step solutions to common (and not so common) problems you might encounter when working with Microsoft's network directory service.

This fourth edition includes troubleshooting recipes for Windows Server 2012, Windows 8, and Exchange 2013, based on valuable input from Windows administrators. You'll also find quick solutions for the Lightweight Directory Access Protocol (LDAP), Active Directory Lightweight Directory Services (AD LDS), multi-master replication, DNS, Group Policy, and many other features.


  Manage new AD features, such as the Recycle Bin, Group Managed Service Accounts, and fine-grained password policies


  Work with AD from the command line and use Windows PowerShell to automate tasks


  Remove and create forests, domains, and trusts


  Create groups, modify group scope and type, and manage membership


  Delegate control, view and modify permissions, and handle Kerberos tickets


  Import and export data with LDAP Data Interchange Format (LDIF)


  Synchronize multiple directories and enforce data integrity within a single or multiple stores


  Back up AD, and perform authoritative and non-authoritative restores


  Chapter 1 Getting Started


          Approach to the Book


          Where to Find the Tools


          Getting Familiar with LDIF


          Replaceable Text


          Where to Find More Information


  Chapter 2 Forests, Domains, and Trusts


          Introduction


          Creating a Forest


          Removing a Forest


          Creating a Domain


          Removing a Domain


          Removing an Orphaned Domain


          Finding the Domains in a Forest


          Finding the NetBIOS Name of a Domain


          Renaming a Domain


          Raising the Domain Functional Level to Windows Server 2012


          Raising the Functional Level of a Windows Server 2008 or 2008 R2 Forest


          Using AdPrep to Prepare a Domain or Forest for Windows Server 2012


          Determining Whether AdPrep Has Completed


          Checking Whether a Windows Domain Controller Can Be Upgraded to Windows Server 2003 or 2008


          Creating an External Trust


          Creating a Transitive Trust Between Two AD Forests


          Creating a Shortcut Trust Between Two AD Domains


          Creating a Trust to a Kerberos Realm


          Viewing the Trusts for a Domain


          Verifying a Trust


          Resetting a Trust


          Removing a Trust


          Enabling SID Filtering for a Trust


          Enabling Quarantine for a Trust


          Managing Selective Authentication for a Trust


          Finding Duplicate SIDs in a Domain


          Adding Additional Fields to Active Directory Users and Computers


  Chapter 3 Domain Controllers, Global Catalogs, and FSMOs


          Introduction


          Promoting a Server to a Domain Controller


          Promoting a Server to a Read-Only Domain Controller


          Performing a Two-Stage RODC Installation


          Modifying the Password Replication Policy


          Promoting a Server to a Windows Server 2012 Domain Controller from Media


          Demoting a Domain Controller


          Automating the Promotion or Demotion of a Domain Controller


          Troubleshooting Domain Controller Promotion or Demotion Problems


          Verifying the Promotion of a Domain Controller


          Removing an Unsuccessfully Demoted Domain Controller


          Renaming a Domain Controller


          Finding the Domain Controllers for a Domain


          Finding the Closest Domain Controller


          Finding a Domain Controller's Site


          Moving a Domain Controller to a Different Site


          Finding the Services a Domain Controller Is Advertising


          Restoring a Deleted Domain Controller in Windows Server 2012


          Resetting the TCP/IP Stack on a Domain Controller


          Configuring a Domain Controller to Use an External Time Source


          Finding the Number of Logon Attempts Made Against a Domain Controller


          Enabling the /3GB Switch to Increase the LSASS Cache


          Enabling and Disabling the Global Catalog


          Determining Whether Global Catalog Promotion Is Complete


          Finding the Global Catalog Servers in a Forest


          Finding the Domain Controllers or Global Catalog Servers in a Site


          Finding Domain Controllers and Global Catalogs via DNS


          Changing the Preference for a Domain Controller


          Disabling the Global Catalog Requirement for User Logon


          Finding the FSMO Role Holders


          Transferring a FSMO Role


          Seizing a FSMO Role


          Finding the PDC Emulator FSMO Role Owner via DNS


  Chapter 4 Searching and Manipulating Objects


          Introduction


          Viewing the RootDSE


          Viewing the Attributes of an Object


          Counting Objects in Active Directory


          Using LDAP Controls


          Using a Fast or Concurrent Bind


          Connecting to an Object GUID


          Connecting to a Well-Known GUID


          Searching for Objects in a Domain


          Searching the Global Catalog


          Searching for a Large Number of Objects


          Searching with an Attribute-Scoped Query


          Searching with a Bitwise Filter


          Creating an Object


          Modifying an Object


          Modifying a Bit-Flag Attribute


          Dynamically Linking an Auxiliary Class


          Creating a Dynamic Object


          Refreshing a Dynamic Object


          Modifying the Default TTL Settings for Dynamic Objects


          Moving an Object to a Different OU or Container


          Moving an Object to a Different Domain


          Referencing an External Domain


          Renaming an Object


          Deleting an Object


          Deleting a Container That Has Child Objects


          Viewing the Created and Last-Modified Timestamp of an Object


          Modifying the Default LDAP Query Policy


          Exporting Objects to an LDIF File


          Importing Objects Using an LDIF File


          Exporting Objects to a CSV File


          Importing Objects Using PowerShell and a CSV File


  Chapter 5 Organizational Units


          Introduction


          Creating an OU


          Enumerating the OUs in a Domain


          Finding an OU


          Enumerating the Objects in an OU


          Deleting the Objects in an OU


          Deleting an OU


          Moving the Objects in an OU to a Different OU


          Moving an OU


          Renaming an OU


          Modifying an OU


          Determining Approximately How Many Child Objects an OU Has


          Delegating Control of an OU


          Assigning or Removing a Manager for an OU


          Linking a GPO to an OU


          Protecting an OU Against Accidental Deletion


  Chapter 6 Users


          Introduction


          Modifying the Default Display Name Used When Creating Users in ADUC or ADAC


          Creating a User


          Creating a Large Number of Users


          Creating an inetOrgPerson User


          Converting a user Object to an inetOrgPerson Object (or Vice Versa)


          Modifying an Attribute for Several Users at Once


          Deleting a User


          Setting a User's Profile Attributes


          Moving a User


          Redirecting Users to an Alternative OU


          Renaming a User


          Copying a User


          Finding Locked-Out Users


          Unlocking a User


          Troubleshooting Account Lockout Problems


          Viewing the Domain-Wide Account Lockout and Password Policies


          Applying a Fine-Grained Password Policy to a User Object


          Viewing the Fine-Grained Password Policy That Is in Effect for a User Account


          Enabling and Disabling a User


          Finding Disabled Users


          Viewing a User's Group Membership


          Removing All Group Memberships from a User


          Changing a User's Primary Group


          Copying a User's Group Membership to Another User


          Setting a User's Password


          Preventing a User from Changing a Password


          Requiring a User to Change a Password at Next Logon


          Preventing a User's Password from Expiring


          Finding Users Whose Passwords Are About to Expire


          Viewing the RODCs That Have Cached a User's Password


          Setting a User's Account Options (userAccountControl)


          Setting a User's Account to Expire


          Determining a User's Last Logon Time


          Finding Users Who Have Not Logged On Recently


          Viewing and Modifying a User's Permitted Logon Hours


          Viewing a User's Managed Objects


          Creating a UPN Suffix for a Forest


          Restoring a Deleted User


          Protecting a User Against Accidental Deletion


  Chapter 7 Groups


          Introduction


          Creating a Group


          Viewing the Permissions of a Group


          Viewing the Direct Members of a Group


          Viewing the Nested Members of a Group


          Adding and Removing Members of a Group


          Moving a Group Within a Domain


          Moving a Group to Another Domain


          Changing the Scope or Type of a Group


          Modifying Group Attributes


          Delegating Control for Managing Membership of a Group


          Resolving a Primary Group ID


          Enabling Universal Group Membership Caching


          Restoring a Deleted Group


          Protecting a Group Against Accidental Deletion


          Applying a Fine-Grained Password Policy to a Group Object


  Chapter 8 Computer Objects


          Introduction


          Creating a Computer


          Creating a Computer for a Specific User or Group


          Deleting a Computer


          Joining a Computer to a Domain


          Moving a Computer Within the Same Domain


          Moving a Computer to a New Domain


          Renaming a Computer


          Adding or Removing a Computer Account from a Group


          Testing the Secure Channel for a Computer


          Resetting a Computer Account


          Finding Inactive or Unused Computers


          Changing the Maximum Number of Computers a User Can Join to the Domain


          Modifying the Attributes of a computer Object


          Finding Computers with a Particular OS


          Binding to the Default Container for Computers


          Changing the Default Container for Computers


          Listing All the Computer Accounts in a Domain


          Identifying a Computer Role


          Protecting a Computer Against Accidental Deletion


          Viewing the RODCs That Have Cached a Computer's Password


  Chapter 9 Group Policy Objects


          Introduction


          Finding the GPOs in a Domain


          Creating a GPO


          Copying a GPO


          Deleting a GPO


          Viewing the Settings of a GPO


          Modifying the Settings of a GPO


          Importing Settings into a GPO


          Creating a Migration Table


          Creating Custom Group Policy Settings


          Assigning Logon/Logoff and Startup/Shutdown Scripts in a GPO


          Installing Applications with a GPO


          Disabling the User or Computer Settings in a GPO


          Listing the Links for a GPO


          Creating a GPO Link to an OU


          Blocking Inheritance of GPOs on an OU


          Enforcing the Settings of a GPO Link


          Applying a Security Filter to a GPO


          Delegating Administration of GPOs


          Importing a Security Template


          Creating a WMI Filter


          Applying a WMI Filter to a GPO


          Configuring Loopback Processing for a GPO


          Backing Up a GPO


          Restoring a GPO


          Simulating the RSoP


          Viewing the RSoP


          Refreshing GPO Settings on a Computer


          Restoring a Default GPO


          Creating a Fine-Grained Password Policy


          Editing a Fine-Grained Password Policy


          Viewing the Effective PSO for a User


  Chapter 10 Schema


          Introduction


          Registering the Active Directory Schema MMC Snap-in


          Generating an OID to Use for a New Class or Attribute


          Extending the Schema


          Preparing the Schema for an Active Directory Upgrade


          Documenting Schema Extensions


          Adding a New Attribute


          Viewing an Attribute


          Adding a New Class


          Viewing a Class


          Indexing an Attribute


          Modifying the Attributes That Are Copied When Duplicating a User


          Modifying the Attributes Included with ANR


          Modifying the Set of Attributes Stored on a Global Catalog


          Finding Nonreplicated and Constructed Attributes


          Finding the Linked Attributes


          Finding the Structural, Auxiliary, Abstract, and 88 Classes


          Finding the Mandatory and Optional Attributes of a Class


          Modifying the Default Security of a Class


          Managing the Confidentiality Bit


          Adding an Attribute to the Read-Only Filtered Attribute Set (RO-FAS)


          Deactivating Classes and Attributes


          Redefining Classes and Attributes


          Reloading the Schema Cache


          Managing the Schema Master FSMO


  Chapter 11 Site Topology


          Introduction


          Creating a Site


          Listing Sites in a Domain


          Renaming a Site


          Deleting a Site


          Delegating Control of a Site


          Configuring Universal Group Caching for a Site


          Creating a Subnet


          Listing the Subnets


          Finding Missing Subnets


          Deleting a Subnet


          Changing a Subnet's Site Assignment


          Creating a Site Link


          Finding the Site Links for a Site


          Modifying the Sites That Are Part of a Site Link


          Modifying the Cost for a Site Link


          Enabling Change Notification for a Site Link


          Modifying Replication Schedules


          Disabling Site Link Transitivity or Site Link Schedules


          Creating a Site Link Bridge


          Finding the Bridgehead Servers for a Site


          Setting a Preferred Bridgehead Server for a Site


          Listing the Servers


          Moving a Domain Controller to a Different Site


          Configuring a Domain Controller to Cover Multiple Sites


          Viewing the Site Coverage for a Domain Controller


          Disabling Automatic Site Coverage for a Domain Controller


          Finding the Site for a Client


          Forcing a Host into a Particular Site


          Creating a connection Object


          Listing the connection Objects for a Server


          Finding the ISTG for a Site


          Transferring the ISTG to Another Server


          Triggering the KCC


          Determining Whether the KCC Is Completing Successfully


          Disabling the KCC for a Site


          Changing the Interval at Which the KCC Runs


  Chapter 12 Replication


          Introduction


          Determining Whether Two Domain Controllers Are in Sync


          Viewing the Replication Status of Several Domain Controllers


          Viewing Unreplicated Changes Between Two Domain Controllers


          Forcing Replication from One Domain Controller to Another


          Enabling and Disabling Replication


          Changing the Intra-Site Replication Notification Interval


          Changing the Inter-Site Replication Interval


          Disabling Inter-Site Compression of Replication Traffic


          Checking for Potential Replication Problems


          Enabling Enhanced Logging of Replication Events


          Enabling Strict or Loose Replication Consistency


          Finding conflict Objects


          Finding Orphaned Objects


          Listing the Replication Partners for a DC


          Viewing Object Metadata


  Chapter 13 DNS and DHCP


          Introduction


          Creating a Forward Lookup Zone


          Creating a Reverse Lookup Zone


          Viewing a Server's Zones


          Converting a Zone to an AD Integrated Zone


          Moving AD Integrated Zones into an Application Partition


          Configuring Zone Transfers


          Configuring Forwarding


          Configuring Conditional Forwarding


          Delegating Control of an Active Directory Integrated Zone


          Creating and Deleting Resource Records


          Querying Resource Records


          Modifying the DNS Server Configuration


          Scavenging Old Resource Records


          Clearing the DNS Cache


          Verifying That a Domain Controller Can Register Its Resource Records


          Enabling DNS Server Debug Logging


          Registering a Domain Controller's Resource Records


          Deregistering a Domain Controller's Resource Records


          Preventing a Domain Controller from Dynamically Registering All Resource Records


          Preventing a Domain Controller from Dynamically Registering Certain Resource Records


          Allowing Computers to Use a Domain Suffix That Is Different from Their AD Domain


          Authorizing a DHCP Server


          Restricting DHCP Administrators


  Chapter 14 Security and Authentication


          Introduction


          Enabling SSL/TLS


          Securing LDAP Traffic with SSL, TLS, or Signing


          Disabling LDAP Signing


          Enabling Anonymous LDAP Access


          Using the Delegation of Control Wizard


          Customizing the Delegation of Control Wizard


          Revoking Delegated Permissions


          Viewing the ACL for an Object


          Customizing the ACL Editor


          Viewing the Effective Permissions on an Object


          Configuring Permission Inheritance


          Changing the ACL of an Object


          Changing the Default ACL for an Object Class in the Schema


          Comparing the ACL of an Object to the Default Defined in the Schema


          Resetting an Object's ACL to the Default Defined in the Schema


          Enabling Strong Domain Authentication


          Enabling List Object Access Mode


          Modifying the ACL on Administrator Accounts


          Viewing and Purging Your Kerberos Tickets


          Forcing Kerberos to Use TCP


          Modifying Kerberos Settings


          Viewing Access Tokens


          Creating a Claim Type


          Creating a Resource Property


          Configuring a Central Access Rule


          Creating a Central Access Policy


          Applying a Central Access Policy


          Enabling Domain Controller Support for Claims and Compound Authentication


          Enabling Claims for Devices in a Domain


  Chapter 15 Logging, Monitoring, and Quotas


          Introduction


          Enabling Diagnostics Logging


          Enabling NetLogon Logging


          Enabling GPO Client Logging


          Enabling Kerberos Logging


          Viewing DNS Server Performance Statistics


          Monitoring the Windows Time Service


          Enabling Inefficient and Expensive LDAP Query Logging


          Using the STATS Control to View LDAP Query Statistics


          Monitoring the Performance of Active Directory


          Using Perfmon Trace Logs to Monitor Active Directory


          Creating an Administrative Alert


          Emailing an Administrator on a Performance Alert


          Enabling Auditing of Directory Access


          Enabling Auditing of Registry Keys


          Creating a Quota


          Finding the Quotas Assigned to a Security Principal


          Changing How Tombstone Objects Count Against Quota Usage


          Setting the Default Quota for All Security Principals in a Partition


          Finding the Quota Usage for a Security Principal


  Chapter 16 Backup, Recovery, DIT Maintenance, and Deleted Objects


          Introduction


          Backing Up the Active Directory Database


          Creating an Active Directory Snapshot


          Mounting an Active Directory Snapshot


          Accessing Active Directory Snapshot Data


          Restarting a Domain Controller in Directory Services Repair Mode


          Resetting the Directory Services Repair Mode Administrator Password


          Performing a Nonauthoritative Restore


          Performing an Authoritative Restore of an Object or Subtree


          Performing a Complete Authoritative Restore


          Checking the DIT File's Integrity


          Moving the DIT Files


          Repairing or Recovering the DIT


          Performing an Online Defrag Manually


          Performing a Database Recovery


          Creating a Reserve File


          Determining How Much Whitespace Is in the DIT


          Performing an Offline Defrag to Reclaim Space


          Changing the Garbage Collection Interval


          Logging the Number of Expired Tombstone Objects


          Determining the Size of the Active Directory Database


          Searching for Deleted Objects


          Undeleting a Single Object


          Undeleting a Container Object


          Modifying the Tombstone Lifetime for a Domain


  Chapter 17 Application Partitions


          Introduction


          Creating and Deleting an Application Partition


          Finding the Application Partitions in a Forest


          Adding or Removing a Replica Server for an Application Partition


          Finding the Replica Servers for an Application Partition


          Finding the Application Partitions Hosted by a Server


          Verifying Application Partitions Are Instantiated Correctly on a Server


          Setting the Replication Notification Delay for an Application Partition


          Setting the Reference Domain for an Application Partition


          Delegating Control of Managing an Application Partition


  Chapter 18 Active Directory Lightweight Directory Service


          Introduction


          Installing AD LDS


          Creating a New AD LDS Instance


          Creating a New Replica of an AD LDS Configuration Set


          Stopping and Starting an AD LDS Instance


          Changing the Ports Used by an AD LDS Instance


          Listing the AD LDS Instances Installed on a Computer


          Extending the AD LDS Schema


          Managing AD LDS Application Partitions


          Managing AD LDS Organizational Units


          Managing AD LDS Users


          Changing the Password for an AD LDS User


          Enabling and Disabling an AD LDS User


          Creating AD LDS Groups


          Managing AD LDS Group Memberships


          Viewing and Modifying AD LDS Object Attributes


          Importing Data into an AD LDS Instance


          Configuring Intra-Site Replication


          Forcing AD LDS Replication


          Managing AD LDS Replication Authentication


          Managing AD LDS Permissions


          Enabling Auditing of AD LDS Access


  Chapter 19 Active Directory Federation Services


          Introduction


          Installing AD FS Prerequisites


          Installing the AD FS Federation Service


          Configuring an LDAP Attribute Store


          Configuring a Microsoft SQL Server Attribute Store


          Creating Claim Descriptions


          Creating a Relying Party Trust


          Configuring a Claims Provider Trust


          Configuring an Alternate UPN Suffix


          Configuring AD FS 2.x and AD FS 1.x Interoperability


          Configuring Logging for AD FS


  Chapter 20 Microsoft Exchange Server 2013


          Introduction


          Exchange Server and Active Directory


          Exchange Server 2013 Architecture


          Finding Exchange Server Cmdlets


          Preparing Active Directory for Exchange


          Installing the First Exchange Server 2013 Server in an Organization


          Creating Unattended Installation Files for Exchange Server


          Installing Exchange Management Tools


          Stopping and Starting Exchange Server


          Mail-Enabling a User


          Mail-Disabling a User


          Mailbox-Enabling a User


          Deleting a User's Mailbox


          Moving a Mailbox


          Viewing Mailbox Sizes and Message Counts


          Configuring Mailbox Limits


          Creating an Address List


          Creating a Database Availability Group


          Creating a Mailbox Database


          Enabling or Disabling Anti-Malware Scanning


          Enabling Message Tracking


  Chapter 21 Microsoft Forefront Identity Manager


          Introduction


          Creating a SQL Server Management Agent


          Creating an Active Directory Management Agent


          Setting Up a Metaverse Object Deletion Rule


          Setting Up a Simple Import Attribute Flow


          Setting Up a Simple Export Attribute Flow to Active Directory


          Defining an Advanced Import Attribute Flow


          Implementing an Advanced Attribute Flow Rules Extension


          Setting Up Advanced Export Attribute Flow in Active Directory


          Configuring a Run Profile to Do an Initial Load of Data from a SQL Server Management Agent


          Loading Initial SQL Server Database Data into FIM 2010 R2 Using a Run Profile


          Configuring a Run Profile to Load the Container Structure from Active Directory


          Loading the Initial Active Directory Container Structure into FIM 2010 R2 Using a Run Profile


          Setting Up a SQL Server Management Agent to Project Objects to the Metaverse


          Writing a Rules Extension to Provision User Objects


          Creating a Run Profile for Provisioning


          Executing the Provisioning Rule


          Creating a Run Profile to Export Objects from the AD MA to Active Directory


          Exporting Objects to Active Directory Using an Export Run Profile


          Creating a Run Profile Script


          Creating a Controlling Script


          Enabling Directory Synchronization from Active Directory to the HR Database


          Configuring a Run Profile to Load the telephoneNumber from Active Directory


          Loading telephoneNumber Changes from AD into FIM Using a Delta Import/Delta Sync Run Profile


          Exporting telephoneNumber Data to a SQL Server Database


          Using a SQL Server MA Export Run Profile to Export the telephoneNumber to a SQL Server Database


          Searching Data in the Connector Space


          Searching Data in the Metaverse


          Deleting Data in the Connector Space and Metaverse


          Extending Object Types to Include a New Attribute


          Previewing Changes to the FIM Configuration


          Committing Changes to Individual Identities Using the Commit Preview Feature


          Passing Data Between Rules Extensions Using Transaction Properties


          Using a Single Rules Extension to Affect Multiple Attribute Flows


          Flowing a Null Value to a Data Source


          Importing and Decoding the accountExpires Attribute


          Exporting and Encoding the accountExpires Attribute


  Colophon