Home   FAQs   New Arrivals   Specials   Pricing & Shipping   Location   Corporate Services   Why Choose Bookware?  
Call our store: 9955 5567 (from within Sydney) or 1800 734 567 (from outside Sydney)
 View Cart   Check Out   
Browse by Subject
 TAFE Accounting
 TAFE I.T./Computing
 TAFE - Other
 Windows 8
 Adobe CS6
 CCNA 2012
 CCNP 2012
 Web Design
 Project Management
 Mobile Devices
 Windows Server 2012
 SQL Server 2012
Economics and Business
 Business Information Systems
 Human Resources

Active Directory Cookbook

by: Svidergol, Brian

Notify me when in stock

On-line Price: $79.99 (includes GST)

Paperback package 800

20%Off Retail Price

You save: $20.00

This item is available to backorder. Usually ships within 7 - 10 working days

Retail Price: $99.99

Publisher: O'REILLY,15.05.13


ISBN: 1449361420
ISBN13: 9781449361426

Add to Shopping Cart

Take the guesswork out of deploying, administering, and automating Active Directory. With hundreds of proven recipes, the updated edition of this popular cookbook provides quick, step-by-step solutions to common (and not so common) problems you might encounter when working with Microsoft's network directory service.

This fourth edition includes troubleshooting recipes for Windows Server 2012, Windows 8, and Exchange 2013, based on valuable input from Windows administrators. You'll also find quick solutions for the Lightweight Directory Access Protocol (LDAP), Active Directory Lightweight Directory Services (AD LDS), multi-master replication, DNS, Group Policy, and many other features.

  Manage new AD features, such as the Recycle Bin, Group Managed Service Accounts, and fine-grained password policies

  Work with AD from the command line and use Windows PowerShell to automate tasks

  Remove and create forests, domains, and trusts

  Create groups, modify group scope and type, and manage membership

  Delegate control, view and modify permissions, and handle Kerberos tickets

  Import and export data with LDAP Data Interchange Format (LDIF)

  Synchronize multiple directories and enforce data integrity within a single or multiple stores

  Back up AD, and perform authoritative and non-authoritative restores

  Chapter 1 Getting Started

          Approach to the Book

          Where to Find the Tools

          Getting Familiar with LDIF

          Replaceable Text

          Where to Find More Information

  Chapter 2 Forests, Domains, and Trusts


          Creating a Forest

          Removing a Forest

          Creating a Domain

          Removing a Domain

          Removing an Orphaned Domain

          Finding the Domains in a Forest

          Finding the NetBIOS Name of a Domain

          Renaming a Domain

          Raising the Domain Functional Level to Windows Server 2012

          Raising the Functional Level of a Windows Server 2008 or 2008 R2 Forest

          Using AdPrep to Prepare a Domain or Forest for Windows Server 2012

          Determining Whether AdPrep Has Completed

          Checking Whether a Windows Domain Controller Can Be Upgraded to Windows Server 2003 or 2008

          Creating an External Trust

          Creating a Transitive Trust Between Two AD Forests

          Creating a Shortcut Trust Between Two AD Domains

          Creating a Trust to a Kerberos Realm

          Viewing the Trusts for a Domain

          Verifying a Trust

          Resetting a Trust

          Removing a Trust

          Enabling SID Filtering for a Trust

          Enabling Quarantine for a Trust

          Managing Selective Authentication for a Trust

          Finding Duplicate SIDs in a Domain

          Adding Additional Fields to Active Directory Users and Computers

  Chapter 3 Domain Controllers, Global Catalogs, and FSMOs


          Promoting a Server to a Domain Controller

          Promoting a Server to a Read-Only Domain Controller

          Performing a Two-Stage RODC Installation

          Modifying the Password Replication Policy

          Promoting a Server to a Windows Server 2012 Domain Controller from Media

          Demoting a Domain Controller

          Automating the Promotion or Demotion of a Domain Controller

          Troubleshooting Domain Controller Promotion or Demotion Problems

          Verifying the Promotion of a Domain Controller

          Removing an Unsuccessfully Demoted Domain Controller

          Renaming a Domain Controller

          Finding the Domain Controllers for a Domain

          Finding the Closest Domain Controller

          Finding a Domain Controller's Site

          Moving a Domain Controller to a Different Site

          Finding the Services a Domain Controller Is Advertising

          Restoring a Deleted Domain Controller in Windows Server 2012

          Resetting the TCP/IP Stack on a Domain Controller

          Configuring a Domain Controller to Use an External Time Source

          Finding the Number of Logon Attempts Made Against a Domain Controller

          Enabling the /3GB Switch to Increase the LSASS Cache

          Enabling and Disabling the Global Catalog

          Determining Whether Global Catalog Promotion Is Complete

          Finding the Global Catalog Servers in a Forest

          Finding the Domain Controllers or Global Catalog Servers in a Site

          Finding Domain Controllers and Global Catalogs via DNS

          Changing the Preference for a Domain Controller

          Disabling the Global Catalog Requirement for User Logon

          Finding the FSMO Role Holders

          Transferring a FSMO Role

          Seizing a FSMO Role

          Finding the PDC Emulator FSMO Role Owner via DNS

  Chapter 4 Searching and Manipulating Objects


          Viewing the RootDSE

          Viewing the Attributes of an Object

          Counting Objects in Active Directory

          Using LDAP Controls

          Using a Fast or Concurrent Bind

          Connecting to an Object GUID

          Connecting to a Well-Known GUID

          Searching for Objects in a Domain

          Searching the Global Catalog

          Searching for a Large Number of Objects

          Searching with an Attribute-Scoped Query

          Searching with a Bitwise Filter

          Creating an Object

          Modifying an Object

          Modifying a Bit-Flag Attribute

          Dynamically Linking an Auxiliary Class

          Creating a Dynamic Object

          Refreshing a Dynamic Object

          Modifying the Default TTL Settings for Dynamic Objects

          Moving an Object to a Different OU or Container

          Moving an Object to a Different Domain

          Referencing an External Domain

          Renaming an Object

          Deleting an Object

          Deleting a Container That Has Child Objects

          Viewing the Created and Last-Modified Timestamp of an Object

          Modifying the Default LDAP Query Policy

          Exporting Objects to an LDIF File

          Importing Objects Using an LDIF File

          Exporting Objects to a CSV File

          Importing Objects Using PowerShell and a CSV File

  Chapter 5 Organizational Units


          Creating an OU

          Enumerating the OUs in a Domain

          Finding an OU

          Enumerating the Objects in an OU

          Deleting the Objects in an OU

          Deleting an OU

          Moving the Objects in an OU to a Different OU

          Moving an OU

          Renaming an OU

          Modifying an OU

          Determining Approximately How Many Child Objects an OU Has

          Delegating Control of an OU

          Assigning or Removing a Manager for an OU

          Linking a GPO to an OU

          Protecting an OU Against Accidental Deletion

  Chapter 6 Users


          Modifying the Default Display Name Used When Creating Users in ADUC or ADAC

          Creating a User

          Creating a Large Number of Users

          Creating an inetOrgPerson User

          Converting a user Object to an inetOrgPerson Object (or Vice Versa)

          Modifying an Attribute for Several Users at Once

          Deleting a User

          Setting a User's Profile Attributes

          Moving a User

          Redirecting Users to an Alternative OU

          Renaming a User

          Copying a User

          Finding Locked-Out Users

          Unlocking a User

          Troubleshooting Account Lockout Problems

          Viewing the Domain-Wide Account Lockout and Password Policies

          Applying a Fine-Grained Password Policy to a User Object

          Viewing the Fine-Grained Password Policy That Is in Effect for a User Account

          Enabling and Disabling a User

          Finding Disabled Users

          Viewing a User's Group Membership

          Removing All Group Memberships from a User

          Changing a User's Primary Group

          Copying a User's Group Membership to Another User

          Setting a User's Password

          Preventing a User from Changing a Password

          Requiring a User to Change a Password at Next Logon

          Preventing a User's Password from Expiring

          Finding Users Whose Passwords Are About to Expire

          Viewing the RODCs That Have Cached a User's Password

          Setting a User's Account Options (userAccountControl)

          Setting a User's Account to Expire

          Determining a User's Last Logon Time

          Finding Users Who Have Not Logged On Recently

          Viewing and Modifying a User's Permitted Logon Hours

          Viewing a User's Managed Objects

          Creating a UPN Suffix for a Forest

          Restoring a Deleted User

          Protecting a User Against Accidental Deletion

  Chapter 7 Groups


          Creating a Group

          Viewing the Permissions of a Group

          Viewing the Direct Members of a Group

          Viewing the Nested Members of a Group

          Adding and Removing Members of a Group

          Moving a Group Within a Domain

          Moving a Group to Another Domain

          Changing the Scope or Type of a Group

          Modifying Group Attributes

          Delegating Control for Managing Membership of a Group

          Resolving a Primary Group ID

          Enabling Universal Group Membership Caching

          Restoring a Deleted Group

          Protecting a Group Against Accidental Deletion

          Applying a Fine-Grained Password Policy to a Group Object

  Chapter 8 Computer Objects


          Creating a Computer

          Creating a Computer for a Specific User or Group

          Deleting a Computer

          Joining a Computer to a Domain

          Moving a Computer Within the Same Domain

          Moving a Computer to a New Domain

          Renaming a Computer

          Adding or Removing a Computer Account from a Group

          Testing the Secure Channel for a Computer

          Resetting a Computer Account

          Finding Inactive or Unused Computers

          Changing the Maximum Number of Computers a User Can Join to the Domain

          Modifying the Attributes of a computer Object

          Finding Computers with a Particular OS

          Binding to the Default Container for Computers

          Changing the Default Container for Computers

          Listing All the Computer Accounts in a Domain

          Identifying a Computer Role

          Protecting a Computer Against Accidental Deletion

          Viewing the RODCs That Have Cached a Computer's Password

  Chapter 9 Group Policy Objects


          Finding the GPOs in a Domain

          Creating a GPO

          Copying a GPO

          Deleting a GPO

          Viewing the Settings of a GPO

          Modifying the Settings of a GPO

          Importing Settings into a GPO

          Creating a Migration Table

          Creating Custom Group Policy Settings

          Assigning Logon/Logoff and Startup/Shutdown Scripts in a GPO

          Installing Applications with a GPO

          Disabling the User or Computer Settings in a GPO

          Listing the Links for a GPO

          Creating a GPO Link to an OU

          Blocking Inheritance of GPOs on an OU

          Enforcing the Settings of a GPO Link

          Applying a Security Filter to a GPO

          Delegating Administration of GPOs

          Importing a Security Template

          Creating a WMI Filter

          Applying a WMI Filter to a GPO

          Configuring Loopback Processing for a GPO

          Backing Up a GPO

          Restoring a GPO

          Simulating the RSoP

          Viewing the RSoP

          Refreshing GPO Settings on a Computer

          Restoring a Default GPO

          Creating a Fine-Grained Password Policy

          Editing a Fine-Grained Password Policy

          Viewing the Effective PSO for a User

  Chapter 10 Schema


          Registering the Active Directory Schema MMC Snap-in

          Generating an OID to Use for a New Class or Attribute

          Extending the Schema

          Preparing the Schema for an Active Directory Upgrade

          Documenting Schema Extensions

          Adding a New Attribute

          Viewing an Attribute

          Adding a New Class

          Viewing a Class

          Indexing an Attribute

          Modifying the Attributes That Are Copied When Duplicating a User

          Modifying the Attributes Included with ANR

          Modifying the Set of Attributes Stored on a Global Catalog

          Finding Nonreplicated and Constructed Attributes

          Finding the Linked Attributes

          Finding the Structural, Auxiliary, Abstract, and 88 Classes

          Finding the Mandatory and Optional Attributes of a Class

          Modifying the Default Security of a Class

          Managing the Confidentiality Bit

          Adding an Attribute to the Read-Only Filtered Attribute Set (RO-FAS)

          Deactivating Classes and Attributes

          Redefining Classes and Attributes

          Reloading the Schema Cache

          Managing the Schema Master FSMO

  Chapter 11 Site Topology


          Creating a Site

          Listing Sites in a Domain

          Renaming a Site

          Deleting a Site

          Delegating Control of a Site

          Configuring Universal Group Caching for a Site

          Creating a Subnet

          Listing the Subnets

          Finding Missing Subnets

          Deleting a Subnet

          Changing a Subnet's Site Assignment

          Creating a Site Link

          Finding the Site Links for a Site

          Modifying the Sites That Are Part of a Site Link

          Modifying the Cost for a Site Link

          Enabling Change Notification for a Site Link

          Modifying Replication Schedules

          Disabling Site Link Transitivity or Site Link Schedules

          Creating a Site Link Bridge

          Finding the Bridgehead Servers for a Site

          Setting a Preferred Bridgehead Server for a Site

          Listing the Servers

          Moving a Domain Controller to a Different Site

          Configuring a Domain Controller to Cover Multiple Sites

          Viewing the Site Coverage for a Domain Controller

          Disabling Automatic Site Coverage for a Domain Controller

          Finding the Site for a Client

          Forcing a Host into a Particular Site

          Creating a connection Object

          Listing the connection Objects for a Server

          Finding the ISTG for a Site

          Transferring the ISTG to Another Server

          Triggering the KCC

          Determining Whether the KCC Is Completing Successfully

          Disabling the KCC for a Site

          Changing the Interval at Which the KCC Runs

  Chapter 12 Replication


          Determining Whether Two Domain Controllers Are in Sync

          Viewing the Replication Status of Several Domain Controllers

          Viewing Unreplicated Changes Between Two Domain Controllers

          Forcing Replication from One Domain Controller to Another

          Enabling and Disabling Replication

          Changing the Intra-Site Replication Notification Interval

          Changing the Inter-Site Replication Interval

          Disabling Inter-Site Compression of Replication Traffic

          Checking for Potential Replication Problems

          Enabling Enhanced Logging of Replication Events

          Enabling Strict or Loose Replication Consistency

          Finding conflict Objects

          Finding Orphaned Objects

          Listing the Replication Partners for a DC

          Viewing Object Metadata

  Chapter 13 DNS and DHCP


          Creating a Forward Lookup Zone

          Creating a Reverse Lookup Zone

          Viewing a Server's Zones

          Converting a Zone to an AD Integrated Zone

          Moving AD Integrated Zones into an Application Partition

          Configuring Zone Transfers

          Configuring Forwarding

          Configuring Conditional Forwarding

          Delegating Control of an Active Directory Integrated Zone

          Creating and Deleting Resource Records

          Querying Resource Records

          Modifying the DNS Server Configuration

          Scavenging Old Resource Records

          Clearing the DNS Cache

          Verifying That a Domain Controller Can Register Its Resource Records

          Enabling DNS Server Debug Logging

          Registering a Domain Controller's Resource Records

          Deregistering a Domain Controller's Resource Records

          Preventing a Domain Controller from Dynamically Registering All Resource Records

          Preventing a Domain Controller from Dynamically Registering Certain Resource Records

          Allowing Computers to Use a Domain Suffix That Is Different from Their AD Domain

          Authorizing a DHCP Server

          Restricting DHCP Administrators

  Chapter 14 Security and Authentication


          Enabling SSL/TLS

          Securing LDAP Traffic with SSL, TLS, or Signing

          Disabling LDAP Signing

          Enabling Anonymous LDAP Access

          Using the Delegation of Control Wizard

          Customizing the Delegation of Control Wizard

          Revoking Delegated Permissions

          Viewing the ACL for an Object

          Customizing the ACL Editor

          Viewing the Effective Permissions on an Object

          Configuring Permission Inheritance

          Changing the ACL of an Object

          Changing the Default ACL for an Object Class in the Schema

          Comparing the ACL of an Object to the Default Defined in the Schema

          Resetting an Object's ACL to the Default Defined in the Schema

          Enabling Strong Domain Authentication

          Enabling List Object Access Mode

          Modifying the ACL on Administrator Accounts

          Viewing and Purging Your Kerberos Tickets

          Forcing Kerberos to Use TCP

          Modifying Kerberos Settings

          Viewing Access Tokens

          Creating a Claim Type

          Creating a Resource Property

          Configuring a Central Access Rule

          Creating a Central Access Policy

          Applying a Central Access Policy

          Enabling Domain Controller Support for Claims and Compound Authentication

          Enabling Claims for Devices in a Domain

  Chapter 15 Logging, Monitoring, and Quotas


          Enabling Diagnostics Logging

          Enabling NetLogon Logging

          Enabling GPO Client Logging

          Enabling Kerberos Logging

          Viewing DNS Server Performance Statistics

          Monitoring the Windows Time Service

          Enabling Inefficient and Expensive LDAP Query Logging

          Using the STATS Control to View LDAP Query Statistics

          Monitoring the Performance of Active Directory

          Using Perfmon Trace Logs to Monitor Active Directory

          Creating an Administrative Alert

          Emailing an Administrator on a Performance Alert

          Enabling Auditing of Directory Access

          Enabling Auditing of Registry Keys

          Creating a Quota

          Finding the Quotas Assigned to a Security Principal

          Changing How Tombstone Objects Count Against Quota Usage

          Setting the Default Quota for All Security Principals in a Partition

          Finding the Quota Usage for a Security Principal

  Chapter 16 Backup, Recovery, DIT Maintenance, and Deleted Objects


          Backing Up the Active Directory Database

          Creating an Active Directory Snapshot

          Mounting an Active Directory Snapshot

          Accessing Active Directory Snapshot Data

          Restarting a Domain Controller in Directory Services Repair Mode

          Resetting the Directory Services Repair Mode Administrator Password

          Performing a Nonauthoritative Restore

          Performing an Authoritative Restore of an Object or Subtree

          Performing a Complete Authoritative Restore

          Checking the DIT File's Integrity

          Moving the DIT Files

          Repairing or Recovering the DIT

          Performing an Online Defrag Manually

          Performing a Database Recovery

          Creating a Reserve File

          Determining How Much Whitespace Is in the DIT

          Performing an Offline Defrag to Reclaim Space

          Changing the Garbage Collection Interval

          Logging the Number of Expired Tombstone Objects

          Determining the Size of the Active Directory Database

          Searching for Deleted Objects

          Undeleting a Single Object

          Undeleting a Container Object

          Modifying the Tombstone Lifetime for a Domain

  Chapter 17 Application Partitions


          Creating and Deleting an Application Partition

          Finding the Application Partitions in a Forest

          Adding or Removing a Replica Server for an Application Partition

          Finding the Replica Servers for an Application Partition

          Finding the Application Partitions Hosted by a Server

          Verifying Application Partitions Are Instantiated Correctly on a Server

          Setting the Replication Notification Delay for an Application Partition

          Setting the Reference Domain for an Application Partition

          Delegating Control of Managing an Application Partition

  Chapter 18 Active Directory Lightweight Directory Service


          Installing AD LDS

          Creating a New AD LDS Instance

          Creating a New Replica of an AD LDS Configuration Set

          Stopping and Starting an AD LDS Instance

          Changing the Ports Used by an AD LDS Instance

          Listing the AD LDS Instances Installed on a Computer

          Extending the AD LDS Schema

          Managing AD LDS Application Partitions

          Managing AD LDS Organizational Units

          Managing AD LDS Users

          Changing the Password for an AD LDS User

          Enabling and Disabling an AD LDS User

          Creating AD LDS Groups

          Managing AD LDS Group Memberships

          Viewing and Modifying AD LDS Object Attributes

          Importing Data into an AD LDS Instance

          Configuring Intra-Site Replication

          Forcing AD LDS Replication

          Managing AD LDS Replication Authentication

          Managing AD LDS Permissions

          Enabling Auditing of AD LDS Access

  Chapter 19 Active Directory Federation Services


          Installing AD FS Prerequisites

          Installing the AD FS Federation Service

          Configuring an LDAP Attribute Store

          Configuring a Microsoft SQL Server Attribute Store

          Creating Claim Descriptions

          Creating a Relying Party Trust

          Configuring a Claims Provider Trust

          Configuring an Alternate UPN Suffix

          Configuring AD FS 2.x and AD FS 1.x Interoperability

          Configuring Logging for AD FS

  Chapter 20 Microsoft Exchange Server 2013


          Exchange Server and Active Directory

          Exchange Server 2013 Architecture

          Finding Exchange Server Cmdlets

          Preparing Active Directory for Exchange

          Installing the First Exchange Server 2013 Server in an Organization

          Creating Unattended Installation Files for Exchange Server

          Installing Exchange Management Tools

          Stopping and Starting Exchange Server

          Mail-Enabling a User

          Mail-Disabling a User

          Mailbox-Enabling a User

          Deleting a User's Mailbox

          Moving a Mailbox

          Viewing Mailbox Sizes and Message Counts

          Configuring Mailbox Limits

          Creating an Address List

          Creating a Database Availability Group

          Creating a Mailbox Database

          Enabling or Disabling Anti-Malware Scanning

          Enabling Message Tracking

  Chapter 21 Microsoft Forefront Identity Manager


          Creating a SQL Server Management Agent

          Creating an Active Directory Management Agent

          Setting Up a Metaverse Object Deletion Rule

          Setting Up a Simple Import Attribute Flow

          Setting Up a Simple Export Attribute Flow to Active Directory

          Defining an Advanced Import Attribute Flow

          Implementing an Advanced Attribute Flow Rules Extension

          Setting Up Advanced Export Attribute Flow in Active Directory

          Configuring a Run Profile to Do an Initial Load of Data from a SQL Server Management Agent

          Loading Initial SQL Server Database Data into FIM 2010 R2 Using a Run Profile

          Configuring a Run Profile to Load the Container Structure from Active Directory

          Loading the Initial Active Directory Container Structure into FIM 2010 R2 Using a Run Profile

          Setting Up a SQL Server Management Agent to Project Objects to the Metaverse

          Writing a Rules Extension to Provision User Objects

          Creating a Run Profile for Provisioning

          Executing the Provisioning Rule

          Creating a Run Profile to Export Objects from the AD MA to Active Directory

          Exporting Objects to Active Directory Using an Export Run Profile

          Creating a Run Profile Script

          Creating a Controlling Script

          Enabling Directory Synchronization from Active Directory to the HR Database

          Configuring a Run Profile to Load the telephoneNumber from Active Directory

          Loading telephoneNumber Changes from AD into FIM Using a Delta Import/Delta Sync Run Profile

          Exporting telephoneNumber Data to a SQL Server Database

          Using a SQL Server MA Export Run Profile to Export the telephoneNumber to a SQL Server Database

          Searching Data in the Connector Space

          Searching Data in the Metaverse

          Deleting Data in the Connector Space and Metaverse

          Extending Object Types to Include a New Attribute

          Previewing Changes to the FIM Configuration

          Committing Changes to Individual Identities Using the Commit Preview Feature

          Passing Data Between Rules Extensions Using Transaction Properties

          Using a Single Rules Extension to Affect Multiple Attribute Flows

          Flowing a Null Value to a Data Source

          Importing and Decoding the accountExpires Attribute

          Exporting and Encoding the accountExpires Attribute