Mastering Active Directory for Windows Server 2003 R2

Introduction xxi

Part 1 Active Directory Design 1

Chapter 1 Active Directory Fundamentals 3

Do I Need Active Directory? 3

The Basics 4

What's New in R2? 9

Pre-Design Criteria 10

Coming Up Next 12

Chapter 2 Domain Name System Design 13

Tied Together 13

How to Resolve 14

Internal and External Name Options 21

Understanding the Current DNS Infrastructure 22

That Other DNS Server 23

Propagating the Changes 24

Protecting DNS 27

Keeping the System Accurate 33

Coming Up Next 37

Chapter 3 Active Directory Forest and Domain Design 39

Active Directory Forest Design Criteria 40

Multiple Forests: Pros and Cons 47

Forest Functionality Mode Features in Windows 2003 52

Active Directory Domain Design 55

Active Directory Domain Design Criteria 55

Multiple Domains: Pros and Cons 58

Coming Up Next 72

Chapter 4 Organizing the Physical and Logical Aspects of Active Directory 73

Determining the Site Topology 73

Understanding the Current Network Infrastructure 76

Setting Your Sites to Support the Active Directory Design 78

Designing Site Links and Site Link Bridges 81

Organizational Unit Design 84

Designing OUs for Group Policy 94

Coming Up Next 112

Chapter 5 Flexible Single Master Operations Design 113

What Are the FSMO Roles? 113

Choosing Flexible Single Master Operations Placement 117

Coming Up Next 120

Part 2 Active Directory Management 121

Chapter 6 Managing Accounts: User, Group, and Computer 123

Account Types 123

Utilities 147

Coming Up Next 173

Chapter 7 Managing Access with Active Directory Services 175

Active Directory Federation Services 176

Configuring Clients 196

Identity Management for Unix 198

Coming Up Next 219

Chapter 8 Maintaining Organizational Units 221

Organizational Units 221

User Rights and Permissions When Accessing Resources 227

Permissions 230

Delegation of Control 234

Auditing 239

Moving Objects in Active Directory 244

Coming Up Next 248

Chapter 9 Managing Group Policy 249

Group Policy Management Tools 249

Working with ADU&C or ADS&S 250

Group Policy Management Console (GPMC) 251

Administrative Templates 260

Group Policy Inheritance 261

Group Policy Storage 263

Group Policy Processing 264

Group Policy Troubleshooting 267

Practical Uses of Group Policy 269

Coming Up Next 274

Chapter 10 Managing Site Boundaries 275

Replication within Active Directory 275

Coming Up Next 293

Chapter 11 Managing the Flexible Single Master Operations Roles 295

Identifying the Role Holders 295

Maintaining the Role Holders 303

Coming Up Next 316

Chapter 12 Maintaining the Active Directory Database 317

The Active Directory Database 318

The Active Directory Schema 333

Modifying the Schema 335

Coming Up Next 336

Part 3 Troubleshooting Active Directory 337

Chapter 13 Microsoft's Troubleshooting Methodology for Active Directory 339

High-Level Methodology 339

Coming Up Next 351

Chapter 14 Troubleshooting Problems Related to Network Infrastructure 353

Components of Network Infrastructure 353

Name Resolution Methods 353

Methodologies of Network Troubleshooting 364

Coming Up Next 378

Chapter 15 Troubleshooting Problems Related to the Active Directory Database 379

Active Directory File 379

Troubleshooting Active Directory Replication 383

Replication Overview 383

Determining DNS Problems 383

Verifying Replication 386

Controlling Replication in Large Organizations 390

Best Practices for Troubleshooting AD Replication 391

Troubleshooting FSMO Roles 391

FSMO Roles and Their Importance 391

Transferring and Seizing FSMO Roles 395

Best Practices for Troubleshooting FSMO Roles 401

Troubleshooting Logon Failures 401

Auditing for Logon Problems 401

Native Mode Logon Problems 407

Account Lockout Problems 408

Remote Access Issues 412

Are You Being Attacked? 412

Controlling WAN Communication 412

Best Practices for Logon and Account Lockout Troubleshooting 413

Coming Up Next 413

Chapter 16 Troubleshooting Active Directory with Microsoft Operations Manager 415

About Microsoft Operations Manager 415

Management Packs 431

Coming Up Next 447

Part 4 Streamlining Management with Scripts 449

Chapter 17 ADSI Primer 451

What Is ADSI? 451

Active Directory Objects 454

Common Active Directory Objects 460

The Basic ADSI Pattern 467

Chapter 18 Active Directory Scripts 511

Windows Script File Basics 511

VBScript Class Basics 512

RootDSE Scripts 516

Domain Scripts 520

Active Directory Query Scripts 525

User Scripts 531

Group Scripts 548

Computer Scripts 557

Organizational Unit Scripts 562

Excel Scripts 567

Coming Up Next 580

Chapter 19 Monitoring Active Directory 581

OutputClass 581

Windows Management Instrumentation (WMI) 583

WMIClass 591

CPU Overload 595

RegistryClass 597

AD Database and Log File Free Space 603

Active Directory Essential Services 605

Active Directory Response Time 606

Global Catalog Server Response 608

Lost and Found Object Count 611

PingClass 612

Operation master Response 614

Monitor Trust Relationships 617

Index 619