Book description
Active Directory Domain Services 2008 How-To
Real Solutions for Active Directory 2008 Administrators
John Policelli
Need fast, reliable, easy-to-implement solutions for Microsoft Active Directory 2008? This book delivers exactly what you’re looking for. You’ll find nearly 250 tested, step-by-step procedures for planning, installing, customizing, and managing Active Directory Domain Services (AD DS) in any production environment. Completely up-to-date, it fully reflects the brand new version of Active Directory introduced in Windows Server 2008, which contains the most significant changes since AD was first introduced. When time is of the essence, turn here first: get answers you can trust—and use—right now!
Fast, Accurate, and Easy-to-Use!
Prepare for Active Directory Domain Services installation
Install and uninstall Active Directory Domain Services
Manage trust relationships and functional levels
Manage Operations Master Roles and Global Catalog Servers
Efficiently administer sites and replication
Manage the Active Domain Services schema
Administer Active Directory DS data
Make the most of Active Directory Group Policies
Manage password replication policies
Implement fine-grained password and account lockout policies
Safely back up and recover Active Directory DS
Use Active Directory’s improved auditing capabilities to track changes more effectively
John Policelli has been honored by Microsoft as a Microsoft MVP for Directory Services. A solutions-focused IT consultant with over a decade of success in architecture, security, IT strategy, and disaster recovery, John has designed and implemented dozens of complex directory service, e-Messaging, web, networking, and security enterprise solutions. He has provided thought leadership for some of Canada’s largest Active Directory installations. He has also served as an author, technical reviewer, and subject matter expert for more than 50 training, exam writing, press, and whitepaper projects related to Windows Server 2008 Identity and Access Management, networking, and collaboration. His technology certifications include MCTS, MCSA, ITSM, iNet+, Network+, and A+.
Category: Microsoft / Windows Server
Table of contents
- Copyright
- About the Author
- Acknowledgments
- We Want to Hear from You!
- Introduction
- 1. Introduction to Active Directory Domain Services
- 2. Prepare for Active Directory Domain Services Installation
-
3. Install and Uninstall Active Directory Domain Services
- Install a New Windows Server 2008 Forest
- Install a New Windows Server 2008 Child Domain
- Install a New Windows Server 2008 Domain Tree
- Install an Additional Windows Server 2008 Domain Controller
- Perform a Staged Installation of a Read-Only Domain Controller
- Install AD DS from Restored Backup Media
- Remove a Domain Controller from a Domain
- Forcing the Removal of a Windows Server 2008 Domain Controller
- Performing Metadata Cleanup
- Rename a Domain Controller
-
4. Manage Trusts and Functional Levels
- Create Forest Trusts
- Create External Trusts
- Create Realm Trusts
- Create Shortcut Trusts
- Change the Routing Status of a Name Suffix
- Enable or Disable an Existing Name Suffix from Routing
- Exclude Name Suffixes from Routing to a Local Forest
- Configure Authentication Scope for a Trust
- Validate Trusts
- Remove Trusts
- Add a User Principal Name to a Forest
- Remove a User Principal Name from a Forest
- Configure Domain Functional Levels
- Configure Forest Functional Levels
-
5. Manage Operations Master Roles and Global Catalog Servers
- Enable the Global Catalog Role
- Disable the Global Catalog Role
- Verify Global Catalog Server Readiness
- Verify Global Catalog DNS Registrations
- Determine Global Catalog Servers
- Identify Operations Master Role Holders
- Validate Domain Controller Advertising
- Transfer the Schema Master Role
- Transfer the Domain Naming Master Role
- Transfer the RID Master Role
- Transfer the PDC Emulator Role
- Transfer the Infrastructure Master Role
- Seize the Schema Master Role
- Seize the Domain Naming Master Role
- Seize the RID Master Role
- Seize the PDC Emulator Role
- Seize the Infrastructure Master Role
-
6. Manage Sites and Replication
- Create Sites
- Remove Sites
- Enable Universal Group Membership Caching
- Disable Universal Group Membership Caching
- Configure Site Properties
- Create Site Links
- Remove Site Links
- Configure Site Link Properties
- Associate a Site with a Site Link
- Create Site Link Bridges
- Remove Site Link Bridges
- Add a Subnet
- Remove a Subnet
- Move Domain Controllers Between Sites
- Enable a Domain Controller as a Preferred Bridgehead Server
- Disable a Domain Controller as a Preferred Bridgehead Server
- Create Manual Connection Objects
- Remove Connection Objects
- Disable KCC for a Site
- Enable KCC for a Site
- Disable Inbound Replication
- Enable Inbound Replication
- Disable Outbound Replication
- Enable Outbound Replication
- Disable the Bridge All Site Links Option
- Enable the Bridge All Site Links Option
- Verify Replication Is Functioning
- Trigger Replication
-
7. Manage the Active Directory Domain Services Schema
- Install the Active Directory Schema Snap-In
- Apply Active Directory Schema Administrative Permissions
- View Schema Class and Attribute Definitions
- Create Attributes
- Deactivate Attributes
- Activate Attributes
- Index Attributes
- Remove Attributes from the Index
- Add Attributes to Ambiguous Name Resolution Filter
- Remove Attributes from Ambiguous Name Resolution Filter
- Add Attributes to Global Catalog Replication
- Remove Attributes from Global Catalog Replication
- Configure Attributes to Be Copied When Duplicating Users
- Configure Attributes Not to Be Copied When Duplicating Users
- Configuring Attributes to Be Indexed for Containerized Searches
- Configuring Attributes Not to Be Indexed for Containerized Searches
- Configure Attribute Range
- Create Classes
- Deactivate Classes
- Activate Classes
- Configure Classes to Be Visible in Advanced View
- Configure Classes Not to Be Visible in Advanced View
- Configure Class Relationships
- Configure Class Attributes
-
8. Manage Active Directory Domain Services Data
- Create User Object
- Delete User Object
- Rename User Object
- Copy User Object
- Move User Object
- Add User to Group
- Disable a User Object
- Enable a User Object
- Reset a User Account Password
- Modify a User Object’s General Properties
- Modify a User Object’s Address Properties
- Modify a User Object’s Account Properties
- Modify a User’s Logon Hours
- Modify the Computers a User Can Log On To
- Modify a User Object’s Profile Properties
- Modify a User’s Object Telephone Properties
- Modify a User’s Object Organization Properties
- Modify a User’s Manager
- View a User Object’s Direct Reports
- Modify a User’s Group Membership
- Modify a User Object’s Dial-in Properties
- Modify a User Object’s Environment Properties
- Modify a User Object’s Sessions Properties
- Modify a User Object’s Remote Control Properties
- Modify a User Object’s Terminal Services Properties
- Modify a User Object’s COM+ Properties
- Modify a User Object’s Published Certificates Properties
- View the Password Replication Policies Applied to a User Object
- Modify a User Object’s Protection from Deletion Properties
- Modify a User Object’s Custom Attributes
- Create a Group Object
- Delete a Group Object
- Rename a Group Object
- Move a Group Object
- Add a Group to a Group
- Modify a Group Object’s General Properties
- Modify a Group Object’s Scope
- Modify a Group Object’s Type
- Modify a Group Object’s Members
- Modify a Group Object Managed By Properties
- Modify a Group Object Protection from Deletion
- Modify a Group Object’s Custom Attributes
- Create a Computer Object
- Delete a Computer Object
- Move a Computer Object
- Add a Computer to a Group
- Disable a Computer Object
- Enable a Computer Object
- Modify a Computer Object’s General Properties
- View a Computer Object’s Operating System Properties
- Modify a Computer Object’s Delegation Properties
- View the Password Replication Policies Applied to a Computer Object
- Modify a Computer Object’s Location Properties
- Modify a Computer Object’s Managed By Properties
- Modify a Computer Object’s Protection from Deletion
- Modify a Computer Object’s Custom Attributes
- Create an Organizational Unit
- Delete an Organizational Unit
- Rename an Organizational Unit
- Move an Organizational Unit
- Modify an Organizational Unit’s General Properties
- Modify an Organizational Unit’s Managed By Properties
- Modify an Organizational Unit’s COM+ Properties
- Modify an Organizational Unit’s Protection from Deletion
- Modify an Organizational Unit’s Custom Attributes
-
9. Manage Group Policy
- Create Group Policy Objects
- Delete Group Policy Objects
- Create Starter GPOs
- Delete Starter GPOs
- Create a New Group Policy Object from a Starter GPO
- Edit Group Policy Objects and Starter GPOs
- Copy Group Policy Objects and Starter GPOs
- Comment Group Policy Objects and Starter GPOs
- View, Print, and Save a Report for Group Policy Objects
- Back Up Group Policy Objects and Starter GPOs
- Restore Group Policy Objects and Starter GPOs
- Export a Starter GPO
- Import a Starter GPO
- Search Group Policy Objects
- Create a Migration Table
- Automatically Populate a Migration Table from a Group Policy Object
- Link a Group Policy Object
- Remove a Group Policy Object Link
- Disable a Group Policy Object Link
- Enable a Group Policy Object Link
- Enforce a Group Policy Object Link
- Remove the Enforcement of a Group Policy Object Link
- Block Inheritance of Group Policy Objects
- Remove Block Inheritance of Group Policy Objects
- Change the Order of Group Policy Object Links
- Filter Group Policy Object Scope by Using Security Groups
- Disable User Settings in a Group Policy Object
- Disable Computer Settings in a Group Policy Object
- Create a WMI Filter
- Import a WMI Filter
- Export a WMI Filter
- Copy a WMI Filter
- Link a WMI Filter to a Group Policy Object
- Determine a Resultant Set of Policy
- Simulate a Resultant Set of Policy Using Group Policy Modeling
- Delegate Permissions on a Group Policy Object
- Modify Delegated Permissions on a Group Policy Object
- Remove Delegated Permissions on a Group Policy Object
- Delegate Permissions to Link Group Policy Objects
- Modify Delegated Permissions to Link Group Policy Objects
- Remove Delegated Permissions to Link Group Policy Objects
- Delegate Permissions for Generating Group Policy Modeling Data
- Modify Delegated Permissions for Generating Group Policy Modeling Data
- Remove Delegated Permissions for Generating Group Policy Modeling Data
- Delegate Permissions for Generating Group Policy Results
- Modify Delegated Permissions for Generating Group Policy Results
- Remove Delegated Permissions for Generating Group Policy Results
- Delegate Permissions for WMI Filters
- Modify Delegated Permissions for WMI Filters
- Remove Delegated Permissions for WMI Filters
-
10. Manage Password Replication Policies
- Add a User, Group, or Computer to the Password Replication Policy
- Remove a User, Group, or Computer from the Password Replication Policy
- View Cached Credentials on a Read-Only Domain Controller
- Review Accounts That Have Been Authenticated on a Read-only Domain Controller
- Automatically Move Accounts That Have Been Authenticated by an RODC to the Allowed List
- Pre-populate the Password Cache for Read-only Domain Controller
- Reset the Credentials That Are Cached on a Read-only Domain Controller
-
11. Manage Fine-Grained Password and Account Lockout Policies
- Create Password Settings Objects
- Delete Password Settings Objects
- View Settings Defined in Password Settings Objects
- Modify Settings Defined in Password Settings Objects
- Apply a Password Settings Object to Users and Security Groups
- Modify the Precedence for Password Settings Objects
- View the Resultant Password Settings Objects for a User or Group
- Create Shadow Groups
-
12. Manage Active Directory Domain Services Backup and Recovery
- Install the Windows Server Backup Server Feature
- Perform an Unscheduled Backup of Critical Volumes of a Domain Controller
- Perform an Unscheduled System State Backup of a Domain Controller
- Perform an Unscheduled Full Server Backup of a Domain Controller
- Schedule Regular Full Server Backups of a Domain Controller
- Perform a Nonauthoritative Restore of Active Directory Domain Services
- Perform an Authoritative Restore of Deleted Active Directory Domain Services Objects
- Perform a Full Server Recovery of a Domain Controller
- Create a Onetime Active Directory Domain Services Snapshot
- Create Scheduled Active Directory Domain Services Snapshots
- Expose an Active Directory Domain Services Snapshot as an LDAP Server
- Access Data Stored in Active Directory Domain Services Snapshots
-
13. Manage Active Directory Domain Services Auditing
- Enable the Global Audit Policy
- Disable the Global Audit Policy
- Retrieve the State of Directory Service Access Auditing Subcategories
- Enable the Directory Service Access Auditing Subcategory
- Disable the Directory Service Access Auditing Subcategory
- Enable the Directory Service Changes Auditing Subcategory
- Disable the Directory Service Changes Auditing Subcategory
- Enable the Directory Service Replication Auditing Subcategory
- Disable the Directory Service Replication Auditing Subcategory
- Enable the Detailed Directory Service Replication Auditing Subcategory
- Disable the Detailed Directory Service Replication Auditing Subcategory
- Configure Auditing on Object Security Access Control Lists
- Exclude an Attribute from Directory Service Auditing
Product information
- Title: Active Directory Domain Services 2008 How-To
- Author(s):
- Release date: May 2009
- Publisher(s): Sams
- ISBN: None
You might also like
book
Windows Server 2008 Active Directory Domain Services
This guide is intended to assist designers in the decision-making process by providing a clear and …
book
MCSA/MCSE 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
The MCSE/MCSA 70-291 Exam Prep is the most accurate, comprehensive, and up-to-date study guide for you …
book
MCSE 70-294 Exam Cram: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
MCSA/MCSE 70-294 Exam Cram, Second Edition is the #1-selling quick-study guide to help you pass the …
book
Windows Server 2003 Security: A Technical Reference
"Once again, Roberta Bragg proves why she is a leading authority in the security field! It's …