CHAPTER 1 WHAT IS A DIRECTORY SERVICE?
A Directory
Objects
Attributes
The Way Things Were
Advantages of a Directory Service
Example 1
Without a Directory Service
With a Directory Service
Example 2
Without a Directory Service
With a Directory Service
Example 3
Without a Directory Service
With a Directory Service
The Building Blocks of a Directory Service
Why Has It Not Been Done Sooner?
Banyan Systems Street Talk
Novell Directory Services(NDS)
What about Now?
Microsoft’s Active Directory Service
Let’s Get Technical
Chapter Summary
CHAPTER 2 ALL ROADS LEAD TO X.500
One Standard for All
The History of X.500
How It All Began
X.500-The Service,the Myth,the Legend
What Is a Hierarchical Structure?
Application Relationships
Container and Noncontainer Objects
Client Access Protocols:DAP and LDAP
Directory Access Protocol(DAP)
LDAP
The Innards of LDAP
How Does LDAP Really Work?
DSAs,DUAs,and DITs,Okay?
LDAP and Active Directory
Chapter Summary
Review Questions
Real-World Project
CHAPTER 3 THE FUNDAMENTALS OF ACTIVE DIRECTORY
Active Directory Strengths
The Way It Was
Simplified Administration
Security
Scalability
Extensibility
Open Standard Support
Interoperability
The Nitty Gritty on Addressing
Objects
Groups
Organizational Units
Domains
Trees
Forest
Sites
Global Catalog
Schema
Naming Cinventions
Active Directory Services Interface
Chapter Summary
Review Questions
Real-World Project
CHAPTER 4 TCP/IP,WINS,AND DHCP
TCP/IP
A Bit of History
The Four Layers of TCP/IP
Transport Layer
Application Layer
TCP/IP Addressing Scheme
Assigning the TCP/IP Address
TCP/IP Utilities
Testing Your Configuration
DHCP
How DHCP Works
Step One:DHCPDISCOVER
Step Two:DHCPOFFER
Step Three:DHCPREQUEST
Step Four:DHCPACK
What If Something Goes Wrong
Automatic Private Addressing
Renewing and Releasing the Lease
Backing Up the DHCP Database
Restoring the DHCP Database
WINS
How Does WINS Work
WINS Name Registration Process
Renewing Your Registration
When the Client Is Done with the IP Address
Looking for Somebody on the Network
WINS Proxy Agent
Configuring WINS with the WINS Snap-In
Chapter Summary
Review Questions
Real-World Project
CHAPTER 5 DEVELOPING A DOMAIN NAME SERVICE(DNS)NAMESPACE STRATEGY
What Existed Before NDS?
What Is NDS?
Why Do We Use Uniform Resource Locators?
How Does DNS Function?
The Root and Top Levels
DNS Naming ConVentions
Zones
Name Servers
Types of Name Servers
Name Resolution
Recursive
Iterative
Caching
Forward and Reverse Lookup Zones
DNS Database Files
Start of Authority(SOA)
The Name Server(NS)Record
The Mail Exchange Record
The Host Record(A)
The CNAME Record
Other Important Files for DNS
Dynamic DNS!
DHCP and DDNS
The Internals of DDNS
Planning Your DNS Implementation
What’s In Name?
The Root of Your Name
Are You In or Are You Out?
Two Distince Namespaces
Single Namespace Implementation
Server Implementation
Creating Your Zones and Handling Replication
Chapter Summary
Review Questions
Real-World Project
CHAPTER 6 DESIGNING AND ACTIVE DIRECTORY DOMAIN
Domains
Organizational Units
Designing an Organizational Unit Structure
Strategy
The Number of Levels
Domains or Organizational Units
Security
Security Identifier
Security Descriptor
Groups
Implementing a Domain Structure
International Company
Nationwide Company
A Small Company
Delegation of Administration
Centralized Administration Model
Distributed Administration Model
Combination
Common Organizational Unit Models
Geographic Model
Object Model
Cost Center Model
Project Model
Division or Business Unit Model
Administration Model
Hybrid Model
Chapter Summary
Review Questions
Real-World Project
CHAPTER 7 DESIGNING A MULTIPLE DOMAIN STRUCTURE
Review of Single Domain Options
The Need for a Larger Tree
What Is a Domain Tree?
Transitive Trusts
Empty Root Domains
Forests
To Forest or Not to Forest?
shortcut Trusts
Forest Points to Remember
Multiple Forests
Design Considerations for Domain Architecture
The Root
The First Level
The Second Level
Scenario Review
Scenario One
Scenario Two
Scenario Three
Scenario Four
Scenario Five
Chapter Summary
Review Questions
Real-World Project
CHAPTER 8 GROUP POLICY IMPLEMENTATION
The User
Groups
Types of Groups
Groups of NT
Mixed Mode:The Slow Integration Process
Windows 2000 Security Groups in “Native Mode”
Domain Local Groups
Global Groups within Windows 2000
Universal Groups
Group Conversions
Illustrating Local,Global,and Universal Groups
Groups and the Global Catalog
Planning Your Group Strategy
Group Placement
Name that Group
Delegate Administrative Control
Implementation Options Reviewed
Scenario One
Scenario Two
Group Policies
Profiles vs.Policies
System Policies of NT 4
GPOs,GPCs,and GPTs
How Group Policies Are Applied
The Default Application of Policy
Overriding and Blocking of Inheritance
Filtering Group Policies
Inner Workings of a Group Policy
Planning:The Key to Global Policies
Method of Group Policy Application
Organizing Your Organizational Units
Minimize Block Policy and Override Features
Are You Counting Time,or Making Your Time Count?
Chapter Summary
Review Questions
Real-World Project
CHAPTER 9 ACTIVE DIRECTORY REPLICATION
Multi-master vs.Singlemaster Replication
Replication or Synchronization?
LDAP Data Interchange Format(LDIF)
Comma Separated Variable Import/Export Utility(CSVDE.EXE)
Into the Heart of Replication
Automatic and Manual Topologies
Active Directory Architecture
From the Top,Down
Extensible Storage Engine(ESE)
Database Layer
The Directory Service Agent
Update Requests
Deleted Objects-Where Do They Go?
From Origination to Replication
Sequence Numbers:The Nightmare Begins
Preventing Unnecessary Replication
Up-To-Date Vector(UTD Vector)
High Watermark Vector
Collisions:They Will Occur
Replication Partitions
Special Masters
Inter-and Intra-Site Replication
Intra-Site Replication
Inter-Site Replication
Manual Modifications
Monitoring Your Replication Traffic
Network Monitor
Performance Monitor
Chapter Summary
Review Questions
Real-World Project
CHAPTER 10 MANAGING SITE BOUNDARIES
Active Directory Sites
Logon Traffic
Replication Traffic
Distributed File System(DFS)Topology
File Replication Service(FRS)
Site Aware Applications
Replication Latency
Replication Effciency
Replication Cost
The Different Types of Replication
Intra-Site Replication
Inter-Site Replication
Seeing If Active Directory Sites Are Necessary
Placing the Domain controllers(DC)
Connectivity
Available Bandwidth
Replication Traffic
Site Links
Transport
Member Sites
Cost
Frequency
Schedule
Site Link Bridges
Planning Inter-Site Replication Topology
Transports
Bridgehead Servers
Inter-Site Topology Generator
Least-Cost Spanning Tree
Placing Servers in Sites
Placing the Global Catalog(GC)Server
Placing the Operation Masters
Chapter Summary
Review Questions
Real-World Project
CHAPTER 11 DESIGNING YOUR ACTIVE DIRECTORY INFRASTRUCTURE
A Functional Team
What Will the Team Handle?
What Roles Will the Team Members Play?
The Vision and the Scope
Vision
Scope
The Vision/Scope Document
Address Your Risks
Your Current Physical Infrastructure
Hardware and Software
Network Details
The Users within the Organization
The Goal
Design Your Directory Service Infrastructure
Design Your Naming Strategy
Design Your Domain(or Multiple Domain)Strategy
Design a Group Policy
Design Your Site Topology
Designing Your Schema
Planning for Growth
Delegation of Authority
Chapter Summary
Review Questions
Real-World Project
CHAPTER 12 ACTIVE DIRECTORY SECURITY FEATURES
Kerberos
A Kerberos Transaction
Kerberos Vocabulary
Kerberos and Transitive Trusts
File Access Permissions
NT 4 Perimission
File Permissions under Windows 2000
Encrypting File System(EFS)
How Does EFS Work?
Security Policy
Passwork Policy
Account Lockout Policy
Audit Policy
User Rights Assignment
Security Options
Smart Cards
How Do Smart Cards Work?
IP Security(IPSec)
The IPSec Monitor
Active directory Design and Security
Chapter Summary
Review Questions
Real-World Project
CHAPTER 13 MONITORING,OPTIMIZING,AND TROUBLESHOOTING ACTIVE DIRECTORY
Performance Console
Performance Console and Replication
Task Manager
Network Monitor
Replication Monitor
NTDSUTIL
SECEDIT
NETDOM
Miscellaneous Tools
NETSVC
DSASTAT
DNSCMD
MOVETREE
The Right Tool for the Job
Advanced Startup Options
Recovery Console
Backup and Restore Active Directory
Active Directory Restoration
Chapter Summary
Review Questions
Real-World Project
Chapter Summary
Review Questions
Real-World Project
CHAPTER 14 SCHEMA:DESING AND MODIFICATION
What Is the Schema?
Object Classes
Objects
Attributes
Syntax
Object Identifiers(OIDs)
Object Classes and Attributes Defined in the Schema
Before Modifying the Schema
Static
Low-Latency
Transient
Modifying the Schema
Installing Software Applications
Scripting
Using the Active Directory Schema Manager
Who Can Modify the Schema?
Items in the Schema that Can Be Modified
Modifying a Class
Creating a New Class
Modifying an Attribute
Creating a New Attribute
Deactivating a Class or an Attribute
Indexing an Attribute
Replicating an Attribute to the Global Catalog
Once the Modification Is Made
System Checks on the Schema
Time Interval Before Changes Take Effect
Schema Replication
Chapter Summary
Review Questions
Real-World Project
CHAPTER 15 DEPLOYING WINDOWS 2000 ACTIVE DIRECTORY
Evaluating the Organization
The Planning Team
The Vision and the Scope
Managing Risks
The Administrative Delegation Model
Physical Locations
The Current Business Practices
The Security Requirements
Future Growth of the Company
Existing Network Connections
Designing an Active Directory Structure
Delegation of Administrative Authority
Group Policies
The Domain Structure
Schema Policy
Site Topology
The Naming Strategy
Chapter Summary
Review Questions
Real-World Project
CHAPTER 16 MIGRATING FROM WINDOWS NT 4 TO ACTIVE DIRECTORY
The Different Planning Phases of Migration
Designing the Active Directory Structure
Choose a Migration Path
Develop a Domain Upgrade or a Restructure Strategy
Plan the Deployment of the Migration Strategy
The Migration Path
Defining the Existing Domain Arrangement
What Will Be Achieved from the Migration?
The Active Directory Design
Evaluating the Migration Paths
The Domain Upgrade Strategy
How Many Forests Are in the Design?
What Is the Site Topology of the Design?
What Are the Security and Administration Plans in the Design?
The Current Operating System
The Recovery Plan
Domain Upgrade Order
Upgrading Domain Controllers
Mixed Mode or Native Mode?
Post-Upgrade Tasks
Restructuring Domains
Inter-Forest Restructuring
Intra-Forest Restructuring
Domain Restructure Tools
Chapter Summary
Review Questions
Real-World Project
CHAPTER 17 ACTIVE DIRECTORY AND EXCHANGE SERVERS
Replication vs.Synchronization Revisited
The Active Directory Connector
Installing the Active Directory Connector
Connection Agreements with the ADC
Creating Connection Agreements
Putting Active Directory Connector to Work
Manage Your Objects Centrally
Troubleshoot Your Connector
Planning Your ADC
Do You Need the ADC?
Some Questions You Need to Resolve
A Review of the Scenario Models
Final Issues
Exchange 2000
Chapter Summary
Review Questions
Real-World Project
CHAPTER 18 SAMPLE TEST
CHAPTER 19 ANSWER KEY
APPENDIX A ANSWERS TO REVIEW QUESTIONS
APPENDIX B RFCs FOR TCP/IP FOR WINDOWS 2000
APPENDIX C EXAM OBJECTIVES
GLOSSARY
INDEX