Synopses & Reviews
When you need practical hands-on support for Active Directory, the updated edition of this extremely popular Cookbook provides quick solutions to more than 300 common (and uncommon) problems you might encounter when deploying, administering, and automating Microsoft's network directory service.
For the third edition, Active Directory expert Laura E. Hunter offers troubleshooting recipes based on valuable input from Windows administrators, in addition to her own experience. You'll find solutions for the Lightweight Directory Access Protocol (LDAP), ADAM (Active Directory Application Mode), multi-master replication, Domain Name System (DNS), Group Policy, the Active Directory Schema, and many other features. The Active Directory Cookbook will help you:
- Perform Active Directory tasks from the command line
- Use scripting technologies to automate Active Directory tasks
- Manage new Active Directory features, such as Read-Only Domain Controllers, fine-grained password policies, and more
- Create domains and trusts
- Locate users whose passwords are about to expire
- Apply a security filter to group policy objects
- Check for potential replication problems
- Restrict hosts from performing LDAP queries
- View DNS server performance statistics
Each recipe includes a discussion explaining how and why the solution works, so you can adapt the problem-solving techniques to similar situations. Active Directory Cookbook is ideal for any IT professional using Windows Server 2008, Exchange 2007, and Identity Lifecycle Manager 2007, including Active Directory administrators looking to automate task-based solutions.
"It is rare for me to visit a customer site and not see a copy of Active Directory Cookbook on a shelf somewhere, which is a testament to its usefulness. The Cookbook takes the pain out of everyday AD tasks by providing concise, clear and relevant recipes. The fact that the recipes are provided using different methods (graphical user interface, command line and scripting) means that the book is suitable for anyone working with AD on a day-to-day basis. The introduction of PowerShell examples in this latest edition will be of particular interest for those looking to transition from VBScript. Laura has also done a great job in extending the Cookbook in this edition to encompass the broad range of changes to AD in Windows Server 2008."
--Tony Murray, Founder of Activedir.org and Directory Services MVP
"If you already understand Active Directory fundamentals and are looking fora quick solution to common Active Directory related tasks, look no further,you have found the book that you need."
--joe Richards, Directory Services MVP
"The Active Directory Cookbook is the real deal... a soup-to-nuts catalog of every administrative task an Active Directory administrator needs to perform. If you administer an Active Directory installation, this is the very first book you have to put on your shelf."
--Gil Kirkpatrick, Chief Architect, Active Directory and Identity Management, Quest Software and Directory Services MVP
IT professionals in the Windows Server space, particularly Active Directory administrators need this book. Active Directory Cookbook is a must-have for newer administrators who want to move toward automating their task-based solutions, as well as a reference for more seasoned administrators to have on-hand when performing less common tasks. Updated to include Windows Server 2008 and Exchange 2007 Explains how to manage a vast array of AD topics
Active Directory Cookbook is a cornerstone for IT professionals in the Windows Server space, particularly Active Directory administrators, who want to automate their task-based solutions, as well as a reference for more seasoned administrators to have on-hand when performing less commonplace tasks. This update to Active Directory Cookbookcovers changes to Windows Server 2008, as well as Exchange 2007 and ILM.
About the Author
Laura E. Hunter is an Architect with the Oxford Computer Group, specializing in Microsoft Identity and Access Management technologies. Her specialties include Active Directory design and implementation, troubleshooting, and security topics. Laura is a Microsoft MVP for Windows Server-Networking.
Laura's previous experience includes a position as an ADArchitect for a global engineering firm, IT Project Leader with theUniversity of Pennsylvania, and the Director of Computer Services for the Salvation Army.
She also operates as an independent technical speaker andwriter. Laura has a Bachelor's Degree in American History and a Master's Degree in Computer Science from the University of Pennsylvania.
Table of Contents
Preface; Who Should Read This Book?; What's in This Book?; Conventions Used in This Book; Using Code Examples; Safari® Books Online; We'd Like Your Feedback!; Acknowledgments; Chapter 1: Getting Started; 1.1 Approach to the Book; 1.2 Where to Find the Tools; 1.3 Getting Familiar with LDIF; 1.4 Programming Notes; 1.5 Replaceable Text; 1.6 Where to Find More Information; Chapter 2: Forests, Domains, and Trusts; 2.1 Introduction; 2.2 Creating a Forest; 2.3 Removing a Forest; 2.4 Creating a Domain; 2.5 Removing a Domain; 2.6 Removing an Orphaned Domain; 2.7 Finding the Domains in a Forest; 2.8 Finding the NetBIOS Name of a Domain; 2.9 Renaming a Domain; 2.10 Raising the Domain Mode to Windows 2000 Native Mode; 2.11 Viewing and Raising the Functional Level of a Windows Server 2003 or 2008 Domain; 2.12 Raising the Functional Level of a Windows Server 2003 or 2008 Forest; 2.13 Using AdPrep to Prepare a Domain or Forest for Windows Server 2003 or 2008; 2.14 Determining Whether AdPrep Has Completed; 2.15 Checking If a Windows Domain Controller Can Be Upgraded to Windows Server 2003 or 2008; 2.16 Creating an External Trust; 2.17 Creating a Transitive Trust Between Two AD Forests; 2.18 Creating a Shortcut Trust Between Two AD Domains; 2.19 Creating a Trust to a Kerberos Realm; 2.20 Viewing the Trusts for a Domain; 2.21 Verifying a Trust; 2.22 Resetting a Trust; 2.23 Removing a Trust; 2.24 Enabling SID Filtering for a Trust; 2.25 Enabling Quarantine for a Trust; 2.26 Managing Selective Authentication for a Trust; 2.27 Finding Duplicate SIDs in a Domain; 2.28 Adding Additional Fields to Active Directory Users and Computers; Chapter 3: Domain Controllers, Global Catalogs, and FSMOs; 3.1 Introduction; 3.2 Promoting a Domain Controller; 3.3 Promoting a Read-Only Domain Controller; 3.4 Performing a Two-Stage RODC Installation; 3.5 Modifying the Password Replication Policy; 3.6 Promoting a Windows Server 2003 Domain Controller from Media; 3.7 Promoting a Windows Server 2008 Domain Controller from Media; 3.8 Demoting a Domain Controller; 3.9 Automating the Promotion or Demotion of a Domain Controller; 3.10 Troubleshooting Domain Controller Promotion or Demotion Problems; 3.11 Verifying the Promotion of a Domain Controller; 3.12 Removing an Unsuccessfully Demoted Domain Controller; 3.13 Renaming a Domain Controller; 3.14 Finding the Domain Controllers for a Domain; 3.15 Finding the Closest Domain Controller; 3.16 Finding a Domain Controller's Site; 3.17 Moving a Domain Controller to a Different Site; 3.18 Finding the Services a Domain Controller Is Advertising; 3.19 Restoring a Deleted Domain Controller; 3.20 Resetting the TCP/IP Stack on a Domain Controller; 3.21 Configuring a Domain Controller to Use an External Time Source; 3.22 Finding the Number of Logon Attempts Made Against a Domain Controller; 3.23 Enabling the /3GB Switch to Increase the LSASS Cache; 3.24 Cleaning Up Distributed Link Tracking Objects; 3.25 Enabling and Disabling the Global Catalog; 3.26 Determining Whether Global Catalog Promotion Is Complete; 3.27 Finding the Global Catalog Servers in a Forest; 3.28 Finding the Domain Controllers or Global Catalog Servers in a Site; 3.29 Finding Domain Controllers and Global Catalogs via DNS; 3.30 Changing the Preference for a Domain Controller; 3.31 Disabling the Global Catalog Requirement During a Domain Login; 3.32 Disabling the Global Catalog Requirement for Windows Server 2003 or Windows Server 2008; 3.33 Finding the FSMO Role Holders; 3.34 Transferring a FSMO Role; 3.35 Seizing a FSMO Role; 3.36 Finding the PDC Emulator FSMO Role Owner via DNS; 3.37 Finding the PDC Emulator FSMO Role Owner via WINS; Chapter 4: Searching and Manipulating Objects; 4.1 Introduction; 4.2 Viewing the RootDSE; 4.3 Viewing the Attributes of an Object; 4.4 Counting Objects in Active Directory; 4.5 Using LDAP Controls; 4.6 Using a Fast or Concurrent Bind; 4.7 Connecting to an Object GUID; 4.8 Connecting to a Well-Known GUID; 4.9 Searching for Objects in a Domain; 4.10 Searching the Global Catalog; 4.11 Searching for a Large Number of Objects; 4.12 Searching with an Attribute-Scoped Query; 4.13 Searching with a Bitwise Filter; 4.14 Creating an Object; 4.15 Modifying an Object; 4.16 Modifying a Bit Flag Attribute; 4.17 Dynamically Linking an Auxiliary Class; 4.18 Creating a Dynamic Object; 4.19 Refreshing a Dynamic Object; 4.20 Modifying the Default TTL Settings for Dynamic Objects; 4.21 Moving an Object to a Different OU or Container; 4.22 Moving an Object to a Different Domain; 4.23 Referencing an External Domain; 4.24 Renaming an Object; 4.25 Deleting an Object; 4.26 Deleting a Container That Has Child Objects; 4.27 Viewing the Created and Last Modified Timestamp of an Object; 4.28 Modifying the Default LDAP Query Policy; 4.29 Exporting Objects to an LDIF File; 4.30 Importing Objects Using an LDIF File; 4.31 Exporting Objects to a CSV File; 4.32 Importing Objects Using a CSV File; Chapter 5: Organizational Units; 5.1 Introduction; 5.2 Creating an OU; 5.3 Enumerating the OUs in a Domain; 5.4 Finding an OU; 5.5 Enumerating the Objects in an OU; 5.6 Deleting the Objects in an OU; 5.7 Deleting an OU; 5.8 Moving the Objects in an OU to a Different OU; 5.9 Moving an OU; 5.10 Renaming an OU; 5.11 Modifying an OU; 5.12 Determining Approximately How Many Child Objects an OU Has; 5.13 Delegating Control of an OU; 5.14 Assigning or Removing a Manager for an OU; 5.15 Linking a GPO to an OU; 5.16 Protecting an OU Against Accidental Deletion; Chapter 6: Users; 6.1 Introduction; 6.2 Modifying the Default Display Name Used When Creating Users in ADUC; 6.3 Creating a User; 6.4 Creating a Large Number of Users; 6.5 Creating an inetOrgPerson User; 6.6 Converting a user Object to an inetOrgPerson Object (or Vice Versa); 6.7 Modifying an Attribute for Several Users at Once; 6.8 Deleting a User; 6.9 Setting a User's Profile Attributes; 6.10 Moving a User; 6.11 Redirecting Users to an Alternative OU; 6.12 Renaming a User; 6.13 Copying a User; 6.14 Finding Locked-Out Users; 6.15 Unlocking a User; 6.16 Troubleshooting Account Lockout Problems; 6.17 Viewing the Domain-Wide Account Lockout and Password Policies; 6.18 Applying a Fine-Grained Password Policy to a User Object; 6.19 Viewing the Fine-Grained Password Policy That Is in Effect for a User Account; 6.20 Enabling and Disabling a User; 6.21 Finding Disabled Users; 6.22 Viewing a User's Group Membership; 6.23 Removing All Group Memberships from a User; 6.24 Changing a User's Primary Group; 6.25 Copying a User's Group Membership to Another User; 6.26 Setting a User's Password; 6.27 Preventing a User from Changing a Password; 6.28 Requiring a User to Change a Password at Next Logon; 6.29 Preventing a User's Password from Expiring; 6.30 Finding Users Whose Passwords Are About to Expire; 6.31 Viewing the RODCs That Have Cached a User's Password; 6.32 Setting a User's Account Options (userAccountControl); 6.33 Setting a User's Account to Expire; 6.34 Determining a User's Last Logon Time; 6.35 Finding Users Who Have Not Logged On Recently; 6.36 Viewing and Modifying a User's Permitted Logon Hours; 6.37 Viewing a User's Managed Objects; 6.38 Creating a UPN Suffix for a Forest; 6.39 Restoring a Deleted User; 6.40 Protecting a User Against Accidental Deletion; Chapter 7: Groups; 7.1 Introduction; 7.2 Creating a Group; 7.3 Viewing the Permissions of a Group; 7.4 Viewing the Direct Members of a Group; 7.5 Viewing the Nested Members of a Group; 7.6 Adding and Removing Members of a Group; 7.7 Moving a Group Within a Domain; 7.8 Moving a Group to Another Domain; 7.9 Changing the Scope or Type of a Group; 7.10 Modifying Group Attributes; 7.11 Creating a Dynamic Group; 7.12 Delegating Control for Managing Membership of a Group; 7.13 Resolving a Primary Group ID; 7.14 Enabling Universal Group Membership Caching; 7.15 Restoring a Deleted Group; 7.16 Protecting a Group Against Accidental Deletion; 7.17 Applying a Fine-Grained Password Policy to a Group Object; Chapter 8: Computer Objects; 8.1 Introduction; 8.2 The Anatomy of a computer Object; 8.3 Creating a Computer; 8.4 Creating a Computer for a Specific User or Group; 8.5 Deleting a Computer; 8.6 Joining a Computer to a Domain; 8.7 Moving a Computer Within the Same Domain; 8.8 Moving a Computer to a New Domain; 8.9 Renaming a Computer; 8.10 Adding or Removing a Computer Account from a Group; 8.11 Testing the Secure Channel for a Computer; 8.12 Resetting a Computer Account; 8.13 Finding Inactive or Unused Computers; 8.14 Changing the Maximum Number of Computers a User Can Join to the Domain; 8.15 Modifying the Attributes of a computer Object; 8.16 Finding Computers with a Particular OS; 8.17 Binding to the Default Container for Computers; 8.18 Changing the Default Container for Computers; 8.19 Listing All the Computer Accounts in a Domain; 8.20 Identifying a Computer Role; 8.21 Protecting a Computer Against Accidental Deletion; 8.22 Viewing the RODCs That Have Cached a Computer's Password; Chapter 9: Group Policy Objects; 9.1 Introduction; 9.2 Finding the GPOs in a Domain; 9.3 Creating a GPO; 9.4 Copying a GPO; 9.5 Deleting a GPO; 9.6 Viewing the Settings of a GPO; 9.7 Modifying the Settings of a GPO; 9.8 Importing Settings into a GPO; 9.9 Creating a Migration Table; 9.10 Creating Custom Group Policy Settings; 9.11 Assigning Logon/Logoff and Startup/Shutdown Scripts in a GPO; 9.12 Installing Applications with a GPO; 9.13 Disabling the User or Computer Settings in a GPO; 9.14 Listing the Links for a GPO; 9.15 Creating a GPO Link to an OU; 9.16 Blocking Inheritance of GPOs on an OU; 9.17 Enforcing the Settings of a GPO Link; 9.18 Applying a Security Filter to a GPO; 9.19 Delegating Administration of GPOs; 9.20 Importing a Security Template; 9.21 Creating a WMI Filter; 9.22 Applying a WMI Filter to a GPO; 9.23 Configuring Loopback Processing for a GPO; 9.24 Backing Up a GPO; 9.25 Restoring a GPO; 9.26 Simulating the RSoP; 9.27 Viewing the RSoP; 9.28 Refreshing GPO Settings on a Computer; 9.29 Restoring a Default GPO; 9.30 Creating a Fine-Grained Password Policy; 9.31 Editing a Fine-Grained Password Policy; 9.32 Viewing the Effective PSO for a User; Chapter 10: Schema; 10.1 Introduction; 10.2 Registering the Active Directory Schema MMC Snap-in; 10.3 Enabling Schema Updates; 10.4 Generating an OID to Use for a New Class or Attribute; 10.5 Extending the Schema; 10.6 Preparing the Schema for an Active Directory Upgrade; 10.7 Documenting Schema Extensions; 10.8 Adding a New Attribute; 10.9 Viewing an Attribute; 10.10 Adding a New Class; 10.11 Viewing a Class; 10.12 Indexing an Attribute; 10.13 Modifying the Attributes That Are Copied When Duplicating a User; 10.14 Adding Custom Information to ADUC; 10.15 Modifying the Attributes Included with ANR; 10.16 Modifying the Set of Attributes Stored on a Global Catalog; 10.17 Finding Nonreplicated and Constructed Attributes; 10.18 Finding the Linked Attributes; 10.19 Finding the Structural, Auxiliary, Abstract, and 88 Classes; 10.20 Finding the Mandatory and Optional Attributes of a Class; 10.21 Modifying the Default Security of a Class; 10.22 Managing the Confidentiality Bit; 10.23 Adding an Attribute to the Read-Only Filtered Attribute Set (RO-FAS); 10.24 Deactivating Classes and Attributes; 10.25 Redefining Classes and Attributes; 10.26 Reloading the Schema Cache; 10.27 Managing the Schema Master FSMO; Chapter 11: Site Topology; 11.1 Introduction; 11.2 Creating a Site; 11.3 Listing Sites in a Forest; 11.4 Renaming a Site; 11.5 Deleting a Site; 11.6 Delegating Control of a Site; 11.7 Configuring Universal Group Caching for a Site; 11.8 Creating a Subnet; 11.9 Listing the Subnets; 11.10 Finding Missing Subnets; 11.11 Deleting a Subnet; 11.12 Changing a Subnet's Site Assignment; 11.13 Creating a Site Link; 11.14 Finding the Site Links for a Site; 11.15 Modifying the Sites That Are Part of a Site Link; 11.16 Modifying the Cost for a Site Link; 11.17 Enabling Change Notification for a Site Link; 11.18 Modifying Replication Schedules; 11.19 Disabling Site Link Transitivity or Site Link Schedules; 11.20 Creating a Site Link Bridge; 11.21 Finding the Bridgehead Servers for a Site; 11.22 Setting a Preferred Bridgehead Server for a Site; 11.23 Listing the Servers; 11.24 Moving a Domain Controller to a Different Site; 11.25 Configuring a Domain Controller to Cover Multiple Sites; 11.26 Viewing the Site Coverage for a Domain Controller; 11.27 Disabling Automatic Site Coverage for a Domain Controller; 11.28 Finding the Site for a Client; 11.29 Forcing a Host into a Particular Site; 11.30 Creating a Connection Object; 11.31 Listing the connection Objects for a Server; 11.32 Load-Balancing connection Objects; 11.33 Finding the ISTG for a Site; 11.34 Transferring the ISTG to Another Server; 11.35 Triggering the KCC; 11.36 Determining Whether the KCC Is Completing Successfully; 11.37 Disabling the KCC for a Site; 11.38 Changing the Interval at Which the KCC Runs; Chapter 12: Replication; 12.1 Introduction; 12.2 Determining Whether Two Domain Controllers Are in Sync; 12.3 Viewing the Replication Status of Several Domain Controllers; 12.4 Viewing Unreplicated Changes Between Two Domain Controllers; 12.5 Forcing Replication from One Domain Controller to Another; 12.6 Enabling and Disabling Replication; 12.7 Changing the Intra-Site Replication Interval; 12.8 Changing the Intra-Site Notification Delay; 12.9 Changing the Inter-Site Replication Interval; 12.10 Disabling Inter-Site Compression of Replication Traffic; 12.11 Checking for Potential Replication Problems; 12.12 Enabling Enhanced Logging of Replication Events; 12.13 Enabling Strict or Loose Replication Consistency; 12.14 Finding Conflict Objects; 12.15 Finding Orphaned Objects; 12.16 Listing the Replication Partners for a DC; 12.17 Viewing Object Metadata; Chapter 13: DNS and DHCP; 13.1 Introduction; 13.2 Creating a Forward Lookup Zone; 13.3 Creating a Reverse Lookup Zone; 13.4 Viewing a Server's Zones; 13.5 Converting a Zone to an AD-Integrated Zone; 13.6 Moving AD-Integrated Zones into an Application Partition; 13.7 Configuring Zone Transfers; 13.8 Configuring Forwarding; 13.9 Delegating Control of an Active Directory Integrated Zone; 13.10 Creating and Deleting Resource Records; 13.11 Querying Resource Records; 13.12 Modifying the DNS Server Configuration; 13.13 Scavenging Old Resource Records; 13.14 Clearing the DNS Cache; 13.15 Verifying That a Domain Controller Can Register Its Resource Records; 13.16 Enabling DNS Server Debug Logging; 13.17 Registering a Domain Controller's Resource Records; 13.18 Deregistering a Domain Controller's Resource Records; 13.19 Preventing a Domain Controller from Dynamically Registering All Resource Records; 13.20 Preventing a Domain Controller from Dynamically Registering Certain Resource Records; 13.21 Allowing Computers to Use a Different Domain Suffix Than Their AD Domain; 13.22 Authorizing a DHCP Server; 13.23 Locating Unauthorized DHCP Servers; 13.24 Restricting DHCP Administrators; Chapter 14: Security and Authentication; 14.1 Introduction; 14.2 Enabling SSL/TLS; 14.3 Encrypting LDAP Traffic with SSL, TLS, or Signing; 14.4 Disabling LDAP Signing or Encryption; 14.5 Enabling Anonymous LDAP Access; 14.6 Restricting Anonymous Access to Active Directory; 14.7 Using the Delegation of Control Wizard; 14.8 Customizing the Delegation of Control Wizard; 14.9 Revoking Delegated Permissions; 14.10 Viewing the ACL for an Object; 14.11 Customizing the ACL Editor; 14.12 Viewing the Effective Permissions on an Object; 14.13 Configuring Permission Inheritance; 14.14 Changing the ACL of an Object; 14.15 Changing the Default ACL for an Object Class in the Schema; 14.16 Comparing the ACL of an Object to the Default Defined in the Schema; 14.17 Resetting an Object's ACL to the Default Defined in the Schema; 14.18 Preventing the LM Hash of a Password from Being Stored; 14.19 Enabling Strong Domain Authentication; 14.20 Enabling List Object Access Mode; 14.21 Modifying the ACL on Administrator Accounts; 14.22 Viewing and Purging Your Kerberos Tickets; 14.23 Forcing Kerberos to Use TCP; 14.24 Modifying Kerberos Settings; 14.25 Viewing Access Tokens; Chapter 15: Logging, Monitoring, and Quotas; 15.1 Introduction; 15.2 Enabling Extended dcpromo Logging; 15.3 Enabling Diagnostics Logging; 15.4 Enabling NetLogon Logging; 15.5 Enabling GPO Client Logging; 15.6 Enabling Kerberos Logging; 15.7 Viewing DNS Server Performance Statistics; 15.8 Monitoring the File Replication Service; 15.9 Monitoring the Windows Time Service; 15.10 Enabling Inefficient and Expensive LDAP Query Logging; 15.11 Using the STATS Control to View LDAP Query Statistics; 15.12 Monitoring the Performance of AD; 15.13 Using Perfmon Trace Logs to Monitor AD; 15.14 Creating an Administrative Alert; 15.15 Emailing an Administrator on a Performance Alert; 15.16 Enabling Auditing of Directory Access; 15.17 Enabling Auditing of Registry Keys; 15.18 Creating a Quota; 15.19 Finding the Quotas Assigned to a Security Principal; 15.20 Changing How Tombstone Objects Count Against Quota Usage; 15.21 Setting the Default Quota for All Security Principals in a Partition; 15.22 Finding the Quota Usage for a Security Principal; Chapter 16: Backup, Recovery, DIT Maintenance, and Deleted Objects; 16.1 Introduction; 16.2 Backing Up Active Directory in Windows 2000 and Windows Server 2003; 16.3 Backing Up Active Directory in Windows Server 2008; 16.4 Creating an Active Directory Snapshot; 16.5 Mounting an Active Directory Snapshot; 16.6 Accessing Active Directory Snapshot Data; 16.7 Restarting a Domain Controller in Directory Services Restore Mode; 16.8 Resetting the Directory Service Restore Mode Administrator Password; 16.9 Performing a Nonauthoritative Restore; 16.10 Performing an Authoritative Restore of an Object or Subtree; 16.11 Performing a Complete Authoritative Restore; 16.12 Checking the DIT File's Integrity; 16.13 Moving the DIT Files; 16.14 Repairing or Recovering the DIT; 16.15 Performing an Online Defrag Manually; 16.16 Performing a Database Recovery; 16.17 Creating a Reserve File; 16.18 Determining How Much Whitespace Is in the DIT; 16.19 Performing an Offline Defrag to Reclaim Space; 16.20 Changing the Garbage Collection Interval; 16.21 Logging the Number of Expired Tombstone Objects; 16.22 Determining the Size of the Active Directory Database; 16.23 Searching for Deleted Objects; 16.24 Undeleting a Single Object; 16.25 Undeleting a Container Object; 16.26 Modifying the Tombstone Lifetime for a Domain; Chapter 17: Application Partitions; 17.1 Introduction; 17.2 Creating and Deleting an Application Partition; 17.3 Finding the Application Partitions in a Forest; 17.4 Adding or Removing a Replica Server for an Application Partition; 17.5 Finding the Replica Servers for an Application Partition; 17.6 Finding the Application Partitions Hosted by a Server; 17.7 Verifying Application Partitions Are Instantiated on a Server Correctly; 17.8 Setting the Replication Notification Delay for an Application Partition; 17.9 Setting the Reference Domain for an Application Partition; 17.10 Delegating Control of Managing an Application Partition; Chapter 18: Active Directory Application Mode and Active Directory Lightweight Directory Service; 18.1 Introduction; 18.2 Installing ADAM/AD LDS; 18.3 Creating a New ADAM/AD LDS Instance; 18.4 Creating a New Replica of an ADAM/AD LDS Configuration Set; 18.5 Stopping and Starting an ADAM/AD LDS Instance; 18.6 Changing the Ports Used by an ADAM/AD LDS Instance; 18.7 Listing the ADAM Instances Installed on a Computer; 18.8 Extending the ADAM/AD LDS Schema; 18.9 Managing ADAM/AD LDS Application Partitions; 18.10 Managing ADAM/AD LDS Organizational Units; 18.11 Managing ADAM Users; 18.12 Changing the Password for an ADAM or AD LDS User; 18.13 Enabling and Disabling an ADAM User; 18.14 Creating ADAM or AD LDS Groups; 18.15 Managing ADAM or AD LDS Group Memberships; 18.16 Viewing and Modifying ADAM Object Attributes; 18.17 Importing Data into an ADAM or AD LDS Instance; 18.18 Configuring Intra-site Replication; 18.19 Forcing ADAM/AD LDS Replication; 18.20 Managing AD LDS Replication Authentication; 18.21 Managing ADAM/AD LDS Permissions; 18.22 Enabling Auditing of AD LDS Access; Chapter 19: Active Directory Federation Services; 19.1 Introduction; 19.2 Installing AD FS Prerequisites for Windows Server 2003 R2; 19.3 Installing AD FS Prerequisites for Windows Server 2008; 19.4 Installing the Federation Service in Windows Server 2003 R2; 19.5 Installing the Federation Service on Windows Server 2008; 19.6 Configuring an Active Directory Account Store; 19.7 Configuring an ADAM or AD LDS Account Store; 19.8 Creating Organizational Claims; 19.9 Creating an Account Partner; 19.10 Configuring a Resource Partner; 19.11 Configuring an Application; 19.12 Configuring a Forest Trust; 19.13 Configuring an Alternate UPN Suffix; 19.14 Configuring the AD FS Web Agent; 19.15 Enabling Logging for the AD FS Web Agent; Chapter 20: Microsoft Exchange Server 2007 and Exchange Server 2003; 20.1 Introduction; 20.2 Exchange Server and Active Directory; 20.3 Exchange Server 2007 Architecture; 20.4 Exchange Administration Tools; 20.5 Preparing Active Directory for Exchange; 20.6 Installing the First Exchange Server in an Organization; 20.7 Creating Unattended Installation Files for Exchange Server; 20.8 Installing Exchange Management Tools; 20.9 Stopping and Starting Exchange Server; 20.10 Mail-Enabling a User; 20.11 Mail-Disabling a User; 20.12 Mailbox-Enabling a User; 20.13 Deleting a User's Mailbox; 20.14 Moving a Mailbox; 20.15 Viewing Mailbox Sizes and Message Counts; 20.16 Configuring Mailbox Limits; 20.17 Creating an Address List; 20.18 Creating a Storage Group; 20.19 Creating a Mailbox Store; 20.20 Installing Anti-Spam Agents on the Hub Transport Servers; 20.21 Enabling Message Tracking; 20.22 Summary; Chapter 21: Microsoft Identity Lifecycle Manager; 21.1 Introduction; 21.2 Creating the HR Database MA; 21.3 Creating an Active Directory MA; 21.4 Setting Up a Metaverse Object Deletion Rule; 21.5 Setting Up Simple Import Attribute Flow--HR Database MA; 21.6 Setting Up a Simple Export Attribute Flow to AD; 21.7 Defining an Advanced Import Attribute Flow--HR Database MA; 21.8 Implementing an Advanced Attribute Flow Rules Extension--HR Database MA; 21.9 Setting Up Advanced Export Attribute Flow in Active Directory; 21.10 Configuring a Run Profile to Do an Initial Load of Data from the HR Database MA; 21.11 Loading Initial HR Database Data into ILM Using a Run Profile; 21.12 Configuring a Run Profile to Load the Container Structure from AD; 21.13 Loading the Initial AD Container Structure into ILM Using a Run Profile; 21.14 Setting Up the HR Database MA to Project Objects to the Metaverse; 21.15 Writing a Rules Extension to Provision User Objects; 21.16 Creating a Run Profile for Provisioning; 21.17 Executing the Provisioning Rule; 21.18 Creating a Run Profile to Export Objects from the ADMA to Active Directory; 21.19 Exporting Objects to AD Using an Export Run Profile; 21.20 Testing Provisioning and Deprovisioning of User Accounts in AD; 21.21 Creating a Run Profile Script; 21.22 Creating a Controlling Script; 21.23 Enabling Directory Synchronization from AD to the HR Database; 21.24 Configuring a Run Profile to Load the telephoneNumber from AD; 21.25 Loading telephoneNumber Changes from AD into ILM Using a Delta Import and Delta Synchronization Run Profile; 21.26 Exporting telephoneNumber Data to the HR Database; 21.27 Using the HR Database MA Export Run Profile to Export the Telephone Number to the HR Database; 21.28 Searching Data in the Connector Space; 21.29 Searching Data in the Metaverse; 21.30 Deleting Data in the Connector Space and Metaverse; 21.31 Extending Object Types to Include a New Attribute; 21.32 Previewing Changes to the ILM Configuration; 21.33 Committing Changes to Individual Identities Using the Commit Preview Feature; 21.34 Passing Data Between Rules Extensions Using Transaction Properties; 21.35 Using a Single Rules Extension to Affect Multiple Attribute Flows; 21.36 Flowing a Null Value to a Data Source; 21.37 Contributing a UTCCodedTime Attribute in Active Directory; 21.38 Importing and Decoding the accountExpires Attribute; 21.39 Exporting and Encoding the accountExpires Attribute; Colophon;