Synopses & Reviews
Get the definitive, in-depth resource for designing, deploying, and maintaining Windows Server 2008 Active Directory in an enterprise environment. Written by experts on directory services and the Active Directory team at Microsoft, this technical resource is packed with concrete, real-world design and implementation guidance. Youll get in-depth guidance on installation, Active Directory components, replication, security, administration, and more. You also get answers to common questions from network architects, engineers, and administrators about Windows Server 2008 Active Directory—plus scripts, utilities, job aids, and a fully searchable eBook on CD.
A Note Regarding the CD or DVD
The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to email@example.com.
Get the definitive, in-depth resource for designing, deploying, and maintaining Windows Server 2008 Active Directory in an enterprise environment. Written by experts on directory services and the Active Directory team at Microsoft, this technical resource is packed with concrete, real-world design and implementation guidance. You’ll get in-depth guidance on installation, Active Directory components, replication, security, administration, and more. You also get answers to common questions from network architects, engineers, and administrators about Windows Server 2008 Active Directory—plus scripts, utilities, job aids, and a fully searchable eBook on CD.
For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.
About the Author
Stan Reimer works as an enterprise consultant, trainer, and writer. As a consultant, Stan has designed and implemented Exchange Server and Active Directory for some of the largest companies in Canada. As a trainer, Stan specializes in creating and teaching customized Exchange Server, Active Directory, and security courses. As a writer, Stan is the lead author for the Active Directory for Microsoft Windows Server 2003 Technical Reference (Microsoft Press, 2003) and other Exchange Server and ISA Server books, as well as the author of many Microsoft Learning courses. Conan Kezema has been involved in the computer technology field as an educator, systems consultant, network systems architect, and technical writer. He is a subject matter expert, instructional designer, and technical writer on numerous Microsoft-related projects. Mike Mulcare works for the Microsoft Corporation as the senior product manager for online learning products. During his eight years with Microsoft, Mike has developed numerous courses on directory services and Windows server networking, as both an instructional designer and subject matter expert. He is the coauthor, with Stan Reimer, of Active Directory for Microsoft Windows Server 2003 Technical Reference (Microsoft Press, 2003). Byron Wright performs network consulting, computer systems implementation, and technical training. Byron is also a sessional instructor, teaching management information systems and networking. Byron has authored a number of books on Windows servers, Windows Vista, and Exchange Server.
Table of Contents
Dedication; Acknowledgments; Introduction; Overview of Book; Document Conventions; Companion CD; Find Additional Content Online; Resource Kit Support Policy; Windows Server 2008 Active Directory Overview; Chapter 1: Whats New in Active Directory for Windows Server 2008; 1.1 Whats New in Active Directory Domain Services; 1.2 Additional Active Directory Service Roles; 1.3 Summary; Chapter 2: Active Directory Domain Services Components; 2.1 AD DS Physical Structure; 2.2 AD DS Logical Structure; 2.3 Summary; 2.4 Additional Resources; Chapter 3: Active Directory Domain Services and Domain Name System; 3.1 Integration of DNS and AD DS; 3.2 AD DS Integrated Zones; 3.3 Integrating DNS Namespaces and AD DS Domains; 3.4 Summary; 3.5 Best Practices; 3.6 Additional Resources; Chapter 4: Active Directory Domain Services Replication; 4.1 AD DS Replication Model; 4.2 Replication Process; 4.3 Replicating the SYSVOL Directory; 4.4 Intrasite and Intersite Replication; 4.5 Replication Topology Generation; 4.6 Configuring Intersite Replication; 4.7 Troubleshooting Replication; 4.8 Summary; 4.9 Best Practices; 4.10 Additional Resources; Designing and Implementing Windows Server 2008 Active Directory; Chapter 5: Designing the Active Directory Domain Services Structure; 5.1 Defining Directory Service Requirements; 5.2 Designing the Forest Structure; 5.3 Designing the Integration of Multiple Forests; 5.4 Designing the Domain Structure; 5.5 Designing Domain and Forest Functional Levels; 5.6 Designing the DNS Infrastructure; 5.7 Designing the Organizational Unit Structure; 5.8 Designing the Site Topology; 5.9 Summary; 5.10 Best Practices; 5.11 Additional Resources; Chapter 6: Installing Active Directory Domain Services; 6.1 Prerequisites for Installing AD DS; 6.2 Understanding AD DS Installation Options; 6.3 Using the Active Directory Domain Services Installation Wizard; 6.4 Performing an Unattended Installation; 6.5 Deploying Read-Only Domain Controllers; 6.6 Removing AD DS; 6.7 Summary; 6.8 Additional Resources; Chapter 7: Migrating to Active Directory Domain Services; 7.1 Migration Paths; 7.2 Determining Your Migration Path; 7.3 Upgrading the Domain; 7.4 Restructuring the Domain; 7.5 Intraforest Migration; 7.6 Configuring Interforest Trusts; 7.7 Summary; 7.8 Best Practices; 7.9 Additional Resources; Administering Windows Server 2008 Active Directory; Chapter 8: Active Directory Domain Services Security; 8.1 AD DS Security Basics; 8.2 Kerberos Security; 8.3 NTLM Authentication; 8.4 Implementing Security for Domain Controllers; 8.5 Designing Secure Administrative Practices; 8.6 Summary; 8.7 Best Practices; 8.8 Additional Resources; Chapter 9: Delegating the Administration of Active Directory Domain Services; 9.1 Active Directory Administration Tasks; 9.2 Accessing Active Directory Objects; 9.3 Active Directory Object Permissions; 9.4 Delegating Administrative Tasks; 9.5 Auditing the Use of Administrative Permissions; 9.6 Tools for Delegated Administration; 9.7 Planning for the Delegation of Administration; 9.8 Summary; 9.9 Additional Resources; Chapter 10: Managing Active Directory Objects; 10.1 Managing Users; 10.2 Managing Groups; 10.3 Managing Computers; 10.4 Managing Printer Objects; 10.5 Managing Published Shared Folders; 10.6 Automating Active Directory Object Management; 10.7 Summary; 10.8 Best Practices; 10.9 Additional Resources; Chapter 11: Introduction to Group Policy; 11.1 Group Policy Overview; 11.2 Group Policy Components; 11.3 Group Policy Processing; 11.4 Implementing Group Policy; 11.5 Managing Group Policy Objects; 11.6 Scripting Group Policy Management; 11.7 Planning a Group Policy Implementation; 11.8 Troubleshooting Group Policy; 11.9 Summary; 11.10 Additional Resources; Chapter 12: Using Group Policy to Manage User Desktops; 12.1 Desktop Management Using Group Policy; 12.2 Managing User Data and Profile Settings; 12.3 Administrative Templates; 12.4 Using Scripts to Manage the User Environment; 12.5 Deploying Software Using Group Policy; 12.6 Overview of Group Policy Preferences; 12.7 Summary; 12.8 Additional Resources; Chapter 13: Using Group Policy to Manage Security; 13.1 Configuring Domain Security with Group Policy; 13.2 Hardening Server Security Using Group Policy; 13.3 Configuring Network Security Using Group Policy; 13.4 Configuring Security Settings Using Security Templates; 13.5 Summary; 13.6 Additional Resources; Maintaining Windows Server 2008 Active Directory; Chapter 14: Monitoring and Maintaining Active Directory; 14.1 Monitoring Active Directory; 14.2 Active Directory Database Maintenance; 14.3 Summary; 14.4 Additional Resources; Chapter 15: Active Directory Disaster Recovery; 15.1 Planning for a Disaster; 15.2 Active Directory Data Storage; 15.3 Backing Up Active Directory; 15.4 Restoring Active Directory; 15.5 Summary; 15.6 Best Practices; 15.7 Additional Resources; Identity and Access Management with Active Directory; Chapter 16: Active Directory Lightweight Directory Services; 16.1 AD LDS Overview; 16.2 AD LDS Architecture and Components; 16.3 Implementing AD LDS; 16.4 Configuring AD DS and AD LDS Synchronization; 16.5 Summary; 16.6 Best Practices; 16.7 Additional Resources; Chapter 17: Active Directory Certificate Services; 17.1 Active Directory Certificate Services Overview; 17.2 Implementing AD CS; 17.3 Managing Certificates in AD CS; 17.4 Designing an AD CS Implementation; 17.5 Summary; 17.6 Best Practices; 17.7 Additional Resources; Chapter 18: Active Directory Rights Management Services; 18.1 AD RMS Overview; 18.2 Implementing AD RMS; 18.3 Administering AD RMS; 18.4 Summary; 18.5 Additional Resources; Chapter 19: Active Directory Federation Services; 19.1 AD FS Overview; 19.2 Implementing AD FS; 19.3 Summary; 19.4 Best Practices; 19.5 Additional Resources; About the Authors; System Requirements;