Active Directory. 3rd Edition (e-book)

Active Directory. 3rd Edition (e-book) - Opis

Working with Microsoft's network directory service for the first time can be a headache for system and network administrators, IT professionals, technical project managers, and programmers alike. This authoritative guide is meant to relieve that pain. Instead of going through the graphical user interface screen by screen, O'Reilly's bestselling Active Directory tells you how to design, manage, and maintain a small, medium, or enterprise Active Directory infrastructure.Fully updated to cover Active Directory for Windows Server 2003 SP1 and R2, this third edition is full of important updates and corrections. It's perfect for all Active Directory administrators, whether you manage a single server or a global multinational with thousands of servers. Active Directory, 3rd Edition is divided into three parts. Part I introduces much of how Active Directory works, giving you a thorough grounding in its concepts. Some of the topics include Active Directory replication, the schema, application partitions, group policies, and interaction with DNS. Part II details the issues around properly designing the directory infrastructure. Topics include designing the namespace, creating a site topology, designing group policies for locking down client settings, auditing, permissions, backup and recovery, and a look at Microsoft's future direction with Directory Services. Part III covers how to create and manipulate users, groups, printers, and other objects that you may need in your everyday management of Active Directory. If you want a book that lays bare the design and management of an (...) więcej enterprise or departmental Active Directory, then look no further. Active Directory, 3rd Edition will quickly earn its place among the books you don't want to be without. Spis treści:
Active Directory, 3rd Edition
SPECIAL OFFER: Upgrade this ebook with OReilly
A Note Regarding Supplemental Files
Preface
Intended Audience
Contents of the Book
Part I, Active Directory Basics
Part II, Designing an Active Directory Infrastructure
Part III, Scripting Active Directory with ADSI, ADO, and WMI
Conventions Used in This Book
Using Code Examples
How to Contact Us
Safari Enabled
Acknowledgments
For the Third Edition (Joe)
For the Second Edition (Robbie)
For the First Edition (Alistair)
I. Active Directory Basics
1. A Brief Introduction
1.1. Evolution of the Microsoft NOS
1.1.1. Brief History of Directories
1.2. Windows NT Versus Active Directory
1.3. Windows 2000 Versus Windows Server 2003
1.4. Windows Server 2003 Versus Windows Server 2003 R2
1.5. Summary
2. Active Directory Fundamentals
2.1. How Objects Are Stored and Identified
2.1.1. Uniquely Identifying Objects
2.1.1.1. ADsPaths
2.1.1.2. Examples
2.2. Building Blocks
2.2.1. Domains and Domain Trees
2.2.2. Forests
2.2.3. Organizational Units
2.2.4. Global Catalog
2.2.5. Flexible Single Master of Operations (FSMO)
2.2.6. Windows 2000 Domain Mode
2.2.7. Windows Server 2003 Functional Levels
2.2.8. Groups
2.2.8.1. Groups in Windows NT
2.2.8.2. Group availability in various functional levels
2.2.8.3. Group nesting in different functional levels
2.2.8.4. Group membership across domain boundaries
2.2.8.5. Converting groups
2.2.8.6. Wrap-up
2.3. Summary
3. Naming Contexts and Application Partitions
3.1. Domain Naming Context
3.2. Configuration Naming Context
3.3. Schema Naming Context
3.4. Application Partitions
3.4.1. Storing Dynamic Data
3.5. Summary
4. Active Directory Schema
4.1. Structure of the Schema
4.1.1. X.500 and the OID Namespace
4.2. Attributes (attributeSchema Objects)
4.2.1. Dissecting an Example Active Directory Attribute
4.3. Attribute Properties
4.3.1. Attribute Syntax
4.3.2. System Flags
4.3.2.1. Constructed attributes
4.3.2.2. Category 1 objects
4.3.3. Search Flags
4.3.3.1. Indexed attributes
4.3.3.2. ANR
4.3.3.3. Preserve attribute in tombstone
4.3.3.4. Tuple index
4.3.3.5. Confidential
4.3.4. Property Sets and attributeSecurityGUID
4.3.5. Linked Attributes
4.4. Classes (classSchema Objects)
4.4.1. Object Class Category and Inheritance
4.4.2. Dissecting an Example Active Directory Class
4.4.2.1. How inheritance affects mustContain, mayContain, possSuperiors, and auxiliaryClass
4.4.2.2. Viewing the user class with the Active Directory Schema snap-in
4.4.3. Dynamically Linked Auxiliary Classes
4.5. Summary
5. Site Topology and Replication
5.1. Site Topology
5.1.1. Subnets
5.1.2. Sites
5.1.3. Site Links
5.1.4. Connection Objects
5.1.5. Knowledge Consistency Checker (KCC)
5.1.6. Site and Replication Management Tools
5.2. Data Replication
5.2.1. A Background to Metadata (Data That Governs the Replication Process)
5.2.1.1. Update Sequence Numbers (USN) and highestCommittedUSN
5.2.1.2. Originating updates versus replicated updates
5.2.1.3. DSA GUID and Invocation ID
5.2.1.4. High-watermark vector (direct up-to-dateness vector)
5.2.1.5. Up-to-dateness vector
5.2.1.6. Recap
5.2.2. How an Objects Metadata Is Modified During Replication
5.2.2.1. Step 1: Initial creation of a user on Server A
5.2.2.2. Step 2: Replication of the originating write to Server B
5.2.2.3. Step 3: Password change for the user on Server B
5.2.2.4. Step 4: Password change replication to Server A
5.2.3. The Replication of a Naming Context Between Two Servers
5.2.3.1. Step 1: Replication with a partner is initiated
5.2.3.2. Step 2: The partner works out what updates to send
5.2.3.3. Step 3: The partner sends the updates to the initiating server
5.2.3.4. Step 4: The initiating server processes the updates
5.2.3.5. Step 5: The initiating server checks whether it is up to date
5.2.3.6. Recap
5.2.4. How Replication Conflicts Are Reconciled
5.2.4.1. Conflict due to identical property change
5.2.4.2. Conflict due to a move or creation of an object under a now-deleted parent
5.2.4.3. Conflict due to creation of objects with names that conflict
5.2.4.4. Replicating the conflict resolution
5.3. Summary
6. Active Directory and DNS
6.1. DNS Fundamentals
6.1.1. Zones
6.1.2. Resource Records
6.1.3. DDNS
6.2. DC Locator
6.3. Resource Records Used by Active Directory
6.3.1. Overriding SRV Record Registration
6.4. Delegation Options
6.4.1. Not Delegating the AD DNS Zones
6.4.1.1. Political factors
6.4.1.2. Initial setup and configuration
6.4.1.3. Support and maintenance
6.4.1.4. Integration issues
6.4.2. Delegating the AD DNS Zones
6.4.2.1. Political factors
6.4.2.2. Initial setup and configuration
6.4.2.3. Support and maintenance
6.4.2.4. Integration issues
6.4.3. DNS for Standalone AD
6.5. Active Directory Integrated DNS
6.5.1. Replication Impact
6.6. Using Application Partitions for DNS
6.7. Summary
7. Profiles and Group Policy Primer
7.1. A Profile Primer
7.1.1. The Default User and All User Folders
7.1.2. Logging On Locally to the Workstation
7.1.3. Logging On to the Domain
7.1.4. Cached Profile Deletion
7.1.5. A Server-Based Default User Profile
7.2. Capabilities of GPOs
7.2.1. Group Policy Refresh Frequency
7.2.2. Software Installation Settings (Computer and User)
7.2.3. Windows Settings (Computer)
7.2.4. Administrative Templates (Computer)
7.2.4.1. Windows components
7.2.4.2. Windows settings (user)
7.2.4.3. Administrative templates (user)
7.2.5. Windows Components
7.3. Additional Resources
7.4. Summary
II. Designing an Active Directory Infrastructure
8. Designing the Namespace
8.1. The Complexities of a Design
8.2. Where to Start
8.3. Overview of the Design Process
8.4. Domain Namespace Design
8.4.1. Objectives
8.4.1.1. Represent the structure of your business
8.4.1.2. Minimize the number of domains
8.4.2. Step 1: Decide on the Number of Domains
8.4.2.1. Isolated replication
8.4.2.2. Unique domain policy
8.4.2.3. In-place upgrade of current domain
8.4.2.4. Final notes
8.4.3. Step 2: Design and Name the Tree Structure
8.4.3.1. Choose the forest root domain
8.4.3.2. Design the namespace naming scheme
8.4.3.3. Create additional trees
8.4.3.4. Create additional forests
8.4.3.5. Arrange subdomain hierarchy
8.4.4. Step 3: Design the Workstation and Server-Naming Scheme
8.5. Design of the Internal Domain Structure
8.5.1. Step 4: Design the Hierarchy of Organizational Units
8.5.1.1. Recreating the business model
8.5.1.2. Delegating full administration
8.5.1.3. Delegating other rights
8.5.2. Step 5: Design the Users and Groups
8.5.2.1. Naming and placing users
8.5.2.2. Naming and placing groups
8.5.2.3. Creating proper security group designs
8.5.3. Step 6: Design the Global Catalog
8.5.3.1. Including and excluding attributes
8.5.4. Step 7: Design the Application Partition Structure
8.6. Other Design Considerations
8.7. Design Examples
8.7.1. TwoSiteCorp
8.7.1.1. Step 1: Set the number of domains
8.7.1.2. Step 2: Design and name the tree structure
8.7.1.3. Step 3: Design the workstation and server-naming scheme
8.7.1.4. Step 4: Design the hierarchy of Organizational Units
8.7.1.5. Step 5: Design the users and groups
8.7.1.6. Step 6: Design the Global Catalog
8.7.1.7. Step 7: Design the application partition structure
8.7.1.8. Recap
8.7.2. RetailCorp
8.7.2.1. Step 1: Identify the number of domains
8.7.2.2. Step 2: Design and name the tree structure
8.7.2.3. Step 3: Design the workstation and server-naming scheme
8.7.2.4. Step 4: Design the hierarchy of Organizational Units
8.7.2.5. Step 5: Design the users and groups
8.7.2.6. Step 6: Design the Global Catalog
8.7.2.7. Step 7: Design the application partition structure
8.7.2.8. Recap
8.7.3. PetroCorp
8.7.3.1. Step 1: Set the number of domains
8.7.3.2. Step 2: Design and name the tree structure
8.7.3.3. Step 3: Design the workstation and server-naming scheme
8.7.3.4. Step 4: Design the hierarchy of Organizational Units
8.7.3.5. Step 5: Design the users and groups
8.7.3.6. Step 6: Design the Global Catalog
8.7.3.7. Step 7: Design the application partition structure
8.7.3.8. Recap
8.8. Designing for the Real World
8.8.1. Identify the Number of Domains
8.8.2. Design to Help Business Plans and Budget Proposals
8.8.3. Recognizing Nirvana's Problems
8.9. Summary
9. Creating a Site Topology
9.1. Intrasite and Intersite Topologies
9.1.1. The KCC
9.1.2. Automatic Intrasite Topology Generation by the KCC
9.1.2.1. Two servers
9.1.2.2. Three servers
9.1.2.3. Four servers
9.1.2.4. Eight servers
9.1.2.5. Now what?
9.1.3. Site Links: The Basic Building Blocks of Intersite Topologies
9.1.3.1. Cost
9.1.3.2. Schedule
9.1.3.3. Transport
9.1.3.4. When the KCC becomes involved
9.1.3.5. Having the KCC compound your mistakes
9.1.4. Site Link Bridges: The Second Building Blocks of Intersite Topologies
9.2. Designing Sites and Links for Replication
9.2.1. Step 1: Gather Background Data for Your Network
9.2.2. Step 2: Design the Sites
9.2.3. Step 3: Design the Domain Controller Locations
9.2.3.1. Where to put DCs
9.2.3.2. How many DCs to have
9.2.3.3. Reasons for putting a server in more than one site
9.2.4. Step 4: Plan Intrasite Replication
9.2.5. Step 5: Decide How You Will Use the KCC to Your Advantage
9.2.6. Step 6: Create Site Links for Low-Cost, Well-Connected Links
9.2.7. Step 7: Create Site Links for Medium-Cost Links
9.2.8. Step 8: Create Site Links for High-Cost Links
9.2.9. Step 9: Create Site Link Bridges
9.2.10. Step 10: Design the Replication Schedule
9.3. Examples
9.3.1. TwoSiteCorp
9.3.2. RetailCorp
9.3.3. PetroCorp
9.4. Additional Resources
9.5. Summary
10. Designing Organization-Wide Group Policies
10.1. How GPOs Work
10.1.1. How GPOs Are Stored in Active Directory
10.1.2. How GPOs Are Used in Active Directory
10.1.3. Prioritizing the Application of Multiple Policies
10.1.4. Standard GPO Inheritance Rules in Organizational Units
10.1.5. Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
10.1.5.1. Summary
10.1.6. When Policies Apply
10.1.7. Local Group Policy Objects
10.1.8. How Existing Windows NT 4.0 System Policies Affect GPO Processing
10.1.9. When to Use Windows NT System Policies
10.1.10. Combating Slowdown Due to GPOs
10.1.10.1. Limiting the number of GPOs that apply
10.1.10.2. Block Inheritance and No Override
10.1.10.3. Disabling parts of GPOs
10.1.10.4. Limiting cross-domain linking
10.1.10.5. Limiting GPO application across WAN links
10.1.10.6. Use simple queries in WMI filters
10.1.11. The Power of Access Control Lists on Group Policy Objects
10.1.12. Loopback Merge Mode and Loopback Replace Mode
10.1.13. WMI Filtering in Windows Server 2003
10.1.14. How GPOs Work Across RAS and Slow Links
10.1.15. Summary of Policy Options
10.2. Managing Group Policies
10.2.1. Using the Group Policy Object Editor
10.2.2. Using the Group Policy Management Console (GPMC)
10.2.3. Scripting Group Policies
10.3. Using GPOs to Help Design the Organizational Unit Structure
10.3.1. Identifying Areas of Policy
10.3.2. How GPOs Influenced a Real Organizational Unit Design
10.3.2.1. The merits of collapsing the Organizational Unit structure
10.3.2.2. A bridge too far
10.3.2.3. Loopback mode
10.3.3. Guidelines for Designing GPOs
10.3.4. Designing Delegation and Change Control
10.3.4.1. The importance of change-control procedures
10.3.4.2. Designing the delegation of GPO administration
10.3.4.3. Creating customized GPOEs for administrators
10.4. Debugging Group Policies
10.4.1. Using the RSoP
10.4.2. Enabling Extra Logging
10.5. Summary
11. Active Directory Security: Permissions and Auditing
11.1. Permission Basics
11.1.1. Permission ACE
11.1.2. Property Sets, Validated Writes, and Extended Rights
11.1.3. Inherited Versus Explicit Permissions
11.1.4. Default Security Descriptors
11.1.5. Permission Lockdown
11.1.6. Confidentiality Bit
11.2. Using the GUI to Examine Permissions
11.2.1. Reverting to the Default Permissions
11.2.2. Viewing the Effective Permissions for a User or Group
11.2.3. Using the Delegation of Control Wizard
11.3. Using the GUI to Examine Auditing
11.4. Designing Permission Schemes
11.4.1. The Five Golden Rules of Permissions Design
11.4.1.1. Rule 1: Apply permissions to groups whenever possible
11.4.1.2. Rule 2: Design group permissions so that you have minimum duplication
11.4.1.3. Rule 3: Manage Advanced permissions only when absolutely necessary
11.4.1.4. Rule 4: Allow inheritance; do not protect sections of the domain tree from inheritance
11.4.1.5. Rule 5: Keep a log of unusual changes
11.4.2. How to Plan Permissions
11.4.3. Bringing Order out of Chaos
11.5. Designing Auditing Schemes
11.6. Real-World Examples
11.6.1. Hiding Specific Personal Details for All Users in an Organizational Unit from a Group
11.6.2. Allowing Only a Specific Group of Users to Access a New Published Resource
11.6.3. Restricting Everyone but HR from Viewing Social Security Numbers with Confidential Access Capability
11.7. Summary
12. Designing and Implementing Schema Extensions
12.1. Nominating Responsible People in Your Organization
12.2. Thinking of Changing the Schema
12.2.1. Designing the Data
12.2.2. To Change or Not to Change
12.2.3. The Global Picture
12.3. Creating Schema Extensions
12.3.1. Running the Schema Manager MMC for the First Time
12.3.2. The Schema Cache
12.3.3. The Schema FSMO
12.3.4. Using LDIF to Extend the Schema
12.3.5. Checks the System Makes When You Modify the Schema
12.3.6. Making Classes and Attributes Defunct
12.4. Summary
13. Backup, Recovery, and Maintenance
13.1. Backing Up Active Directory
13.1.1. Using the NT Backup Utility
13.2. Restoring a Domain Controller
13.2.1. Restore from Replication
13.2.1.1. Manually removing a domain controller from Active Directory
13.2.2. Restore from Backup
13.3. Restoring Active Directory
13.3.1. Non-Authoritative Restore
13.3.2. Partial Authoritative Restore
13.3.3. Complete Authoritative Restore
13.4. FSMO Recovery
13.5. DIT Maintenance
13.5.1. Checking the Integrity of the DIT
13.5.2. Reclaiming Space
13.5.3. Changing the DS Restore Mode Admin Password
13.6. Summary
14. Upgrading to Windows Server 2003
14.1. New Features in Windows Server 2003
14.2. Differences with Windows 2000
14.3. Functional Levels Explained
14.3.1. How to Raise the Functional Level
14.4. Preparing for ADPrep
14.4.1. ForestPrep
14.4.2. DomainPrep
14.5. Upgrade Process
14.5.1. Inventory Domain Controllers
14.5.2. Inventory Clients
14.5.3. Trial Run
14.5.4. Prepare the Forest and Domains
14.5.4.1. Exchange 2000
14.5.4.2. SFU 2.0
14.5.5. Upgrade Domain Controllers
14.6. Post-Upgrade Tasks
14.6.1. Monitor
14.6.2. Raise Functional Levels
14.6.3. Tweak Settings
14.6.4. Start Implementing New Features
14.7. Summary
15. Upgrading to Windows Server 2003 R2
15.1. New Active Directory Features in Windows Server 2003 Service Pack 1
15.2. Differences with Windows Server 2003
15.3. New Active Directory Features in Windows Server 2003 R2
15.4. Preparing for ADPrep
15.4.1. ForestPrep
15.5. Service Pack 1 Upgrade Process
15.6. R2 Upgrade Process
15.6.1. Prepare the Forest
15.6.2. Upgrade Domain Controllers
15.7. Summary
16. Migrating from Windows NT
16.1. The Principles of Upgrading Windows NT Domains
16.1.1. Preparing for a Domain Upgrade
16.1.2. Forests and the Forest Root Domain
16.1.3. Windows NT Domain Upgrades
16.1.3.1. Solution 1: Migration to a new forest root domain
16.1.3.2. Solution 2: Migration with one domain as the domain-tree root
16.1.3.3. Solution 3: Migration to separate domain trees in a forest
16.1.4. A Solution-Independent Migration Process
16.1.5. Consolidating Domains After the Move
16.1.5.1. Windows 2003 Interim and Windows 2003 functional levels and groups
16.1.5.2. Computers
16.1.5.3. Users
16.1.5.4. Member servers and removing domains
16.2. Summary
17. Integrating Microsoft Exchange
17.1. A Quick Word About Exchange/AD Interaction
17.2. Preparing Active Directory for Exchange
17.2.1. Forestprep
17.2.2. Domainprep
17.2.3. Running Forestprep and Domainprep
17.2.4. Active Directory Site Design and Domain Controller Placement
17.2.5. Other Considerations
17.3. Exchange 5.5 and the Active Directory Connector
17.3.1. Configuring the ADC
17.3.2. Mailbox-Enabling Objects via the GUI
17.3.3. Why Bidirectional Replication May Not Solve Your Problems
17.4. Summary
18. Active Directory Application Mode (ADAM)
18.1. ADAM Terms
18.2. Differences Between AD and ADAM V1.0
18.2.1. Standalone Application Service
18.2.2. Configurable LDAP Ports
18.2.3. No SRV Records
18.2.4. No Global Catalog
18.2.5. Top-Level Application Partition Object Classes
18.2.6. Group and User Scope
18.2.7. FSMOs
18.2.8. Schema
18.2.9. Service Account
18.2.10. Configuration/Schema Partition Names
18.2.11. Default Directory Security
18.2.12. User Principal Names
18.2.13. Authentication
18.3. ADAM R2 Updates
18.3.1. Users in the Configuration Partition
18.3.2. Password Reset/Change Chaining to Windows
18.3.3. Virtual List View (VLV) Searching
18.3.4. Confidentiality Bit
18.3.5. New and Updated Tools
18.3.6. Installation
18.3.7. Authentication
18.3.8. R2 ADAM for R2 Server Only
18.4. ADAM R2 Installation
18.4.1. Installing Components
18.4.2. Installing a New ADAM Instance
18.4.3. Installing an ADAM Replica
18.5. Tools
18.5.1. ADAM ADSIEDIT
18.5.2. ADAM Schema Management
18.5.3. ADAM Install
18.5.4. ADAMSync
18.5.5. ADAM Uninstall
18.5.6. AD Schema Analyzer
18.5.7. CSVDE
18.5.8. DSACLS
18.5.9. DSDBUTIL
18.5.10. DSDiag
18.5.11. DSMgmt
18.5.12. LDIFDE
18.5.13. LDP
18.5.14. RepAdmin
18.6. ADAM Schema
18.6.1. Virtual List View (VLV) Index Support
18.6.2. Default Security Descriptors
18.6.3. Bindable Objects and Bindable Proxy Objects
18.7. Using ADAM
18.7.1. Creating Application Partitions
18.7.2. Creating Containers
18.7.3. Creating Users
18.7.4. Creating User Proxies
18.7.4.1. Special considerations
18.7.5. Renaming Users
18.7.6. Creating Groups
18.7.7. Adding Members to Groups
18.7.8. Removing Members from Groups
18.7.9. Deleting Objects
18.7.10. Deleting Application Partitions
18.8. Summary
19. Interoperability, Integration, and Future Direction
19.1. Microsoft's Directory Strategy
19.1.1. Active Directory Application Mode
19.1.2. Microsoft Identity Integration Server
19.1.3. Active Directory's Role
19.2. Interoperating with Other Directories
19.2.1. Getting Data from One Directory to Another
19.2.2. Using Common Tools Across Directories
19.2.3. Porting Scripts to Work Across Directories
19.2.4. Making Searches Across Directories Seamless
19.3. Integrating Applications and Services
19.3.1. The Application Integration Challenge
19.3.1.1. Challenges for application vendors
19.3.1.2. Challenges for Active Directory administrators
19.3.1.3. ADAM to the rescue
19.3.2. Integrating Unix
19.3.2.1. Kerberos and LDAP support
19.3.2.2. Migrating from NIS
19.3.2.3. Integrating with NFS
19.3.2.4. Synchronizing passwords
19.3.2.5. Third-party integration tools
19.4. Summary
III. Scripting Active Directory with ADSI, ADO, and WMI
20. Scripting with ADSI
20.1. What Are All These Buzzwords?
20.1.1. ActiveX
20.1.2. Windows Scripting Host (WSH)
20.1.3. Active Server Pages (ASPs)
20.1.4. Active Directory Service Interfaces (ADSI)
20.1.5. ActiveX Data Objects (ADO)
20.1.6. Windows Management Instrumentation (WMI)
20.1.7. .NET and .NET Framework
20.2. Writing and Running Scripts
20.2.1. A Brief Primer on COM and WSH
20.2.2. How to Write Scripts
20.2.3. WSH 2.0 Versus 5.6
20.3. ADSI
20.3.1. Objects and Interfaces
20.3.2. Namespaces, ProgIDs, and ADsPaths
20.3.3. Retrieving Objects
20.4. Simple Manipulation of ADSI Objects
20.4.1. Creating the OU
20.4.2. Creating the Users
20.4.3. Tearing Down What Was Created
20.5. Further Information
20.6. Summary
21. IADs and the Property Cache
21.1. The IADs Properties
21.1.1. Using IADs::Get and IADs::Put
21.1.2. The Property Cache
21.1.3. Be Careful
21.1.4. More Complexities of Property Access: IADs::GetEx and IADs::PutEx
21.1.4.1. Using IADs::GetEx
21.1.4.2. Using IADs::PutEx
21.2. Manipulating the Property Cache
21.2.1. Property Cache Mechanics
21.2.2. Adding Individual Values
21.2.3. Adding Sets of Values
21.2.4. Walking Through the Property Cache
21.2.4.1. Approach 1: Using the IADsPropertyList::PropertyCount property method
21.2.4.2. Approach 2: Using the IADsPropertyList::Next method
21.2.4.3. Approach 3: Using the IADsPropertyList::Next and IADsPropertyList::Skip methods
21.2.5. Writing the Modifications
21.2.6. Walking the Property Cache: The Solution
21.2.7. Walking the Property Cache Using the Formal Schema Class Definition
21.3. Checking for Errors in VBScript
21.4. Summary
22. Using ADO for Searching
22.1. The First Search
22.1.1. Step 1: Define the Constants and Variables
22.1.2. Step 2: Establish an ADO Database Connection
22.1.3. Step 3: Open the ADO Connection
22.1.4. Step 4: Execute the Query
22.1.5. Step 5: Navigate Through the Resultset
22.1.6. Step 6: Close the ADO Connection
22.1.7. The Entire Script for a Simple Search
22.2. Other Ways of Connecting and Retrieving Results
22.2.1. Searching with SQL
22.2.1.1. Using the Connection::Execute method
22.2.1.2. Using the Recordset::Open method
22.2.1.3. Executing a specific command
22.2.1.4. The Command object and Recordset::Open
22.3. Understanding Search Filters
22.3.1. Items Within a Filter
22.3.2. Connecting Filters
22.4. Optimizing Searches
22.4.1. Efficient Searching
22.4.2. Objectclass Versus Objectcategory
22.4.3. Filtering an Existing Resultset
22.4.3.1. Using a criteria string
22.4.3.2. Using bookmarks
22.5. Advanced Search Function: SearchAD
22.6. Summary
23. Users and Groups
23.1. Creating a Simple User Account
23.2. Creating a Full-Featured User Account
23.2.1. WinNT Provider
23.2.2. LDAP Provider
23.3. Creating Many User Accounts
23.4. Modifying Many User Accounts
23.5. Account Unlocker Utility
23.6. Creating a Group
23.7. Adding Members to a Group
23.7.1. Adding Many USER Groups to DRUP Groups
23.8. Evaluating Group Membership
23.9. Summary
24. Basic Exchange Tasks
24.1. Notes on Managing Exchange
24.2. Exchange Management Tools
24.3. Mail-Enabling Versus Mailbox-Enabling
24.4. Exchange Delegation
24.5. Mail-Enabling a User
24.6. Mail-Disabling a User
24.7. Creating and Mail-Enabling a Contact
24.8. Mail-Disabling a Contact
24.9. Mail-Enabling a Group (Distribution List)
24.10. Mail-Disabling a Group
24.11. Mailbox-Enabling a User
24.12. Mailbox-Disabling a User (Mailbox Deletion)
24.13. Purging a Disconnected Mailbox
24.14. Reconnecting a Disconnected Mailbox
24.15. Moving a Mailbox
24.16. Enumerating Disconnected Mailboxes
24.17. Viewing Mailbox Sizes and Message Counts
24.18. Viewing All Store Details of All Mailboxes on a Server
24.19. Dumping All Store Details of All Mailboxes on All Servers in Exchange Org
24.20. Summary
25. Shares and Print Queues
25.1. The Interface Methods and Properties
25.2. Creating and Manipulating Shares with ADSI
25.3. Enumerating Sessions and Resources
25.3.1. Identifying a Machine's Sessions
25.3.2. Identifying a Machine's Resources
25.3.3. A Utility to Show User Sessions
25.3.3.1. Obtaining the data
25.3.3.2. Manipulating the data
25.3.3.3. The sort subprocedure
25.3.3.4. The duplicate-removal subprocedure
25.3.3.5. Displaying the data
25.3.3.6. Room for improvement
25.4. Manipulating Print Queues and Print Jobs
25.4.1. Identifying Print Queues in Active Directory
25.4.2. Binding to a Print Queue
25.4.3. IADsPrintQueueOperations and Print Queues
25.4.4. Print Jobs
25.5. Summary
26. Permissions and Auditing
26.1. How to Create an ACE Using ADSI
26.1.1. Trustee
26.1.2. AccessMask
26.1.3. AceType
26.1.4. AceFlags
26.1.5. Flags, ObjectType, and InheritedObjectType
26.2. A Simple ADSI Example
26.2.1. Discussion
26.3. A Complex ADSI Example
26.3.1. Discussion
26.3.1.1. Unlock account
26.3.1.2. Set/clear "User Must Change Password On Next Logon" flag
26.3.1.3. Reset Password
26.3.2. Making Your Own ACEs
26.3.2.1. Delegate member attribute on groups
26.3.2.2. Delegate ability to view Confidential Attribute
26.3.2.3. How to implement other delegations
26.4. Creating Security Descriptors
26.5. Listing the Security Descriptor of an Object
26.6. Summary
27. Extending the Schema and the Active Directory Snap-ins
27.1. Modifying the Schema with ADSI
27.1.1. IADsClass and IADsProperty
27.1.2. Creating the Mycorp-LanguagesSpoken Attribute
27.1.3. Creating the FinanceUser class
27.1.3.1. Creating instances of the new class
27.1.4. Finding the Schema Container and Schema FSMO
27.1.5. Transferring the Schema FSMO Role
27.1.6. Forcing a Reload of the Schema Cache
27.1.7. Finding Which Attributes Are in the GC for an Object
27.1.8. Adding an Attribute to the GC
27.2. Customizing the Active Directory Administrative Snap-ins
27.2.1. Display Specifiers
27.2.2. Property Pages
27.2.3. Context Menus
27.2.4. Icons
27.2.5. Display Names
27.2.6. Leaf or Container
27.2.7. Object Creation Wizard
27.3. Summary
28. Using ADSI and ADO from ASP or VB
28.1. VBScript Limitations and Solutions
28.2. How to Avoid Problems When Using ADSI and ASP
28.3. Combining VBScript and HTML
28.3.1. Incorporating Scripts into Active Server Pages
28.3.1.1. Client-side scripting
28.3.1.2. Server-side scripting
28.3.2. ActiveX Controls and ASPs
28.3.3. Forms
28.4. Binding to Objects via Authentication
28.4.1. When to Use VBScript's GetObject Function
28.4.2. When to Use IADsOpenDSObject::OpenDSObject
28.4.3. When to Use IADsContainer::GetObject
28.4.4. Authenticating from Passwords Input via Forms
28.4.5. A Simple Password Changer
28.4.6. Adding Users to Groups
28.5. Incorporating Searches into ASP
28.5.1. ASP Searches Allowing User Navigation of a Resultset
28.5.2. Enhancing the User Navigation ASP
28.5.2.1. Empty resultsets
28.5.2.2. Starting from scratch
28.5.2.3. Filters
28.5.2.4. Displaying the location of individual records
28.5.2.5. The enhanced ASP search
28.5.2.6. Problems with this example
28.5.3. Other Ideas for Expansion
28.6. Migrating Your ADSI Scripts from VBScript to VB
28.6.1. Platform Software Development Kit
28.6.2. The Differences Between VB and VBScript
28.6.2.1. Screen functions
28.6.2.2. Variables
28.6.2.3. Loop constructs
28.6.3. Getting Help from VB When Coding in ADSI
28.6.4. A Simple Password Changer in VB
28.6.5. The ModifyUserDetails Program in VB
28.7. Summary
29. Scripting with WMI
29.1. Origins of WMI
29.2. WMI Architecture
29.2.1. CIMOM and CIM Repository
29.2.2. WMI Providers
29.3. Getting Started with WMI Scripting
29.3.1. Referencing an Object
29.3.2. Enumerating Objects of a Particular Class
29.3.3. Searching with WQL
29.3.4. Authentication with WMI
29.4. WMI Tools
29.4.1. WMI from a Command Line
29.4.2. WMI from the Web
29.4.3. WMI SDK
29.4.4. Scriptomatic Version 2.0; WMI Scripting Tool
29.5. Manipulating Services
29.6. Querying the Event Logs
29.7. Querying AD with WMI
29.8. Monitoring Trusts
29.9. Monitoring Replication
29.10. Summary
30. Manipulating DNS
30.1. DNS Provider Overview
30.1.1. Installing the DNS Provider
30.1.2. Managing DNS with the DNS Provider
30.2. Manipulating DNS Server Configuration
30.2.1. Listing a DNS Server's Properties
30.2.2. Configuring a DNS server
30.2.3. Restarting the DNS Service
30.2.4. DNS Server Configuration Check Script
30.3. Creating and Manipulating Zones
30.3.1. Creating a Zone
30.3.2. Configuring a Zone
30.3.3. Listing the Zones on a Server
30.4. Creating and Manipulating Resource Records
30.4.1. Finding Resource Records in a Zone
30.4.2. Creating Resource Records
30.5. Summary
31. Getting Started with VB.NET and System.Directory Services
31.1. The .NET Framework
31.2. Using VB.NET
31.3. Overview of System.DirectoryServices
31.4. DirectoryEntry Basics
31.5. Searching with DirectorySearcher
31.6. Manipulating Objects
31.7. Summary
Index
About the Authors
Colophon
SPECIAL OFFER: Upgrade this ebook with OReilly mniej