| Introduction |
|
xv | |
| PART I IMPLEMENTING ACTIVE DIRECTORY |
|
|
Chapter 1 Overview of Active Directory |
|
|
3 | |
|
Understanding Directory Services |
|
|
3 | |
|
Introducing Active Directory |
|
|
5 | |
|
|
|
5 | |
|
|
|
6 | |
|
|
|
8 | |
|
|
|
11 | |
|
|
|
12 | |
|
Active Directory Components |
|
|
14 | |
|
Managing Active Directory |
|
|
22 | |
|
Working with Active Directory |
|
|
23 | |
|
Active Directory Administration Tools |
|
|
23 | |
|
Chapter 2 Installing New Forests, Domain Trees, and Child Domains |
|
|
29 | |
|
Preparing for Active Directory Installation |
|
|
29 | |
|
Working with Directory Containers and Partitions |
|
|
30 | |
|
Establishing or Modifying Your Directory Infrastructure |
|
|
31 | |
|
Establishing Functional Levels |
|
|
36 | |
|
Deploying Windows Server 2008 |
|
|
40 | |
|
Creating Forests, Domain Trees, and Child Domains |
|
|
41 | |
|
Installing the AD DS Binaries |
|
|
41 | |
|
|
|
42 | |
|
Creating New Domain Trees |
|
|
59 | |
|
Creating New Child Domains |
|
|
66 | |
|
Chapter 3 Deploying Writable Domain Controllers |
|
|
73 | |
|
Preparing to Deploy or Decommission Domain Controllers |
|
|
73 | |
|
Adding Writable Domain Controllers |
|
|
74 | |
|
Installing Additional Writable Domain Controllers |
|
|
75 | |
|
Adding Writable Domain Controllers Using Replication |
|
|
76 | |
|
Adding Writable Domain Controllers Using Installation Media |
|
|
83 | |
|
Adding Writable Domain Controllers Using Answer Files or the Command Line |
|
|
85 | |
|
Decommissioning Domain Controllers |
|
|
88 | |
|
Preparing to Remove Domain Controllers |
|
|
88 | |
|
Removing Additional Domain Controllers |
|
|
90 | |
|
Removing the Last Domain Controller |
|
|
94 | |
|
Removing Domain Controllers Using Answer Files or the Command Line |
|
|
95 | |
|
Forcing the Removal of Domain Controllers |
|
|
97 | |
|
Restarting a Domain Controller in Directory Services Restore Mode |
|
|
97 | |
|
Performing Forced Removal of Domain Controllers |
|
|
99 | |
|
Cleaning Up Metadata in the Active Directory Forest |
|
|
102 | |
|
Chapter 4 Deploying Read-Only Domain Controllers |
|
|
105 | |
|
Preparing to Deploy Read-Only Domain Controllers |
|
|
106 | |
|
|
|
108 | |
|
Adding RODCs Using Replication |
|
|
109 | |
|
Adding RODCs Using Answer Files or the Command Line |
|
|
115 | |
|
Using Staged Installations |
|
|
119 | |
|
Stage 1: Creating the RODC Account and Preparing for Installation |
|
|
120 | |
|
Stage 2: Attaching the RODC and Finalizing Installation |
|
|
121 | |
|
Performing Staged Installations Using the Command Line or Answer Files |
|
|
123 | |
|
|
|
126 | |
|
Setting Password Replication Policy |
|
|
127 | |
|
Password Replication Policy Essentials |
|
|
127 | |
|
Allowing and Denying Accounts |
|
|
130 | |
|
Managing Credentials on RODCs |
|
|
132 | |
|
Identifying Allowed or Denied Accounts |
|
|
133 | |
|
|
|
134 | |
|
Delegating Administrative Permissions |
|
|
135 | |
| PART II MANAGING ACTIVE DIRECTORY INFRASTRUCTURE |
|
|
Chapter 5 Configuring, Maintaining, and Troubleshooting Global Catalog Servers |
|
|
139 | |
|
Working with Global Catalog Servers |
|
|
140 | |
|
Deploying Global Catalog Servers |
|
|
141 | |
|
Adding Global Catalog Servers |
|
|
141 | |
|
Monitoring and Verifying Global Catalog Promotion |
|
|
143 | |
|
Identifying Global Catalog Servers |
|
|
149 | |
|
Restoring Global Catalog Servers |
|
|
150 | |
|
Removing Global Catalog Servers |
|
|
151 | |
|
Controlling SRV Record Registration |
|
|
152 | |
|
Managing and Maintaining Universal Group Membership Caching |
|
|
152 | |
|
Universal Group Membership Caching Essentials |
|
|
152 | |
|
Enabling Universal Group Membership Caching |
|
|
153 | |
|
Monitoring and Troubleshooting Universal Group Membership Caching |
|
|
155 | |
|
Managing and Maintaining Replication Attributes |
|
|
158 | |
|
Understanding Global Catalog Search and the Partial Attribute Set |
|
|
158 | |
|
Designating Replication Attributes |
|
|
159 | |
|
Monitoring and Troubleshooting Replication Attributes |
|
|
163 | |
|
Managing and Maintaining Name Suffixes |
|
|
163 | |
|
Configuring User Principal Name Suffixes |
|
|
164 | |
|
Configuring Name Suffix Routing |
|
|
165 | |
|
Chapter 6 Configuring, Maintaining, and Troubleshooting Operations Masters |
|
|
167 | |
|
Operations Master Essentials |
|
|
167 | |
|
Introducing Operations Masters |
|
|
168 | |
|
Identifying Operations Masters |
|
|
169 | |
|
Planning for Operations Masters |
|
|
169 | |
|
Changing Operations Masters |
|
|
170 | |
|
Working with Operations Masters |
|
|
171 | |
|
Managing Domain Naming Masters |
|
|
172 | |
|
Managing Infrastructure Masters |
|
|
173 | |
|
|
|
175 | |
|
Managing Relative ID Masters |
|
|
177 | |
|
|
|
180 | |
|
Maintaining Operations Masters |
|
|
181 | |
|
Preparing Standby Operations Masters |
|
|
181 | |
|
Decommissioning Operations Masters |
|
|
183 | |
|
Reducing Operations Master Workload |
|
|
183 | |
|
Seizing Operations Master Roles |
|
|
185 | |
|
Troubleshooting Operations Masters |
|
|
187 | |
|
Chapter 7 Managing Active Directory Sites, Subnets, and Replication |
|
|
189 | |
|
Implementing Sites and Subnets |
|
|
189 | |
|
|
|
190 | |
|
|
|
190 | |
|
|
|
191 | |
|
|
|
191 | |
|
Replication with Multiple Sites |
|
|
192 | |
|
|
|
193 | |
|
Essential Services for Replication |
|
|
193 | |
|
Intrasite Versus Intersite Replication |
|
|
194 | |
|
|
|
194 | |
|
|
|
195 | |
|
Developing Your Site Design |
|
|
197 | |
|
Mapping Your Network Structure |
|
|
197 | |
|
|
|
198 | |
|
Designing Your Intersite Replication Topology |
|
|
198 | |
|
Configuring Sites and Subnets |
|
|
200 | |
|
|
|
200 | |
|
|
|
202 | |
|
Adding Domain Controllers to Sites |
|
|
203 | |
|
Ensuring Clients Find Domain Controllers |
|
|
205 | |
|
Configuring Site Links and Intersite Replication |
|
|
206 | |
|
|
|
206 | |
|
|
|
208 | |
|
Configuring Link Replication Schedules |
|
|
210 | |
|
|
|
212 | |
|
Locating and Designating Bridgehead Servers |
|
|
213 | |
|
|
|
216 | |
|
Optimizing Site Link Configurations |
|
|
217 | |
|
Monitoring, Verifying, and Troubleshooting Replication |
|
|
218 | |
|
|
|
218 | |
|
T-oubleshooting Replication |
|
|
219 | |
|
Generating Replication Topology |
|
|
222 | |
|
Verifying and Forcing Replication |
|
|
222 | |
| PART III MAINTAINING AND RECOVERING ACTIVE DIRECTORY |
|
|
Chapter 8 Managing Trusts and Authentication |
|
|
227 | |
|
Active Directory Authentication and Trusts |
|
|
227 | |
|
|
|
227 | |
|
Authentication Essentials |
|
|
229 | |
|
Authentication Across Domain Boundaries |
|
|
232 | |
|
Authentication Across Forest Boundaries |
|
|
232 | |
|
Working with Domain and Forest Trusts |
|
|
233 | |
|
|
|
234 | |
|
|
|
236 | |
|
|
|
240 | |
|
|
|
244 | |
|
|
|
247 | |
|
|
|
251 | |
|
Removing Manually Created Trusts |
|
|
253 | |
|
Verifying and Troubleshooting Trusts |
|
|
254 | |
|
Configuring Selective Authentication |
|
|
255 | |
|
Enabling or Disabling Selective Authentication for External Trusts |
|
|
256 | |
|
Enabling or Disabling Selective Authentication for Forest Trusts |
|
|
256 | |
|
Granting the Allowed To Authenticate Permission |
|
|
257 | |
|
Chapter 9 Maintaining and Recovering Active Directory |
|
|
259 | |
|
Protecting Objects from Accidental Deletion |
|
|
259 | |
|
Starting and Stopping Active Directory Domain Services |
|
|
260 | |
|
Setting the Functional Level of Domains and Forests |
|
|
261 | |
|
Configuring Deleted Item Retention |
|
|
262 | |
|
Configuring the Windows Time Service |
|
|
263 | |
|
Understanding Windows Time |
|
|
264 | |
|
|
|
265 | |
|
Checking the Windows Time Configuration |
|
|
266 | |
|
Configuring an Authoritative Time Source |
|
|
268 | |
|
Troubleshooting Windows Time Services |
|
|
269 | |
|
Configuring Windows Time Settings in Group Policy |
|
|
269 | |
|
Backing Up and Recovering Active Directory |
|
|
277 | |
|
Active Directory Backup and Recovery Essentials |
|
|
278 | |
|
Backing Up and Restoring the System State |
|
|
280 | |
|
Performing a Nonauthoritative Restore of Active Directory |
|
|
281 | |
|
Performing an Authoritative Restore of Active Directory |
|
|
282 | |
|
|
|
285 | |
|
Recovering by Installing a New Domain Controller |
|
|
286 | |
|
Maintaining the Directory Database |
|
|
286 | |
|
Understanding Directory Database Operations |
|
|
287 | |
|
Checking for Free Space in the Directory Database |
|
|
287 | |
|
Performing Offline Defragmentation |
|
|
288 | |
|
Moving the Directory Database |
|
|
290 | |
| Appendix A Active Directory Utilities Reference |
|
295 | |
| Index |
|
321 | |
