Active Directory Services for Microsoft Windows Server 2003 : Technical Reference

Active Directory Services for Microsoft Windows Server 2003 : Technical Reference

  • ただいまウェブストアではご注文を受け付けておりません。 ⇒古書を探す
  • 製本 Hardcover:ハードカバー版/ページ数 456 p.
  • 言語 ENG,ENG
  • 商品コード 9780735615779
  • DDC分類 005.713769

Full Description


Get the focused, in-depth technical expertise you need to implement and optimize your Microsoft directory services infrastructure. As two Active Directory experts guide you through advanced design and deployment issues for the Windows Server 2003 environment, you'll develop a thorough understanding of the underlying concepts, architectural components, and real-world functionality of Active Directory directory service. Whether you're upgrading from Microsoft Windows NT 4.0 or later, or performing a clean installation, you'll learn the best ways to exploit Active Directory capabilities for your organization-and deliver new levels of network performance and productivity. Get the technical drill-down you need to: Install, upgrade, or migrate to Active Directory Learn essential design considerations for DNS Design Active Directory structure-forests, domains, sites, and OUs Manage Active Directory objects, including users and groups Optimize domain controller data replication Use group policies to deploy software and manage desktops Implement authentication, Kerberos, and other security features and tools Monitor Active Directory replication and domain controller performance, and manage the Active Directory database Perform critical maintenance and plan for disaster recovery

Table of Contents

        List of Tables                             xii
Dedications xiii
Acknowledgments xiv
Introduction xv
PART I Windows Server 2003 Active Directory
Overview
Active Directory Concepts 3 (16)
The Evolution of Microsoft Directory 3 (5)
Services
LAN Manager for OS/2 and MS-DOS 4 (1)
Windows NT and SAM 4 (2)
Windows 2000 and Active Directory 6 (1)
Windows Server 2003 Domains and Active 7 (1)
Directory
Active Directory Open Standards 8 (4)
X.500 Hierarchies 8 (2)
Lightweight Directory Access Protocol 10 (2)
(LDAP)
Key Features and Benefits of Active 12 (2)
Directory
Centralized Directory 12 (1)
Single Sign-On 12 (1)
Delegated Administration 12 (1)
Common Management Interface 13 (1)
Integrated Security 13 (1)
Scalability 13 (1)
What's New in Windows Server 2003 Active 14 (3)
Directory
Active Directory Users And Computers 14 (1)
Improvements
Levels of Functionality 14 (1)
Domain Rename 15 (1)
Application Directory Partitions 15 (1)
Additional Domain Controller Installed 15 (1)
from Backup Media
Deactivation of Schema Objects 16 (1)
Disabling Compression of Replication 16 (1)
Traffic Between Different Sites
Global Catalog Not Required for Logon 16 (1)
Group Membership Replication 16 (1)
Improvements
Object Picker UI Improvements 17 (1)
Lingering Object Removal Mechanism 17 (1)
inetOrgPerson Support 17 (1)
Summary 17 (2)
Active Directory Components 19 (30)
Active Directory Physical Structure 19 (12)
The Directory Data Store 19 (1)
Domain Controllers 20 (1)
Global Catalog Servers 20 (3)
Operations Masters 23 (2)
Transferring Operations Master Roles 25 (1)
The Schema 26 (5)
Active Directory Logical Structure 31 (17)
Active Directory Partitions 32 (4)
Domains 36 (1)
Domain Trees 37 (1)
Forests 38 (1)
Trusts 39 (4)
Sites 43 (3)
Organizational Units 46 (2)
Summary 48 (1)
Active Directory and Domain Name System 49 (28)
DNS Overview 49 (12)
Hierarchical Namespace 50 (1)
Distributed Database 51 (1)
Name Resolution Process 51 (1)
Resource Records 52 (2)
DNS Domains, Zones, and Servers 54 (7)
DNS and Windows Server 2003 Active 61 (14)
Directory
DNS Locator Service 61 (5)
Active Directory Integrated Zones 66 (3)
DNS Enhancements 69 (6)
Summary 75 (2)
Active Directory Replication and Sites 77 (36)
Active Directory Replication Model 77 (2)
Replication Enhancements in Windows 79 (1)
Server 2003 Active Directory
Intrasite and Intersite Replication 80 (4)
Intrasite Replication 81 (1)
Intersite Replication 82 (1)
Replication Latency 83 (1)
Urgent Replication 83 (1)
Replication Topology Generation 84 (11)
Knowledge Consistency Checker 84 (1)
Connection Objects 85 (1)
Intrasite Replication Topology 86 (5)
Global Catalog Replication 91 (2)
Intersite Replication Topology 93 (2)
Replication Process 95 (7)
Update Types 96 (1)
Replicating Changes 96 (6)
Configuring Intersite Replication 102 (6)
Creating Additional Sites 103 (1)
Site Links 103 (2)
Site Link Bridges 105 (1)
Replication Transport Protocols 106 (1)
Configuring Bridgehead Servers 107 (1)
Monitoring and Troubleshooting Replication 108 (2)
Summary 110 (3)
PART II Implementing Windows Server 2003
Active Directory
Designing the Active Directory Structure 113 (46)
Designing the Forest Structure 113 (8)
Forests and Active Directory Design 114 (2)
Single or Multiple Forests 116 (3)
Defining Forest Ownership 119 (1)
Forest Change Control Policies 120 (1)
Designing the Domain Structure 121 (10)
Domains and Active Directory Design 121 (1)
Determining the Number of Domains 121 (3)
Designing the Forest Root Domain 124 (1)
Designing Domain Hierarchies 125 (3)
Domain Trees and Trusts 128 (1)
Changing the Domain Hierarchy 129 (1)
Defining Domain Ownership 130 (1)
Designing the DNS Infrastructure 131 (12)
Examining the Existing DNS 131 (1)
Infrastructure
Namespace Design 132 (11)
Designing the Organizational Unit 143 (6)
Structure
Organizational Units and Active 143 (1)
Directory Design
Designing an OU Structure 144 (2)
Creating an OU Design 146 (3)
Designing the Site Topology 149 (9)
Sites and Active Directory Design 149 (1)
Networking Infrastructure and Site 150 (1)
Design
Creating a Site Design 150 (3)
Designing Server Locations 153 (5)
Summary 158 (1)
Installing Active Directory 159 (26)
Prerequisites for Installing Active 159 (4)
Directory
Hard Disk 160 (1)
Network Connectivity 160 (1)
DNS 161 (2)
Administrative Permissions 163 (1)
Active Directory Installation Options 163 (2)
Configure Your Server Wizard 163 (1)
Active Directory Installation Wizard 164 (1)
(Dcpromo.exe)
Unattended Installation 165 (1)
Using the Configure Your Server Wizard 165 (2)
Using the Active Directory Installation 167 (11)
Wizard
Operating System Compatibility 168 (1)
Domain and Domain Controller Types 169 (2)
Naming the Domain 171 (1)
File Locations 172 (1)
Verify or Install a DNS Server 173 (2)
Selecting Default Permissions for User 175 (1)
and Group Objects
Completing the Installation 176 (2)
Performing an Unattended Installation 178 (1)
Installing Active Directory from Restored 179 (1)
Backup Files
Removing Active Directory 180 (4)
Removing Additional Domain Controller 182 (1)
Removing the Last Domain Controller 183 (1)
Unattended Removal of Active Directory 184 (1)
Summary 184 (1)
Migrating to Active Directory 185 (54)
Migration Paths 186 (6)
The Domain Upgrade Migration Path 187 (2)
The Domain Restructure Migration Path 189 (2)
The Upgrade-Then-Restructure Migration 191 (1)
Path
Determining Your Migration Path 192 (6)
Migration Path Decision Criteria 192 (1)
Choosing the Domain Upgrade Path 193 (2)
Choosing the Domain Restructure Path 195 (2)
Choosing the Upgrade-Then-Restructure 197 (1)
Path
Preparing for Migration to Active 198 (7)
Directory
Planning the Migration 198 (6)
Testing the Migration Plan 204 (1)
Conducting a Pilot Migration 204 (1)
Upgrading the Domain 205 (10)
Upgrading from Windows NT Server 4 205 (8)
Upgrading from Windows 2000 Server 213 (2)
Restructuring the Domain 215 (16)
Creating the Pristine Forest 217 (5)
Migrating Account Domains 222 (4)
Migrating Resource Domains 226 (5)
Upgrading then Restructuring 231 (1)
Configuring Interforest Trusts 232 (4)
Summary 236 (3)
Part III Administering Windows Server 2003
Active Directory
Active Directory Security 239 (22)
Active Directory Security Basics 239 (3)
Security Principals 240 (1)
Access Control Lists 240 (1)
Access Tokens 241 (1)
Authentication 241 (1)
Authorization 242 (1)
Kerberos Security 242 (18)
Introduction to Kerberos 243 (2)
Kerberos Authentication 245 (6)
Delegation of Authentication 251 (2)
Configuring Kerberos in Windows Server 253 (1)
2003
Integration with Public Key 254 (3)
Infrastructure
Integration with Smart Cards 257 (1)
Interoperability with Other Kerberos 258 (2)
Systems
NTLM Security 260 (1)
Summary 260 (1)
Delegating the Administration of Active 261 (24)
Directory
Active Directory Object Permissions 261 (13)
Standard Permissions 262 (2)
Special Permissions 264 (4)
Permissions Inheritance 268 (2)
Effective Permissions 270 (3)
Ownership of Active Directory Objects 273 (1)
Auditing the Use of Administrative 274 (2)
Permissions
Delegating Administrative Tasks 276 (4)
Customized Tools for Delegated 280 (2)
Administration
Customizing the Microsoft Management 280 (1)
Console
Creating a Taskpad for Administration 281 (1)
Planning for the Delegation of 282 (1)
Administration
Summary 283 (2)
Managing Active Directory Objects 285 (22)
Managing Users 285 (7)
User Objects 285 (5)
inetOrgPerson Objects 290 (1)
Contact Accounts 291 (1)
Managing Groups 292 (7)
Group Types 292 (1)
Group Scope 293 (3)
Creating a Security Group Design 296 (3)
Managing Computers 299 (2)
Managing Printer Objects 301 (3)
Publishing Printers in Active Directory 301 (3)
Managing Published Shared Folders 304 (1)
Windows Server 2003 Active Directory 305 (1)
Administration Enhancements
Summary 306 (1)
Introduction to Group Policies 307 (28)
Group Policy Overview 308 (3)
Implementing Group Policies 311 (17)
Creating GPOs 312 (1)
Administering Group Policy Objects 313 (1)
Group Policy Inheritance and Application 314 (2)
Modifying the Default Application of 316 (5)
Group Policies
Group Policy Processing 321 (5)
Delegating Administration of GPOs 326 (1)
Implementing Group Policies Between 327 (1)
Domains and Forests
Group Policy Management Tools 328 (4)
RSoP Tool 328 (1)
GPResult 329 (1)
GPUpdate 330 (1)
Group Policy Management Console 330 (2)
Group Policy Design 332 (1)
Summary 333 (2)
Using Group Policies to Manage Software 335 (26)
Windows Installer Technology 336 (1)
Creating a .msi file 336 (1)
Deploying Software Using Group Policies 337 (6)
Deploying Applications 338 (3)
Using Group Policies to Distribute 341 (2)
Non--Windows Installer Applications
Configuring Software Package Properties 343 (9)
Setting the Default Software 345 (1)
Installation Properties
Installing Customized Software Packages 345 (2)
Updating an Existing Software Package 347 (2)
Managing Software Categories 349 (1)
Configuring File Extension Activation 350 (1)
Removing Software Using Group Policies 351 (1)
Using Group Policies to Configure Windows 352 (2)
Installer
Planning for Software Distribution Using 354 (3)
Group Policies
Limitations to Using Group Policies to 357 (2)
Manage Software
Summary 359 (2)
Using Group Policies to Manage Computers 361 (34)
Desktop Management Using Group Policies 362 (2)
Managing User Data and Profile Settings 364 (8)
Managing User Profiles 364 (4)
Folder Redirection 368 (4)
Configuring Security Settings with Group 372 (13)
Policies
Configuring Domain-Level Security 372 (5)
Policies
Configuring Other Security Settings 377 (2)
Software Restriction Policies 379 (3)
Security Templates 382 (3)
Administrative Templates 385 (4)
Using Scripts to Manage the User 389 (2)
Environment
Summary 391 (4)
PART IV Maintaining Windows Server 2003
Active Directory
Monitoring and Maintaining Active Directory 395 (24)
Monitoring Active Directory 395 (16)
Why Monitor Active Directory? 396 (2)
How to Monitor Active Directory 398 (12)
What to Monitor 410 (1)
Active Directory Database Maintenance 411 (6)
Garbage Collection 411 (2)
Online Defragmentation 413 (1)
Offline Defragmentation of the Active 414 (1)
Directory Database
Managing the Active Directory Database 415 (2)
Using Ntdsutil
Summary 417 (2)
Disaster Recovery 419 (1)
Planning for a Disaster 419 (1)
Active Directory Data Storage 420 (3)
Backing Up Active Directory 423 (1)
Restoring Active Directory 424 (1)
Restoring Active Directory by Creating 425 (4)
a New Domain Controller
Performing a Nonauthoritative Restore 429 (2)
Performing an Authoritative Restore 431 (2)
Restoring Sysvol Information 433 (2)
Restoring Operations Masters and Global 435 (5)
Catalog Servers
Summary 440