- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Get the focused, in-depth technical expertise you need to implement and optimize your Microsoft directory services infrastructure. As two Active Directory experts guide you through advanced design and deployment issues for the Windows Server 2003 environment, you'll develop a thorough understanding of the underlying concepts, architectural components, and real-world functionality of Active Directory directory service. Whether you're upgrading from Microsoft Windows NT 4.0 or later, or performing a clean installation, you'll learn the best ways to exploit Active Directory capabilities for your organization-and deliver new levels of network performance and productivity. Get the technical drill-down you need to: Install, upgrade, or migrate to Active Directory Learn essential design considerations for DNS Design Active Directory structure-forests, domains, sites, and OUs Manage Active Directory objects, including users and groups Optimize domain controller data replication Use group policies to deploy software and manage desktops Implement authentication, Kerberos, and other security features and tools Monitor Active Directory replication and domain controller performance, and manage the Active Directory database Perform critical maintenance and plan for disaster recovery
Contents
List of Tables xii Dedications xiii Acknowledgments xiv Introduction xv PART I Windows Server 2003 Active Directory Overview 1 Active Directory Concepts 3 The Evolution of Microsoft Directory Services 3 LAN Manager for OS/2 and MS-DOS 4 Windows NT and SAM 4 Windows 2000 and Active Directory 6 Windows Server 2003 Domains and Active Directory 7 Active Directory Open Standards 8 X.500 Hierarchies 8 Lightweight Directory Access Protocol (LDAP) 10 Key Features and Benefits of Active Directory 12 Centralized Directory 12 Single Sign-On 12 Delegated Administration 12 Common Management Interface 13 Integrated Security 13 Scalability 13 Whata s New in Windows Server 2003 Active Directory 14 Active Directory Users And Computers Improvements 14 Levels of Functionality 14 Domain Rename 15 Application Directory Partitions 15 Additional Domain Controller Installed from Backup Media 15 Deactivation of Schema Objects 16 Disabling Compression of Replication Traffic Between Different Sites 16 Global Catalog Not Required for Logon 16 Group Membership Replication Improvements 16 Object Picker UI Improvements 17 Lingering Object Removal Mechanism 17 inetOrgPerson Support 17 Summary 17 2 Active Directory Components 19 Active Directory Physical Structure 19 The Directory Data Store 19 Domain Controllers 20 Global Catalog Servers 20 Operations Masters 23 Transferring Operations Master Roles 25 The Schema 26 Active Directory Logical Structure 31 Active Directory Partitions 32 Domains 36 Domain Trees 37 Forests 38 Trusts 39 Sites 43 Organizational Units 46 Summary 48 3 Active Directory and Domain Name System 49 DNS Overview 49 Hierarchical Namespace 50 Distributed Database 51 Name Resolution Process 51 Resource Records 52 DNS Domains, Zones, and Servers 54 DNS and Windows Server 2003 Active Directory 61 DNS Locator Service 61 Active Directory Integrated Zones 66 DNS Enhancements 69 Summary 75 4 Active Directory Replication and Sites 77 Active Directory Replication Model 77 Replication Enhancements in Windows Server 2003 Active Directory 79 Intrasite and Intersite Replication 80 Intrasite Replication 81 Intersite Replication 82 Replication Latency 83 Urgent Replication 83 Replication Topology Generation 84 Knowledge Consistency Checker 84 Connection Objects 85 Intrasite Replication Topology 86 Global Catalog Replication 91 Intersite Replication Topology 93 Replication Process 95 Update Types 96 Replicating Changes 96 Configuring Intersite Replication 102 Creating Additional Sites 103 Site Links 103 Site Link Bridges 105 Replication Transport Protocols 106 Configuring Bridgehead Servers 107 Monitoring and WINDOWS SERVER 2003 ACTIVE DIRECTORY 5 Designing the Active Directory Structure 113 Designing the Forest Structure 113 Forests and Active Directory Design 114 Single or Multiple Forests 116 Defining Forest Ownership 119 Forest Change Control Policies 120 Designing the Domain Structure 121 Domains and Active Directory Design 121 Determining the Number of Domains 121 Designing the Forest Root Domain 124 Designing Domain Hierarchies 125 Domain Trees and Trusts 128 Changing the Domain Hierarchy 129 Defining Domain Ownership 130 Designing the DNS Infrastructure 131 Examining the Existing DNS Infrastructure 131 Namespace Design 132 Designing the Organizational Unit Structure 143 Organizational Units and Active Directory Design 143 Designing an OU Structure 144 Creating an OU Design 146 Designing the Site Topology 149 Sites and Active Directory Design 149 Networking Infrastructure and Site Design 150 Creating a Site Design 150 Designing Server Locations 153 Summary 158 6 Installing Active Directory 159 Prerequisites for Installing Active Directory 159 Hard Disk 160 Network Connectivity 160 DNS 161 Administrative Permissions 163 Active Directory Installation Options 163 Configure Your Server Wizard 163 Active Directory Installation Wizard (Dcpromo.exe) 164 Unattended Installation 165 Using the Configure Your Server Wizard 165 Using the Active Directory Installation Wizard 167 Operating System Compatibility 168 Domain and Domain Controller Types 169 Naming the Domain 171 File Locations 172 Verify or Install a DNS Server 173 Selecting Default Permissions for User and Group Objects 175 Completing the Installation 176 Performing an Unattended Installation 178 Installing Active Directory from Restored Backup Files 179 Removing Active Directory 180 Removing Additional Domain Controllers 182 Removing the Last Domain Controller 183 Unattended Removal of Active Directory 184 Summary 184 7 Migrating to Active Directory 185 Migration Paths 186 The Domain Upgrade Migration Path 187 The Domain Restructure Migration Path 189 The Upgrade-Then-Restructure Migration Path 191 Determining Your Migration Path 192 Migration Path Decision Criteria 192 Choosing the Domain Upgrade Path 193 Choosing the Domain Restructure Path 195 Choosing the Upgrade-Then-Restructure Path 197 Preparing for Migration to Active Directory 198 Planning the Migration 198 Testing the Migration Plan 204 Conducting a Pilot Migration 204 Upgrading the Domain 205 Upgrading from Windows NT Server 4 205 Upgrading from Windows 2000 Server 213 Restructuring the Domain 215 Creating the Pristine Forest 217 Migrating Account Domains 222 Migrating Resource Domains 226 Upgrading then Restructuring 231 Configuring Interforest Trusts 232 Summary 236 PART III Administering Windows Server 2003 Active Directory 8 Active Directory Security 239 Active Directory Security Basics 239 Security Principals 240 Access Control Lists 240 Access Tokens 241 Authentication 241 Authorization 242 Kerberos Security 242 Introduction to Kerberos 243 Kerberos Authentication 245 Delegation of Authentication 251 Configuring Kerberos in Windows Server 2003 253 Integration with Public Key Infrastructure 254 Integration with Smart Cards 257 Interoperability with Other Kerberos Systems 258 NTLM Security 260 Summary 260 9 Delegating the Administration of Active Directory 261 Active Directory Object Permissions 261 Standard Permissions 262 Special Permissions 264 Permissions Inheritance 268 Effective Permissions 270 Ownership of Active Directory Objects 273 Auditing the Use of Administrative Permissions 274 Delegating Administrative Tasks 276 Customized Tools for Delegated Administration 280 Customizing the Microsoft Management Console 280 Creating a Taskpad for Administration 281 Planning for the Delegation of Administration 282 Summary 283 10 Managing Active Directory Objects 285 Managing Users 285 User Objects 285 inetOrgPerson Objects 290 Contact Accounts 291 Managing Groups 292 Group Types 292 Group Scope 293 Creating a Security Group Design 296 Managing Computers 299 Managing Printer Objects 301 Publishing Printers in Active Directory 301 Managing Published Shared Folders 304 Windows Server 2003 Active Directory Administration Enhancements 305 Summary 306 11 Introduction to Group Policies 307 Group Policy Overview 308 Implementing Group Policies 311 Creating GPOs 312 Administering Group Policy Objects 313 Group Policy Inheritance and Application 314 Modifying the Default Application of Group Policies 316 Group Policy Processing 321 Delegating Administration of GPOs 326 Implementing Group Policies Between Domains and Forests 327 Group Policy Management Tools 328 RSoP Tool 328 GPResult 329 GPUpdate 330 Group Policy Management Console 330 Group Policy Design 332 Summary 333 12 Using Group Policies to Manage Software 335 Windows Installer Technology 336 Creating a .msi file 336 Deploying Software Using Group Policies 337 Deploying Applications 338 Using Group Policies to Distribute Nona Windows Installer Applications 341 Configuring Software Package Properties 343 Setting the Default Software Installation Properties 345 Installing Customized Software Packages 345 Updating an Existing Software Package 347 Managing Software Categories 349 Configuring File Extension Activation 350 Removing Software Using Group Policies 351 Using Group Policies to Configure Windows Installer 352 Planning for Software Distribution Using Group Policies 354 Limitations to Using Group Policies to Manage Software 357 Summary 359 13 Using Group Policies to Manage Computers 361 Desktop Management Using Group Policies 362 Managing User Data and Profile Settings 364 Managing User Profiles 364 Folder Redirection 368 Configuring Security Settings with Group Policies 372 Configuring Domain-Level Security Policies 372 Configuring Other Security Settings 377 Software Restriction Policies 379 Security Templates 382 Administrative Templates 385 Using Scripts to Manage the User Environment 389 Summary 391 PART IV Maintaining Windows Server 2003 Active Directory 14 Monitoring and Maintaining Active Directory 395 Monitoring Active Directory 395 Why Monitor Active Directory? 396 How to Monitor Active Directory 398 What to Monitor 410 Active Directory Database Maintenance 411 Garbage Collection 411 Online Defragmentation 413 Offline Defragmentation of the Active Directory Database 414 Managing the Active Directory Database Using Ntdsutil 415 Summary 417 15 Disaster Recovery 419 Planning for a Disaster 419 Active Directory Data Storage 420 Backing Up Active Directory 423 Restoring Active Directory 424 Restoring Active Directory by Creating a New Domain Controller 425 Performing a Nonauthoritative Restore 429 Performing an Authoritative Restore 431 Restoring Sysvol Information 433 Restoring Operations Masters and Global Catalog Servers 435 Summary 440 INDEX 441
