Home Books Purchase Consultancy work The Seminars Contact Us Downloads


Specialists in infrastructure design for business critical systems

 

 

 
Books
Active Directory® Forestry
Table of Contents | More information | What people are saying about the book?
Purchase | Book Review


More Information on the book

 What is this book about?
 Discover how to
 Why have we written this book?
 Who is this book for?
 A really important warning
 How to use this book
 Syntax and naming conventions
 Feedback and comments


What is this book about?

This book peels back the covers on Active Directory® and provides you with the technical in-depth details of objects and attributes and how they interact. The book centres around our Geek’s Reference (Chapter 3) which provides an in-depth explanation of the key objects and attributes in a clear and precise manner. Explanations are backed up with solid working examples showing you how to interrogate the directory using the Microsoft support tool LDP. The majority of techniques that we show you apply equally well to the Microsoft® Windows® 2000 Server and Microsoft® Windows® Server 2003 families.

Our testing has been performed using the RC1 build of Microsoft® Windows® Server 2003 and we don’t anticipate any significant functional changes in the final release.

Now, we all like a challenge… As the presses were about to roll with the first print run, Microsoft announced the product name change from Microsoft® Windows® .NET Server 2003 to Microsoft® Windows® Server 2003. Whilst we have changed all product references, we cannot be certain if any programmatic variable references will be impacted by the name change. For example .NET forest functionality may well be renamed to 2003 forest functionality. We have a bet running on this! For the moment, we have kept the current names and our wagers are in the corner!

LDP allows you to create native Lightweight Directory Access Protocol (LDAP) commands to query and modify the Active Directory®. Through the use of this powerful support tool, if you have the right credentials, you will be able to gain access and effect change to all objects and attributes within the Active Directory®.

This book provides you with the skills you need to perform in-depth investigations into the directory. An essential companion if you are troubleshooting or responding to change requests.

Top
Discover how to
  • Display deleted directory objects
  • Create or modify any type of object
  • Check if an attribute is indexed
  • Locate the security principal for an unknown account
  • Examine which attributes are published in the global catalog
  • Investigate which attributes are members of the ANR set
  • Test individual bits within an attribute
  • Gain ultimate access to the Active Directory®
Top
Why have we written this book?

The Active Directory® publishes information about data and services available throughout your enterprise. Your business systems will be dependant on you establishing and maintaining a rock solid infrastructure. There are many texts on designing and deploying the Active Directory®. These texts describe how to create and maintain objects and their associated attributes through the standard user interface tools, but what if you need to go beyond that?

Your systems are dependant on the correct representation of resources within the directory.

  • If an application is regularly searching for an attribute value, that value should be indexed. How do you know which attributes are indexed?
  • Property sets allow you to configure security on a number of attributes through a single Access Control Entry (ACE). How do you know which attributes are members of a property set?
  • If you want to perform enterprise-wide searches for a particular attribute value, that value needs to be in the global catalog (GC). How do you know which attributes are published to the global catalog?

We’ve often heard the complaint from system administrators, architects and programmers that they cannot find this information documented.

You could argue that it would be irresponsible for Microsoft to document much of this because it could be conceived as complete. The directory is totally extensible and dynamic so any documentation apart from your own will invariably be out of date. Directory-enabled applications will change the number of indexed attributes, members of a property set and so on.

You have to be able to document your own Active Directory® and that’s why we wrote this book.

We believe that LDP was written for geeks, nerds and the initiated and to maximise its use, you need solid LDAP skills. This book comes to the rescue. It provides a comprehensive guide to using LDP without having to be a master guru in LDAP.

Top
Who is this book for?
It is for anyone who wants to dig deep into the Active Directory®, including:

  • System administrators
  • System architects
  • Support engineers
  • Programmers writing directory enabled applications

The book will aid you in solving complex administration tasks and Active Directory® troubleshooting. The book assumes that you are familiar with Active Directory® concepts to a fairly advanced level. On our geekometer scale this book is extreme!

Top
A really important warning
If you use the ADSI Edit snap-in, the LDP utility or any other LDAP client and incorrectly modify the Active Directory® you could cause serious problems. This may cause you loss of data and require you to reinstall the operating system and applications. It cannot be guaranteed that problems resulting from the incorrect modification of the Active Directory® can be solved. Make modifications at your own risk in a test environment before applying them to any production system.

Top
How to use this book
To gain full benefit from the book start at the beginning and work your way through to the end. We strongly advise you to try out all the examples in a test forest – our test environment is documented in Appendix A. If you choose not to use our test forest naming conventions, you will need to modify the examples as appropriate.

It is important that LDP is configured correctly and if you are unsuccessful at any point refer to the section on setting the initial search conditions in Chapter 5.

If you are:

  • In a hurry and need an introduction, start with Chapter 2 which introduces Active Directory® objects and attributes. After that, dip in and out as necessary, referring to the table of contents and the index.
  • In need of further explanation, refer to the Active Directory® Geek’s Reference in Chapter 3. You will find our ultimate reference to the key objects, attributes and concepts.
  • If you are new to LDP, work through the LDP Primer in Chapter 4.
  • If you are trying to solve a particular problem, refer to the comprehensive indexing.
Top
Syntax and naming conventions

Where object and attribute names have been individually mentioned in the text, they are italicised. The majority of names used are the LDAP display names as these are the names you need when programmatically accessing the directory.
Top

Feedback and comments

If you would like to contribute your feedback, comments or questions, please contact us at comments@kimberry.co.uk.

Thank you for taking the time to buy this book and letting us know what you think. If you have suggestions for future books, we would like to hear.
Top


© 2003, John Craddock and Sally Storey



The AD Seminars

Securing Active Directory® Access
One-Day Seminar
(level-400)

Presented by
John Craddock
Seminar Abstract
Who should attend?
Topic Covered
Speaker Biography



Active Directory® Internals
One-Day Seminar
(level-400)

Presented by
John Craddock
Seminar Abstract
Who should attend?
Prerequisites
Speaker Biography
Content



Active Directory®
Disaster Recovery
One-Day Seminar
(level-400)

Presented by
John Craddock

Seminar Abstract
Who should attend?
Prerequisites
Speaker Biography
Content

© 2002- 2003 Kimberry Assocociates | Terms of Use, Privacy Statement, Disclaimer  | Trademarks