Kimberry Associates : Books : Active Directory Forestry-Table of Contents

Books

Active Directory^® Forestry

Table of Contents
Chapter 1 - What and Why		1
	What is this book about?	1
	Discover how to…	2
	Why have we written this book?	2
	Who is this book for?	3
	A really important warning	3
	How to use this book	3
	Syntax and naming conventions	4
	Feedback and comments	4
Chapter 2 - Active Directory® Objects and Attributes		5
	Before we start, let’s set the scene	5
	The Schema	6
	Naming Objects	10
	Naming Contexts	12
	Schema Naming Context	12
	Configuration Naming Context	12
	Domain Naming Context	12
	Global Catalog	13
	Application Directory Partitions	13

Chapter 3 - Active Directory® Geek’s Reference		15
	Ambiguous Name Resolution	16
	ANR - Dual Word Testing	18
	ANR - dSHeuristics	18
	Category 1 or 2 Objects and Attributes	19
	Control Access Rights	20
	Add/Remove Self as Member	21
	Validated Write to DNS Host Name	21
	Validated Write to Service Principal Name	21
	Creating Objects	23
	Deleted Objects	26
	Display Specifiers	27
	Global Catalog	32
	Groups	34
	GUIDs	35
	Converting GUID string to octet string	36
	Indexed Attributes	37
	LDAP Controls	38
	LDAP Display Names	39
	LDAP Policies	42
	LDAP Synchronous versus Asynchronous Operations	45
	Linked Attributes	46
	Matching Rules	49
	Object Names	51
	Object Class and Object Category	52
	OIDs.	54
	Operational Attributes	55
	Property Sets	56
	RootDSE	58
	Replicated Attributes	59
	Schema Manager	60
	Searches	61
	Search Flags	62
	SIDs and RIDs	62
	System Flags	63
	Timeouts	64
	Virtual List View (VLV)	66

Chapter 4 - LDP Primer		67
	Installing LDP	67
	Starting LDP	67
	Connecting to a Server	68
	RootDSE	69
	Mandatory Attributes	69
	Additional Attributes	70
	RootDSE Results and Explanation	72
	Mandatory RFC Attributes	76
	Binding (authenticating) to a Server	77
	LDP Authentication Methods	78
	Disconnecting from the Server	79
	Menus, Menus, Menus	80

Chapter 5 - Getting to Grips with Searching		81
	Searching	81
	Where to Start your Search	81
	How Far and Deep to Query	82
	Base	82
	One-level	82
	Subtree	82
	Selecting the Correct DN and Scope	82
	What to Query for	83
	Search Filter Examples	83
	What Results to Return	83
	Setting the initial search conditions	86
	Retrieving RootDSE	88
	Searching for Attribute Values	89
	Testing out the Scope	90
	Defining the Attributes to be Returned	91
	Locating Directory Objects by GUIDs and SIDs	94
	Examples of Setting the Search Base Using a GUID or SID	94
	SIDs and RIDs	96
	Locating Server GUIDs within a Domain	97
	LDAP referrals	98
	Forest Wide Global Catalog search	99

Chapter 6 - Advanced Searching with Complex Filters		101
	Complex Search Filters	101
	Logical Operators	101
	objectClass and objectCategory	103
	Reserved Characters	104
	Enumerating all the Schema Object Definitions	105
	Enumerating all the Schema Attribute Definitions	105
	Enumerating Category 1 and 2 Objects	107
	Enumerating Attributes Replicated to the GC	108
	Enumerating Indexed Attributes	109
	Enumerating Members of the ANR Set	109
	Identifying Control Access Rights	110
	Identifying the Objects to which a Control Access Right applies	112
	Identifying all the Control Access Rights associated with an Object Class	114
	Enumerating Members of the same Property Set	118
	Identifying Groups	121
	Identifying Group Policy Objects using a Display Name	122
	Identifying Group Policy Objects using a GUID	123
	Identifying all Group Policy Objects	123

Chapter 7 - Controlling Returned Results		125
	Showing Deleted Objects	125
	Unknown SIDs	127
	Managing Larger Sets of Results	128
	Retrieving over 1000 records	129
	Paging	129
	Virtual List View (VLV)	131
	Sort Keys	133
	Returning Search Statistics	136
	Other Ways of Presenting Data	139
	DN Processing	139
	Value Parsing	140
	Viewing the Security Descriptor	140
	Replication Metadata	141

Chapter 8 - Manipulating Objects and Attributes		145
	Making Changes	145
	Adding New Objects into the Directory	145
	Creating a User Account Object	145
	Creating a New OU	150
	Modifying Attributes	151
	Single-Valued Attributes	151
	Multi-Valued Attributes	152
	Modifying a Single-Valued Attribute	152
	Modifying Multi-Valued Attributes	154
	Modifying a Distinguished Name	156
	Comparing Attribute Values	157
	Deleting Objects using the Microsoft® Windows® Server 2000 version of LDP	157
	Deleting Objects using the Microsoft® Windows® Server 2003 version of LDP	158

Chapter 9 - A Different Way of Seeing and Doing Things		159
	Viewing the Entire Directory Tree	159
	Tree View	159
	Moving an Object in Tree View	160
	Deleting an OU and it’s Contained Objects Through Tree view	161
	Viewing Your Live Enterprise Tree	162

Chapter 10 - Tips on Creating Efficient Searches		163
	Restrict the search scope	163
	Indexed attributes should be used wherever possible	163
	Limit the number of attributes returned	163
	Limit the use of Ambiguous Name Resolution	163
	Consider medial searches	163
	AND and OR operators	164
	Avoid redundant operators	164
	Bitwise AND and OR matching rules	164
	NOT operator may return undesired results	164
Appendix A - Test Forest Configuration		165
	Setting the Initial Search Conditions	168
Appendix B - UI Text Strings		171
	User Object UI Text Names Mapped to Attribute LDAP Display Names for US-English (409) Locale	171
Appendix C - Object Names		173
	LDAP Display Names mapped to Common Names	173
	Name Mapping	174
Appendix D - Attribute Names		175
	LDAP Display Names mapped to Common Names	175
	Name Mapping	176
Appendix E - userAccountControl Flags		179
	Account Control Flags	179
Appendix F - Locale Identifiers		181
Practical Techniques and Examples		185
Index		187
Figures		193

The AD Seminars

Securing Active Directory^® Access
One-Day Seminar
(level-400)

Presented by
John Craddock

Active Directory^® Internals
One-Day Seminar
(level-400)

Presented by
John Craddock

Content

Active Directory^®
Disaster Recovery
One-Day Seminar
(level-400)

Presented by
John Craddock

Content