Laura E. Hunter - Active Directory Cookbook, 3rd Edition

Copyright 2008 O'Reilly Media, Inc.

OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (.

Nutshell Handbook, the Nutshell Handbook logo, and the OReilly logo are registered trademarks of OReilly Media, Inc. Active Directory Cookbook , the image of a bluefin tuna, and related trade dress are trademarks of OReilly Media, Inc.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and OReilly Media, Inc., was aware of a trademark claim, the designations have been printed in caps or initial caps.

While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

As with many of the books in the Cookbook series, Active Directory Cookbook , Third Edition, can be useful to anyone who wants to deploy, administer, or automate Active Directory. This book can serve as a great reference for those who have to work with Active Directory on a day-to-day basis. For those without much programming background, the command-line, VBScript, and PowerShell solutions are straightforward and provide an easy way to automate repetitive administrative tasks for any administrator .

The companion to this book, Active Directory, Fourth Edition, by Brian Desmond et al. (OReilly), is a great choice for those wanting a thorough description of the core concepts behind Active Directory, how to design an Active Directory infrastructure, and how to automate that infrastructure using Active Directory Service Interfaces ( ADSI ) and Windows Management Instrumentation (WMI). Active Directory, Fourth Edition, does not necessarily detail the steps needed to accomplish every possible task within Active Directory; that is more the intended purpose of this book. These two books, along with the supplemental information referenced within each, should be sufficient to answer most questions you have about Active Directory.

This book consists of 21 chapters. Here is a brief overview of each chapter:

Sets the stage for the book by covering where you can find the tools used in the book, VBScript and PowerShell issues to consider, and where to find additional information.

Covers how to create and remove forests and domains, update the domain mode or functional levels, create different types of trusts, and other administrative trust tasks.

Covers promoting and demoting domain controllers, finding domain controllers, enabling the global catalog, and finding and managing Flexible Single Master Operations (FSMO) roles. This will include coverage of the new Read-Only Domain Controller (RODC) that was introduced with Windows Server 2008.

Covers the basics of searching Active Directory: creating, modifying, and deleting objects, using LDAP controls, and importing and exporting data using LDAP Data Interchange Format (LDIF) and comma-separated variable (CSV) files.

Covers creating, moving, and deleting Organizational Units, and managing the objects contained within them.

Covers all aspects of managing user objects, including creating, renaming, moving, resetting passwords, unlocking, modifying the profile attributes, and locating users that have certain criteria (e.g., password is about to expire). This chapter includes coverage of the new Fine-Grained Password Policy feature that was introduced in Windows Server 2008.

Covers how to create groups, modify group scope and type, and manage membership .

Covers creating computers, joining computers to a domain, resetting computers, and locating computers that match certain criteria (e.g., have been inactive for a number of weeks).