Tài liệu Active Directory Cookbook

Thảo luận trong 'Kế Toán - Kiểm Toán' bắt đầu bởi Thúy Viết Bài, 5/12/13.

  1. Thúy Viết Bài

    Thành viên vàng

    Bài viết:
    198,891
    Được thích:
    173
    Điểm thành tích:
    0
    Xu:
    0Xu
    Copyright
    Foreword
    Preface
    Who Should Read This Book?
    What's in This Book?
    Conventions Used in This Book
    We'd Like Your Feedback!
    Acknowledgments

    Chapter 1. Getting Started

    Approach to the Book
    Recipe 1.1. Where to Find the Tools
    Recipe 1.2. Getting Familiar with LDIF
    Recipe 1.3. Programming Notes
    Recipe 1.4. Replaceable Text
    Recipe 1.5. Where to Find More Information

    Chapter 2. Forests, Domains, and Trusts
    Introduction
    Recipe 2.1. Creating a Forest
    Recipe 2.2. Removing a Forest
    Recipe 2.3. Creating a Domain
    Recipe 2.4. Removing a Domain
    Recipe 2.5. Removing an Orphaned Domain
    Recipe 2.6. Finding the Domains in a Forest
    Recipe 2.7. Finding the NetBIOS Name of a Domain
    Recipe 2.8. Renaming a Domain
    Recipe 2.9. Changing the Mode of a Domain
    Recipe 2.10. Using ADPrep to Prepare a Domain or Forest for Windows Server 2003
    Recipe 2.11. Determining if ADPrep Has Completed
    Recipe 2.12. Checking Whether a Windows 2000 Domain Controller Can Be Upgraded to Windows Server 2003
    Recipe 2.13. Raising the Functional Level of a Windows Server 2003 Domain
    Recipe 2.14. Raising the Functional Level of a Windows Server 2003 Forest
    Recipe 2.15. Creating a Trust Between a Windows NT Domain and an AD Domain
    Recipe 2.16. Creating a Transitive Trust Between Two AD Forests
    Recipe 2.17. Creating a Shortcut Trust Between Two AD Domains
    Recipe 2.18. Creating a Trust to a Kerberos Realm
    Recipe 2.19. Viewing the Trusts for a Domain
    Recipe 2.20. Verifying a Trust
    Recipe 2.21. Resetting a Trust
    Recipe 2.22. Removing a Trust
    Recipe 2.23. Enabling SID Filtering for a Trust
    Recipe 2.24. Finding Duplicate SIDs in a Domain

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Introduction
    Recipe 3.1. Promoting a Domain Controller
    Recipe 3.2. Promoting a Domain Controller from Media
    Recipe 3.3. Demoting a Domain Controller
    Recipe 3.4. Automating the Promotion or Demotion of a Domain Controller
    Recipe 3.5. Troubleshooting Domain Controller Promotion or Demotion Problems
    Recipe 3.6. Removing an Unsuccessfully Demoted Domain Controller
    Recipe 3.7. Renaming a Domain Controller
    Recipe 3.8. Finding the Domain Controllers for a Domain
    Recipe 3.9. Finding the Closest Domain Controller
    Recipe 3.10. Finding a Domain Controller's Site
    Recipe 3.11. Moving a Domain Controller to a Different Site
    Recipe 3.12. Finding the Services a Domain Controller Is Advertising
    Recipe 3.13. Configuring a Domain Controller to Use an External Time Source
    Recipe 3.14. Finding the Number of Logon Attempts Made Against a Domain Controller
    Recipe 3.15. Enabling the /3GB Switch to Increase the LSASS Cache
    Recipe 3.16. Cleaning Up Distributed Link Tracking Objects
    Recipe 3.17. Enabling and Disabling the Global Catalog
    Recipe 3.18. Determining if Global Catalog Promotion Is Complete
    Recipe 3.19. Finding the Global Catalog Servers in a Forest
    Recipe 3.20. Finding the Domain Controllers or Global Catalog Servers in a Site
    Recipe 3.21. Finding Domain Controllers and Global Catalogs via DNS
    Recipe 3.22. Changing the Preference for a Domain Controller
    Recipe 3.23. Disabling the Global Catalog Requirement During a Windows 2000 Domain Login
    Recipe 3.24. Disabling the Global Catalog Requirement During a Windows 2003 Domain Login
    Recipe 3.25. Finding the FSMO Role Holders
    Recipe 3.26. Transferring a FSMO Role
    Recipe 3.27. Seizing a FSMO Role
    Recipe 3.28. Finding the PDC Emulator FSMO Role Owner via DNS

    Chapter 4. Searching and Manipulating Objects
    Introduction
    Recipe 4.1. Viewing the RootDSE
    Recipe 4.2. Viewing the Attributes of an Object
    Recipe 4.3. Using LDAP Controls
    Recipe 4.4. Using a Fast or Concurrent Bind
    Recipe 4.5. Searching for Objects in a Domain
    Recipe 4.6. Searching the Global Catalog
    Recipe 4.7. Searching for a Large Number of Objects
    Recipe 4.8. Searching with an Attribute-Scoped Query
    Recipe 4.9. Searching with a Bitwise Filter
    Recipe 4.10. Creating an Object
    Recipe 4.11. Modifying an Object
    Recipe 4.12. Modifying a Bit-Flag Attribute
    Recipe 4.13. Dynamically Linking an Auxiliary Class
    Recipe 4.14. Creating a Dynamic Object
    Recipe 4.15. Refreshing a Dynamic Object
    Recipe 4.16. Modifying the Default TTL Settings for Dynamic Objects
    Recipe 4.17. Moving an Object to a Different OU or Container
    Recipe 4.18. Moving an Object to a Different Domain
    Recipe 4.19. Renaming an Object
    Recipe 4.20. Deleting an Object
    Recipe 4.21. Deleting a Container That Has Child Objects
    Recipe 4.22. Viewing the Created and Last Modified Timestamp of an Object
    Recipe 4.23. Modifying the Default LDAP Query Policy
    Recipe 4.24. Exporting Objects to an LDIF File
    Recipe 4.25. Importing Objects Using an LDIF File
    Recipe 4.26. Exporting Objects to a CSV File
    Recipe 4.27. Importing Objects Using a CSV File

    Chapter 5. Organizational Units
    Introduction
    Recipe 5.1. Creating an OU
    Recipe 5.2. Enumerating the OUs in a Domain
    Recipe 5.3. Enumerating the Objects in an OU
    Recipe 5.4. Deleting the Objects in an OU
    Recipe 5.5. Deleting an OU
    Recipe 5.6. Moving the Objects in an OU to a Different OU
    Recipe 5.7. Moving an OU
    Recipe 5.8. Determining How Many Child Objects an OU Has
    Recipe 5.9. Delegating Control of an OU
    Recipe 5.10. Allowing OUs to Be Created Within Containers
    Recipe 5.11. Linking a GPO to an OU

    Chapter 6. Users
    Introduction
    Recipe 6.1. Creating a User
    Recipe 6.2. Creating a Large Number of Users
    Recipe 6.3. Creating an inetOrgPerson User
    Recipe 6.4. Modifying an Attribute for Several Users at Once
    Recipe 6.5. Moving a User
    Recipe 6.6. Renaming a User
    Recipe 6.7. Copying a User
    Recipe 6.8. Unlocking a User
    Recipe 6.9. Finding Locked Out Users
    Recipe 6.10. Troubleshooting Account Lockout Problems
    Recipe 6.11. Viewing the Account Lockout and Password Policies
    Recipe 6.12. Enabling and Disabling a User
    Recipe 6.13. Finding Disabled Users
    Recipe 6.14. Viewing a User's Group Membership
    Recipe 6.15. Changing a User's Primary Group
    Recipe 6.16. Transferring a User's Group Membership to Another User
    Recipe 6.17. Setting a User's Password
    Recipe 6.18. Setting a User's Password via LDAP
    Recipe 6.19. Setting a User's Password via Kerberos
    Recipe 6.20. Preventing a User from Changing His Password
    Recipe 6.21. Requiring a User to Change Her Password at Next Logon
    Recipe 6.22. Preventing a User's Password from Expiring
    Recipe 6.23. Finding Users Whose Passwords Are About to Expire
    Recipe 6.24. Setting a User's Account Options (userAccountControl)
    Recipe 6.25. Setting a User's Account to Expire in the Future
    Recipe 6.26. Finding Users Whose AccountsAre About to Expire
    Recipe 6.27. Determining a User's Last Logon Time
    Recipe 6.28. Finding Users Who Have Not Logged On Recently
    Recipe 6.29. Setting a User's Profile Attributes
    Recipe 6.30. Viewing a User's Managed Objects
    Recipe 6.31. Modifying the Default Display Name Used When Creating Users in ADUC
    Recipe 6.32. Creating a UPN Suffix for a Forest

    Chapter 7. Groups
    Introduction
    Recipe 7.1. Creating a Group
    Recipe 7.2. Viewing the Direct Members of a Group
    Recipe 7.3. Viewing the Nested Members of a Group
    Recipe 7.4. Adding and Removing Members of a Group
    Recipe 7.5. Moving a Group
    Recipe 7.6. Changing the Scope or Type of a Group
    Recipe 7.7. Delegating Control for Managing Membership of a Group
    Recipe 7.8. Resolving a Primary Group ID
    Recipe 7.9. Enabling Universal Group Membership Caching

    Chapter 8. Computers
    Introduction
    Recipe 8.1. Creating a Computer
    Recipe 8.2. Creating a Computer for a Specific User or Group
    Recipe 8.3. Joining a Computer to a Domain
    Recipe 8.4. Moving a Computer
    Recipe 8.5. Renaming a Computer
    Recipe 8.6. Testing the Secure Channel for a Computer
    Recipe 8.7. Resetting a Computer
    Recipe 8.8. Finding Inactive or Unused Computers
    Recipe 8.9. Changing the Maximum Number of Computers a User Can Join to the Domain
    Recipe 8.10. Finding Computers with a Particular OS
    Recipe 8.11. Binding to the Default Container for Computers
    Recipe 8.12. Changing the Default Container for Computers

    Chapter 9. Group Policy Objects (GPOs)
    Introduction
    Recipe 9.1. Finding the GPOs in a Domain
    Recipe 9.2. Creating a GPO
    Recipe 9.3. Copying a GPO
    Recipe 9.4. Deleting a GPO
    Recipe 9.5. Viewing the Settings of a GPO
    Recipe 9.6. Modifying the Settings of a GPO
    Recipe 9.7. Importing Settings into a GPO
    Recipe 9.8. Assigning Logon/Logoff and Startup/Shutdown Scripts in a GPO
    Recipe 9.9. Installing Applications with a GPO
    Recipe 9.10. Disabling the User or Computer Settings in a GPO
    Recipe 9.11. Listing the Links for GPO
    Recipe 9.12. Creating a GPO Link to an OU
    Recipe 9.13. Blocking Inheritance of GPOs on an OU
    Recipe 9.14. Applying a Security Filter to a GPO
    Recipe 9.15. Creating a WMI Filter
    Recipe 9.16. Applying a WMI Filter to a GPO
    Recipe 9.17. Backing Up a GPO
    Recipe 9.18. Restoring a GPO
    Recipe 9.19. Simulating the RSoP
    Recipe 9.20. Viewing the RSoP
    Recipe 9.21. Refreshing GPO Settings on a Computer
    Recipe 9.22. Restoring a Default GPO

    Chapter 10. Schema
    Introduction
    Recipe 10.1. Registering the Active Directory Schema MMC Snap-in
    Recipe 10.2. Enabling Schema Updates
    Recipe 10.3. Generating an OID to Use for a New Class or Attribute
    Recipe 10.4. Generating a GUID to Use for a New Class or Attribute
    Recipe 10.5. Extending the Schema
    Recipe 10.6. Documenting Schema Extensions
    Recipe 10.7. Adding a New Attribute
    Recipe 10.8. Viewing an Attribute
    Recipe 10.9. Adding a New Class
    Recipe 10.10. Viewing a Class
    Recipe 10.11. Indexing an Attribute
    Recipe 10.12. Modifying the Attributes That Are Copied When Duplicating a User
    Recipe 10.13. Modifying the Attributes Included with Ambiguous Name Resolution
    Recipe 10.14. Adding or Removing an Attribute in the Global Catalog
    Recipe 10.15. Finding the Nonreplicated and Constructed Attributes
    Recipe 10.16. Finding the Linked Attributes
    Recipe 10.17. Finding the Structural, Auxiliary, Abstract, and 88 Classes
    Recipe 10.18. Finding the Mandatory and Optional Attributes of a Class
    Recipe 10.19. Modifying the Default Security of a Class
    Recipe 10.20. Deactivating Classes and Attributes
    Recipe 10.21. Redefining Classes and Attributes
    Recipe 10.22. Reloading the Schema Cache

    Chapter 11. Site Topology
    Introduction
    Recipe 11.1. Creating a Site
    Recipe 11.2. Listing the Sites
    Recipe 11.3. Deleting a Site
    Recipe 11.4. Creating a Subnet
    Recipe 11.5. Listing the Subnets
    Recipe 11.6. Finding Missing Subnets
    Recipe 11.7. Creating a Site Link
    Recipe 11.8. Finding the Site Links for a Site
    Recipe 11.9. Modifying the Sites That Are Part of a Site Link
    Recipe 11.10. Modifying the Cost for a Site Link
    Recipe 11.11. Disabling Site Link Transitivity or Site Link Schedules
    Recipe 11.12. Creating a Site Link Bridge
    Recipe 11.13. Finding the Bridgehead Servers for a Site
    Recipe 11.14. Setting a Preferred Bridgehead Server for a Site
    Recipe 11.15. Listing the Servers
    Recipe 11.16. Moving a Domain Controller to a Different Site
    Recipe 11.17. Configuring a Domain Controller to Cover Multiple Sites
    Recipe 11.18. Viewing the Site Coverage for a Domain Controller
    Recipe 11.19. Disabling Automatic Site Coverage for a Domain Controller
    Recipe 11.20. Finding the Site for a Client
    Recipe 11.21. Forcing a Host to a Particular Site
    Recipe 11.22. Creating a Connection Object
    Recipe 11.23. Listing the Connection Objects for a Server
    Recipe 11.24. Load-Balancing Connection Objects
    Recipe 11.25. Finding the ISTG for a Site
    Recipe 11.26. Transferring the ISTG to Another Server
    Recipe 11.27. Triggering the KCC
    Recipe 11.28. Determining if the KCC Is Completing Successfully
    Recipe 11.29. Disabling the KCC for a Site
    Recipe 11.30. Changing the Interval at Which the KCC Runs

    Chapter 12. Replication
    Introduction
    Recipe 12.1. Determining if Two Domain Controllers Are in Sync
    Recipe 12.2. Viewing the Replication Status of Several Domain Controllers
    Recipe 12.3. Viewing Unreplicated Changes Between Two Domain Controllers
    Recipe 12.4. Forcing Replication from One Domain Controller to Another
    Recipe 12.5. Changing the Intra-Site Replication Interval
    Recipe 12.6. Changing the Inter-Site Replication Interval
    Recipe 12.7. Disabling Inter-Site Compression of Replication Traffic
    Recipe 12.8. Checking for Potential Replication Problems
    Recipe 12.9. Enabling Enhanced Logging of Replication Events
    Recipe 12.10. Enabling Strict or Loose Replication Consistency
    Recipe 12.11. Finding Conflict Objects
    Recipe 12.12. Viewing Object Metadata

    Chapter 13. Domain Name System (DNS)
    Introduction
    Recipe 13.1. Creating a Forward Lookup Zone
    Recipe 13.2. Creating a Reverse Lookup Zone
    Recipe 13.3. Viewing a Server's Zones
    Recipe 13.4. Converting a Zone to an AD-Integrated Zone
    Recipe 13.5. Moving AD-Integrated Zones into an Application Partition
    Recipe 13.6. Delegating Control of a Zone
    Recipe 13.7. Creating and Deleting Resource Records
    Recipe 13.8. Querying Resource Records
    Recipe 13.9. Modifying the DNS Server Configuration
    Recipe 13.10. Scavenging Old Resource Records
    Recipe 13.11. Clearing the DNS Cache
    Recipe 13.12. Verifying That a Domain Controller Can Register Its Resource Records
    Recipe 13.13. Registering a Domain Controller's Resource Records
    Recipe 13.14. Preventing a Domain Controller from Dynamically Registering All Resource Records
    Recipe 13.15. Preventing a Domain Controller from Dynamically Registering Certain Resource Records
    Recipe 13.16. Deregistering a Domain Controller's Resource Records
    Recipe 13.17. Allowing Computers to Use a Different Domain Suffix from Their AD Domain

    Chapter 14. Security and Authentication
    Introduction
    Recipe 14.1. Enabling SSL/TLS
    Recipe 14.2. Encrypting LDAP Traffic with SSL, TLS, or Signing
    Recipe 14.3. Enabling Anonymous LDAP Access
    Recipe 14.4. Restricting Hosts from Performing LDAP Queries
    Recipe 14.5. Using the Delegation of Control Wizard
    Recipe 14.6. Customizing the Delegation of Control Wizard
    Recipe 14.7. Viewing the ACL for an Object
    Recipe 14.8. Customizing the ACL Editor
    Recipe 14.9. Viewing the Effective Permissions on an Object
    Recipe 14.10. Changing the ACL of an Object
    Recipe 14.11. Changing the Default ACL for an Object Class in the Schema
    Recipe 14.12. Comparing the ACL of an Object to the Default Defined in the Schema
    Recipe 14.13. Resetting an Object's ACL to the Default Defined in the Schema
    Recipe 14.14. Preventing the LM Hash of a Password from Being Stored
    Recipe 14.15. Enabling List Object Access Mode
    Recipe 14.16. Modifying the ACL on Administrator Accounts
    Recipe 14.17. Viewing and Purging Your Kerberos Tickets
    Recipe 14.18. Forcing Kerberos to Use TCP
    Recipe 14.19. Modifying Kerberos Settings

    Chapter 15. Logging, Monitoring, and Quotas
    Introduction
    Recipe 15.1. Enabling Extended dcpromo Logging
    Recipe 15.2. Enabling Diagnostics Logging
    Recipe 15.3. Enabling NetLogon Logging
    Recipe 15.4. Enabling GPO Client Logging
    Recipe 15.5. Enabling Kerberos Logging
    Recipe 15.6. Enabling DNS Server Debug Logging
    Recipe 15.7. Viewing DNS Server Performance Statistics
    Recipe 15.8. Enabling Inefficient and Expensive LDAP Query Logging
    Recipe 15.9. Using the STATS Control to View LDAP Query Statistics
    Recipe 15.10. Using Perfmon to Monitor AD
    Recipe 15.11. Using Perfmon Trace Logs to Monitor AD
    Recipe 15.12. Enabling Auditing of Directory Access
    Recipe 15.13. Creating a Quota
    Recipe 15.14. Finding the Quotas Assigned to a Security Principal
    Recipe 15.15. Changing How Tombstone Objects Count Against Quota Usage
    Recipe 15.16. Setting the Default Quota for All Security Principals in a Partition
    Recipe 15.17. Finding the Quota Usage for a Security Principal

    Chapter 16. Backup, Recovery, DIT Maintenance, and Deleted Objects
    Introduction
    Recipe 16.1. Backing Up Active Directory
    Recipe 16.2. Restarting a Domain Controller in Directory Services Restore Mode
    Recipe 16.3. Resetting the Directory Service Restore Mode Administrator Password
    Recipe 16.4. Performing a Nonauthoritative Restore
    Recipe 16.5. Performing an Authoritative Restore of an Object or Subtree
    Recipe 16.6. Performing a Complete Authoritative Restore
    Recipe 16.7. Checking the DIT File's Integrity
    Recipe 16.8. Moving the DIT Files
    Recipe 16.9. Repairing or Recovering the DIT
    Recipe 16.10. Performing an Online Defrag Manually
    Recipe 16.11. Determining How Much Whitespace Is in the DIT
    Recipe 16.12. Performing an Offline Defrag to Reclaim Space
    Recipe 16.13. Changing the Garbage Collection Interval
    Recipe 16.14. Logging the Number of Expired Tombstone Objects
    Recipe 16.15. Determining the Size of the Active Directory Database
    Recipe 16.16. Searching for Deleted Objects
    Recipe 16.17. Restoring a Deleted Object
    Recipe 16.18. Modifying the Tombstone Lifetime for a Domain

    Chapter 17. Application Partitions
    Introduction
    Recipe 17.1. Creating and Deleting an Application Partition
    Recipe 17.2. Finding the Application Partitions in a Forest
    Recipe 17.3. Adding or Removing a Replica Server for an Application Partition
    Recipe 17.4. Finding the Replica Servers for an Application Partition
    Recipe 17.5. Finding the Application Partitions Hosted by a Server
    Recipe 17.6. Verifying Application Partitions Are Instantiated on a Server Correctly
    Recipe 17.7. Setting the Replication Notification Delay for an Application Partition
    Recipe 17.8. Setting the Reference Domain for an Application Partition
    Recipe 17.9. Delegating Control of Managing an Application Partition

    Chapter 18. Interoperability and Integration
    Introduction
    Recipe 18.1. Accessing AD from a Non-Windows Platform
    Recipe 18.2. Programming with .NET
    Recipe 18.3. Programming with DSML
    Recipe 18.4. Programming with Perl
    Recipe 18.5. Programming with Java
    Recipe 18.6. Programming with Python
    Recipe 18.7. Integrating with MIT Kerberos
    Recipe 18.8. Integrating with Samba
    Recipe 18.9. Integrating with Apache
    Recipe 18.10. Replacing NIS
    Recipe 18.11. Using BIND for DNS
    Recipe 18.12. Authorizing a Microsoft DHCP Server
    Recipe 18.13. Using VMWare for Testing AD

    Appendix A. Tool List
    ACL Diagnostics Command (acldiag.exe)
    Active Directory Domains and Trusts Snap-in (domain.msc)
    Active Directory Installation Wizard (dcpromo.exe)
    Active Directory Load Balancer Command (adlb.exe)
    Active Directory Schema Snap-in (schmmgmt.msc)
    Active Directory Sites and Services (dssite.msc)
    Active Directory Users and Computers Snap-in (dsa.msc)
    AD Prep Utility (adprep.exe)
    ADSI Edit (adsiedit.msc)
    Audit Policy Command (auditpol.exe)
    Backup Wizard (ntbackup.exe)
    CSVDE Command (csvde.exe)
    Default Domain Controller Security Policy Snap-in (dcpol.msc)
    Default Domain Security Policy Snap-in (dompol.msc)
    Default Group Policy Restore Command (dcgpofix.exe)
    DNS Snap-in (dnsmgmt.msc)
    DNSCmd Command (dnscmd.exe)
    Domain Controller Diagnosis Command (dcdiag.exe)
    DS ACL Command (dsacls.exe)
    DS Add Command (dsadd.exe)
    DS Get Command (dsget.exe)
    DS Modify Command (dsmodify.exe)
    DS Move Command (dsmove.exe)
    DS Query Command (dsquery.exe)
    DS Remove Command (dsrm.exe)
    Enumprop Command (enumprop.exe)
    Group Policy Management Console (gpmc.msc)
    Group Policy Object Editor (gpedit.msc)
    Group Policy Verification Tool (gpotool.exe)
    Group Policy Results Command (gpresult.exe)
    Group Policy Refresh Command (gpupdate.exe)
    IP Configuration (ipconfig.exe)
    Kerberos List (klist.exe)
    Kerberos Tray (kerbtray.exe)
    LDIFDE Command (ldifde.exe)
    LDP (ldp.exe)
    Move Tree Command (movetree.exe)
    Netdom Command (netdom.exe)
    Network Connectivity Tester (netdiag.exe)
    NLTest Command (nltest.exe)
    Nslookup Command (nslookup.exe)
    NTDS Util Command (ntdsutil.exe)
    OID Generator Command (oidgen.exe)
    Redirect Default Computers Command (redircmp.exe)
    Redirect Default Users Command (redirusr.exe)
    Reg Command (reg.exe)
    Registry Editor (regedit.exe)
    Rename Domain Command (rendom.exe)
    Replication Diagnostics Command (repadmin.exe)
    Replication Monitor (replmon.exe)
    Resultant Set of Policy Snap-in (rsop.msc)
    SecEdit Command (secedit.exe)
    Time Service (w32tm.exe)
    Unlock (unlock.exe)
    UUID Generator Command (uuidgen.exe)
    WinNT32 Command (winnt32.exe)

    Colophon
    Index
     

    Các file đính kèm:

Đang tải...