Managing Enterprise Active Directory Services [Paperback]

Robbie Allen (Author), Richard Puckett (Author)

Book Description

ISBN-10: 0672321254 | ISBN-13: 978-0672321252 | Publication Date: April 25, 2002 | Edition: 1st

Active Directory, a key element of Windows 2000, is a centralized system that automates management of user data and resources and is intended to be a consolidation point for centrally managing and reducing the number of directories that companies have. Due to its complexity, managing Active Directory requires careful maintenance and monitoring. In Managing Enterprise Active Directory Services, the authors draw from their own experiences with Active Directory programming interfaces and management concepts to provide readers with an authoritative reference that will enable them to manage Active Directory services more efficiently.

Editorial Reviews

About the Author

Robbie Allen is a Systems Architect and Programmer for the Enterprise Management (EMAN) group within Cisco Systems' Information Technology department. Robbie is the lead architect for Cisco's Active Directory design and deployment and was a technical lead for the automation and deployment of Cisco's DNS and DHCP infrastructure. He is the co-author of Managing Enterprise Active Directory Services.

Richard Puckett is a technical lead and developer inside of Cisco System's Enterprise Management (EMAN) group, and is the author of Windows NT: Automated Deployment and Customization (MTP, 1-57870-045-0) and co-author of Managing Enterprise Active Directory Services (AW, 0-672-32125-4). He is the principal developer of Cisco's Active Directory migration utility ("Immigrant"), which successfully migrated over 55,000 systems worldwide into Cisco's production Active Directory. Richard has spoken at conferences such as DECUS and Networld+Interop on a wide range of issues, such as Windows Automation, Security, and Directory Services. He is currently the Messaging and Information Security technical lead within EMAN.

0672321254AB07192002

Excerpt. © Reprinted by permission. All rights reserved.

In the fast-paced world of information technology (IT), staying on top of changes in the industry can be difficult, not to mention time consuming and costly. Proper staffing, training, and planning to handle migrations from old to new technologies have caused IT engineers, managers, and end users many headaches over the years. Microsoft has definitely played a part in solidifying the workforce of IT consultants by rapidly evolving its product line. Most products developed by Microsoft have a one- to three-year life expectancy with new versions or updates typically being released every few months. This does not allow a lot of time to get properly acclimated and adjusted both from a staffing and infrastructure perspective before a new version is released. Microsoft is not completely to blame for the speed of product evolution since the industry as a whole often dictates changes by introducing new technologies. A good example of this is the Extensible Markup Language (XML). As XML has gained more industry acceptance over the past few years, it has become almost a requirement for products to use it if they require data interchange between systems.

One of the biggest challenges for architects and implementers of new technologies is finding accurate and adequate information. Without proper information about a technology, implementation can be delayed and potentially done incorrectly. This results in further redeployments and migrations and eventually more frustration for the user base! Because Active Directory touches so many facets of a company's infrastructure, we cannot stress enough that implementing Active Directory right the first time is of utmost importance. Mistakes made now will be felt for years to come.

In 1999 and 2000, informative data on Active Directory was not easy to come by, primarily because Windows 2000, the operating system which Active Directory runs on, had just been released. Authoritative books, magazine articles, white papers, and Web sites were few and far between. A lot of the published information was either inadequate or downright technically wrong. Now, information on Active Directory is much more abundant. In fact, there has been such an explosion of Windows 2000 and Active Directory-related books, magazines and Web sites that it can be difficult to find exactly what you are looking for. It is our hope that this book provides some fresh data, specifically on the management aspects of Active Directory from two people that have been living and breathing Active Directory at a large, global, and dynamic company, namely Cisco Systems, for the past two years.

To date, there has not been much information published on the topic of managing Active Directory. The primary reason is people are still trying to figure out how to do it. Managing an Active Directory infrastructure is not an easy task at any level. Not only do you have to manage the typical Network Operating System (NOS)-based tasks as you did with NT 4, but Active Directory's reach extends to functions like the Domain Name System (DNS), Public Key Infrastructure (PKI), networking topology, and application directory. Typically, different groups within a company control these services, so properly designing Active Directory involves bringing together many groups that may not be familiar with each other.

Because of the integration with so many other technologies, we believe Active Directory will be one of the top two or three most important infrastructures within a company's IT department, next to the company's external Web site and Enterprise Resource Planning (ERP) systems. And because of this integration, we feel Active Directory will be one of the most complex technologies to implement and manage. Not only are there a large number of technical issues related to making Active Directory work, but significant political issues are associated with trying to work with multiple groups that are sometimes geographically and organizationally dispersed.

Intended Audience

This book is intended for Active Directory administrators who are versed in the basic concepts of Active Directory and are managing medium- and large-scale Active Directory infrastructures.

The programmatic aspects of managing Active Directory are explored extensively throughout this book, but you do not need significant programming experience to benefit from the code samples. Many of the samples discussed can be beneficial as is. For those with programming experience, the samples provide a good basis for filling your Active Directory management gaps.

Organization

This book is divided into four parts:

Part I: Active Directory Management Basics

• Chapter 1, "Active Directory Overview," covers the challenges of managing Active Directory along with an introduction to the management philosophy used by the authors to address these challenges.
• Chapter 2, "Active Directory Management," explains the terms, concepts, and methodologies around management of Active Directory.

Part II: Active Directory Management Interfaces

• Chapter 3, "Lightweight Directory Access Protocol (LDAP)," starts with a brief introduction on the history of LDAP and its importance to Active Directory and ends with an overview of LDAP programming.
• Chapter 4, "Active Directory Service Interfaces (ADSI)," explains the purpose of ADSI and provides reasons you might choose it over LDAP for programmatic access to Active Directory. The chapter ends with an overview of ADSI programming.
• Chapter 5, "Windows Management Instrumentation (WMI)," covers the WBEM/CIM initiative and how WMI fits in, details the WMI architecture, and ends with an overview of WMI programming.

Part III: Active Directory Management Components

• Chapter 6, "Windows NT Migration," covers some of the pitfalls of migrating from NT 4.0 to Active Directory and includes information on useful APIs and sample code to aid in the desktop migration process.
• Chapter 7, "Directory Operations," describes strategies for managing domains, domain controllers, and Organizational Units in Active Directory.
• Chapter 8, "Domain Name System (DNS)," briefly touches on the DNS architecture in Active Directory and details what can be done to manage it programmatically.
• Chapter 9, "Site Topology and Replication," covers the design and management of Active Directory replication including how to programmatically inject site topology.
• Chapter 10, "Schema," explains important concepts around managing the schema and contains sample code on programmatically extending the schema.
• Chapter 11, "Accounts (Users, Groups, Computers, and Printers)," details procedures for programmatically managing user, group, computer, and printer objects.
• Chapter 12, "Security," details the more complex elements of security in Active Directory, as well as methods for programmatically managing security.
• Chapter 13, "Group Policy Objects (GPOs)," covers GPO management techniques and the mechanisms required to diagnose and troubleshoot them.

Part IV: Appendixes

• Appendix A, "Active Directory References," is a detailed reference guide for Active Directory that covers the important Active Directory-related books, tools, Web sites, and vendors.
• Appendix B, "Indexed, GC, and ANR Attributes," lists default indexed, global catalog (GC), and ANR attributes along with sample code to extract those attributes programmatically.
• Appendix C, "LDAP Controls," lists supported LDAP controls in Active Directory.
• Appendix D, "Group Policy Settings," lists the available computer and user Group Policy settings.

Additional Resources

The first step in learning a new technology is to find the best resources for information. We do not intend to regurgitate a lot of information that is already available, so we will provide pointers in the Additional Resources section located at the end of each chapter, starting with Chapter 3. The Additional Resources sections will include any applicable books, Web sites, RFCs, or Microsoft documentation that may be useful for obtaining more information on a topic. In Appendix A, "Active Directory References," we provide information on the Active Directory-related books, Web sites, tools, and vendors we found useful while working with Active Directory.

0672321254P04232002

Product Details

• Paperback: 600 pages
• Publisher: Pearson Education; 1st edition (April 25, 2002)
• Language: English
• ISBN-10: 0672321254
• ISBN-13: 978-0672321252
• Product Dimensions: 9.2 x 7.4 x 1.2 inches
• Shipping Weight: 2.2 pounds
• Average Customer Review: 5.0 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #2,599,195 in Books (See Top 100 in Books)
  • #50 in Books > Computers & Technology > Microsoft > Web Publishing

More About the Author

http://rallenhome.com/about.html

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

5.0 out of 5 stars Top Notch, August 22, 2002

By 

Jim McDonald (High Bridge, NJ USA) - See all my reviews

This review is from: Managing Enterprise Active Directory Services (Paperback)

This book does a great job of explaining in-depth some advanced issues of AD. I only recommend this book for experienced admins since it only glosses over introductory topics. Look at this more as a book for advanced architectural issues like DNS and AD Scripting (VB, etc.) though I would say scripting newbies could benefit.

Also, this book is not MCSE 2000 prep material. I would not recommend this book until you already have a firm grasp of most AD concept and you want to go further.

Finally, the authors credentials speak for themselves. I highly recommend this book.

Jim McDonald
MCSE+I, MCSE 2000

5.0 out of 5 stars A must have., February 22, 2011

By 

Daniel Castillo "DaemonRoot" (San Jose, Costa Rica) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Managing Enterprise Active Directory Services (Paperback)

I'm an IT guy, I leave day by day doing Active Directory for different kind of enterprises and of course I do read a lot and this book is by far awesome! If you plan to do serious AD stuff then GET THIS BOOK.
Hope you will enjoy and learn as much as I did.