Active Directory Cookbook, 3rd Edition

所需积分/C币:9 2014-05-18 13:55:02 9.1MB PDF
6
收藏 收藏
举报

Active Directory Cookbook, 3rd Edition。AD指导
THIRD EDITION Active Directory Cookbook Laura e. hunter and robbie allen ○ REILLY° Beijing· Cambridge· Farnham·Koln· Sebastopol· apel· Tokyo Active Directory Cookbook Third Edition by laura E. hunter and robbie allen Copyright@ 2009 O'Reilly Media. All rights reserved Printed in the United States of america Published by O Reilly Media, Inc, 1005 Gravenstein Highway North, Sebastopol, CA 95472 O Reilly books may be purchased for educational, business, or sales promotional use Online editions arealsoavailableformosttitles(http:/safari.oreillycom).Formoreinformationcontactourcorporate institutionalsalesdepartment:(800)998-9938orcorporate@oreilly.com Editors: John Osborn and Laurel RTRuma Indexer: Ellen Troutman Zaig Production editor: Loranah dimant Cover Designer: Karen Montgomery Copyeditor: Colleen Gorman Interior Designer: David Futato Proofreader: Sada Preisch llustrator: Jessamyn Read Printing History: September 2003: First Edition June 2006 Second edition December 2008: Third edition Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly Media, Inc. Active Directory Cookbook, the image of a bluefin tuna, and related trade dress are trademarks of O'Reilly Media, Inc Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O'Reilly Media, Inc, was aware of a trademark claim, the designations have been printed in caps or initial caps While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein ISBN:978-0-596-52110-3 1229006171 Table of contents Preface 1. Getting Started 1.1 Approach to the Book 1. 2 Where to Find the tools 1.3 Getting Familiar with LDIF 1.4 Programming Notes 5 Replaceable te 10 1.6 Where to Find more Information 2. Forests Domains, and trusts........................15 2.1 Creating a forest 2.2 Removing a forest 22 2.3 Creating a domain 24 2. 4 Removing a domain 25 2.5 Removing an Orphaned Domain 27 2.6 Finding the Domains in a Forest 28 2.7 Finding the NetbiOS Name of a domain 2.8 Renaming a domain 32 2.9 Raising the Domain Mode to Windows 2000 Native Mode 2.10 Viewing and Raising the Functional Level of a windows Server 2003 or 2008 Domain 36 2.11 Raising the Functional level of a Windows Server 2003 or 2008 Forest 39 2.12 Using AdPrep to Prepare a domain or Forest for Windows Server 2003or2008 2. 13 Determining Whether AdPrep Has Completed 44 2. 14 Checking If a Windows Domain Controller Can Be Upgraded to Windows server 2003 or 2008 2. 15 Creating an External Trust 2.16 Creating a Transitive Trust Between Two AD Forests 50 2. 17 Creating a Shortcut Trust Between Two AD Domains 52 2.18 Creating a Trust to a Kerberos realm 2.19 Viewing the Trusts for a domain 55 2.20 Verifying a Trust 58 2.21 Resetting a Trust 2.22 Removing a trust 62 2.23 Enabling SID Filtering for a Trust 64 2.24 Enabling Quarantine for a Trust 66 2.25 Managing Selective Authentication for a Trust 2.26 Finding Duplicate SIDs in a Domain 2.27 Adding Additional Fields to Active Directory Users and Computers 70 3. Domain Controllers, Global Catalogs, and FSmOs 3. 1 Promoting a Domain Controller 3.2 Promoting a Read-Only Domain Controller 3.3 Performing a Two-Stage RODC Installation 78 3.4 Modifying the Password Replication Policy 3.5 Promoting a Windows server 2003 Domain Controller from Media 82 3.6 Promoting a Windows Server 2008 Domain Controller from media 84 3.7 Demoting a Domain Controller 3.8 Automating the Promotion or Demotion of a domain Controller 87 3.9 Troubleshooting domain Controller Promotion or demotion PI roblems 88 .10 Verifying the Promotion of a Domain Controller 9 3. 11 Removing an Unsuccessfully demoted domain Controller 90 3.12 Renaming a Domain Controller 3. 13 Finding the Domain Controllers for a Domain 3. 14 Finding the Closest Domain Controller 96 3.15 Finding a Domain Controllers Site 98 3.16 Moving a Domain Controller to a Different Site 101 3. 17 Finding the services a domain Controller Is advertising 104 3. 18 Restoring a Deleted Domain Controller 105 3. 19 Resetting the TCP/IP Stack on a Domain Controller 106 3.20 Configuring a Domain Controller to Use an External Time source 107 3.21 Finding the Number of Logon Attempts Made Ag gainst a Domain controller 110 3.22 Enabling the /3GB Switch to Increase the LSASS Cache 110 3.23 Cleaning Up Distributed Link Tracking Objects 112 3.24 Enabling and Disabling the global catalog 113 3.25 Determining Whether Global Catalog Promotion Is Complete 115 3.26 Finding the Global Catalog Servers in a Forest 117 3.27 Finding the Domain Controllers or Global Catalog Servers in a Site 119 iv Table of Contents 3.28 Finding Domain Controllers and Global Catalogs via DNS 121 3.29 Changing the Preference for a Domain Controller 122 3.30 Disabling the Global Catalog Requirement During a Domain login 124 3.31 Disabling the Global Catalog requirement for Windows Server 2003 or Windows Server 2008 125 3.32 Finding the FSMO Role Holders 126 3.33 Transferring a FSMO Role 129 3.34 Seizing a FSMO Role 131 3.35 Finding the pdc emulator fSmo role owner via Dns 132 3.36 Finding the pdc emulator fsmo role owner via WINs 133 4. Searching and Manipulating objects............ 135 4.1 Viewing the RootDSe 136 4.2 Viewing the Attributes of an Object 140 4.3 Counting Objects in Active Directe 145 4.4 Using LDaP Controls 147 4.5 Using a Fast or Concurrent Bind 150 4.6 Connecting to an Object GUID 152 4.7 Connecting to a Well-Known GUID 153 4.8 Searching for Objects in a Domain 155 4.9 Searching the Global Catalog 158 4.10 Searching for a Large Number of objects 161 4.11 Searching with an Attribute-Scoped Query 164 4.12 Searching with a Bitwise Filter 166 4.13 Creating an Obiect 170 4.14 Modifying an Object 173 4.15 Modifying a bit Flag attribute 177 4.16 Dynamically Linking an auxiliary Class 180 4.17 Creating a Dynamic Object 182 4.18 Refreshing a Dynamic Object 184 4.19 Modifying the Default TtL Settings for Dynamic Objects 186 4.20 Moving an Object to a Different OU or Container 188 4.21 Moving an Object to a different domain 191 4.22 Referencing an External domain 193 4.23 Renaming an object 195 4.24 Deleting an Object 197 4.25 Deleting a Container That Has Child Objects 200 4.26 Viewing the Created and last Modified Timestamp of an Object 202 4.27 Modifying the Default ldaP Query policy 203 4.28 Exporting Objects to an LDIF File 206 4.29 Importing Objects Using an LDIF File 207 4.30 Exporting Objects to a CSV File 208 Table of Contents v 4.31 Importing Objects Using a CSV file 209 5. Organizational Units......................... 211 5.1 Creating an ou 212 5.2 Enumerating the oUs in a domain 214 5.3 Finding an OU 216 5.4 Enumerating the Objects in an OU 218 5.5 Deleting the Objects in an OU 221 5.6 Deleting an OU 222 5.7 Moving the objects in an ou to a Different OU 223 5.8 Moving an ou 226 5.9 Renaming an Ou 227 5.10 Modifying an OU 229 5. 11 Determining Approximately How Many Child objects an ou has 231 5. 12 Delegating Control of an OU 233 5. 13 Assigning or Removing a Manager for an OU 234 5. 14 Linking a gPo to an OU 235 5.15 Protecting an OU Against Accidental Deletion 238 6. Users ·。···· ,,,,,,,241 6. 1 Modifying the Default Display Name Used When Creating Users in adu 244 6.2 Creating a User 245 6.3 Creating a Large Number of Users 248 6. 4 Creating an inetorgPerson user 250 6.5 Converting a user Object to an inetOrgPerson Object (or Vice versa) 253 6.6 Modifying an Attribute for Several Users at Once 255 6.7 Deleting a User 256 6.8 Setting a user's Profile Attributes 258 6. 9 Moving a User 260 6.10 Redirecting Users to an Alternative OU 261 6.11 Renaming a user 263 6. 12 Copying a User 265 6. 13 Finding Locked-Out Users 267 6. 14 Unlocking a User 268 6.15 Troubleshooting Account Lockout Problems 270 6.16 Viewing the Domain-Wide account Lockout and Password Policies 271 6. 17 Applying a Fine-Grained Password Policy to a User Object 275 6. 18 Viewing the Fine-Grained Password Policy That Is in Effect for a User account 276 6. 19 Enabling and Disabling a User 278 I Table of Contents 6.20 Finding Disabled Users 279 6.21 Viewing a User's Group Membership 281 6.22 Removing All Group Memberships from a User 284 6.23 Changing a User's Primary group 285 6.24 Copying a User's Group Membership to another User 287 6.25 Setting a User's Password 290 6.26 Preventing a User from Changing a Password 291 6.27 Requiring a User to Change a Password at Next Logon 293 6.28 Preventing a User's Password from Expiring 294 6.29 Finding Users Whose Passwords Are About to Expire 296 6.30 Viewing the RODCs That Have Cached a User's Password 297 6.31 Setting a User's Account Options(userAccount Control 299 6.32 Setting a users account to expire 302 6.33 Determining a User's Last Logon Time 303 6.34 Finding Users Who Have Not Logged On Recentl 306 6.35 Viewing and Modifying a User's Permitted Logon Hours 307 6.36 Viewing a User's Managed Objects 309 6.37 Creating a UPN Suffix for a Forest 311 6.38 Restoring a Deleted User 312 6.39 Protecting a User Against Accidental deletion 313 7. Groups................ 315 7.1 Creating a Group 316 7.2 Viewing the Permissions of a Group 319 7.3 Viewing the Direct Members of a group 322 7.4 Viewing the Nested Members of a group 324 7.5 Adding and Removing Members of a Group 326 7.6 Moving a Group Within a Domain 328 7.7 Moving a Group to Another domain 330 7. 8 Changing the Scope or Type of a group 332 7.9 Modifying Group Attributes 334 7.10 Creating a Dynamic Group 337 7. 11 Delegating Control for Managing Membership of a group 339 7.12 Resolving a Primary Group ID 342 7. 13 Enabling Universal Group membership Caching 344 7.14 Restoring a Deleted Group 347 7. 15 Protecting a group against Accidental Deletion 348 7. 16 Applying a Fine-Grained Password Policy to a group object 349 8.〔 omputer Objects∴ 351 8. 1 The anatomy of a computer object 351 8.2 Creating a Computer 352 8.3 Creating a Computer for a Specific User or Group 354 Table of contents|ⅶi 8.4 Deleting a computer 360 8.5 Joining a Computer to a domain 361 8.6 Moving a Computer Within the Same domain 364 8.7 Moving a computer to a new domain 365 8.8 Renaming a computer 367 8.9 Adding or Removing a Computer Account from a group 370 8.10 Testing the Secure Channel for a Computer 71 8.11 Resetting a computer account 372 8.12 Finding Inactive or Unused Computers 374 8.13 Changing the Maximum Number of Computers a User Can Join to the domain 375 8.14 Modifying the attributes of a computer Object 377 8. 15 Finding Computers with a Particular OS 379 8.16 Binding to the Default Container for Computers 382 8. 17 Changing the Default Container for Computers 385 8.18 Listing All the Computer Accounts in a Domain 387 8. 19 Identifying a Computer role 388 8.20 Protecting a Computer Against Accidental Deletion 390 8.21 Viewing the rod Cs that Have Cached a Computer's Password 391 9. Group Policy Objects................... 9. 1 Finding the gPos in a domain 396 9.2 Creating a GPO 397 9.3 Copying a gPo 399 9.4D a gPO 402 9.5 Viewing the Settings of a gPo 403 9.6 Modifying the Settings of a GPO 406 9.7 Importing Settings into a GPO 407 9.8 Creating a Migration Table 410 9.9 Creating Custom Group Policy Settings 412 9.10 Assigning Logon/Logoff and Startup /Shutdown Scripts in a GPo 415 9.11 Installing Applications with a GPO 416 9.12 Disabling the User or Computer Settings in a GPO 417 9. 13 Listing the Links for a gPo 419 9. 14 Creating a GPO Link to an OU 422 9.15 Blocking Inheritance of GPOs on an OU 424 9.16 Enforcing the Settings of a GPo Link 426 9. 17 Applying a Security Filter to a gPo 428 9. 18 Delegating Administration of GPOs 431 9 19 Importing a security template 433 9.20 Creating a WMI Filter 434 9.21 Applying a WMI Filter to a GPO 436 9.22 Configuring loopback Processing for a gPO 438 ⅶ ii Table of Contents

...展开详情
试读 127P Active Directory Cookbook, 3rd Edition
立即下载 低至0.43元/次 身份认证VIP会员低至7折
一个资源只可评论一次,评论内容不能少于5个字
您会向同学/朋友/同事推荐我们的CSDN下载吗?
谢谢参与!您的真实评价是我们改进的动力~
关注 私信
上传资源赚钱or赚积分
最新推荐
Active Directory Cookbook, 3rd Edition 9积分/C币 立即下载
1/127
Active Directory Cookbook, 3rd Edition第1页
Active Directory Cookbook, 3rd Edition第2页
Active Directory Cookbook, 3rd Edition第3页
Active Directory Cookbook, 3rd Edition第4页
Active Directory Cookbook, 3rd Edition第5页
Active Directory Cookbook, 3rd Edition第6页
Active Directory Cookbook, 3rd Edition第7页
Active Directory Cookbook, 3rd Edition第8页
Active Directory Cookbook, 3rd Edition第9页
Active Directory Cookbook, 3rd Edition第10页
Active Directory Cookbook, 3rd Edition第11页
Active Directory Cookbook, 3rd Edition第12页
Active Directory Cookbook, 3rd Edition第13页
Active Directory Cookbook, 3rd Edition第14页
Active Directory Cookbook, 3rd Edition第15页
Active Directory Cookbook, 3rd Edition第16页
Active Directory Cookbook, 3rd Edition第17页
Active Directory Cookbook, 3rd Edition第18页
Active Directory Cookbook, 3rd Edition第19页
Active Directory Cookbook, 3rd Edition第20页

试读结束, 可继续阅读

9积分/C币 立即下载