Managing Enterprise Active Directory Services

0 avg rating
( 0 ratings by Goodreads )
9780672321252: Managing Enterprise Active Directory Services
View all copies of this ISBN edition:

This guide to managing the Windows 2000 Active Directory equips network and systems administrators with management and monitoring philosophies and working scripts and programs to ease Active Directory administration. The book describes common problems and presents the Active Directory management interfaces, then delves into the core components of managing Active Directory, covering DNS, Windows NT migration, site topology and replication, accounts, security, and group policy objects, and provides Visual Basic, VBScript, and Perl code samples. Allen is a systems architect and programmer. Puckett is a senior system administrator. Annotation c. Book News, Inc., Portland, OR (

"synopsis" may belong to another edition of this title.

About the Author:

Robbie Allen is a Systems Architect and Programmer for the Enterprise Management (EMAN) group within Cisco Systems' Information Technology department. Robbie is the lead architect for Cisco's Active Directory design and deployment and was a technical lead for the automation and deployment of Cisco's DNS and DHCP infrastructure. He is the co-author of Managing Enterprise Active Directory Services.

Richard Puckett is a technical lead and developer inside of Cisco System's Enterprise Management (EMAN) group, and is the author of Windows NT: Automated Deployment and Customization (MTP, 1-57870-045-0) and co-author of Managing Enterprise Active Directory Services (AW, 0-672-32125-4). He is the principal developer of Cisco's Active Directory migration utility ("Immigrant"), which successfully migrated over 55,000 systems worldwide into Cisco's production Active Directory. Richard has spoken at conferences such as DECUS and Networld+Interop on a wide range of issues, such as Windows Automation, Security, and Directory Services. He is currently the Messaging and Information Security technical lead within EMAN.


Excerpt. Reprinted by permission. All rights reserved.:

In the fast-paced world of information technology (IT), staying on top of changes in the industry can be difficult, not to mention time consuming and costly. Proper staffing, training, and planning to handle migrations from old to new technologies have caused IT engineers, managers, and end users many headaches over the years. Microsoft has definitely played a part in solidifying the workforce of IT consultants by rapidly evolving its product line. Most products developed by Microsoft have a one- to three-year life expectancy with new versions or updates typically being released every few months. This does not allow a lot of time to get properly acclimated and adjusted both from a staffing and infrastructure perspective before a new version is released. Microsoft is not completely to blame for the speed of product evolution since the industry as a whole often dictates changes by introducing new technologies. A good example of this is the Extensible Markup Language (XML). As XML has gained more industry acceptance over the past few years, it has become almost a requirement for products to use it if they require data interchange between systems.

One of the biggest challenges for architects and implementers of new technologies is finding accurate and adequate information. Without proper information about a technology, implementation can be delayed and potentially done incorrectly. This results in further redeployments and migrations and eventually more frustration for the user base! Because Active Directory touches so many facets of a company's infrastructure, we cannot stress enough that implementing Active Directory right the first time is of utmost importance. Mistakes made now will be felt for years to come.

In 1999 and 2000, informative data on Active Directory was not easy to come by, primarily because Windows 2000, the operating system which Active Directory runs on, had just been released. Authoritative books, magazine articles, white papers, and Web sites were few and far between. A lot of the published information was either inadequate or downright technically wrong. Now, information on Active Directory is much more abundant. In fact, there has been such an explosion of Windows 2000 and Active Directory-related books, magazines and Web sites that it can be difficult to find exactly what you are looking for. It is our hope that this book provides some fresh data, specifically on the management aspects of Active Directory from two people that have been living and breathing Active Directory at a large, global, and dynamic company, namely Cisco Systems, for the past two years.

To date, there has not been much information published on the topic of managing Active Directory. The primary reason is people are still trying to figure out how to do it. Managing an Active Directory infrastructure is not an easy task at any level. Not only do you have to manage the typical Network Operating System (NOS)-based tasks as you did with NT 4, but Active Directory's reach extends to functions like the Domain Name System (DNS), Public Key Infrastructure (PKI), networking topology, and application directory. Typically, different groups within a company control these services, so properly designing Active Directory involves bringing together many groups that may not be familiar with each other.

Because of the integration with so many other technologies, we believe Active Directory will be one of the top two or three most important infrastructures within a company's IT department, next to the company's external Web site and Enterprise Resource Planning (ERP) systems. And because of this integration, we feel Active Directory will be one of the most complex technologies to implement and manage. Not only are there a large number of technical issues related to making Active Directory work, but significant political issues are associated with trying to work with multiple groups that are sometimes geographically and organizationally dispersed.

Intended Audience

This book is intended for Active Directory administrators who are versed in the basic concepts of Active Directory and are managing medium- and large-scale Active Directory infrastructures.

The programmatic aspects of managing Active Directory are explored extensively throughout this book, but you do not need significant programming experience to benefit from the code samples. Many of the samples discussed can be beneficial as is. For those with programming experience, the samples provide a good basis for filling your Active Directory management gaps.


This book is divided into four parts:

Part I: Active Directory Management Basics

  • Chapter 1, "Active Directory Overview," covers the challenges of managing Active Directory along with an introduction to the management philosophy used by the authors to address these challenges.
  • Chapter 2, "Active Directory Management," explains the terms, concepts, and methodologies around management of Active Directory.

Part II: Active Directory Management Interfaces

  • Chapter 3, "Lightweight Directory Access Protocol (LDAP)," starts with a brief introduction on the history of LDAP and its importance to Active Directory and ends with an overview of LDAP programming.
  • Chapter 4, "Active Directory Service Interfaces (ADSI)," explains the purpose of ADSI and provides reasons you might choose it over LDAP for programmatic access to Active Directory. The chapter ends with an overview of ADSI programming.
  • Chapter 5, "Windows Management Instrumentation (WMI)," covers the WBEM/CIM initiative and how WMI fits in, details the WMI architecture, and ends with an overview of WMI programming.

Part III: Active Directory Management Components

  • Chapter 6, "Windows NT Migration," covers some of the pitfalls of migrating from NT 4.0 to Active Directory and includes information on useful APIs and sample code to aid in the desktop migration process.
  • Chapter 7, "Directory Operations," describes strategies for managing domains, domain controllers, and Organizational Units in Active Directory.
  • Chapter 8, "Domain Name System (DNS)," briefly touches on the DNS architecture in Active Directory and details what can be done to manage it programmatically.
  • Chapter 9, "Site Topology and Replication," covers the design and management of Active Directory replication including how to programmatically inject site topology.
  • Chapter 10, "Schema," explains important concepts around managing the schema and contains sample code on programmatically extending the schema.
  • Chapter 11, "Accounts (Users, Groups, Computers, and Printers)," details procedures for programmatically managing user, group, computer, and printer objects.
  • Chapter 12, "Security," details the more complex elements of security in Active Directory, as well as methods for programmatically managing security.
  • Chapter 13, "Group Policy Objects (GPOs)," covers GPO management techniques and the mechanisms required to diagnose and troubleshoot them.

Part IV: Appendixes

  • Appendix A, "Active Directory References," is a detailed reference guide for Active Directory that covers the important Active Directory-related books, tools, Web sites, and vendors.
  • Appendix B, "Indexed, GC, and ANR Attributes," lists default indexed, global catalog (GC), and ANR attributes along with sample code to extract those attributes programmatically.
  • Appendix C, "LDAP Controls," lists supported LDAP controls in Active Directory.
  • Appendix D, "Group Policy Settings," lists the available computer and user Group Policy settings.

Additional Resources

The first step in learning a new technology is to find the best resources for information. We do not intend to regurgitate a lot of information that is already available, so we will provide pointers in the Additional Resources section located at the end of each chapter, starting with Chapter 3. The Additional Resources sections will include any applicable books, Web sites, RFCs, or Microsoft documentation that may be useful for obtaining more information on a topic. In Appendix A, "Active Directory References," we provide information on the Active Directory-related books, Web sites, tools, and vendors we found useful while working with Active Directory.


"About this title" may belong to another edition of this title.

Buy New View Book
List Price: US$ 49.99
US$ 30.76

Convert Currency

Shipping: US$ 4.99
Within U.S.A.

Destination, Rates & Speeds

Add to Basket

Top Search Results from the AbeBooks Marketplace


Robbie Allen, Richard Puckett
Published by Pearson Education (2002)
ISBN 10: 0672321254 ISBN 13: 9780672321252
New Paperback Quantity Available: 1

Book Description Pearson Education, 2002. Paperback. Condition: New. Seller Inventory # DADAX0672321254

More information about this seller | Contact this seller

Buy New
US$ 30.76
Convert Currency

Add to Basket

Shipping: US$ 4.99
Within U.S.A.
Destination, Rates & Speeds