Index

A note on the digital index

A link in an index entry is displayed as the section title in which that entry appears. Because some sections have multiple index markers, it is not unusual for an entry to have several links to the same section. Clicking on any link will take you directly to the place in the text in which the marker appears.

Symbols

! (Not (negation) sign), as LDAP filter operator, Filter Operators
& (AND) operators, as LDAP Boolean operator, Connecting Filter ComponentsConnecting Filter Components
* (asterisk), as LDAP filter wild card operator, Filter Operators
<= (Less than or equal to sign), as LDAP filter operator, Filter Operators
= (equal sign)
as LDAP filter operator, Filter Operators
used by DNs, Distinguished names
>= (Greater than or equal to), as LDAP filter operator, Filter Operators
| (OR) operators, as LDAP Boolean operator, Connecting Filter ComponentsConnecting Filter Components

A

A (Address Record) type, Zones, Resource Records Used by Active Directory
acceptance transform rules, The Pipeline
ACEs (access control entries)
about, Permission Basics
contents of properties, Permission ACEs
in AD LDS, Service Account
permission, Permission ACEsPermission ACEs
ACLs (access control lists), Security descriptor table, Use simple queries in WMI filters, Property Sets, Validated Writes, and Extended Rights, Configuring Active Directory for DACConfiguring claim types, Compound expressions with groups
activation information, publishing, Active Directory-Based Machine Activation
Active Directory (AD)
about, A Brief Introduction
vs. AD LDS, Differences Between AD and AD LDSNew and Updated Tools
based machine activation, Active Directory-Based Machine Activation
data stored within, How Objects Are Stored and IdentifiedHow Objects Are Stored and Identified
Active Directory Administrative Center (ADAC)
about, Management ToolsExtensibility
creating Password Settings Objects, Creating a PSO with the Active Directory Administrative CenterCreating a PSO with the Active Directory Administrative Center
Dynamic Access Control node in, Configuring Active Directory for DAC
managing Password Settings Objects, Understanding Password Settings Objects, Managing Password Settings Objects, Managing PSO ApplicationApplying a PSO with ADAC
undeleting objects using, Undeleting Objects
viewing Password Settings Objects, Viewing the effective PSOViewing the effective PSO
Active Directory Administrative Snap-Ins, customizing, Customizing the Active Directory Administrative Snap-insActive Directory PowerShell Module
Active Directory design
about, Designing the Active Directory StructureDesigning the Active Directory Structure
about design process, Overview of the Design ProcessDomain Namespace Design
domain namespace design, Domain Namespace DesignArrange the subdomain hierarchy
examples of, Design ExamplesStep 5: Plan for users and groups
internal domain structure design, Arrange the subdomain hierarchyNaming and placing groups
setting up test environment, Overview of the Design Process
Active Directory Domain Services
Configuration Wizard, Deploying with Server ManagerDeploying with Server Manager
installing server role, Automating the DC Build Process
Active Directory Domains
functional levels set via, Domain and Forest Functional Levels
Trusts and, Functional LevelsRaising the Functional Level
Active Directory Federation Services (ADFS)
about, Active Directory Federation ServicesHow It Works
claim descriptions
creating, Creating and Sending Claims Through the Pipeline, Creating and Sending Claims Through the Pipeline
claims pipeline and claims rules
about, Relying Party Trusts
pipeline, The PipelineThe Pipeline
sending rules through pipeline, Creating and Sending Claims Through the PipelineCreating and Sending Claims Through the Pipeline
components of, WS-FederationGeographically redundant ADFS servers
configuration wizard, Configuring ADFSConfiguring ADFS
customizing
attribute stores, Forms-Based Logon Pages
forms-based logon pages, Forms-Based Logon PagesForms-Based Logon Pages
deploying, Geographically redundant ADFS serversFederation Server Proxies
relying party
about, Active Directory Federation ServicesIntroduction to Federated Identity
trusts, Federation Server ProxiesRelying Party Trusts
SAML, How It Works, SAML, The Configuration Database
topologies, Federation Server ProxiesGeographically redundant ADFS servers
troubleshooting
about, Troubleshooting ADFS
event-logs, Event LogsEvent Logs
using Fiddler, FiddlerSummary
WID instance, The Configuration Database, Configuring ADFS
workings of, How It WorksHow It Works
WS-Federation, How It Works, WS-Federation
Active Directory Lightweight Directory Service (AD LDS)
about, Application Partitions, Active Directory Lightweight Directory ServicesCommon Uses for AD LDS
ACEs in, Service Account
ADAM Install, Tools
ADAM Sync, New and Updated Tools, ADAM Sync
ADAM Uninstall, ADAM Sync
application partitions, Common Uses for AD LDS, Top-Level Application Partition Object Classes, Creating Application PartitionsCreating Application Partitions, Deleting Application PartitionsDeleting Application Partitions
authentication in, User Principal NamesAuthentication
bindable object, Common Uses for AD LDS
bindable proxy object, Common Uses for AD LDS
configuration set, Common Uses for AD LDS
controlling access to objects and attributes, Controlling Access to Objects and AttributesControlling Access to Objects and Attributes
creating containers, Creating Application PartitionsCreating Containers
creating user and userProxy objects in configuration partition, User Principal NamesAuthentication
deleting objects, Deleting Objects
downloading, Common Uses for AD LDS
DSAMAIN. EXE process, Differences Between AD and AD LDS
FSMO in, Group and User ScopeFSMOs
installing
instance of, AD LDS InstallationInstalling a New AD LDS Instance
replica, Installing a New AD LDS InstanceInstalling an AD LDS Replica
server role, AD LDS InstallationInstalling a New AD LDS Instance
instance, Common Uses for AD LDS
LDAP in, Differences Between AD and AD LDS, No SRV Records
managing groups, Creating GroupsRemoving Members from Groups
managing users, Creating UsersCreating Groups
partition/naming context, Common Uses for AD LDS
Recycle Bin, Enabling the Recycle Bin
replica, Common Uses for AD LDS
schema, SchemaSchema, repadminBindable Objects and Bindable Proxy Objects
schema partition, Common Uses for AD LDS, Service Account, Service Account
service account, Service Account
tools, Toolsrepadmin
AD Schema Analyzer, ADAM Sync
AD Schema MMC snap-in, ADAM Sync
ADAM Install, Tools
ADAM Sync, ADAM Sync
ADAM Uninstall, ADAM Sync
ADSI Edit, ADSI Edit
DSDBUTIL, ADSI Edit
dsmgmt, dsdbutildsmgmt
LDIFDE, dsmgmt
LDP, dsmgmt
repadmin, repadmin
UPNs in, Schema
vs. Active Directory, Differences Between AD and AD LDSNew and Updated Tools
Active Directory Migration Tool (ADMT), Uniquely Identifying Objects
Active Directory PowerShell module, Active Directory PowerShell Module
Active Directory Recycle Bin, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles, Preserving attributes in a tombstone, Backing Up Active Directory, Working with SnapshotsUsing PowerShell, Enabling the Recycle Bin
Active Directory Schema MMC snap-in
enabling, Structure of the Schema
viewing attributes to classes using, Viewing the user class with the Active Directory Schema snap-in
viewing contents of Schema container using, Structure of the Schema
Active Directory Schema snap-in, The Global Catalog
Active Directory Sites snap-in
creating site links in, Managing site links
list of subnets, Managing sites
managing replication topology using, Site and Replication Management Tools
using in AD LDS, New and Updated Tools
Active Directory Users and Computers (ADUC)
about, Active Directory Users and ComputersADSI Edit
managing Password Settings Objects, Applying a PSO with ADUC
viewing all options of, Advanced Features
Active Directory viewers'', viewing contents of Schema container using, Structure of the Schema
AD (Active Directory)
about, A Brief Introduction
based machine activation, Active Directory-Based Machine Activation
data stored within, How Objects Are Stored and IdentifiedHow Objects Are Stored and Identified
vs. AD LDS, Differences Between AD and AD LDSNew and Updated Tools
AD Domain Services
Configuration Wizard, Deploying with Server ManagerDeploying with Server Manager
installing server role, Automating the DC Build Process
AD DS Backup and Recovery Step-by-Step Guide, Using Windows Server Backup
AD LDS (Active Directory Lightweight Directory Service)
about, Application Partitions, Active Directory Lightweight Directory ServicesCommon Uses for AD LDS
ACEs in, Service Account
vs. Active Directory, Differences Between AD and AD LDSNew and Updated Tools
application partitions, Common Uses for AD LDS, Top-Level Application Partition Object Classes, Creating Application PartitionsCreating Application Partitions, Deleting Application PartitionsDeleting Application Partitions
authentication in, User Principal NamesAuthentication
bindable object, Common Uses for AD LDS
bindable proxy object, Common Uses for AD LDS
configuration set, Common Uses for AD LDS
controlling access to objects and attributes, Controlling Access to Objects and AttributesControlling Access to Objects and Attributes
creating containers, Creating Application PartitionsCreating Containers
creating user and userProxy objects in configuration partition, User Principal NamesAuthentication
default security in, Service Account
deleting objects, Deleting Objects
downloading, Common Uses for AD LDS
DSAMAIN. EXE process, Differences Between AD and AD LDS
FSMO in, Group and User ScopeFSMOs
installing
instance installation LDIF files, Installing a New AD LDS Instance
replica, Installing a New AD LDS InstanceInstalling an AD LDS Replica
server role, AD LDS InstallationInstalling a New AD LDS Instance
instance, Common Uses for AD LDS
LDAP in, No Global Catalog
managing groups, Creating GroupsRemoving Members from Groups
managing users, Creating UsersCreating Groups
partition/naming context, Common Uses for AD LDS
Recycle Bin, Enabling the Recycle Bin
replica, Common Uses for AD LDS
schema, SchemaSchema, repadminBindable Objects and Bindable Proxy Objects
schema partition, Common Uses for AD LDS
service account, Service Account
tools, Toolsrepadmin
AD Schema Analyzer, ADAM Sync
AD Schema MMC snap-in, ADAM Sync
ADAM Install, Tools
ADAM Sync, ADAM Sync
ADAM Uninstall, ADAM Sync
ADSI Edit, ADSI Edit
DSDBUTIL, ADSI Edit
dsmgmt, dsdbutildsmgmt
LDIFDE, dsmgmt
LDP, dsmgmt
repadmin, repadmin
UPNs in, Schema
AD LDS (Active Directory Lightweight Directory)
ADAM Install, Tools
ADAM Sync, New and Updated Tools, ADAM Sync
ADAM Uninstall, ADAM Sync
AD Recycle Bin, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles, Preserving attributes in a tombstone, Backing Up Active Directory, Working with SnapshotsUsing PowerShell, Enabling the Recycle Bin
AD Schema Analyzer, for AD LDS, ADAM Sync
AD Schema MMC snap-in, for AD LDS, ADAM Sync
AD Sites snap-in
creating site links in, Managing site links
list of subnets, Managing sites
managing replication topology using, Site and Replication Management Tools
using in AD LDS, New and Updated Tools
ADAC (Active Directory Administrative Center)
about, Management ToolsExtensibility
creating Password Settings Objects, Creating a PSO with the Active Directory Administrative CenterCreating a PSO with the Active Directory Administrative Center
Dynamic Access Control node in, Configuring Active Directory for DAC
managing Password Settings Objects, Understanding Password Settings Objects, Managing Password Settings Objects, Managing PSO ApplicationApplying a PSO with ADAC
undeleting objects using, Undeleting Objects
viewing Password Settings Objects, Viewing the effective PSOViewing the effective PSO
Add-ADDSReadOnlyDomainController Account, Prestaging RODC domain controller accounts
Add-KdsRootKey, Preparing for Group Managed Service Accounts
AdFind tool
about, Searching the Database
accessing stats control using, Using the stats control
ADFS (Active Directory Federation Services)
about, Active Directory Federation ServicesHow It Works
claim descriptions
creating, Creating and Sending Claims Through the Pipeline
claims pipeline and claims rules
about, Relying Party Trusts
pipeline, The PipelineThe Pipeline
sending rules through pipeline, Creating and Sending Claims Through the PipelineCreating and Sending Claims Through the Pipeline
components of, WS-FederationGeographically redundant ADFS servers
configuration wizard, Configuring ADFSConfiguring ADFS
customizing
attribute stores, Forms-Based Logon Pages
forms-based logon pages, Forms-Based Logon PagesForms-Based Logon Pages
relying party
about, Active Directory Federation ServicesIntroduction to Federated Identity
trusts, Federation Server ProxiesRelying Party Trusts
SAML, How It Works, How It Works, SAML, The Configuration Database
topologies, Federation Server ProxiesGeographically redundant ADFS servers
troubleshooting
about, Troubleshooting ADFS
event-logs, Event LogsEvent Logs
using Fiddler, FiddlerSummary
WID instance, The Configuration Database, Configuring ADFS
workings of, How It WorksHow It Works
WS-Federation, How It Works, WS-Federation
ADK (Automated Deployment Kit), downloading, Active Directory-Based Machine Activation
adminContextMenu attribute, Context Menus
Administrative Templates (ADMs), ADM or ADMX files, ADM or ADMX files
administrators
correctly applying GPOs, Designing the delegation of GPO administration
creating user accounts, Naming and placing users
looking after structure of organizational unit, Delegating full administration
responsibilities of AD, Nominating Responsible People in Your Organization
role separation of, Administrator Role SeparationAdministrator Role Separation
taking over permissions scheme, How to Plan PermissionsBringing Order out of Chaos
adminPropertyPages attribute, Property Pages
AdminSDHolder process, The AdminSDHolder ProcessThe AdminSDHolder Process, The AdminSDHolder Process
ADMs (Administrative Templates), ADM or ADMX files, ADM or ADMX files
ADMT (Active Directory Migration Tool), Uniquely Identifying Objects
ADMX files
converting custom ADM files to, ADM or ADMX files
creating central store, ADM or ADMX filesADM or ADMX files
ADMX Migrator, converting custom ADM files to, ADM or ADMX files
Adprep utility, Beginning the UpgradeBeginning the Upgrade
ADSchemaAnalyzer, New and Updated Tools
ADSI Edit
about, ADSI EditADSI Edit
coupling context menu scripts and programs with, Context Menus
for AD LDS, ADSI Edit
managing Password Settings Objects, Applying a PSO with ADAC
viewing contents of Schema container using, Structure of the Schema
ADUC (Active Directory Users and Computers)
about, Active Directory Users and ComputersADSI Edit
managing Password Settings Objects, Applying a PSO with ADUC
viewing all options of, Advanced Features
Advanced Group Policy Management (AGPM), The importance of change-control procedures
Advanced Security Settings window, Using the GUI to Examine Permissions
AEs (auditing entries), Using the GUI to Examine Auditing
aging and scavenging, on DNS server, Aging and ScavengingEnabling scavenging on the DNS server
AGPM (Advanced Group Policy Management), The importance of change-control procedures
AIA (Authority Information Access), Service configuration
Allowed RODC Password Replication Group, Password Replication Policies
AllowSSBToAnyVolume, Using Windows Server Backup
AMA (Authentication Mechanism Assurance), Authentication Mechanism Assurance
ambiguous name resolution (ANR), Ambiguous name resolution
AND (&) operators, as LDAP Boolean operator, Connecting Filter ComponentsConnecting Filter Components
answer files, Automating the DC Build Process
application partitions
about, Application PartitionsStoring Dynamic Data
creating, Application Partitions
in AD LDS, Top-Level Application Partition Object Classes, Creating Application PartitionsCreating Application Partitions, Deleting Application PartitionsDeleting Application Partitions
using for DNS, Using Application Partitions for DNSUsing Application Partitions for DNS
asterisk (*), as LDAP filter wild card operator, Filter Operators
attribute change auditing, ConfidentialityAttribute change auditing
Attribute Editor tab, of ADUC, Advanced Features
attribute indexing, Indexed attributesIndexed attributes
attribute names, changing, Icons
attributes
attributeSecurityGUID, Property Sets and attributeSecurityGUID
available in GC for Partial Attribute Set, The Global CatalogFlexible Single Master Operator (FSMO) Roles
change auditing, Confidentiality
changing display names of, Icons
confidential attribute flag, ConfidentialityConfidentiality
defining MAPI ID, MAPI IDs
filtered attribute set, The filtered attribute set
linked attributes, Linked AttributesLinked Attributes
pertaining to naming contexts, Naming Contexts and Application Partitions
preserving in tombstone, Preserving attributes in a tombstone
property sets, Property Sets and attributeSecurityGUID
rules of constructed, Constructed attributes
schemaFlagsEx attribute, schemaFlagsEx
searchFlags attribute, searchFlagsThe filtered attribute set
syntax of, Attribute SyntaxAttribute Syntax
systemFlags attribute, systemFlagsCategory 1 objects
attributeSchema (Attribute-Schema) objects, The Global Catalog, Structure of the Schema, Attributes (attributeSchema Objects), Property Sets and attributeSecurityGUID, Implementing Auditing
attributeSecurityGUID, Property Sets and attributeSecurityGUID
audit directory service access, Confidentiality
auditing
about, Active Directory Security: Permissions and Auditing
designing schemes, Bringing Order out of ChaosDesigning Auditing Schemes
examining, Using the GUI to Examine Auditing
implementing, Designing Auditing SchemesImplementing Auditing
tracking last interactive logon information, Implementing AuditingTracking Last Interactive Logon Information
using DAC for, Auditing
auditing entries (AEs), Using the GUI to Examine Auditing
authentication
in AD LDS, User Principal NamesAuthentication
Kerberos
about, Kerberos
application access, Application Access
delegation, DelegationDelegation
protocol transition, Delegation
service access, User LogonLogon and Service Access Summary
user logon, User LogonUser Logon
managed service accounts, Authentication Mechanism Assurance
Authentication Mechanism Assurance (AMA), Authentication Mechanism Assurance
Authority Information Access (AIA), Service configuration
Automated Deployment Kit (ADK), downloading, Active Directory-Based Machine Activation
automatic site coverage, Resource Records Used by Active Directory
auxiliary classes, dynamically assigning to objects, Dynamically Linked Auxiliary ClassesSummary

B

background zone loading of DNS zones, Background Zone Loading
backups
Active Directory, Backing Up Active DirectoryUsing the NT Backup Utility
allowing system-state backups, Using Windows Server Backup
of GPOs, Group Policy Backup and RestoreGroup Policy Backup and Restore
restoring
DC from backups, Manually removing a domain controller from Active DirectoryRestore from Backup
from NT Backup utility backup, Restoring with NT BackupRestoring with Windows Server Backup
from Windows Server backup, Restoring with Windows Server Backup
using NT Backup utility, Using the NT Backup Utility
using Windows Server Backup, Using Windows Server BackupUsing Windows Server Backup
badPwdCount attribute, Last-logon statistics
badPwdTime attribute, Last-logon statistics
Best Practices Analyzer (BPA), Best Practices AnalyzerBest Practices Analyzer, Group Policy Logging in Windows Vista/Windows Server 2008 and Newer
branch offices, Read-Only Domain Controllers
Bridge all site links
enabled, Read-Only Domain Controllers
option, Site Link Bridges, TransportSite Link Bridges: The Second Building Blocks of Intersite Topologies

C

CA (Certification Authority), Enterprise, Transport
cached passwords, managing with repadmin, Populating the password cache
central access policies, configuring Active Directory for DAC and, Configuring claim typesConfiguring central access policies
Certificate Signing Request (CSR), Certificates
certificates, Lookup process
Certification Authority (CA), Enterprise, Transport
chain matching rule, The In-Chain Matching Rule
chaining table, The W32Time ServiceThe W32Time Service
ChainMaxEntries, The W32Time Service
change control, in managing Group Policy, The importance of change-control procedures
claim descriptions, creating, Creating and Sending Claims Through the Pipeline
claim types in Active Directory, Configuring Active Directory for DAC
claims pipeline and claims rules
about, Relying Party Trusts
pipeline, The PipelineThe Pipeline
sending rules through pipeline, Creating and Sending Claims Through the PipelineCreating and Sending Claims Through the Pipeline
class names, changing, Icons
classDisplayName property, Icons
classSchema (Class-Schema) objects
about, Structure of the Schema
dissecting Active Directory class, Dissecting an Example Active Directory ClassViewing the user class with the Active Directory Schema snap-in
dynamically linked auxiliary classes, Dynamically Linked Auxiliary ClassesSummary
in AD LDS, repadmin, Bindable Objects and Bindable Proxy Objects
listing of, Classes (classSchema Objects)
objectClassCategory and inheritance, Classes (classSchema Objects)Object Class Category and Inheritance
client logon process, in RODC deployment, The Client Logon ProcessPopulating the password cache
client lookup process, Resource RecordsClient Lookup Process
client-side extension (CSE), group policy preferences using, Group Policy PreferencesDeploying group policy preferences
cloning DC, impacts of on Windows of, Cloning Domain Controllers
cloning domain controllers, Cloning Domain ControllersCloning a domain controller
cn (Common-Name), attribute of class, Structure of the Schema
CNAME records, Resource Records Used by Active Directory
COM (Component Object Model) object
adding items to context menus, Context Menus
property pages as, Property Pages
conditional forwarding, Active Directory-Integrated DNSActive Directory-Integrated DNS
confidential attribute flag, ConfidentialityConfidentiality, Permission Lockdown
Configuration NC, Configuration Naming Context
connection objects, Connection ObjectsConnection Objects
constructed attributes, rules of, Constructed attributes
containers
about, How Objects Are Stored and IdentifiedHow Objects Are Stored and Identified
creating AD LDS, Creating Application PartitionsCreating Containers
displaying object as leaf or, Display Names
context menus, Context MenusContext Menus
controlAccessRight, Property Sets, Validated Writes, and Extended Rights
converting groups, Converting groupsConverting groups
createWizardExt attribute, Object Creation Wizard
creation wizard attribute, Object Creation Wizard
-Credential parameter, Automating the DC Build Process
CSE (client-side extension), group policy preferences using, Group Policy PreferencesDeploying group policy preferences
CSR (Certificate Signing Request), Certificates
CustomDCCloneAllowList.xml file, Cloning Domain Controllers, Cloning Domain Controllers, The DC cloning process

D

DAC (Dynamic Access Control)
about, Active Directory Security: Permissions and Auditing, The AdminSDHolder ProcessDynamic Access Control
configuring Active Directory for, Configuring Active Directory for DACKerberos policies
using on file server, Kerberos policies
DACL (Discretionary ACL), Permission Basics, Default Security Descriptors, Rule 3: Manage advanced permissions only when absolutely necessary
data, stored within Active Directory, How Objects Are Stored and IdentifiedHow Objects Are Stored and Identified
database
configuration in ADFS of, The Configuration Database
configuring logging of available space on, Reclaiming Space
date formats, searching Active Directory using, Dates and TimesDates and Times
DC (Domain Controller)
about, Domains and Domain Trees
adding site-specific SRV records, Resource Records Used by Active Directory
building
automating DC build process, Using DCPromo on Earlier Versions of WindowsAutomating the DC Build Process
changing IP addresses, Active Directory-Integrated DNS
configured to host replicas, Using Application Partitions for DNS
deploying on Server Manager read-only domain controller, Deploying with Server Manager
determining in designing sites number of, Where to put domain controllersPlacing a domain controller in more than one site
DSA GUID in, DSA GUIDs and invocation IDs
filtered attribute set as part of read-only domain controller, The filtered attribute set
FSMO hosted on, Flexible Single Master Operator (FSMO) Roles
lingering objects caused by offline, Conflict due to creation of objects with names that conflictLingering Objects
maintaining USN, Update sequence numbers (USNs) and highestCommittedUSN
manually configure to service multiple sites, Placing a domain controller in more than one site
placement in designing sites of, Where to put domain controllersPlacing a domain controller in more than one site
read-only domain controller deployment
about, Cloning a domain controllerRead-Only Domain Controllers
administrator role separation, Administrator Role SeparationAdministrator Role Separation
application compatibility, Application CompatibilityApplication Compatibility
chaining table in, The W32Time ServiceThe W32Time Service
client logon process, The Client Logon ProcessPopulating the password cache, The W32Time ServiceThe W32Time Service
deploying on Server Manager, Deploying with Server Manager
password replication policies in, Password Replication PoliciesManaging the loss of an RODC
placement considerations, RODC Placement ConsiderationsRODC Placement Considerations
prerequisites to, Read-Only Domain Controllers
promoting server to, Administrator Role SeparationPrestaging RODC domain controller accounts
write requests and, RODCs and Write RequestsDNS updates
reconciling replication conflicts, Conflict due to identical attribute change
restoring
from backups, Manually removing a domain controller from Active DirectoryRestore from Backup
from IFM media, Restore from BackupCreating and using IFM media on Windows Server 2008 and newer
from replication, Restore from ReplicationManually removing a domain controller from Active Directory
schema cache and, The Schema CacheThe Schema Cache
virtualization of
about, Automating the DC Build ProcessVirtualization
cloning, Cloning Domain ControllersCloning a domain controller
considerations about, VirtualizationWhen to Virtualize
impact of, When to VirtualizeUSN rollback
safe restore, RID pool reuseVirtualization Safe Restore
DC locator process, Configuring DNSSEC for Active Directory DNSDC Locator
DCCloneConfig.xml file, Cloning Domain Controllers, The DC cloning process
dcdiag tool, Best Practices Analyzer
dcpromo, Using DCPromo on Earlier Versions of Windows, Automating the DC Build Process
DDNS (Dynamic DNS), DNS Fundamentals, Dynamic DNS, Dynamic DNS
Default Domain Controllers Policy, How GPOs are stored in Active Directory
Default Domain Policy, How GPOs are stored in Active Directory
Default-First-Site-Name site, SitesSites
DEFAULTIPSITELINK, Site Links
defragmentation, of DIT file offline, Reclaiming SpaceReclaiming Space
delegation
examples of, Real-World Active Directory Delegation ExamplesRestricting Everyone but HR from Viewing National/Regional ID Numbers with the Confidential Bit
in AD LDS, Controlling Access to Objects and Attributes
in managing Group Policy, The importance of change-control proceduresDesigning the delegation of GPO administration, The importance of change-control proceduresDesigning the delegation of GPO administration
in managing PSOS, Viewing the effective PSODelegating Management of PSOs
Kerberos constrained, DelegationDelegation
name serve records in, Client Lookup Process
Delegation of Control Wizard, Designing the delegation of GPO administrationDesigning the delegation of GPO administration, Using the Delegation of Control WizardUsing the Delegation of Control Wizard
delegation options, for Active Directory-related DNS zones, Overriding SRV Record RegistrationIntegration issues
Delegation tab, Delegation
deleted object lifecycle, Working with SnapshotsDeleted Object Lifecycle
Denied RODC Password Replication Group, Password Replication Policies
DesktopStandard, PolicyMaker, Using the Group Policy Management Editor, Deploying group policy preferences
DFS-R (Distributed Filesystem-Replication), Group Policy replication
digital signatures, on LDIF files, Mitigating a Schema Conflict
directory information tree (DIT)
as ESE database file, How Objects Are Stored and Identified
maintenance, DIT MaintenanceChanging the DS Restore Mode Admin Password
searching, The Directory Information TreeSecurity descriptor table
Directory Service remote procedure call (DS-RPC), TransportTransport
directory service, about, A Brief History of Directories
Directory Services event log, Checking the Integrity of the DIT
Directory Services Restore Mode, FSMO Recovery
disabling GPO settings, Capabilities of Group Policy Objects
Discretionary ACL (DACL), Permission Basics, Default Security Descriptors, Rule 3: Manage advanced permissions only when absolutely necessary
display names, changing class and attribute names, Icons
display specifiers, Display SpecifiersDisplay Specifiers
displayName attribute, How GPOs are stored in Active Directory
Distinguished Name Tag (DNT), Data tableSecurity descriptor table
Distinguished Names (DNs), Distinguished namesDistinguished names
Distributed Filesystem-Replication (DFS-R), Group Policy replication
distribution group, converting to security group, Converting groups
DIT (directory information tree)
as ESE database file, How Objects Are Stored and Identified
maintenance, DIT MaintenanceChanging the DS Restore Mode Admin Password
searching, The Directory Information TreeSecurity descriptor table
DNs (Distinguished Names), Distinguished namesDistinguished names
DNS (Domain Name System)
about, Active Directory and DNSDNS Fundamentals
aging and scavenging on DNS server, Aging and ScavengingEnabling scavenging on the DNS server
DC locator process, Configuring DNSSEC for Active Directory DNSDC Locator
delegation options for Active Directory-related DNS zones, Overriding SRV Record RegistrationIntegration issues
DNSSEC
about, Global Names Zones
configuring for DNS, Lookup processConfiguring DNSSEC for Active Directory DNS
workings of, DNSSECLookup process
fundamentals of
client lookup process, Resource RecordsClient Lookup Process
Dynamic DNS (DDNS), DNS Fundamentals, Dynamic DNS
global names zone, Global Names ZonesGlobal Names Zones
resource records, ZonesResource Records
zones, Zones
integrated, Integration issuesUsing Application Partitions for DNS
managing with Windows PowerShell, Managing DNS with Windows PowerShell
picking name for Active Directory network, Choose the forest root domainDesign the namespace naming scheme
read-only registry settings, DNS updates
resource records used by Active Directory, Resource Records Used by Active DirectoryOverriding SRV Record Registration
types of name servers, Active Directory-Integrated DNSActive Directory-Integrated DNS
using application partitions for, Using Application Partitions for DNSUsing Application Partitions for DNS
vs. WINS, Active Directory and DNS
DNS zones
background loading of, Background Zone Loading
delegation options for Active Directory-related, Overriding SRV Record RegistrationIntegration issues
replication impact from integrated, Active Directory-Integrated DNS
DNSKEY (DNSSEC record), Resource records
DNSSEC
about, Global Names Zones
configuring for DNS, Lookup processConfiguring DNSSEC for Active Directory DNS
record types, Resource records
workings of, DNSSECLookup process
DNT (Distinguished Name Tag), Data tableSecurity descriptor table
Domain Controller (DC)
about, Domains and Domain Trees
adding site-specific SRV records, Resource Records Used by Active Directory
building
automating DC build process, Using DCPromo on Earlier Versions of WindowsAutomating the DC Build Process
deploying on Server Manager, Building Domain ControllersDeploying with Server Manager
using dcpromo, Using DCPromo on Earlier Versions of Windows
determining in designing sites number of, Where to put domain controllersPlacing a domain controller in more than one site
filtered attribute set as part of read-only domain controller, The filtered attribute set
FSMO hosted on, Flexible Single Master Operator (FSMO) Roles
lingering objects caused by offline, Conflict due to creation of objects with names that conflictLingering Objects
maintaining USN, Update sequence numbers (USNs) and highestCommittedUSN
manually configure to service multiple sites, Step 3: Design the Sites
placement in designing sites of, Where to put domain controllersPlacing a domain controller in more than one site
read-only domain controller deployment
about, Cloning a domain controllerRead-Only Domain Controllers
administrator role separation, Administrator Role SeparationAdministrator Role Separation
application compatibility, Application CompatibilityApplication Compatibility
chaining table in, The W32Time ServiceThe W32Time Service
client logon process, The Client Logon ProcessPopulating the password cache, The W32Time ServiceThe W32Time Service
deploying on Server Manager, Deploying with Server Manager
password replication policies in, Password Replication PoliciesManaging the loss of an RODC
placement considerations, RODC Placement ConsiderationsRODC Placement Considerations
prerequisites to, Read-Only Domain Controllers
promoting server to, Administrator Role SeparationPrestaging RODC domain controller accounts
write requests and, RODCs and Write RequestsDNS updates
reconciling replication conflicts, Conflict due to identical attribute change
restoring
from backups, Manually removing a domain controller from Active DirectoryRestore from Backup
from IFM media, Restore from BackupCreating and using IFM media on Windows Server 2008 and newer
from replication, Restore from ReplicationManually removing a domain controller from Active Directory
schema cache and, The Schema CacheThe Schema Cache
virtualization of
about, Automating the DC Build ProcessVirtualization
cloning DC, Cloning Domain ControllersCloning a domain controller
considerations about, VirtualizationWhen to Virtualize
impact of, When to VirtualizeUSN rollback
safe restore, RID pool reuseVirtualization Safe Restore
Domain Controllers OU, Organizational Units, Flexible Single Master Operator (FSMO) Roles
domain mode, functional levels of forest and, Domain and Forest Functional LevelsWindows 2000 domain mode
Domain Name System (DNS)
about, Active Directory and DNSDNS Fundamentals
aging and scavenging on DNS server, Aging and ScavengingEnabling scavenging on the DNS server
DC locator process, Configuring DNSSEC for Active Directory DNSDC Locator
delegation options for Active Directory-related DNS zones, Overriding SRV Record RegistrationIntegration issues
DNSSEC
about, Global Names Zones
configuring for DNS, Lookup processConfiguring DNSSEC for Active Directory DNS
workings of, DNSSECLookup process
fundamentals of
client lookup process, Resource RecordsClient Lookup Process
Dynamic DNS (DDNS), DNS Fundamentals, Dynamic DNS
global names zone, Global Names ZonesGlobal Names Zones
resource records, ZonesResource Records
zones, Zones
integrated, Integration issuesUsing Application Partitions for DNS
managing with Windows PowerShell, Managing DNS with Windows PowerShell
picking name for Active Directory network, Choose the forest root domainDesign the namespace naming scheme
read-only registry settings, DNS updates
resource records used by Active Directory, Resource Records Used by Active DirectoryOverriding SRV Record Registration
using application partitions for, Using Application Partitions for DNSUsing Application Partitions for DNS
vs. WINS, Active Directory and DNS
domain namespace design, Designing the Active Directory Structure, Overview of the Design Process, Domain Namespace DesignArrange the subdomain hierarchy
domain naming master role
about, Flexible Single Master Operator (FSMO) Roles
importance of, Flexible Single Master Operator (FSMO) Roles
Domain NC, Naming Contexts and Application PartitionsNaming Contexts and Application Partitions, Domain Naming Context
Domain Services server role, installing, Automating the DC Build Process
domain trees
about, Domains and Domain TreesDomains and Domain Trees
impacting GPO applications, Prioritizing the Application of Multiple Policies
DomainDnsZones partitions, defining custom application partitions outside of default, Using Application Partitions for DNS
domains
components of Active Directory, Domains and Domain Trees
moving from mixed to native mode, Windows 2000 domain mode
drag-and-drop moves, controlling ADUC, Controlling drag-and-drop movesTaskpads
DS Restore Mode administrator password, setting, Changing the DS Restore Mode Admin Password
DS-RPC (Directory Service remote procedure call), TransportTransport
DSA GUID, DSA GUIDs and invocation IDs
DSDBUTIL command-line tool, for AD LDS, ADSI Edit
dsHeuristics attribute, modifying, The AdminSDHolder ProcessThe AdminSDHolder Process
dsmgmt command-line tool, for AD LDS, dsdbutildsmgmt
DsPollingInterval registry setting, DNS updates
DSRM password, embedding in script, Automating the DC Build Process
DSRMAdminLogonBehavior, modifying logon behavior, Restartable Directory Service
dual stacks, Troubleshooting subnet data problems
Dynamic Access Control (DAC)
about, Active Directory Security: Permissions and Auditing, The AdminSDHolder ProcessDynamic Access Control
configuring Active Directory for, Configuring Active Directory for DACKerberos policies
using on file server, Kerberos policies
Dynamic DNS (DDNS), DNS Fundamentals, Dynamic DNSDynamic DNS, Dynamic DNS
Dynamic objects, Storing Dynamic Data

E

Effective Permissions (Effective Access), Viewing the Effective Permissions for a User or Group
email address formatting rules, Service Account
Enforced setting, in GPO, Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
Enforced settings, in GPO, Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
Enterprise Certification Authority (CA), Transport
Enterprise Numbers, X.500 and the OID Namespace
equal sign (=)
as LDAP filter operator, Filter Operators
used by DNs, Distinguished names
event-log entries
logs updated, DNS updates
troubleshooting ADFS, Event LogsEvent Logs
Exchange
best practice guidelines for Global Catalog servers, How many domain controllers to have
deploying, Sites
need for separate forest with, Create additional forests
RODC and, Application Compatibility
explicit permissions vs. inherited permissions, Property Sets, Validated Writes, and Extended Rights
Extended Protection, configuring, Fiddler
extended rights, Property Sets, Validated Writes, and Extended Rights
Extensible Storage Engine (ESE) database file, DIT as, How Objects Are Stored and Identified

F

FAS (Filtered Attribute Set), The filtered attribute set, Application Compatibility
fault tolerance, Final notes
federation metadata, Relying Party Trusts
federation servers, Federation ServersFederation Server Proxies, Federation Servers
Federation Service identifier, Service configuration
Federation Service name, Service configuration
Fiddler, troubleshooting using in ADFS, FiddlerSummary
filesystem, loading zones stored on, Background Zone Loading
Filtered Attribute Set (FAS), The filtered attribute set, Application Compatibility
FIM (Forefront Identity Manager), Naming and placing groups
fine-grained password policies (FGPPs)
about, Fine-Grained Password Policies
creating PSOs, Creating Password Settings ObjectsCreating a PSO with PSOMgr
defining PSOs, Defining Password Settings ObjectsDefining PSO precedence
delegating management of PSOs, Viewing the effective PSODelegating Management of PSOs
managing PSOs, Managing Password Settings ObjectsViewing the effective PSO
mandatory password setting object attributes, Scenarios for Fine-Grained Password Policies
understanding PSOs, Understanding Password Settings Objects
Flexible Single Master Operator (FSMO) roles
about, Flexible Single Master Operator (FSMO) RolesFlexible Single Master Operator (FSMO) Roles
Active Directory maintenance, FSMO RecoveryFSMO Recovery
hosting on DC, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles
in AD LDS, Group and User ScopeFSMOs
placement of, Flexible Single Master Operator (FSMO) Roles
role holder, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles
Forefront Identity Manager (FIM), Naming and placing groups
forest
about, ForestsForests
choosing root domain for domain namespace design, Final notes
configuring multi-tree, Forests
considerations for creating separate, Create additional forestsCreate additional forests
designing, Designing the Active Directory Structure
functional levels of domain mode and, Domain and Forest Functional LevelsWindows 2000 domain mode
removing root domain of, Forests
ForestDnsZones partitions, defining custom application partitions outside of default, Using Application Partitions for DNS
FQDN (Fully Qualified Domain Name), Multiple-domain support, Global Names Zones, User Logon, Service principal names, Step 4: Design the Workstation and Server Naming Conventions, Installing an AD LDS Replica, Geographically redundant ADFS servers, Certificates, Service configuration, Relying Party Trusts
FSMO (Flexible Single Master Operator) roles
about, Flexible Single Master Operator (FSMO) RolesFlexible Single Master Operator (FSMO) Roles
Active Directory maintenance, FSMO RecoveryFSMO Recovery
in AD LDS, Group and User ScopeFSMOs
placement of, Flexible Single Master Operator (FSMO) Roles
role holder, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles
fSMORole Owner attribute, Flexible Single Master Operator (FSMO) Roles
functional levels, Differences in functionalityFunctional Level Rollback

G

garbage collection, Deleted Object Lifecycle
GC (Global Catalog), The Global CatalogFlexible Single Master Operator (FSMO) Roles
Get-ADDCCloningExcludedApplicationList, Cloning Domain Controllers, Cloning a domain controller
Get-ADReplicationAttributeMetadata cmdlet, Step 1: Initial creation of a user on Server AStep 1: Initial creation of a user on Server A
Global Catalog (GC), The Global CatalogFlexible Single Master Operator (FSMO) Roles
Global Catalog servers, Exchange best practice guidelines for, How many domain controllers to have
global names zone, Global Names ZonesGlobal Names Zones
globally unique identifier (GUID)
assigning to objects, Uniquely Identifying Objects
DSA, DSA GUIDs and invocation IDs
gMSAs (group managed service accounts), Authentication Mechanism AssuranceUsing Group Managed Service Accounts
gPCFileSysPath attribute, How GPOs are stored in Active Directory
gPLink attribute, Designing the delegation of GPO administration
GPMC (Group Policy Management Console)
accessing infrastructure status, Group Policy Infrastructure Status
downloading, Capabilities of Group Policy Objects
modeling using, Group Policy Modeling
scripting capabilities of, Group Policy Backup and RestoreScripting Group Policy
using to manage Group Policy, Group PolicyUsing the Group Policy Management Console
GPME (Group Policy Management Editor), Capabilities of Group Policy Objects, Using the Group Policy Management EditorUsing the Group Policy Management Editor, Running Scripts with Group Policy
gPOptions attribute, Designing the delegation of GPO administration
GPOs (group policy objects)
backing up, Group Policy Backup and RestoreGroup Policy Backup and Restore
Block Inheritance and Enforced settings in, Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
blocking inheritance, Blocking Inheritance and Overriding the Block in Organizational Unit GPOsSummary
capabilities of, Group Policy PrimerGroup Policy replication
combating slowdown due to Group Policy, Combating Slowdown Due to Group PolicyUse simple queries in WMI filters
controlling and deploying, Group Policy ModelingDesigning the delegation of GPO administration
correctly applying, Designing the delegation of GPO administration
default, Designing the delegation of GPO administration
disabling settings, Capabilities of Group Policy Objects
Enforced setting in, Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
guidelines for designing, Using GPOs to Help Design the Organizational Unit StructureGuidelines for Designing GPOs
identifying user settings using RSoP, Group Policy Infrastructure StatusGroup Policy Results Wizard
in Active Directory design, Designing the Active Directory Structure
inheritance rules in organizational units, Standard GPO Inheritance Rules in Organizational Units
linking, How Group Policies WorkGPOs and Active Directory
Loopback Mode and, Security Filtering and Group Policy ObjectsLoopback Merge Mode and Loopback Replace Mode
modifying default GPO permissions, Designing the delegation of GPO administration
policies linked only at domain, Prioritizing the Application of Multiple Policies
prioritizing application of multiple policies, GPOs and Active DirectoryPrioritizing the Application of Multiple Policies
refresh frequency and, SummaryGroup Policy Refresh Frequency
restoring, Group Policy Backup and RestoreGroup Policy Backup and Restore
security filtering and, Use simple queries in WMI filtersSecurity Filtering and Group Policy Objects
storing, How GPOs are stored in Active Directory
summary of Group Policy application, Loopback Merge Mode and Loopback Replace ModeSummarizing Group Policy Application
summary of Group Policy functionality, Group PolicyGroup Policy
using GPMC to manage, Group PolicyUsing the Group Policy Management Console
using GPME for managing, Using the Group Policy Management EditorUsing the Group Policy Management Editor
using in designing OU structure
about, Using GPOs to Help Design the Organizational Unit StructureUsing GPOs to Help Design the Organizational Unit Structure
examples of, Guidelines for Designing GPOsFabrikam
guidelines for designing GPOs, Using GPOs to Help Design the Organizational Unit StructureGuidelines for Designing GPOs
identifying areas of policy, Using GPOs to Help Design the Organizational Unit Structure
using Starter, Using Starter GPOs
WMI filtering and, WMI Filtering
working across slow links, Limiting use of site policies
GPResult tool, Group Policy Results Wizard
GPT (Group Policy Template), How GPOs are stored in Active Directory, Running Scripts with Group Policy
GPUPDATE tool, When Policies Apply
gpupdate, updating group policy settings using, Forcing Group Policy Updates
Greater than or equal to (>=), as LDAP filter operator, Filter Operators
group managed service accounts (gMSAs), Authentication Mechanism AssuranceUsing Group Managed Service Accounts
group membership across domain boundaries, Group membership across domain boundaries
Group Policies
about, Group Policy Primer
capabilities of GPOs, Capabilities of Group Policy Objects
disabling GPO settings, Group Policy Primer
managing
about, Group Policy
backing up, Group Policy Backup and RestoreGroup Policy Backup and Restore
change control in, The importance of change-control procedures
correctly applying GPOs, The importance of change-control procedures
default GPOs, Designing the delegation of GPO administration
delegation in, The importance of change-control proceduresDesigning the delegation of GPO administration
deploying preferences, Group Policy PreferencesItem-Level Targeting
modeling using GPMC, Group Policy Modeling
preference options for, Using the Group Policy Management EditorGroup Policy Preferences
restoring, Group Policy Backup and RestoreGroup Policy Backup and Restore
running logon/logoff scripts, Item-Level TargetingRunning Scripts with Group Policy
scripting, Group Policy Backup and RestoreScripting Group Policy
using GPMC for, Group PolicyUsing the Group Policy Management Console
using GPME for, Using the Group Policy Management EditorUsing the Group Policy Management Editor
using Starter GPOs, Using Starter GPOs
storage of, Capabilities of Group Policy ObjectsGroup Policy replication
troubleshooting
accessing infrastructure status, Group Policy Infrastructure Status
Best Practices Analyzer, Group Policy Logging in Windows Vista/Windows Server 2008 and Newer
debugging group policies, Scripting Group Policy
enabling extra logging, Forcing Group Policy UpdatesGroup Policy Logging in Windows Vista/Windows Server 2008 and Newer
forcing updates, Forcing Group Policy UpdatesForcing Group Policy Updates
third-party tools for, Third-Party Troubleshooting Tools
using GPResult tool, Group Policy Results Wizard
using Resultant Set of Policy, Group Policy Infrastructure StatusGroup Policy Results Wizard
workings of
blocking inheritance, Blocking Inheritance and Overriding the Block in Organizational Unit GPOsSummary
combating slowdown due to, Combating Slowdown Due to Group PolicyUse simple queries in WMI filters
GPO inheritance rules in organizational units, Standard GPO Inheritance Rules in Organizational Units
linking GPOs, How Group Policies WorkGPOs and Active Directory
Loopback Mode, Security Filtering and Group Policy ObjectsLoopback Merge Mode and Loopback Replace Mode
prioritizing application of multiple policies, GPOs and Active DirectoryPrioritizing the Application of Multiple Policies
refresh frequency, SummaryGroup Policy Refresh Frequency
security filtering and GPOs, Use simple queries in WMI filtersSecurity Filtering and Group Policy Objects
summary of Group Policy application, Loopback Merge Mode and Loopback Replace ModeSummarizing Group Policy Application
summary of Group Policy functionality, Group PolicyGroup Policy
WMI filtering, WMI Filtering
Group Policy Creator Owners group, creating GPO, Designing the delegation of GPO administration
Group Policy Management Console (GPMC)
accessing infrastructure status, Group Policy Infrastructure Status
downloading, Capabilities of Group Policy Objects
modeling using, Group Policy Modeling
scripting capabilities of, Group Policy Backup and RestoreScripting Group Policy
using to manage Group Policy, Group PolicyUsing the Group Policy Management Console
Group Policy Management Editor (GPME), Capabilities of Group Policy Objects, Using the Group Policy Management EditorUsing the Group Policy Management Editor, Running Scripts with Group Policy
group policy preferences, Using the Group Policy Management EditorItem-Level Targeting, Running Scripts with Group Policy
Group Policy Results Wizard, Group Policy Modeling, Group Policy Infrastructure StatusGroup Policy Results Wizard
Group Policy Template (GPT), How GPOs are stored in Active Directory, Running Scripts with Group Policy
group scopes, Groups
groupPolicyContainer class, How GPOs are stored in Active Directory
groups
allowing specific users to access new published resources, Hiding Specific Personal Details for All Users in an Organizational Unit from a Group
hiding personal details of users from, Real-World Active Directory Delegation ExamplesHiding Specific Personal Details for All Users in an Organizational Unit from a Group
managing groups in AD LDS, Creating GroupsRemoving Members from Groups
naming and placing, Naming and placing usersNaming and placing groups
understanding workings of, GroupsConverting groups
GUID (globally unique identifier)
assigning to objects, Uniquely Identifying Objects
DSA, DSA GUIDs and invocation IDs

H

hardware abstraction layer (HAL), Manually removing a domain controller from Active Directory
hierarchy of organizational units, designing, Arrange the subdomain hierarchyDelegating other rights
highestCommittedUSN, Update sequence numbers (USNs) and highestCommittedUSNUpdate sequence numbers (USNs) and highestCommittedUSN
host service name, Service tickets
HOST SPN Mappings, implicit, Service tickets
hosts file, configuring for ADFS server, Federation Server ProxiesFederation Server Proxies
HWMV (high-watermark vector), High-watermark vector (direct up-to-dateness vector)High-watermark vector (direct up-to-dateness vector), Step 5: The initiating server checks whether it is up to date
Hyper-V platform
support of VM Gen IDs, RID pool reuseVirtualization Safe Restore

I

IADs, System.DirectoryServices Overview
IADs interface, ADSI, System.DirectoryServices Overview
IADsComputer, System.DirectoryServices.Protocols Overview
IADsContainer, System.DirectoryServices Overview
IADsGroup, System.DirectoryServices Overview, System.DirectoryServices.Protocols Overview
IADsSecurity Descriptor, Other nice things in System.DirectoryServices
IADsUser, System.DirectoryServices Overview, System.DirectoryServices.Protocols Overview, Managing Users
IANA (Internet Assigned Numbers Authority), X.500 and the OID Namespace
iconPath attribute, Icons
icons, representing different states of objects, IconsIcons
IContextMenu interface, Context Menus
Identity Integration Feature Pack (IIFP), ADAM Sync
identity provider (IdP), Active Directory Federation ServicesIntroduction to Federated Identity
IFM (Install from Media), Restore from BackupCreating and using IFM media on Windows Server 2008 and newer
ILT (Item Level Targeting), Item-Level Targeting
indexing attributes, Indexed attributesIndexed attributes
infrastructure master
about, Flexible Single Master Operator (FSMO) RolesFlexible Single Master Operator (FSMO) Roles
FSMO role holder, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles
importance of, Flexible Single Master Operator (FSMO) Roles
placement rules, Flexible Single Master Operator (FSMO) Roles
infrastructure status, accessing Group Policy, Group Policy Infrastructure Status
inheritance
blocking, Blocking Inheritance and Overriding the Block in Organizational Unit GPOs
objectClassCategory and, Classes (classSchema Objects)Object Class Category and Inheritance
OID numbering notation and, X.500 and the OID Namespace
inherited permissions vs. explicit permissions, Property Sets, Validated Writes, and Extended Rights
Install from Media (IFM), Restore from BackupCreating and using IFM media on Windows Server 2008 and newer
Install-ADDSDomainController cmdlet, Prestaging RODC domain controller accounts
Install-ADServiceAccount cmdlet, Using Group Managed Service Accounts
integrated DNS, Integration issuesUsing Application Partitions for DNS
Inter-Site Mechanism Simple Mail Transport Protocol (ISM-SMTP), TransportTransport
internal domain structure design, Overview of the Design Process, Arrange the subdomain hierarchyNaming and placing groups
International Organization for Standardization (ISO), development of X.500 standard, A Brief History of Directories, X.500 and the OID Namespace
International Telecommunication Union (ITU), development of X.500 standard, A Brief History of Directories, X.500 and the OID Namespace
Internet Assigned Numbers Authority (IANA), X.500 and the OID Namespace
intersite topology
about, Creating a Site Topology
site link bridges in, TransportSite Link Bridges: The Second Building Blocks of Intersite Topologies
site links in, Now what?Transport
Intersite Topology Generator (ISTG), The KCC, Transport
intrasite topology
about, Creating a Site Topology
automatic site generation by KCC, The KCC
invocation ID, DSA GUIDs and invocation IDs
IP addresses
CNAME records and updating, Resource Records Used by Active Directory
DC changing, Active Directory-Integrated DNS
separating from hostname, Federation Server Proxies
understanding, Subnets
IPv6 address
deploying with IPv4, Troubleshooting subnet data problemsTroubleshooting subnet data problems
in DC cloning configuration, Cloning Domain Controllers
WINS and, Global Names Zones
IShellExitInit interface, Property Pages, Context Menus
IShellPropSheetExt interface, Property Pages
ISM-SMTP (Inter-Site Mechanism Simple Mail Transport Protocol), TransportTransport
ISO (International Organization for Standardization), development of X.500 standard, A Brief History of Directories, X.500 and the OID Namespace
ISTG (Intersite Topology Generator), The KCC, Transport
Item Level Targeting (ILT), Item-Level Targeting
ITU (International Telecommunication Union), development of X.500 standard, A Brief History of Directories, X.500 and the OID Namespace

J

JET technology, ESE as, How Objects Are Stored and Identified

K

KCC (Knowledge Consistency Checker), Knowledge Consistency CheckerKnowledge Consistency Checker, Replication connection objects
KCD (Kerberos constrained delegation), DelegationDelegation
KDS root key, creating, Preparing for Group Managed Service Accounts
Kerberos
about, Kerberos
application access, Application Access
delegation, DelegationDelegation
authentication (port 88), Resource Records Used by Active Directory
changing passwords via, Resource Records Used by Active Directory
domain controllers encrypting tickets, The Client Logon Process
issues with Windows editions supporting, Groups
maximum time-skew requirement between hosts, A Background to Metadata
policies in configuring Active Directory for DAC, Configuring central access policiesKerberos policies
protocol transition, Delegation
RODC using, Password Replication Policies
service access, User LogonLogon and Service Access Summary
user logon, User LogonUser Logon
Kerberos constrained delegation (KCD), DelegationDelegation
key management server (KMS), Active Directory-Based Machine Activation
key signing key (KSK), Resource records, Lookup processConfiguring DNSSEC for Active Directory DNS
Knowledge Consistency Checker (KCC), Knowledge Consistency Checker, Replication connection objects, The KCC
kpasswd process (port 464), Resource Records Used by Active Directory
krbtgt account, RODC and, The Client Logon ProcessThe Client Logon Process
KSK (key signing key), Resource records, Lookup processConfiguring DNSSEC for Active Directory DNS

L

lastLogon attribute, Last-logon statistics
lastLogonTimeStamp, RID pool reuse
lastLogonTimeStamp attribute, Implementing Auditing
lastLogonTimeStampAttribute, Computer account password changesLast-logon statistics
LDAP (Lightweight Directory Access Protocol)
about, A Brief History of Directories
DNs defined in, Distinguished names
Filter View, Global Search
in AD LDS, Differences Between AD and AD LDS, No SRV Records, No Global Catalog
referral from RODC, Application Compatibility
LDAP controls
modifying behavior in database search with, Modifying Behavior with LDAP ControlsModifying Behavior with LDAP Controls
using stats, Using the stats controlUsing the stats control
LDAP Data Interchange Format, Using LDIF to Extend the Schema
LDAP filter
Boolean operators in, Connecting Filter ComponentsConnecting Filter Components
operators in, Searching the DatabaseFilter Operators
LDAP-Display-Name (lDAPDisplayName) attribute, Structure of the Schema
LDAP_CONTROL_VLVREQUEST, Modifying Behavior with LDAP Controls
LDAP_PAGED_RESULT_OID_STRING, Modifying Behavior with LDAP Controls
LDAP_SERVER_ASQ_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_DIRSYNC_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_DOMAIN_SCOPE_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_EXTENDED_DN_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_GET_STATS_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_NOTIFICATION_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_RANGE_OPTION_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_SD_FLAGS_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_SEARCH_OPTIONS_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_SHOW_DELETED_OID, Modifying Behavior with LDAP Controls
LDAP_SERVER_SORT_OID, Modifying Behavior with LDAP Controls
LDIF files
AD LDS
creating containers, Creating Application PartitionsCreating Containers
deleting objects, Deleting Objects
managing groups, Creating GroupsRemoving Members from Groups
managing users, Creating UsersCreating Groups
creating portable schema extensions using, Using LDIF to Extend the Schema
digital signatures on, Mitigating a Schema Conflict
export data in LDIF format, Using LDIF to Extend the Schema
extend schema using, Using LDIF to Extend the SchemaUsing LDIF to Extend the Schema
instance installation in AD LDS of, Installing a New AD LDS Instance
LDIFDE command-line tool, for AD LDS, dsmgmt
LDP
about, LDPLDP
controls dialog box, Modifying Behavior with LDAP Controls
for AD LDS, dsmgmt
for searching database, Searching the Database
querying RootDSE with, Naming Contexts and Application Partitions
using in AD LDS, New and Updated Tools
viewing contents of Schema container using, Structure of the Schema
leaf object, displaying as container or, Display Names
Less than or equal to sign (<=), as LDAP filter operator, Filter Operators
Lightweight Directory Access Protocol (LDAP)
about, A Brief History of Directories
DNs defined in, Distinguished names
Filter View, Global Search
in AD LDS, Differences Between AD and AD LDS, No SRV Records, No Global Catalog
referral from RODC, Application Compatibility
Limited caching of passwords, scenario for password replication policies, Password Replication Policies
lingering objects problem, Backing Up Active Directory
link table, in searching directory information tree, Link table
linkID attributes, Linked Attributes, Link tableSecurity descriptor table
-LocalAdministratorPassword parameter, Automating the DC Build Process
lockdown permissions, Permission Lockdown
logging
enabling extra Group Policy, Forcing Group Policy UpdatesGroup Policy Logging in Windows Vista/Windows Server 2008 and Newer
of available database space, Reclaiming Space
logon
client process, The Client Logon ProcessPopulating the password cache
running scripts at user, Item-Level TargetingRunning Scripts with Group Policy
success/fail information, Last-logon statistics
tracking last interactive information, Implementing AuditingTracking Last Interactive Logon Information
user, User Logon
logonCount attribute, Last-logon statistics
Loopback Mode, Security Filtering and Group Policy ObjectsLoopback Merge Mode and Loopback Replace Mode, Summarizing Group Policy Application
LSDOU, specific order of GPOs, GPOs and Active DirectoryPrioritizing the Application of Multiple Policies
LVR (Linked Value Replication), Link table

M

machine activation, AD-based, Active Directory-Based Machine Activation
managed service accounts, Authentication Mechanism AssuranceUsing Group Managed Service Accounts
managedBy attribute, Administrator Role Separation
management tools
about, Management Tools
Active Directory Administrative Center, Active Directory Administrative CenterExtensibility
Active Directory Users and Computers, Active Directory Users and ComputersADSI Edit
ADSI Edit, ADSI EditADSI Edit
LDP, LDP
MAPI ID, defined in Active Directory, MAPI IDs
MaximumRodcRsoAttemptsPerCycle registry setting, DNS updates
MaximumRodocRsoQueueLength registry setting, DNS updates
MDOP (Microsoft Desktop Optimization Pack), The importance of change-control procedures
medial searches, of database, Filter Operators
metadata, federation, Relying Party Trusts
metadata, removing using ntdsutil, Manually removing a domain controller from Active Directory
metadata, replication
background to, A Background to Metadata
DSA GUID and invocation ID, DSA GUIDs and invocation IDs
high-watermark vector, High-watermark vector (direct up-to-dateness vector)High-watermark vector (direct up-to-dateness vector)
highestCommittedUSN, Update sequence numbers (USNs) and highestCommittedUSNUpdate sequence numbers (USNs) and highestCommittedUSN
modifying in object during, How an Object’s Metadata Is Modified During ReplicationStep 4: Password-change replication to DC A
originating updates vs. replicated updates, Originating updates versus replicated updates
Up-To-Dateness Vector, High-watermark vector (direct up-to-dateness vector)Up-to-dateness vector
update sequence number, Update sequence numbers (USNs) and highestCommittedUSNUpdate sequence numbers (USNs) and highestCommittedUSN
viewing, Step 1: Initial creation of a user on Server A
Microsoft Desktop Optimization Pack (MDOP), The importance of change-control procedures
Microsoft Exchange
best practice guidelines for Global Catalog servers, How many domain controllers to have
deploying, Sites
need for separate forest with, Create additional forests
RODC and, Application Compatibility
mixed mode vs. native mode, Windows 2000 domain mode
modeling, Group Policy, Group Policy Modeling
msDS-AuthenticatedAtDC, Password Replication Policies, Managing the password replication policy, The Client Logon Process
msDS-FailedInteractiveLogonCount, Tracking Last Interactive Logon Information
msDS-FailedInteractiveLogonCount AtLastSuccessfulLogon, Tracking Last Interactive Logon Information
msDS-LastFailedInteractiveLogonTime, Tracking Last Interactive Logon Information
msDS-LastSuccessfulInteractiveLogonTime, Tracking Last Interactive Logon Information
msDS-NeverRevealGroup, Password Replication Policies, Managing the password replication policy
msds-PasswordSettings schema class, Scenarios for Fine-Grained Password Policies
msDS-PasswordSettingsPrecedence attribute, Defining PSO precedence
msDS-PSOAppliesTo attribute, Defining PSO precedence, Managing PSO Application
msDS-Replication-Notify-First-DSA-Delay, Automatic Intrasite Topology Generation by the KCC
msDS-Replication-Notify-Subsequent-DSA-Delay, Automatic Intrasite Topology Generation by the KCC
msDS-ResultantPSO attribute, Defining PSO precedence
msDS-ResultantPso attribute, Viewing the effective PSO, Viewing the effective PSO
msDS-RevealedList, Password Replication Policies, Managing the password replication policy, The Client Logon Process
msDS-RevealOnDemand, Populating the password cache
msDS-RevealOnDemandGroup, Password Replication Policies, Managing the password replication policy
msDSAllowedToDelegate, Delegation
msDSAuthenticatedAtDC, The Client Logon Process, Populating the password cache

N

Name Resolution Policy Table (NRPT), configuring, Lookup process
name server (NS) records, in delegation, Client Lookup Process
name servers, DNS, Active Directory-Integrated DNS
namespace design, creating domain, Domain Namespace DesignArrange the subdomain hierarchy
naming context (NC)
about, Naming Contexts and Application Partitions
replication between two servers of, The Replication of a Naming Context Between Two ServersRecap
native mode vs. mixed mode, Windows 2000 domain mode
nesting OU structures, Step 3: Design the Hierarchy of Organizational Units
.NET Framework, programming Active Directory with
about, Programming the Directory with the .NET Framework
assemblies versus namespaces, Assemblies Versus Namespaces
choosing development tool, Programming the Directory with the .NET Framework.NET Development Without an IDE
choosing language, Programming the Directory with the .NET FrameworkChoosing a .NET Programming Language
IDisposable interface, Connecting to the Directory
programming examples
about, Why use System.DirectoryServices.AccountManagement?Connecting to the Directory
connecting to Directory, Connecting to the DirectoryConnecting to the Directory
managing users, Modifying existing objectsManaging users with System.DirectoryServices.AccountManagement
modifying Directory, Searching the DirectoryModifying existing objects
overriding SSL server certificate verification with SDS.P, Managing users with System.DirectoryServices.AccountManagementOverriding SSL Server Certificate Verification with SDS.P
searching Directory, Searching the DirectorySearching the Directory
programming features, Which .NET Framework Comes with Which OS?Directory Programming Features by .NET Framework Release
services programming landscape
about, Summary of Namespaces, Assemblies, and Framework VersionsWhy use System.DirectoryServices.AccountManagement?
versions of, .NET Development Without an IDESummary of Namespaces, Assemblies, and Framework Versions
NetBIOS name resolution, Active Directory and DNS
NetBIOS names, Step 4: Design the Workstation and Server Naming Conventions
NETDOM, FSMO Recovery
Network Time (NTP), time synchronization based on, Time Synchronization in Active Directory
NOS (Network Operating System), Evolution of the Microsoft NOS
Not (negation (!) sign), as LDAP filter operator, Filter Operators
NRPT (Name Resolution Policy Table), configuring, Lookup process
NS (name server) records, in delegation, Client Lookup Process
NT Backup utility, Using the NT Backup Utility, Restoring with NT BackupRestoring with Windows Server Backup
NT File Replication Service (NTFRS), Group Policy replication
NTDS.DIT, DSA GUIDs and invocation IDs
ntdsutil, Administrator Role SeparationAdministrator Role Separation
changing DSRM password, Reclaiming SpaceChanging the DS Restore Mode Admin Password
checking integrity of DIT, Checking the Integrity of the DITChecking the Integrity of the DIT
creating snapshots, Working with SnapshotsWorking with Snapshots
marking data to be restored, Partial Authoritative RestorePartial Authoritative Restore
performing offline defragmentation, Reclaiming SpaceReclaiming Space
removing metadata, Manually removing a domain controller from Active Directory
seizing roles, Using LDIF to Extend the Schema, FSMO RecoveryFSMO Recovery
NTFRS (NT File Replication Service), Group Policy replication
nTSecurityDescriptor attribute, Permission Basics

O

object creation wizard, Display NamesObject Creation Wizard
object identifier (OID) namespace
adding branches and leaves to, X.500 and the OID NamespaceX.500 and the OID Namespace
identifying manager of, Nominating Responsible People in Your Organization
identifying schema objects using OID, X.500 and the OID NamespaceX.500 and the OID Namespace
inheritance and numbering notation in, X.500 and the OID Namespace
range of values, X.500 and the OID NamespaceX.500 and the OID Namespace
requesting, X.500 and the OID NamespaceX.500 and the OID Namespace
objectClass vs. objectCategory, objectClass Versus objectCategory
objectClassCategory, inheritance and, Classes (classSchema Objects)Object Class Category and Inheritance
objects
assigning GUID to, Uniquely Identifying Objects
attributeSchema, The Global Catalog, Structure of the Schema, Attributes (attributeSchema Objects), Property Sets and attributeSecurityGUID, Implementing Auditing
bindable, Common Uses for AD LDS
building hierarchies within a domain using OUs, Organizational UnitsOrganizational Units
connection, Connection ObjectsConnection Objects
controlling access in AD LDS to, Controlling Access to Objects and Attributes
deleting from schema, Making Classes and Attributes Defunct
deleting objects in AD LDS, Deleting Objects
dynamically assigning auxiliary classes to, Dynamically Linked Auxiliary Classes
modifying during metadata replication, How an Object’s Metadata Is Modified During ReplicationStep 4: Password-change replication to DC A
problems with lingering, Conflict due to creation of objects with names that conflictLingering Objects
protecting from accidental deletion, The Confidentiality BitProtecting Objects from Accidental Deletion
storing and identifying, How Objects Are Stored and IdentifiedHow Objects Are Stored and Identified
undeleting, Undeleting ObjectsUsing PowerShell
offline defragmentation, of DIT file, Reclaiming SpaceReclaiming Space
OID (object identifier) namespace
adding branches and leaves to, X.500 and the OID NamespaceX.500 and the OID Namespace
identifying manager of, Nominating Responsible People in Your Organization
identifying schema objects using OID, X.500 and the OID NamespaceX.500 and the OID Namespace
inheritance and numbering notation in, X.500 and the OID Namespace
range of values, X.500 and the OID NamespaceX.500 and the OID Namespace
requesting, X.500 and the OID NamespaceX.500 and the OID Namespace
Open System Interconnection (OSI) protocol, X.500 based on, A Brief History of Directories
operatingSystem attribute, objectClass Versus objectCategory
OR (|) operators, as LDAP Boolean operator, Connecting Filter ComponentsConnecting Filter Components
organizational unit (OU)
as container in Active Directory, How Objects Are Stored and Identified
as prefix, Distinguished names
building object hierarchies within a domain using, Organizational UnitsOrganizational Units, Organizational UnitsOrganizational Units
designing hierarchy of, Arrange the subdomain hierarchyDelegating other rights
GPO inheritance rules in, Standard GPO Inheritance Rules in Organizational Units
hiding personal details of users from groups, Real-World Active Directory Delegation ExamplesHiding Specific Personal Details for All Users in an Organizational Unit from a Group
impacting GPO applications, Prioritizing the Application of Multiple Policies
using GPOs in designing structure for
about, Using GPOs to Help Design the Organizational Unit StructureUsing GPOs to Help Design the Organizational Unit Structure
examples of, Guidelines for Designing GPOsFabrikam
guidelines for designing GPOs, Using GPOs to Help Design the Organizational Unit StructureGuidelines for Designing GPOs
identifying areas of policy, Using GPOs to Help Design the Organizational Unit Structure
originating updates vs. replicated updates, Originating updates versus replicated updates
OSI (Open System Interconnection) protocol, X.500 based on, A Brief History of Directories
OU (organizational unit)
as container in Active Directory, How Objects Are Stored and Identified
as prefix, Distinguished names
building object hierarchies within a domain using, Organizational UnitsOrganizational Units
designing hierarchy of, Arrange the subdomain hierarchyDelegating other rights
GPO inheritance rules in, Standard GPO Inheritance Rules in Organizational Units
hiding personal details of users from groups, Real-World Active Directory Delegation ExamplesHiding Specific Personal Details for All Users in an Organizational Unit from a Group
impacting GPO applications, Prioritizing the Application of Multiple Policies
using GPOs in designing structure for
about, Using GPOs to Help Design the Organizational Unit StructureUsing GPOs to Help Design the Organizational Unit Structure
examples of, Guidelines for Designing GPOsFabrikam
guidelines for designing GPOs, Using GPOs to Help Design the Organizational Unit StructureGuidelines for Designing GPOs
identifying areas of policy, Using GPOs to Help Design the Organizational Unit Structure

P

Partial Attribute Set (PAS), attributes available in GC, The Global CatalogFlexible Single Master Operator (FSMO) Roles
password replication policies (PRPs)
in RODC deployment, Password Replication PoliciesManaging the loss of an RODC
risk of not resetting passwords in RODC deployment, Managing the loss of an RODC
Password Settings Objects (PSOs)
creating, Creating Password Settings ObjectsCreating a PSO with PSOMgr
defining, Defining Password Settings ObjectsDefining PSO precedence
delegating management of, Viewing the effective PSO
managing, Understanding Password Settings Objects, Managing Password Settings Objects, Managing PSO ApplicationViewing the effective PSO
passwords
changing DS restore mode admin, Reclaiming Space
changing via Kerberos, Resource Records Used by Active Directory
fine-grained password policies, Fine-Grained Password Policies
managing with repadmin cached, Populating the password cache
RODC and user changing, RODCs and Write RequestsDNS updates
setting DS Restore Mode administrator, Changing the DS Restore Mode Admin Password
storing through group policy preferences, Group Policy Preferences
PDC chaining, disabling, Flexible Single Master Operator (FSMO) Roles
PDC emulator FSMO role
about, Flexible Single Master Operator (FSMO) Roles
AdminSDHolder process and, The AdminSDHolder Process
binding LDP to, The AdminSDHolder Process
configuring on root domain, Time Synchronization in Active DirectoryDomain and Forest Functional Levels
importance of, Flexible Single Master Operator (FSMO) Roles
in cloning domain controllers, Cloning Domain Controllers, The DC cloning process
reconfiguring, Time Synchronization in Active Directory
permission dialog boxes, Using the GUI to Examine Permissions
permissions, managing
about, Active Directory Security: Permissions and AuditingPermission Basics
ACEs, Permission ACEsPermission ACEs
confidential attributes, Permission Lockdown
default security descriptors, Property Sets, Validated Writes, and Extended Rights
designing permission schemes
about, Using the GUI to Examine Auditing
planning for, Rule 5: Keep a log of changesHow to Plan Permissions
rules for, The Five Golden Rules of Permissions DesignRule 5: Keep a log of changes
taking over administrator responsibilities, How to Plan PermissionsBringing Order out of Chaos
examining auditing, Using the GUI to Examine Auditing
examining permissions using GUI
about, Protecting Objects from Accidental DeletionUsing the GUI to Examine Permissions
reverting to default permissions, Using the GUI to Examine Permissions
using Delegation of Control Wizard, Using the Delegation of Control Wizard
viewing Effective Permissions, Viewing the Effective Permissions for a User or Group
extended rights, Property Sets, Validated Writes, and Extended Rights
inherited vs. explicit permissions, Property Sets, Validated Writes, and Extended Rights
lockdown of permission, Default Security Descriptors
property sets, Property Sets, Validated Writes, and Extended Rights
protecting objects from accidental deletion, The Confidentiality BitProtecting Objects from Accidental Deletion
validated writes, Property Sets, Validated Writes, and Extended RightsProperty Sets, Validated Writes, and Extended Rights
PKI (Public Key Infrastructure), Lookup process
PolicyMaker, Using the Group Policy Management Editor, Deploying group policy preferences
PowerShell
automating DC build process using, Using DCPromo on Earlier Versions of WindowsAutomating the DC Build Process
creating gMSA, Preparing for Group Managed Service AccountsUsing Group Managed Service Accounts
creating KDS root key, Preparing for Group Managed Service Accounts
enabling AD LDS Recycle Bin, Enabling the Recycle Bin
enabling AD Recycle Bin, Enabling the Recycle Bin
Group Policy cmdlets, Scripting Group PolicyScripting Group Policy
managing DNS with, Managing DNS with Windows PowerShell
managing Password Settings Objects, Understanding Password Settings Objects
RODC promotion parameters, Administrator Role SeparationPrestaging RODC domain controller accounts
running scripts at user client machine at logon/logoff, Running Scripts with Group Policy
undeleting objects using, Undeleting ObjectsUsing PowerShell
PowerShell History pane, PowerShell History
PowerShell Scripts node, Running Scripts with Group Policy
prestaging RODC domain controller accounts, Prestaging RODC domain controller accounts
primary name servers (master), Active Directory-Integrated DNSActive Directory-Integrated DNS
property pages, displaying and adding, Property Pages
property sets, Property Sets and attributeSecurityGUID, Property Sets, Validated Writes, and Extended Rights
Protect from Accidental Deletion checkbox, The Confidentiality BitProtecting Objects from Accidental Deletion
protocol transition, Delegation
PRPs (password replication policies)
in RODC deployment, Password Replication PoliciesManaging the loss of an RODC
risk of not resetting passwords in RODC deployment, Managing the loss of an RODC
PSOMgr
creating PSOs, Creating Password Settings Objects, Creating a PSO with the Active Directory Administrative CenterCreating a PSO with PSOMgr
downloading, Understanding Password Settings Objects
managing Password Settings Objects, Applying a PSO with ADUC
managing PSOs, Understanding Password Settings Objects, Managing Password Settings Objects, Managing PSO Application
viewing Password Settings Objects, Viewing the effective PSOViewing the effective PSO
PSOs (Password Settings Objects)
creating, Creating Password Settings ObjectsCreating a PSO with PSOMgr
defining, Defining Password Settings ObjectsDefining PSO precedence
managing, Understanding Password Settings Objects, Managing Password Settings Objects, Managing PSO ApplicationViewing the effective PSO
Public Key Infrastructure (PKI), Lookup process

R

RAID (Redundant Array of Inexpensive Disks), transaction logs using, Deploying with Server ManagerDeploying with Server Manager
RDN (Relative Distinguished Name)
about, Distinguished namesDistinguished names
conflict during replication of naming context between two servers, Conflict due to creation of objects with names that conflict, Conflict due to creation of objects with names that conflict
Read permission, Using the GUI to Examine Permissions
read-only domain controller (RODC)
deploying into AD
about, Cloning a domain controllerRead-Only Domain Controllers
administrator role separation, Administrator Role SeparationAdministrator Role Separation
application compatibility, Application CompatibilityApplication Compatibility
chaining table in, The W32Time ServiceThe W32Time Service
client logon process, The Client Logon ProcessPopulating the password cache, The W32Time ServiceThe W32Time Service
deploying compatibility pack to clients, Read-Only Domain Controllers
password replication policies in, Password Replication PoliciesManaging the loss of an RODC
placement considerations, RODC Placement ConsiderationsRODC Placement Considerations
prerequisites to, Read-Only Domain Controllers
promoting server to, Administrator Role SeparationPrestaging RODC domain controller accounts
write requests and, RODCs and Write RequestsDNS updates
deploying on Server Manager, Deploying with Server Manager
filtered attribute set as part of, The filtered attribute set
updating last interactive logon attributes, Tracking Last Interactive Logon Information
Recycle Bin, Active Directory, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles, Flexible Single Master Operator (FSMO) Roles, Preserving attributes in a tombstone, Backing Up Active Directory, Working with SnapshotsUsing PowerShell, Enabling the Recycle Bin
Recycle Bin, AD LDS, Installing an AD LDS Replica
recycled objects, Deleted Object Lifecycle
Redundant Array of Inexpensive Disks (RAID)
transaction logs using, Deploying with Server ManagerDeploying with Server Manager
refresh frequency, SummaryGroup Policy Refresh Frequency
registry settings, for controlling RODC DNS service attempts, DNS updatesDNS updates
relative identifier (RID) master
about, Flexible Single Master Operator (FSMO) RolesFlexible Single Master Operator (FSMO) Roles
configuring pool size, Flexible Single Master Operator (FSMO) Roles
importance of, Flexible Single Master Operator (FSMO) Roles
pool reuse, When to Virtualize, RID pool reuse
relying party (RP)
about, Active Directory Federation ServicesIntroduction to Federated Identity
trusts, Federation Server ProxiesRelying Party Trusts
renaming users, in AD LDS, Renaming Users
repadmin command-line tool
downloading, Site and Replication Management Tools
for AD LDS, repadmin
managing cached passwords with, Populating the password cache
replicated updates vs. originating updates, Originating updates versus replicated updates
ReplicateSingleObject (RSO), Prerequisites
replication
about, Site Topology and Active Directory Replication, How Replication Works, Creating a Site Topology
designing sites and links for
creating links, Step 4: Create Site LinksStep 4: Create Site Links
creating site link bridges, Step 4: Create Site Links
design examples, Step 4: Create Site LinksStep 4: Create site links
designing sites, Step 3: Design the SitesStep 4: Create Site Links
gathering background data, Step 2: Plan the Domain Controller Locations
planning domain controller locations, Where to put domain controllersStep 3: Design the Sites
impact from integrated DNS zones, Active Directory-Integrated DNS
in domain namespace design, Isolated replication
installing AD LDS, Installing a New AD LDS Instance
management tools, Site and Replication Management Tools
metadata
background to, A Background to Metadata, A Background to Metadata
DSA GUID and invocation ID, DSA GUIDs and invocation IDs
high-watermark vector, High-watermark vector (direct up-to-dateness vector)High-watermark vector (direct up-to-dateness vector)
highestCommittedUSN, Update sequence numbers (USNs) and highestCommittedUSNUpdate sequence numbers (USNs) and highestCommittedUSN
modifying in object during, How an Object’s Metadata Is Modified During ReplicationStep 4: Password-change replication to DC A
originating updates vs. replicated updates, Originating updates versus replicated updates
Up-To-Dateness Vector, High-watermark vector (direct up-to-dateness vector)Up-to-dateness vector
update sequence number, Update sequence numbers (USNs) and highestCommittedUSNUpdate sequence numbers (USNs) and highestCommittedUSN
viewing, Step 1: Initial creation of a user on Server A
modifying convergence intervals, Automatic Intrasite Topology Generation by the KCC
problems
lingering objects, Conflict due to creation of objects with names that conflictLingering Objects
USN rollback, USN RollbackUSN Rollback
reconciling conflicts, How Replication Conflicts Are ReconciledReplicating the conflict resolution
restoring DC from, Restore from ReplicationManually removing a domain controller from Active Directory
SMTP, Transport
resource records
about, ZonesResource Records
overriding srv record registration, Overriding SRV Record Registration
types of, ZonesResource Records
used by Active Directory, Resource Records Used by Active DirectoryOverriding SRV Record Registration
restartable directory service, FSMO RecoveryRestartable Directory Service
restore database subcommand, Complete Authoritative Restore
restoring
Active Directory
complete authoritative restore, Complete Authoritative Restore
from NT Backup utility backup, Restoring with NT BackupRestoring with Windows Server Backup
from Windows Server backup, Restoring with Windows Server Backup
nonauthoritative, Nonauthoritative RestoreRestoring with Windows Server Backup
Partial Authoritative Restore, Restoring with Windows Server BackupPartial Authoritative Restore
Domain Controller
from backups, Manually removing a domain controller from Active DirectoryRestore from Backup
from IFM media, Restore from BackupCreating and using IFM media on Windows Server 2008 and newer
from replication, Restore from ReplicationManually removing a domain controller from Active Directory
using Directory Services Restore Mode, FSMO Recovery
Resultant Set of Policy (RSoP), Capabilities of Group Policy Objects, Scripting Group Policy, Group Policy Infrastructure StatusGroup Policy Results Wizard
RFC (Request for Comments)
attribute types from, Distinguished names
LDAP and, A Brief History of Directories, Using LDIF to Extend the Schema
on basics of DNS, DNS Fundamentals
on Dynamic DNS, Dynamic DNS, Dynamic DNS
SRV records defined in, Resource Records Used by Active Directory
RID (relative identifier) Master
about, Flexible Single Master Operator (FSMO) RolesFlexible Single Master Operator (FSMO) Roles
configuring pool size, Flexible Single Master Operator (FSMO) Roles
importance of, Flexible Single Master Operator (FSMO) Roles
pool reuse, When to Virtualize, RID pool reuse
RODC (read-only domain controller)
deploying into AD
about, Cloning a domain controllerRead-Only Domain Controllers
administrator role separation, Administrator Role SeparationAdministrator Role Separation
application compatibility, Application CompatibilityApplication Compatibility
chaining table in, The W32Time ServiceThe W32Time Service
client logon process, The Client Logon ProcessPopulating the password cache, The W32Time ServiceThe W32Time Service
deploying compatibility pack to clients, Read-Only Domain Controllers
password replication policies in, Password Replication PoliciesManaging the loss of an RODC
placement considerations, RODC Placement ConsiderationsRODC Placement Considerations
prerequisites to, Read-Only Domain Controllers
promoting server to, Administrator Role SeparationPrestaging RODC domain controller accounts
write requests and, RODCs and Write RequestsDNS updates
deploying on Server Manager, Deploying with Server Manager
filtered attribute set as part of, The filtered attribute set
updating last interactive logon attributes, Tracking Last Interactive Logon Information
RODCMode registry, disabling RODC ability to issue write referrals, Application Compatibility, RODC Placement Considerations
rollbacks
functional level, Raising the Functional LevelFunctional Level Rollback
SID, Backing Up Active Directory
snapshots of DCs on VM Gen ID, RID pool reuseVirtualization Safe Restore
USN rollback, USN RollbackUSN Rollback, When to Virtualize, USN rollback
RootDSE
attributes pertaining to naming contexts, Naming Contexts and Application Partitions
querying with LDP, Naming Contexts and Application Partitions
RPC, legacy, applications using, Application Compatibility
RRSIG (DNSSEC record), Resource recordsLookup process, Lookup process
RSO (ReplicateSingleObject), Prerequisites
RSoP (Resultant Set of Policy), Capabilities of Group Policy Objects, Group Policy Infrastructure StatusGroup Policy Results Wizard
RunDiagnosticLoggingAppDeploy, Group Policy Logging in Windows 2000, Windows XP, and Windows Server 2003
RunDiagnosticLoggingGroupPolicy, Group Policy Logging in Windows 2000, Windows XP, and Windows Server 2003
RunDiagnosticLoggingIntellimirror, Group Policy Logging in Windows 2000, Windows XP, and Windows Server 2003

S

SACL (System ACLs), Permission Basics
Safari Books Online, Safari® Books Online
safe restore, virtualization, RID pool reuseVirtualization Safe Restore
sAMAccountName, Naming and placing usersNaming and placing users, Using LDIF to Extend the Schema
SAML (Security Assertion Markup Language), How It Works, SAML, The Configuration Database
Saved Queries feature, of ADUC, Saved Queries
scavenging, aging and, on DNS server, Aging and ScavengingEnabling scavenging on the DNS server
Schema Admins group, Nominating Responsible People in Your Organization
Schema Container, Structure of the Schema
schema extensions, schema master FSMO and, The Schema Master FSMO
Schema Management MMC, Creating Schema Extensions
schema master FSMO role
about, Flexible Single Master Operator (FSMO) Roles, The Schema Master FSMO
importance of, Flexible Single Master Operator (FSMO) Roles
Schema NC, Schema Naming ContextSchema Naming Context
schema, Active Directory
about, Active Directory Schema
attribute properties
attribute syntax, Attribute SyntaxAttribute Syntax
attributeSecurityGUID, Property Sets and attributeSecurityGUID
defining MAPI ID, MAPI IDs
linked attributes, Linked AttributesLinked Attributes
property sets, Property Sets and attributeSecurityGUID
schemaFlagsEx attribute, schemaFlagsEx
searchFlags attribute, searchFlagsThe filtered attribute set
systemFlags attribute, systemFlagsCategory 1 objects
attributeSchema objects, Attributes (attributeSchema Objects)
cache, The Schema CacheThe Schema Cache
classSchema (Class-Schema) objects
dissecting Active Directory class, Dissecting an Example Active Directory ClassViewing the user class with the Active Directory Schema snap-in
dynamically linked auxiliary classes, Dynamically Linked Auxiliary ClassesSummary
objectClassCategory and inheritance, Classes (classSchema Objects)Object Class Category and Inheritance
considerations before changing, Thinking of Changing the SchemaThe Global Picture
default versions in Windows, Structure of the Schema
deleting objects from, Making Classes and Attributes Defunct
extensions
creating, The Global PictureMitigating a Schema Conflict
nominating people in organizations, Nominating Responsible People in Your OrganizationNominating Responsible People in Your Organization
using LDIF files, Using LDIF to Extend the SchemaUsing LDIF to Extend the Schema
making classes and attributes defunct, Making Classes and Attributes DefunctMaking Classes and Attributes Defunct
mitigating conflicts, Mitigating a Schema Conflict
OID namespace, X.500 and the OID NamespaceX.500 and the OID Namespace, Nominating Responsible People in Your Organization, The Global Picture
prefixes for classes and attributes, The Global Picture
redefining classes and attributes, Making Classes and Attributes Defunct
repurposing attributes, To Change or Not to Change
structure of, Structure of the SchemaStructure of the Schema
system checks when modifying, Using LDIF to Extend the SchemaMaking Classes and Attributes Defunct
X.500 standard and, X.500 and the OID Namespace
schema, AD LDS, Common Uses for AD LDS, SchemaSchema
schemaFlagsEx attribute
about, schemaFlagsEx
attributes defined as critical in, The filtered attribute set
schemaIDGUID, Permission ACEs
schemaVersion attribute, Active Directory Schema
SCP (serviceConnectionPoint), in AD LDS, No SRV RecordsNo SRV Records
SDDL (Security Descriptor Definition Language), Property Sets, Validated Writes, and Extended RightsDefault Security Descriptors, Permission Lockdown
SDM Software, Third-Party Troubleshooting Tools
SDs (security descriptors)
about, Permission Basics
assigning ACE to, Permission Basics
search functionality, of ADAC, Global SearchGlobal Search
searchFlags attribute, searchFlagsThe filtered attribute set
ambiguous name resolution (ANR), Ambiguous name resolution
attribute change auditing, ConfidentialityAttribute change auditing
bits, Permission LockdownThe Confidentiality Bit
filtered attribute set, The filtered attribute set
indexing attributes, Indexed attributesIndexed attributes
on attributeSchema object, Implementing Auditing
subtree index, Preserving attributes in a tombstone
tuple index, The tuple index
searching Active Directory
about, The Directory Information Tree
attribute data types for, Attribute Data Types
database
connecting components, Connecting Filter ComponentsConnecting Filter Components
modifying behavior with LDAP controls, Modifying Behavior with LDAP ControlsModifying Behavior with LDAP Controls
search scopes in, Search BasesModifying Behavior with LDAP Controls
using LDAP filter, Searching the DatabaseConnecting Filter Components
directory information tree, The Directory Information TreeSecurity descriptor table
optimizing, Optimizing SearchesobjectClass Versus objectCategory
search flag bits, Efficient Searching
secondary name servers (slaves), Active Directory-Integrated DNSActive Directory-Integrated DNS
Security Assertion Markup Language (SAML), How It Works, SAML
Security Descriptor Definition Language (SDDL), Property Sets, Validated Writes, and Extended RightsDefault Security Descriptors, Permission Lockdown
security descriptor table, in searching directory information tree, Security descriptor table
security descriptors (SDs)
about, Permission Basics
assigning ACE to, Property Sets, Validated Writes, and Extended Rights
security group, converting distribution group to, Converting groups
security identifier (SID)
about, Flexible Single Master Operator (FSMO) RolesFlexible Single Master Operator (FSMO) Roles
conflict during replication of naming context between two servers, Conflict due to creation of objects with names that conflict
in Windows security, FSMOsFSMOs
security protocols
Kerberos
about, Kerberos
application access, Application Access
delegation, DelegationDelegation
protocol transition, Delegation
service access, User LogonLogon and Service Access Summary
user logon, User LogonUser Logon
Security tab
making visible, Using the GUI to Examine Permissions
of ADUC, Advanced Features
security, Active Directory
AdminSDHolder process, The AdminSDHolder ProcessThe AdminSDHolder Process
auditing
about, Active Directory Security: Permissions and Auditing
designing schemes, Bringing Order out of ChaosDesigning Auditing Schemes
examining, Using the GUI to Examine Auditing
implementing, Designing Auditing SchemesImplementing Auditing
tracking last interactive logon information, Implementing AuditingTracking Last Interactive Logon Information
using DAC for, Auditing
delegation examples, Real-World Active Directory Delegation ExamplesRestricting Everyone but HR from Viewing National/Regional ID Numbers with the Confidential Bit
designing permission schemes
about, Using the GUI to Examine Auditing
planning for, Rule 5: Keep a log of changesHow to Plan Permissions
rules for, Using the GUI to Examine AuditingRule 5: Keep a log of changes
taking over administrator responsibilities, How to Plan PermissionsBringing Order out of Chaos
Dynamic Access Control (DAC)
about, Active Directory Security: Permissions and Auditing, The AdminSDHolder ProcessDynamic Access Control
configuring Active Directory for, Configuring Active Directory for DACKerberos policies
using on file server, Kerberos policies
permissions, managing
confidential attributes, Permission Lockdown
default security descriptors, Property Sets, Validated Writes, and Extended Rights
examining auditing, Using the GUI to Examine Auditing
extended rights, Property Sets, Validated Writes, and Extended Rights
inherited vs. explicit permissions, Property Sets, Validated Writes, and Extended Rights
lockdown of permission, Default Security Descriptors
property sets, Property Sets, Validated Writes, and Extended Rights
protecting objects from accidental deletion, The Confidentiality BitProtecting Objects from Accidental Deletion
validated writes, Property Sets, Validated Writes, and Extended RightsProperty Sets, Validated Writes, and Extended Rights
using GUI
examining auditing, Using the GUI to Examine Auditing
for examining permissions, Protecting Objects from Accidental DeletionViewing the Effective Permissions for a User or Group
Server Manager
accessing BPA through, Best Practices AnalyzerBest Practices Analyzer
deploying domain controller with, Building Domain ControllersDeploying with Server Manager
Server Virtualization Validation Program (SVVP), When to Virtualize
server, naming conventions for, Step 4: Design the Workstation and Server Naming ConventionsStep 4: Design the Workstation and Server Naming Conventions, Step 4: Design the workstation and server naming conventions
server-side sorting, Modifying Behavior with LDAP Controls
servers, promoting to assume roles, Flexible Single Master Operator (FSMO) Roles
service account, Service Account
Service Principal Names (SPNs)
about, User LogonService principal names
duplicate, Service principal names
outcomes of lookup process, Service tickets
service tickets, Service principal namesService tickets
serviceBindingInformation, No SRV Records
serviceConnectionPoint (SCP), in AD LDS, No SRV RecordsNo SRV Records
servicePrincipalName value, Service tickets
Set-ADForestMode PowerShell cmdlets, Functional Level Rollback
shellContext Menu attribute, Context Menus
shellPropertyPages attribute, Property Pages
SID (security identifier)
about, Flexible Single Master Operator (FSMO) RolesFlexible Single Master Operator (FSMO) Roles
conflict during replication of naming context between two servers, Conflict due to creation of objects with names that conflict
in Windows security, FSMOsFSMOs
rollback, Backing Up Active Directory
site link bridges, Site Link BridgesSite Link Bridges, TransportSite Link Bridges: The Second Building Blocks of Intersite Topologies
site links
about, Site LinksManaging site links
designing for replication, Site Link Bridges: The Second Building Blocks of Intersite TopologiesStep 4: Create Site Links
creating links, Step 4: Create Site LinksStep 4: Create Site Links
gathering background data, Step 2: Plan the Domain Controller Locations
planning domain controller locations, Where to put domain controllersStep 3: Design the Sites
site topology
about, Site Topology
about creating, Creating a Site Topology
connection objects, Connection ObjectsConnection Objects
domain controllers located outside site, Resource Records Used by Active Directory
intersite
about, Creating a Site Topology
site link bridges in, TransportSite Link Bridges: The Second Building Blocks of Intersite Topologies
site links in, Now what?Transport
intrasite topology
about, Creating a Site Topology
automatic site generation by KCC, The KCCNow what?
Knowledge Consistency Checker, Knowledge Consistency CheckerKnowledge Consistency Checker, The KCCNow what?
management tools, Site and Replication Management Tools
site link bridges, Site Link BridgesSite Link Bridges
site links
about, Site LinksManaging site links
sites, SitesSite Links
subnets, SubnetsTroubleshooting subnet data problems
add in site, Subnets
managing, Managing subnets
troubleshooting data problems, Managing subnetsTroubleshooting subnet data problems
Sites and Services MMC snap-in
changing service account using, Using Group Managed Service Accounts
creating site links in, Managing site links
list of subnets, Managing sites
managing replication topology using, Site and Replication Management Tools
stopping Active Directory service using, Restartable Directory Service
sites, designing for replication, Site Link Bridges: The Second Building Blocks of Intersite TopologiesStep 4: Create Site Links
designing sites, Step 3: Design the SitesStep 4: Create Site Links
gathering background data, Step 2: Plan the Domain Controller Locations
smart card, logging in with, User Logon
SMTP replication, Transport
SMTP site link, Site Links, Managing site links
snapshots
rollback snapshots of DCs on VM Gen IDs, RID pool reuseVirtualization Safe Restore
working with, Working with SnapshotsWorking with Snapshots
sorting, server-side, Modifying Behavior with LDAP Controls
sPNMappings attribute, Service tickets
SPNs (Service Principal Names)
about, User LogonService principal names
duplicate, Service principal names
outcomes of lookup process, Service tickets
SQL Server, using instead of WID, Configuring ADFS
SRV (Service Record) type, Resource Records, Resource Records Used by Active DirectoryResource Records Used by Active Directory
SSL certificates, requirement for, Certificates
Starter GPOs, using, Using Starter GPOs
startup/shutdown scripts
finding inside GPME, Running Scripts with Group Policy
running scripts at user, Item-Level TargetingRunning Scripts with Group Policy
stats LDAP controls, Using the stats controlUsing the stats control
structure, designing Active Directory
about, Designing the Active Directory StructureDesigning the Active Directory Structure
about design process, Overview of the Design ProcessDomain Namespace Design
complexities of, Designing the Active Directory Structure
domain namespace design, Domain Namespace DesignArrange the subdomain hierarchy
examples of, Design ExamplesStep 5: Plan for users and groups
internal domain structure design, Arrange the subdomain hierarchyNaming and placing groups
setting up test environment, Overview of the Design Process
subnets
about, SubnetsSubnets
add in site, Subnets
managing, Managing subnets
troubleshooting data problems, Managing subnetsTroubleshooting subnet data problems
subtree index, Preserving attributes in a tombstone
subzone method, for picking DNS name for Active Directory network, Choose the forest root domainDesign the namespace naming scheme
SVVP (Server Virtualization Validation Program), When to Virtualize
Sync-ADObject cmdlet, Recap
System ACLs (SACL), Permission Basics, Designing Auditing SchemesImplementing Auditing
system clock, changing during virtualization of DC, RID pool reuse
system-state backups, Using Windows Server Backup
systemFlags attribute, systemFlagsCategory 1 objects
Sysvol, Deploying with Server ManagerDeploying with Server Manager, The DC cloning process
creating Starter GPOs in, Using Starter GPOs
GPT folder in, Running Scripts with Group Policy
replicating, Group Policy replication

T

Taskpads, creating, TaskpadsTaskpads
TGT (ticket granting ticket)
krbtgt account and, The Client Logon ProcessThe Client Logon Process
obtaining for Kerberos, User LogonUser Logon
time formats, searching Active Directory using, Dates and TimesDates and Times
time synchronization, Time Synchronization in Active DirectoryDomain and Forest Functional Levels
time, in replication, A Background to Metadata
Time-to- Live (TTL) value, Storing Dynamic Data
timestamps
lastLogonTimeStamp, RID pool reuse
lastLogonTimeStamp attribute, Implementing Auditing
lastLogonTimeStampAttribute, Computer account password changesLast-logon statistics
token bloat, Groups
tombstone
deleting Dynamic objects and, Storing Dynamic Data
lifetime, Replicating the conflict resolutionLingering Objects
preserving attribute in, Preserving attributes in a tombstone
tombStoneLifetime attribute, Backing Up Active Directory
trees
considerations for creating additional, Design the namespace naming scheme
directory information tree
as ESE database file, How Objects Are Stored and Identified
maintenance, DIT Maintenance
searching, The Directory Information TreeSecurity descriptor table
domain
about, Domains and Domain TreesDomains and Domain Trees
impacting GPO applications, Prioritizing the Application of Multiple Policies
trust anchors
about, DNSSEC
deploying, Lookup process, Configuring DNSSEC for Active Directory DNS
publishing, Configuring DNSSEC for Active Directory DNSConfiguring DNSSEC for Active Directory DNS
storing data, Lookup process
trust relationships, Domains and Domain Trees
trustedDomain, RODC Placement Considerations
Trusts snap-in, functional levels set via, Domain and Forest Functional Levels
tuple index, The tuple index

U

undeleting objects, Undeleting ObjectsUsing PowerShell
unicodePwd
in Active Directory, Step 4: Password-change replication to DC A
in AD LDS, User Principal Names
Uninstall-ADDSDomainController cmdlet, Automating the DC Build Process
Up-To-Dateness Vector (UTDV), High-watermark vector (direct up-to-dateness vector)High-watermark vector (direct up-to-dateness vector), Step 5: The initiating server checks whether it is up to date
update sequence number (USN)
aborted database transaction and, Originating updates versus replicated updates
about, When to Virtualize
domain controller maintaining, Update sequence numbers (USNs) and highestCommittedUSNUpdate sequence numbers (USNs) and highestCommittedUSN
HWMV tables storing, High-watermark vector (direct up-to-dateness vector)
modifying metadata in object during replication, How an Object’s Metadata Is Modified During ReplicationStep 4: Password-change replication to DC A
problems during replication with, USN RollbackUSN Rollback
upgrading, Active Directory
beginning, Beginning the UpgradeBeginning the Upgrade
functional levels, Differences in functionalityFunctional Level Rollback
known issues, Known Issues
versions of, Upgrading Active DirectoryActive Directory Versions
Windows Server 2003, Active Directory VersionsDifferences in functionality
Windows Server 2008, Differences in functionalityDifferences in functionality
Windows Server 2008 R2, Differences in functionalityDifferences in functionality
Windows Server 2012, Windows Server 2012Differences in functionality
UPN (userPrincipalName) attribute
assigning users, Naming and placing users
creating user, Naming and placing users
dissecting, Dissecting an Example Active Directory AttributeDissecting an Example Active Directory Attribute
enabling universal group caching and, Restoring a Domain Controller
in AD LDS, Service Account, User Principal Names
in renaming users, Renaming Users
SPNs and, User Logon
user accounts, administrators creating, Naming and placing users
user logon, User Logon
UserEnv debug log file, Group Policy Logging in Windows 2000, Windows XP, and Windows Server 2003Group Policy Logging in Windows Vista/Windows Server 2008 and Newer
userPassword attribute, in AD LDS, Creating Users
userPrincipalName (UPN) attribute
assigning users, Naming and placing users
creating user, Naming and placing users
dissecting, Dissecting an Example Active Directory AttributeDissecting an Example Active Directory Attribute
enabling universal group caching and, Restoring a Domain Controller
in AD LDS, Service Account, User Principal Names
in renaming users, Renaming Users
SPNs and, User Logon
userProxy objectClass, in AD LDS, Creating User ProxiesSpecial considerations
users
allowing access new published resources for specific group of, Hiding Specific Personal Details for All Users in an Organizational Unit from a Group
creating UPNs for, Naming and placing users
hiding from groups personal details of, Real-World Active Directory Delegation ExamplesHiding Specific Personal Details for All Users in an Organizational Unit from a Group
managing in AD LDS, Creating UsersCreating Groups
naming and placing, Naming and placing usersNaming and placing users
restrict viewing of national/regional ID numbers, Restricting Everyone but HR from Viewing National/Regional ID Numbers with the Confidential Bit
USN (update sequence number)
aborted database transaction and, Originating updates versus replicated updates
about, When to Virtualize
domain controller maintaining, Update sequence numbers (USNs) and highestCommittedUSNUpdate sequence numbers (USNs) and highestCommittedUSN
HWMV tables storing, High-watermark vector (direct up-to-dateness vector)
modifying metadata in object during replication, How an Object’s Metadata Is Modified During ReplicationStep 4: Password-change replication to DC A
problems during replication with, USN RollbackUSN Rollback
replication of naming context between two servers, The Replication of a Naming Context Between Two ServersRecap
USN rollback, USN RollbackUSN Rollback, When to Virtualize, USN rollbackUSN rollback
UTDV (Up-To-Dateness Vector), High-watermark vector (direct up-to-dateness vector)Up-to-dateness vector, Step 5: The initiating server checks whether it is up to date
UUID concept, Uniquely Identifying Objects

V

validAccesses attribute, Property Sets, Validated Writes, and Extended Rights
validated writes, Property Sets, Validated Writes, and Extended RightsProperty Sets, Validated Writes, and Extended Rights
VAMT (Volume Activation Management Tool 3.0), Active Directory-Based Machine Activation
versions
of .NET Framework, .NET Development Without an IDESummary of Namespaces, Assemblies, and Framework Versions
of Active Directory, Upgrading Active DirectoryActive Directory Versions
VHD files, manually mount and unmount, Cloning Domain Controllers, Cloning Domain Controllers, Cloning a domain controller
Virtual Floppy Disk (VFD), creating custom files, Cloning Domain Controllers
virtual list view (VLV), The subtree index
virtual machine generation ID (VM gen ID)
DC clones and, Cloning Domain Controllers
resetting invocation ID, DSA GUIDs and invocation IDs
rollback snapshots of DCs on, RID pool reuseVirtualization Safe Restore
virtualization of DC
about, Automating the DC Build ProcessVirtualization
cloning DC, Cloning Domain ControllersCloning a domain controller
considerations about, VirtualizationWhen to Virtualize
impact of, When to Virtualize
safe restore, RID pool reuseVirtualization Safe Restore
VM gen ID (virtual machine generation ID)
DC clones and, Cloning Domain Controllers
resetting invocation ID, DSA GUIDs and invocation IDs
rollback snapshots of DCs on, RID pool reuseVirtualization Safe Restore
Volume Activation Management Tool 3.0 (VAMT), Active Directory-Based Machine Activation
Volume Shadow Copy (VSS) service, Working with Snapshots
VSS (Volume Shadow Copy) service, Working with Snapshots

W

W32Time service
configuring on PDC emulator, Time Synchronization in Active Directory
RODC synchronizing time, The W32Time ServiceThe W32Time Service
WAN link, in deploying RODC, Read-Only Domain Controllers, The Client Logon Process, Populating the password cache
WID (Windows Internal Database) instance, The Configuration Database, Configuring ADFS
wild card (*), as LDAP filter operator, Filter Operators
Windows
activating in corporate environments., Active Directory-Based Machine Activation
default schema versions, Structure of the Schema
impacts of cloning on, Cloning Domain Controllers
security identifier in, FSMOsFSMOs
Windows 2000
allowing schema modifications on, Running the AD Schema Management MMC Snap-in for the First Time
mixed and native, Windows 2000 domain modeWindows 2000 domain mode
Windows Internal Database (WID) instance, The Configuration Database, Configuring ADFS
Windows Management Interface (WMI)
filtering, WMI Filtering
queries, Use simple queries in WMI filters
Windows PowerShell
automating DC build process using, Using DCPromo on Earlier Versions of WindowsAutomating the DC Build Process
enabling AD LDS Recycle Bin, Enabling the Recycle Bin
enabling AD Recycle Bin, Enabling the Recycle Bin
Group Policy cmdlets, Scripting Group PolicyScripting Group Policy
managing DNS with, Managing DNS with Windows PowerShell
managing Password Settings Objects, Understanding Password Settings Objects
running scripts at user client machine at logon/logoff, Running Scripts with Group Policy
undeleting objects using, Undeleting ObjectsUsing PowerShell
Windows Server 2003, upgrades to Active Directory, Active Directory VersionsDifferences in functionality
Windows Server 2008
restartable directory service in, FSMO RecoveryRestartable Directory Service
upgrades to Active Directory, Differences in functionalityDifferences in functionality
Windows Server 2008 R2, upgrades to Active Directory, Differences in functionalityDifferences in functionality
Windows Server 2012
Adprep utility in, Beginning the UpgradeBeginning the Upgrade
creating ACLs on, Kerberos policies
Dynamic Access Control in, The AdminSDHolder Process
enabling Active Directory Recycle Bin, Enabling the Recycle Bin
functional levels of, Differences in functionalityFunctional Levels
obtaining access token, Dynamic Access Control
upgrades to Active Directory, Windows Server 2012Differences in functionality
Windows Server Backup (WSB), Using Windows Server BackupUsing Windows Server Backup
Windows Server, restoring backups from, Restoring with Windows Server Backup
WINS (Windows Internet Naming Service)
consolidating separate domains and using, Step 4: Design the Workstation and Server Naming Conventions
deploying IPv6 and, Global Names Zones
usefulness of, Global Names Zones
vs. DNS, Active Directory and DNS
wizards, replacing default, Object Creation Wizard
WMI (Windows Management Interface)
filtering, WMI Filtering
queries, Use simple queries in WMI filters
workstation, naming conventions for, Step 4: Design the Workstation and Server Naming ConventionsStep 4: Design the Workstation and Server Naming Conventions
Writable Domain Controller (RWDC)
administrator changing RODC through, Administrator Role Separation
Bridge all site links enabled and, Read-Only Domain Controllers
replicating user password, User password changes
validating user password, Read-Only Domain Controllers, Password Replication Policies, The Client Logon Process
write referrals, disabling RODC ability to issue, Application Compatibility
write requests, RODC and, RODCs and Write RequestsDNS updates
WS-Federation (WS-Fed), How It Works, WS-Federation
WSB (Windows Server Backup), Using Windows Server BackupUsing Windows Server Backup

X

X.500 standard
development of, A Brief History of Directories, X.500 and the OID Namespace
for objectClassCategory, Object Class Category and Inheritance
XML (Extensible Markup Language), identity provider generating, How It Works

Z

zone signing key (ZSK), Resource records, Configuring DNSSEC for Active Directory DNSConfiguring DNSSEC for Active Directory DNS
zones
about, Zones
DNS
background loading of, Background Zone Loading
delegation options for Active Directory-related, Overriding SRV Record RegistrationIntegration issues
replication impact from integrated, Active Directory-Integrated DNS
loading, stored on filesystem, Active Directory-Integrated DNS
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset