A note on the digital index A link in an index entry is displayed as the section title in which that entry appears. Because some sections have multiple index markers, it is not unusual for an entry to have several links to the same section. Clicking on any link will take you directly to the place in the text in which the marker appears.
Symbols ! (Not (negation) sign), as LDAP filter operator, Filter Operators & (AND) operators, as LDAP Boolean operator, Connecting Filter Components –Connecting Filter Components * (asterisk), as LDAP filter wild card operator, Filter Operators <= (Less than or equal to sign), as LDAP filter
operator, Filter Operators = (equal sign) as LDAP filter operator, Filter Operators used by DNs, Distinguished names >= (Greater than or equal to), as LDAP filter
operator, Filter Operators | (OR) operators, as LDAP Boolean operator, Connecting Filter Components –Connecting Filter Components A A (Address Record) type, Zones , Resource Records Used by Active Directory acceptance transform rules, The Pipeline ACEs (access control entries) about, Permission Basics contents of properties, Permission ACEs in AD LDS, Service Account permission, Permission ACEs –Permission ACEs ACLs (access control lists), Security descriptor table , Use simple queries in WMI filters , Property Sets, Validated Writes, and Extended Rights , Configuring Active Directory for DAC –Configuring claim types , Compound expressions with groups activation information, publishing, Active Directory-Based Machine Activation Active Directory (AD) about, A Brief Introduction vs. AD LDS, Differences Between AD and AD LDS –New and Updated Tools based machine activation, Active Directory-Based Machine Activation data stored within, How Objects Are Stored and Identified –How Objects Are Stored and Identified Active Directory Administrative Center (ADAC) about, Management Tools –Extensibility creating Password Settings Objects, Creating a PSO with the Active Directory Administrative
Center –Creating a PSO with the Active Directory Administrative
Center Dynamic Access Control node in, Configuring Active Directory for DAC managing Password Settings Objects, Understanding Password Settings Objects , Managing Password Settings Objects , Managing PSO Application –Applying a PSO with ADAC undeleting objects using, Undeleting Objects viewing Password Settings Objects, Viewing the effective PSO –Viewing the effective PSO Active Directory Administrative Snap-Ins,
customizing, Customizing the Active Directory Administrative Snap-ins –Active Directory PowerShell Module Active Directory design about, Designing the Active Directory Structure –Designing the Active Directory Structure about design process, Overview of the Design Process –Domain Namespace Design domain namespace design, Domain Namespace Design –Arrange the subdomain hierarchy examples of, Design Examples –Step 5: Plan for users and groups internal domain structure design, Arrange the subdomain hierarchy –Naming and placing groups setting up test environment, Overview of the Design Process Active Directory Domain Services Configuration Wizard, Deploying with Server Manager –Deploying with Server Manager installing server role, Automating the DC Build Process Active Directory Domains functional levels set via, Domain and Forest Functional Levels Trusts and, Functional Levels –Raising the Functional Level Active Directory Federation Services (ADFS) about, Active Directory Federation Services –How It Works claim descriptions creating, Creating and Sending Claims Through the Pipeline , Creating and Sending Claims Through the Pipeline claims pipeline and claims rules about, Relying Party Trusts pipeline, The Pipeline –The Pipeline sending rules through pipeline, Creating and Sending Claims Through the Pipeline –Creating and Sending Claims Through the Pipeline components of, WS-Federation –Geographically redundant ADFS servers configuration wizard, Configuring ADFS –Configuring ADFS customizing attribute stores, Forms-Based Logon Pages forms-based logon pages, Forms-Based Logon Pages –Forms-Based Logon Pages deploying, Geographically redundant ADFS servers –Federation Server Proxies relying party about, Active Directory Federation Services –Introduction to Federated Identity trusts, Federation Server Proxies –Relying Party Trusts SAML, How It Works , SAML , The Configuration Database topologies, Federation Server Proxies –Geographically redundant ADFS servers troubleshooting about, Troubleshooting ADFS event-logs, Event Logs –Event Logs using Fiddler, Fiddler –Summary WID instance, The Configuration Database , Configuring ADFS workings of, How It Works –How It Works WS-Federation, How It Works , WS-Federation Active Directory Lightweight Directory Service (AD
LDS) about, Application Partitions , Active Directory Lightweight Directory
Services –Common Uses for AD LDS ACEs in, Service Account ADAM Install, Tools ADAM Sync, New and Updated Tools , ADAM Sync ADAM Uninstall, ADAM Sync application partitions, Common Uses for AD LDS , Top-Level Application Partition Object Classes , Creating Application Partitions –Creating Application Partitions , Deleting Application Partitions –Deleting Application Partitions authentication in, User Principal Names –Authentication bindable object, Common Uses for AD LDS bindable proxy object, Common Uses for AD LDS configuration set, Common Uses for AD LDS controlling access to objects and attributes, Controlling Access to Objects and Attributes –Controlling Access to Objects and Attributes creating containers, Creating Application Partitions –Creating Containers creating user and userProxy objects in configuration
partition, User Principal Names –Authentication deleting objects, Deleting Objects downloading, Common Uses for AD LDS DSAMAIN. EXE process, Differences Between AD and AD LDS FSMO in, Group and User Scope –FSMOs installing instance of, AD LDS Installation –Installing a New AD LDS Instance replica, Installing a New AD LDS Instance –Installing an AD LDS Replica server role, AD LDS Installation –Installing a New AD LDS Instance instance, Common Uses for AD LDS LDAP in, Differences Between AD and AD LDS , No SRV Records managing groups, Creating Groups –Removing Members from Groups managing users, Creating Users –Creating Groups partition/naming context, Common Uses for AD LDS Recycle Bin, Enabling the Recycle Bin replica, Common Uses for AD LDS schema, Schema –Schema , repadmin –Bindable Objects and Bindable Proxy Objects schema partition, Common Uses for AD LDS , Service Account , Service Account service account, Service Account tools, Tools –repadmin AD Schema Analyzer, ADAM Sync AD Schema MMC snap-in, ADAM Sync ADAM Install, Tools ADAM Sync, ADAM Sync ADAM Uninstall, ADAM Sync ADSI Edit, ADSI Edit DSDBUTIL, ADSI Edit dsmgmt, dsdbutil –dsmgmt LDIFDE, dsmgmt LDP, dsmgmt repadmin, repadmin UPNs in, Schema vs. Active Directory, Differences Between AD and AD LDS –New and Updated Tools Active Directory Migration Tool (ADMT), Uniquely Identifying Objects Active Directory PowerShell module, Active Directory PowerShell Module Active Directory Recycle Bin, Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles , Preserving attributes in a tombstone , Backing Up Active Directory , Working with Snapshots –Using PowerShell , Enabling the Recycle Bin Active Directory Schema MMC snap-in enabling, Structure of the Schema viewing attributes to classes using, Viewing the user class with the Active Directory Schema
snap-in viewing contents of Schema container using, Structure of the Schema Active Directory Schema snap-in, The Global Catalog Active Directory Sites snap-in creating site links in, Managing site links list of subnets, Managing sites managing replication topology using, Site and Replication Management Tools using in AD LDS, New and Updated Tools Active Directory Users and Computers (ADUC) about, Active Directory Users and Computers –ADSI Edit managing Password Settings Objects, Applying a PSO with ADUC viewing all options of, Advanced Features Active Directory viewers'', viewing contents of Schema
container using, Structure of the Schema AD (Active Directory) about, A Brief Introduction based machine activation, Active Directory-Based Machine Activation data stored within, How Objects Are Stored and Identified –How Objects Are Stored and Identified vs. AD LDS, Differences Between AD and AD LDS –New and Updated Tools AD Domain Services Configuration Wizard, Deploying with Server Manager –Deploying with Server Manager installing server role, Automating the DC Build Process AD DS Backup and Recovery Step-by-Step Guide, Using Windows Server Backup AD LDS (Active Directory Lightweight Directory
Service) about, Application Partitions , Active Directory Lightweight Directory
Services –Common Uses for AD LDS ACEs in, Service Account vs. Active Directory, Differences Between AD and AD LDS –New and Updated Tools application partitions, Common Uses for AD LDS , Top-Level Application Partition Object Classes , Creating Application Partitions –Creating Application Partitions , Deleting Application Partitions –Deleting Application Partitions authentication in, User Principal Names –Authentication bindable object, Common Uses for AD LDS bindable proxy object, Common Uses for AD LDS configuration set, Common Uses for AD LDS controlling access to objects and attributes, Controlling Access to Objects and Attributes –Controlling Access to Objects and Attributes creating containers, Creating Application Partitions –Creating Containers creating user and userProxy objects in configuration
partition, User Principal Names –Authentication default security in, Service Account deleting objects, Deleting Objects downloading, Common Uses for AD LDS DSAMAIN. EXE process, Differences Between AD and AD LDS FSMO in, Group and User Scope –FSMOs installing instance installation LDIF files, Installing a New AD LDS Instance replica, Installing a New AD LDS Instance –Installing an AD LDS Replica server role, AD LDS Installation –Installing a New AD LDS Instance instance, Common Uses for AD LDS LDAP in, No Global Catalog managing groups, Creating Groups –Removing Members from Groups managing users, Creating Users –Creating Groups partition/naming context, Common Uses for AD LDS Recycle Bin, Enabling the Recycle Bin replica, Common Uses for AD LDS schema, Schema –Schema , repadmin –Bindable Objects and Bindable Proxy Objects schema partition, Common Uses for AD LDS service account, Service Account tools, Tools –repadmin AD Schema Analyzer, ADAM Sync AD Schema MMC snap-in, ADAM Sync ADAM Install, Tools ADAM Sync, ADAM Sync ADAM Uninstall, ADAM Sync ADSI Edit, ADSI Edit DSDBUTIL, ADSI Edit dsmgmt, dsdbutil –dsmgmt LDIFDE, dsmgmt LDP, dsmgmt repadmin, repadmin UPNs in, Schema AD LDS (Active Directory Lightweight Directory) ADAM Install, Tools ADAM Sync, New and Updated Tools , ADAM Sync ADAM Uninstall, ADAM Sync AD Recycle Bin, Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles , Preserving attributes in a tombstone , Backing Up Active Directory , Working with Snapshots –Using PowerShell , Enabling the Recycle Bin AD Schema Analyzer, for AD LDS, ADAM Sync AD Schema MMC snap-in, for AD LDS, ADAM Sync AD Sites snap-in creating site links in, Managing site links list of subnets, Managing sites managing replication topology using, Site and Replication Management Tools using in AD LDS, New and Updated Tools ADAC (Active Directory Administrative Center) about, Management Tools –Extensibility creating Password Settings Objects, Creating a PSO with the Active Directory Administrative
Center –Creating a PSO with the Active Directory Administrative
Center Dynamic Access Control node in, Configuring Active Directory for DAC managing Password Settings Objects, Understanding Password Settings Objects , Managing Password Settings Objects , Managing PSO Application –Applying a PSO with ADAC undeleting objects using, Undeleting Objects viewing Password Settings Objects, Viewing the effective PSO –Viewing the effective PSO Add-ADDSReadOnlyDomainController Account, Prestaging RODC domain controller accounts Add-KdsRootKey, Preparing for Group Managed Service Accounts AdFind tool about, Searching the Database accessing stats control using, Using the stats control ADFS (Active Directory Federation Services) about, Active Directory Federation Services –How It Works claim descriptions creating, Creating and Sending Claims Through the Pipeline claims pipeline and claims rules about, Relying Party Trusts pipeline, The Pipeline –The Pipeline sending rules through pipeline, Creating and Sending Claims Through the Pipeline –Creating and Sending Claims Through the Pipeline components of, WS-Federation –Geographically redundant ADFS servers configuration wizard, Configuring ADFS –Configuring ADFS customizing attribute stores, Forms-Based Logon Pages forms-based logon pages, Forms-Based Logon Pages –Forms-Based Logon Pages relying party about, Active Directory Federation Services –Introduction to Federated Identity trusts, Federation Server Proxies –Relying Party Trusts SAML, How It Works , How It Works , SAML , The Configuration Database topologies, Federation Server Proxies –Geographically redundant ADFS servers troubleshooting about, Troubleshooting ADFS event-logs, Event Logs –Event Logs using Fiddler, Fiddler –Summary WID instance, The Configuration Database , Configuring ADFS workings of, How It Works –How It Works WS-Federation, How It Works , WS-Federation ADK (Automated Deployment Kit), downloading, Active Directory-Based Machine Activation adminContextMenu attribute, Context Menus Administrative Templates (ADMs), ADM or ADMX files , ADM or ADMX files administrators correctly applying GPOs, Designing the delegation of GPO administration creating user accounts, Naming and placing users looking after structure of organizational
unit, Delegating full administration responsibilities of AD, Nominating Responsible People in Your Organization role separation of, Administrator Role Separation –Administrator Role Separation taking over permissions scheme, How to Plan Permissions –Bringing Order out of Chaos adminPropertyPages attribute, Property Pages AdminSDHolder process, The AdminSDHolder Process –The AdminSDHolder Process , The AdminSDHolder Process ADMs (Administrative Templates), ADM or ADMX files , ADM or ADMX files ADMT (Active Directory Migration Tool), Uniquely Identifying Objects ADMX files converting custom ADM files to, ADM or ADMX files creating central store, ADM or ADMX files –ADM or ADMX files ADMX Migrator, converting custom ADM files to, ADM or ADMX files Adprep utility, Beginning the Upgrade –Beginning the Upgrade ADSchemaAnalyzer, New and Updated Tools ADSI Edit about, ADSI Edit –ADSI Edit coupling context menu scripts and programs
with, Context Menus for AD LDS, ADSI Edit managing Password Settings Objects, Applying a PSO with ADAC viewing contents of Schema container using, Structure of the Schema ADUC (Active Directory Users and Computers) about, Active Directory Users and Computers –ADSI Edit managing Password Settings Objects, Applying a PSO with ADUC viewing all options of, Advanced Features Advanced Group Policy Management (AGPM), The importance of change-control procedures Advanced Security Settings window, Using the GUI to Examine Permissions AEs (auditing entries), Using the GUI to Examine Auditing aging and scavenging, on DNS server, Aging and Scavenging –Enabling scavenging on the DNS server AGPM (Advanced Group Policy Management), The importance of change-control procedures AIA (Authority Information Access), Service configuration Allowed RODC Password Replication Group, Password Replication Policies AllowSSBToAnyVolume, Using Windows Server Backup AMA (Authentication Mechanism Assurance), Authentication Mechanism Assurance ambiguous name resolution (ANR), Ambiguous name resolution AND (&) operators, as LDAP Boolean operator, Connecting Filter Components –Connecting Filter Components answer files, Automating the DC Build Process application partitions about, Application Partitions –Storing Dynamic Data creating, Application Partitions in AD LDS, Top-Level Application Partition Object Classes , Creating Application Partitions –Creating Application Partitions , Deleting Application Partitions –Deleting Application Partitions using for DNS, Using Application Partitions for DNS –Using Application Partitions for DNS asterisk (*), as LDAP filter wild card operator, Filter Operators attribute change auditing, Confidentiality –Attribute change auditing Attribute Editor tab, of ADUC, Advanced Features attribute indexing, Indexed attributes –Indexed attributes attribute names, changing, Icons attributes attributeSecurityGUID, Property Sets and attributeSecurityGUID available in GC for Partial Attribute Set, The Global Catalog –Flexible Single Master Operator (FSMO) Roles change auditing, Confidentiality changing display names of, Icons confidential attribute flag, Confidentiality –Confidentiality defining MAPI ID, MAPI IDs filtered attribute set, The filtered attribute set linked attributes, Linked Attributes –Linked Attributes pertaining to naming contexts, Naming Contexts and Application Partitions preserving in tombstone, Preserving attributes in a tombstone property sets, Property Sets and attributeSecurityGUID rules of constructed, Constructed attributes schemaFlagsEx attribute, schemaFlagsEx searchFlags attribute, searchFlags –The filtered attribute set syntax of, Attribute Syntax –Attribute Syntax systemFlags attribute, systemFlags –Category 1 objects attributeSchema (Attribute-Schema) objects, The Global Catalog , Structure of the Schema , Attributes (attributeSchema Objects) , Property Sets and attributeSecurityGUID , Implementing Auditing attributeSecurityGUID, Property Sets and attributeSecurityGUID audit directory service access, Confidentiality auditing about, Active Directory Security: Permissions
and Auditing designing schemes, Bringing Order out of Chaos –Designing Auditing Schemes examining, Using the GUI to Examine Auditing implementing, Designing Auditing Schemes –Implementing Auditing tracking last interactive logon information, Implementing Auditing –Tracking Last Interactive Logon Information using DAC for, Auditing auditing entries (AEs), Using the GUI to Examine Auditing authentication in AD LDS, User Principal Names –Authentication Kerberos about, Kerberos application access, Application Access delegation, Delegation –Delegation protocol transition, Delegation service access, User Logon –Logon and Service Access Summary user logon, User Logon –User Logon managed service accounts, Authentication Mechanism Assurance Authentication Mechanism Assurance (AMA), Authentication Mechanism Assurance Authority Information Access (AIA), Service configuration Automated Deployment Kit (ADK), downloading, Active Directory-Based Machine Activation automatic site coverage, Resource Records Used by Active Directory auxiliary classes, dynamically assigning to
objects, Dynamically Linked Auxiliary Classes –Summary B background zone loading of DNS zones, Background Zone Loading backups Active Directory, Backing Up Active Directory –Using the NT Backup Utility allowing system-state backups, Using Windows Server Backup of GPOs, Group Policy Backup and Restore –Group Policy Backup and Restore restoring DC from backups, Manually removing a domain controller from Active
Directory –Restore from Backup from NT Backup utility backup, Restoring with NT Backup –Restoring with Windows Server Backup from Windows Server backup, Restoring with Windows Server Backup using NT Backup utility, Using the NT Backup Utility using Windows Server Backup, Using Windows Server Backup –Using Windows Server Backup badPwdCount attribute, Last-logon statistics badPwdTime attribute, Last-logon statistics Best Practices Analyzer (BPA), Best Practices Analyzer –Best Practices Analyzer , Group Policy Logging in Windows Vista/Windows Server 2008 and
Newer branch offices, Read-Only Domain Controllers Bridge all site links enabled, Read-Only Domain Controllers option, Site Link Bridges , Transport –Site Link Bridges: The Second Building Blocks of Intersite
Topologies C CA (Certification Authority), Enterprise, Transport cached passwords, managing with repadmin, Populating the password cache central access policies, configuring Active Directory for
DAC and, Configuring claim types –Configuring central access policies Certificate Signing Request (CSR), Certificates certificates, Lookup process Certification Authority (CA), Enterprise, Transport chain matching rule, The In-Chain Matching Rule chaining table, The W32Time Service –The W32Time Service ChainMaxEntries, The W32Time Service change control, in managing Group Policy, The importance of change-control procedures claim descriptions, creating, Creating and Sending Claims Through the Pipeline claim types in Active Directory, Configuring Active Directory for DAC claims pipeline and claims rules about, Relying Party Trusts pipeline, The Pipeline –The Pipeline sending rules through pipeline, Creating and Sending Claims Through the Pipeline –Creating and Sending Claims Through the Pipeline class names, changing, Icons classDisplayName property, Icons classSchema (Class-Schema) objects about, Structure of the Schema dissecting Active Directory class, Dissecting an Example Active Directory Class –Viewing the user class with the Active Directory Schema
snap-in dynamically linked auxiliary classes, Dynamically Linked Auxiliary Classes –Summary in AD LDS, repadmin , Bindable Objects and Bindable Proxy Objects listing of, Classes (classSchema Objects) objectClassCategory and inheritance, Classes (classSchema Objects) –Object Class Category and Inheritance client logon process, in RODC deployment, The Client Logon Process –Populating the password cache client lookup process, Resource Records –Client Lookup Process client-side extension (CSE), group policy preferences
using, Group Policy Preferences –Deploying group policy preferences cloning DC, impacts of on Windows of, Cloning Domain Controllers cloning domain controllers, Cloning Domain Controllers –Cloning a domain controller cn (Common-Name), attribute of class, Structure of the Schema CNAME records, Resource Records Used by Active Directory COM (Component Object Model) object adding items to context menus, Context Menus property pages as, Property Pages conditional forwarding, Active Directory-Integrated DNS –Active Directory-Integrated DNS confidential attribute flag, Confidentiality –Confidentiality , Permission Lockdown Configuration NC, Configuration Naming Context connection objects, Connection Objects –Connection Objects constructed attributes, rules of, Constructed attributes containers about, How Objects Are Stored and Identified –How Objects Are Stored and Identified creating AD LDS, Creating Application Partitions –Creating Containers displaying object as leaf or, Display Names context menus, Context Menus –Context Menus controlAccessRight, Property Sets, Validated Writes, and Extended Rights converting groups, Converting groups –Converting groups createWizardExt attribute, Object Creation Wizard creation wizard attribute, Object Creation Wizard -Credential
parameter, Automating the DC Build Process CSE (client-side extension), group policy preferences
using, Group Policy Preferences –Deploying group policy preferences CSR (Certificate Signing Request), Certificates CustomDCCloneAllowList.xml file, Cloning Domain Controllers , Cloning Domain Controllers , The DC cloning process D DAC (Dynamic Access Control) about, Active Directory Security: Permissions
and Auditing , The AdminSDHolder Process –Dynamic Access Control configuring Active Directory for, Configuring Active Directory for DAC –Kerberos policies using on file server, Kerberos policies DACL (Discretionary ACL), Permission Basics , Default Security Descriptors , Rule 3: Manage advanced permissions only when absolutely
necessary data, stored within Active Directory, How Objects Are Stored and Identified –How Objects Are Stored and Identified database configuration in ADFS of, The Configuration Database configuring logging of available space on, Reclaiming Space date formats, searching Active Directory using, Dates and Times –Dates and Times DC (Domain Controller) about, Domains and Domain Trees adding site-specific SRV records, Resource Records Used by Active Directory building automating DC build process, Using DCPromo on Earlier Versions of Windows –Automating the DC Build Process changing IP addresses, Active Directory-Integrated DNS configured to host replicas, Using Application Partitions for DNS deploying on Server Manager read-only domain
controller, Deploying with Server Manager determining in designing sites number of, Where to put domain controllers –Placing a domain controller in more than one site DSA GUID in, DSA GUIDs and invocation IDs filtered attribute set as part of read-only domain
controller, The filtered attribute set FSMO hosted on, Flexible Single Master Operator (FSMO) Roles lingering objects caused by offline, Conflict due to creation of objects with names that
conflict –Lingering Objects maintaining USN, Update sequence numbers (USNs) and highestCommittedUSN manually configure to service multiple
sites, Placing a domain controller in more than one site placement in designing sites of, Where to put domain controllers –Placing a domain controller in more than one site read-only domain controller deployment about, Cloning a domain controller –Read-Only Domain Controllers administrator role separation, Administrator Role Separation –Administrator Role Separation application compatibility, Application Compatibility –Application Compatibility chaining table in, The W32Time Service –The W32Time Service client logon process, The Client Logon Process –Populating the password cache , The W32Time Service –The W32Time Service deploying on Server Manager, Deploying with Server Manager password replication policies in, Password Replication Policies –Managing the loss of an RODC placement considerations, RODC Placement Considerations –RODC Placement Considerations prerequisites to, Read-Only Domain Controllers promoting server to, Administrator Role Separation –Prestaging RODC domain controller accounts write requests and, RODCs and Write Requests –DNS updates reconciling replication conflicts, Conflict due to identical attribute change restoring from backups, Manually removing a domain controller from Active
Directory –Restore from Backup from IFM media, Restore from Backup –Creating and using IFM media on Windows Server 2008 and
newer from replication, Restore from Replication –Manually removing a domain controller from Active
Directory schema cache and, The Schema Cache –The Schema Cache virtualization of about, Automating the DC Build Process –Virtualization cloning, Cloning Domain Controllers –Cloning a domain controller considerations about, Virtualization –When to Virtualize impact of, When to Virtualize –USN rollback safe restore, RID pool reuse –Virtualization Safe Restore DC locator process, Configuring DNSSEC for Active Directory DNS –DC Locator DCCloneConfig.xml file, Cloning Domain Controllers , The DC cloning process dcdiag tool, Best Practices Analyzer dcpromo, Using DCPromo on Earlier Versions of Windows , Automating the DC Build Process DDNS (Dynamic DNS), DNS Fundamentals , Dynamic DNS , Dynamic DNS Default Domain Controllers Policy, How GPOs are stored in Active Directory Default Domain Policy, How GPOs are stored in Active Directory Default-First-Site-Name site, Sites –Sites DEFAULTIPSITELINK, Site Links defragmentation, of DIT file offline, Reclaiming Space –Reclaiming Space delegation examples of, Real-World Active Directory Delegation Examples –Restricting Everyone but HR from Viewing National/Regional ID
Numbers with the Confidential Bit in AD LDS, Controlling Access to Objects and Attributes in managing Group Policy, The importance of change-control procedures –Designing the delegation of GPO administration , The importance of change-control procedures –Designing the delegation of GPO administration in managing PSOS, Viewing the effective PSO –Delegating Management of PSOs Kerberos constrained, Delegation –Delegation name serve records in, Client Lookup Process Delegation of Control Wizard, Designing the delegation of GPO administration –Designing the delegation of GPO administration , Using the Delegation of Control Wizard –Using the Delegation of Control Wizard delegation options, for Active Directory-related DNS
zones, Overriding SRV Record Registration –Integration issues Delegation tab, Delegation deleted object lifecycle, Working with Snapshots –Deleted Object Lifecycle Denied RODC Password Replication Group, Password Replication Policies DesktopStandard, PolicyMaker, Using the Group Policy Management Editor , Deploying group policy preferences DFS-R (Distributed Filesystem-Replication), Group Policy replication digital signatures, on LDIF files, Mitigating a Schema Conflict directory information tree (DIT) as ESE database file, How Objects Are Stored and Identified maintenance, DIT Maintenance –Changing the DS Restore Mode Admin Password searching, The Directory Information Tree –Security descriptor table Directory Service remote procedure call
(DS-RPC), Transport –Transport directory service, about, A Brief History of Directories Directory Services event log, Checking the Integrity of the DIT Directory Services Restore Mode, FSMO Recovery disabling GPO settings, Capabilities of Group Policy Objects Discretionary ACL (DACL), Permission Basics , Default Security Descriptors , Rule 3: Manage advanced permissions only when absolutely
necessary display names, changing class and attribute names, Icons display specifiers, Display Specifiers –Display Specifiers displayName attribute, How GPOs are stored in Active Directory Distinguished Name Tag (DNT), Data table –Security descriptor table Distinguished Names (DNs), Distinguished names –Distinguished names Distributed Filesystem-Replication (DFS-R), Group Policy replication distribution group, converting to security
group, Converting groups DIT (directory information tree) as ESE database file, How Objects Are Stored and Identified maintenance, DIT Maintenance –Changing the DS Restore Mode Admin Password searching, The Directory Information Tree –Security descriptor table DNs (Distinguished Names), Distinguished names –Distinguished names DNS (Domain Name System) about, Active Directory and DNS –DNS Fundamentals aging and scavenging on DNS server, Aging and Scavenging –Enabling scavenging on the DNS server DC locator process, Configuring DNSSEC for Active Directory DNS –DC Locator delegation options for Active Directory-related DNS
zones, Overriding SRV Record Registration –Integration issues DNSSEC about, Global Names Zones configuring for DNS, Lookup process –Configuring DNSSEC for Active Directory DNS workings of, DNSSEC –Lookup process fundamentals of client lookup process, Resource Records –Client Lookup Process Dynamic DNS (DDNS), DNS Fundamentals , Dynamic DNS global names zone, Global Names Zones –Global Names Zones resource records, Zones –Resource Records zones, Zones integrated, Integration issues –Using Application Partitions for DNS managing with Windows PowerShell, Managing DNS with Windows PowerShell picking name for Active Directory network, Choose the forest root domain –Design the namespace naming scheme read-only registry settings, DNS updates resource records used by Active Directory, Resource Records Used by Active Directory –Overriding SRV Record Registration types of name servers, Active Directory-Integrated DNS –Active Directory-Integrated DNS using application partitions for, Using Application Partitions for DNS –Using Application Partitions for DNS vs. WINS, Active Directory and DNS DNS zones background loading of, Background Zone Loading delegation options for Active
Directory-related, Overriding SRV Record Registration –Integration issues replication impact from integrated, Active Directory-Integrated DNS DNSKEY (DNSSEC record), Resource records DNSSEC about, Global Names Zones configuring for DNS, Lookup process –Configuring DNSSEC for Active Directory DNS record types, Resource records workings of, DNSSEC –Lookup process DNT (Distinguished Name Tag), Data table –Security descriptor table Domain Controller (DC) about, Domains and Domain Trees adding site-specific SRV records, Resource Records Used by Active Directory building automating DC build process, Using DCPromo on Earlier Versions of Windows –Automating the DC Build Process deploying on Server Manager, Building Domain Controllers –Deploying with Server Manager using dcpromo, Using DCPromo on Earlier Versions of Windows determining in designing sites number of, Where to put domain controllers –Placing a domain controller in more than one site filtered attribute set as part of read-only domain
controller, The filtered attribute set FSMO hosted on, Flexible Single Master Operator (FSMO) Roles lingering objects caused by offline, Conflict due to creation of objects with names that
conflict –Lingering Objects maintaining USN, Update sequence numbers (USNs) and highestCommittedUSN manually configure to service multiple sites, Step 3: Design the Sites placement in designing sites of, Where to put domain controllers –Placing a domain controller in more than one site read-only domain controller deployment about, Cloning a domain controller –Read-Only Domain Controllers administrator role separation, Administrator Role Separation –Administrator Role Separation application compatibility, Application Compatibility –Application Compatibility chaining table in, The W32Time Service –The W32Time Service client logon process, The Client Logon Process –Populating the password cache , The W32Time Service –The W32Time Service deploying on Server Manager, Deploying with Server Manager password replication policies in, Password Replication Policies –Managing the loss of an RODC placement considerations, RODC Placement Considerations –RODC Placement Considerations prerequisites to, Read-Only Domain Controllers promoting server to, Administrator Role Separation –Prestaging RODC domain controller accounts write requests and, RODCs and Write Requests –DNS updates reconciling replication conflicts, Conflict due to identical attribute change restoring from backups, Manually removing a domain controller from Active
Directory –Restore from Backup from IFM media, Restore from Backup –Creating and using IFM media on Windows Server 2008 and
newer from replication, Restore from Replication –Manually removing a domain controller from Active
Directory schema cache and, The Schema Cache –The Schema Cache virtualization of about, Automating the DC Build Process –Virtualization cloning DC, Cloning Domain Controllers –Cloning a domain controller considerations about, Virtualization –When to Virtualize impact of, When to Virtualize –USN rollback safe restore, RID pool reuse –Virtualization Safe Restore Domain Controllers OU, Organizational Units , Flexible Single Master Operator (FSMO) Roles domain mode, functional levels of forest and, Domain and Forest Functional Levels –Windows 2000 domain mode Domain Name System (DNS) about, Active Directory and DNS –DNS Fundamentals aging and scavenging on DNS server, Aging and Scavenging –Enabling scavenging on the DNS server DC locator process, Configuring DNSSEC for Active Directory DNS –DC Locator delegation options for Active Directory-related DNS
zones, Overriding SRV Record Registration –Integration issues DNSSEC about, Global Names Zones configuring for DNS, Lookup process –Configuring DNSSEC for Active Directory DNS workings of, DNSSEC –Lookup process fundamentals of client lookup process, Resource Records –Client Lookup Process Dynamic DNS (DDNS), DNS Fundamentals , Dynamic DNS global names zone, Global Names Zones –Global Names Zones resource records, Zones –Resource Records zones, Zones integrated, Integration issues –Using Application Partitions for DNS managing with Windows PowerShell, Managing DNS with Windows PowerShell picking name for Active Directory network, Choose the forest root domain –Design the namespace naming scheme read-only registry settings, DNS updates resource records used by Active Directory, Resource Records Used by Active Directory –Overriding SRV Record Registration using application partitions for, Using Application Partitions for DNS –Using Application Partitions for DNS vs. WINS, Active Directory and DNS domain namespace design, Designing the Active Directory Structure , Overview of the Design Process , Domain Namespace Design –Arrange the subdomain hierarchy domain naming master role about, Flexible Single Master Operator (FSMO) Roles importance of, Flexible Single Master Operator (FSMO) Roles Domain NC, Naming Contexts and Application Partitions –Naming Contexts and Application Partitions , Domain Naming Context Domain Services server role, installing, Automating the DC Build Process domain trees about, Domains and Domain Trees –Domains and Domain Trees impacting GPO applications, Prioritizing the Application of Multiple Policies DomainDnsZones partitions, defining custom application
partitions outside of default, Using Application Partitions for DNS domains components of Active Directory, Domains and Domain Trees moving from mixed to native mode, Windows 2000 domain mode drag-and-drop moves, controlling ADUC, Controlling drag-and-drop moves –Taskpads DS Restore Mode administrator password, setting, Changing the DS Restore Mode Admin Password DS-RPC (Directory Service remote procedure
call), Transport –Transport DSA GUID, DSA GUIDs and invocation IDs DSDBUTIL command-line tool, for AD LDS, ADSI Edit dsHeuristics attribute, modifying, The AdminSDHolder Process –The AdminSDHolder Process dsmgmt command-line tool, for AD LDS, dsdbutil –dsmgmt DsPollingInterval registry setting, DNS updates DSRM password, embedding in script, Automating the DC Build Process DSRMAdminLogonBehavior, modifying logon behavior, Restartable Directory Service dual stacks, Troubleshooting subnet data problems Dynamic Access Control (DAC) about, Active Directory Security: Permissions
and Auditing , The AdminSDHolder Process –Dynamic Access Control configuring Active Directory for, Configuring Active Directory for DAC –Kerberos policies using on file server, Kerberos policies Dynamic DNS (DDNS), DNS Fundamentals , Dynamic DNS –Dynamic DNS , Dynamic DNS Dynamic objects, Storing Dynamic Data E Effective Permissions (Effective Access), Viewing the Effective Permissions for a User or Group email address formatting rules, Service Account Enforced setting, in GPO, Blocking Inheritance and Overriding the Block in Organizational
Unit GPOs Enforced settings, in GPO, Blocking Inheritance and Overriding the Block in Organizational
Unit GPOs Enterprise Certification Authority (CA), Transport Enterprise Numbers, X.500 and the OID Namespace equal sign (=) as LDAP filter operator, Filter Operators used by DNs, Distinguished names event-log entries logs updated, DNS updates troubleshooting ADFS, Event Logs –Event Logs Exchange best practice guidelines for Global Catalog
servers, How many domain controllers to have deploying, Sites need for separate forest with, Create additional forests RODC and, Application Compatibility explicit permissions vs. inherited permissions, Property Sets, Validated Writes, and Extended Rights Extended Protection, configuring, Fiddler extended rights, Property Sets, Validated Writes, and Extended Rights Extensible Storage Engine (ESE) database file, DIT
as, How Objects Are Stored and Identified F FAS (Filtered Attribute Set), The filtered attribute set , Application Compatibility fault tolerance, Final notes federation metadata, Relying Party Trusts federation servers, Federation Servers –Federation Server Proxies , Federation Servers Federation Service identifier, Service configuration Federation Service name, Service configuration Fiddler, troubleshooting using in ADFS, Fiddler –Summary filesystem, loading zones stored on, Background Zone Loading Filtered Attribute Set (FAS), The filtered attribute set , Application Compatibility FIM (Forefront Identity Manager), Naming and placing groups fine-grained password policies (FGPPs) about, Fine-Grained Password Policies creating PSOs, Creating Password Settings Objects –Creating a PSO with PSOMgr defining PSOs, Defining Password Settings Objects –Defining PSO precedence delegating management of PSOs, Viewing the effective PSO –Delegating Management of PSOs managing PSOs, Managing Password Settings Objects –Viewing the effective PSO mandatory password setting object attributes, Scenarios for Fine-Grained Password Policies understanding PSOs, Understanding Password Settings Objects Flexible Single Master Operator (FSMO) roles about, Flexible Single Master Operator (FSMO) Roles –Flexible Single Master Operator (FSMO) Roles Active Directory maintenance, FSMO Recovery –FSMO Recovery hosting on DC, Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles in AD LDS, Group and User Scope –FSMOs placement of, Flexible Single Master Operator (FSMO) Roles role holder, Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles Forefront Identity Manager (FIM), Naming and placing groups forest about, Forests –Forests choosing root domain for domain namespace
design, Final notes configuring multi-tree, Forests considerations for creating separate, Create additional forests –Create additional forests designing, Designing the Active Directory Structure functional levels of domain mode and, Domain and Forest Functional Levels –Windows 2000 domain mode removing root domain of, Forests ForestDnsZones partitions, defining custom application
partitions outside of default, Using Application Partitions for DNS FQDN (Fully Qualified Domain Name), Multiple-domain support , Global Names Zones , User Logon , Service principal names , Step 4: Design the Workstation and Server Naming
Conventions , Installing an AD LDS Replica , Geographically redundant ADFS servers , Certificates , Service configuration , Relying Party Trusts FSMO (Flexible Single Master Operator) roles about, Flexible Single Master Operator (FSMO) Roles –Flexible Single Master Operator (FSMO) Roles Active Directory maintenance, FSMO Recovery –FSMO Recovery in AD LDS, Group and User Scope –FSMOs placement of, Flexible Single Master Operator (FSMO) Roles role holder, Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles fSMORole Owner attribute, Flexible Single Master Operator (FSMO) Roles functional levels, Differences in functionality –Functional Level Rollback G garbage collection, Deleted Object Lifecycle GC (Global Catalog), The Global Catalog –Flexible Single Master Operator (FSMO) Roles Get-ADDCCloningExcludedApplicationList, Cloning Domain Controllers , Cloning a domain controller Get-ADReplicationAttributeMetadata cmdlet, Step 1: Initial creation of a user on Server A –Step 1: Initial creation of a user on Server A Global Catalog (GC), The Global Catalog –Flexible Single Master Operator (FSMO) Roles Global Catalog servers, Exchange best practice
guidelines for, How many domain controllers to have global names zone, Global Names Zones –Global Names Zones globally unique identifier (GUID) assigning to objects, Uniquely Identifying Objects DSA, DSA GUIDs and invocation IDs gMSAs (group managed service accounts), Authentication Mechanism Assurance –Using Group Managed Service Accounts gPCFileSysPath attribute, How GPOs are stored in Active Directory gPLink attribute, Designing the delegation of GPO administration GPMC (Group Policy Management Console) accessing infrastructure status, Group Policy Infrastructure Status downloading, Capabilities of Group Policy Objects modeling using, Group Policy Modeling scripting capabilities of, Group Policy Backup and Restore –Scripting Group Policy using to manage Group Policy, Group Policy –Using the Group Policy Management Console GPME (Group Policy Management Editor), Capabilities of Group Policy Objects , Using the Group Policy Management Editor –Using the Group Policy Management Editor , Running Scripts with Group Policy gPOptions attribute, Designing the delegation of GPO administration GPOs (group policy objects) backing up, Group Policy Backup and Restore –Group Policy Backup and Restore Block Inheritance and Enforced settings in, Blocking Inheritance and Overriding the Block in Organizational
Unit GPOs blocking inheritance, Blocking Inheritance and Overriding the Block in Organizational
Unit GPOs –Summary capabilities of, Group Policy Primer –Group Policy replication combating slowdown due to Group Policy, Combating Slowdown Due to Group Policy –Use simple queries in WMI filters controlling and deploying, Group Policy Modeling –Designing the delegation of GPO administration correctly applying, Designing the delegation of GPO administration default, Designing the delegation of GPO administration disabling settings, Capabilities of Group Policy Objects Enforced setting in, Blocking Inheritance and Overriding the Block in Organizational
Unit GPOs guidelines for designing, Using GPOs to Help Design the Organizational Unit Structure –Guidelines for Designing GPOs identifying user settings using RSoP, Group Policy Infrastructure Status –Group Policy Results Wizard in Active Directory design, Designing the Active Directory Structure inheritance rules in organizational units, Standard GPO Inheritance Rules in Organizational Units linking, How Group Policies Work –GPOs and Active Directory Loopback Mode and, Security Filtering and Group Policy Objects –Loopback Merge Mode and Loopback Replace Mode modifying default GPO permissions, Designing the delegation of GPO administration policies linked only at domain, Prioritizing the Application of Multiple Policies prioritizing application of multiple policies, GPOs and Active Directory –Prioritizing the Application of Multiple Policies refresh frequency and, Summary –Group Policy Refresh Frequency restoring, Group Policy Backup and Restore –Group Policy Backup and Restore security filtering and, Use simple queries in WMI filters –Security Filtering and Group Policy Objects storing, How GPOs are stored in Active Directory summary of Group Policy application, Loopback Merge Mode and Loopback Replace Mode –Summarizing Group Policy Application summary of Group Policy functionality, Group Policy –Group Policy using GPMC to manage, Group Policy –Using the Group Policy Management Console using GPME for managing, Using the Group Policy Management Editor –Using the Group Policy Management Editor using in designing OU structure about, Using GPOs to Help Design the Organizational Unit Structure –Using GPOs to Help Design the Organizational Unit Structure examples of, Guidelines for Designing GPOs –Fabrikam guidelines for designing GPOs, Using GPOs to Help Design the Organizational Unit Structure –Guidelines for Designing GPOs identifying areas of policy, Using GPOs to Help Design the Organizational Unit Structure using Starter, Using Starter GPOs WMI filtering and, WMI Filtering working across slow links, Limiting use of site policies GPResult tool, Group Policy Results Wizard GPT (Group Policy Template), How GPOs are stored in Active Directory , Running Scripts with Group Policy GPUPDATE tool, When Policies Apply gpupdate, updating group policy settings using, Forcing Group Policy Updates Greater than or equal to (>=), as LDAP filter
operator, Filter Operators group managed service accounts (gMSAs), Authentication Mechanism Assurance –Using Group Managed Service Accounts group membership across domain boundaries, Group membership across domain boundaries Group Policies about, Group Policy Primer capabilities of GPOs, Capabilities of Group Policy Objects disabling GPO settings, Group Policy Primer managing about, Group Policy backing up, Group Policy Backup and Restore –Group Policy Backup and Restore change control in, The importance of change-control procedures correctly applying GPOs, The importance of change-control procedures default GPOs, Designing the delegation of GPO administration delegation in, The importance of change-control procedures –Designing the delegation of GPO administration deploying preferences, Group Policy Preferences –Item-Level Targeting modeling using GPMC, Group Policy Modeling preference options for, Using the Group Policy Management Editor –Group Policy Preferences restoring, Group Policy Backup and Restore –Group Policy Backup and Restore running logon/logoff scripts, Item-Level Targeting –Running Scripts with Group Policy scripting, Group Policy Backup and Restore –Scripting Group Policy using GPMC for, Group Policy –Using the Group Policy Management Console using GPME for, Using the Group Policy Management Editor –Using the Group Policy Management Editor using Starter GPOs, Using Starter GPOs storage of, Capabilities of Group Policy Objects –Group Policy replication troubleshooting accessing infrastructure status, Group Policy Infrastructure Status Best Practices Analyzer, Group Policy Logging in Windows Vista/Windows Server 2008 and
Newer debugging group policies, Scripting Group Policy enabling extra logging, Forcing Group Policy Updates –Group Policy Logging in Windows Vista/Windows Server 2008 and
Newer forcing updates, Forcing Group Policy Updates –Forcing Group Policy Updates third-party tools for, Third-Party Troubleshooting Tools using GPResult tool, Group Policy Results Wizard using Resultant Set of Policy, Group Policy Infrastructure Status –Group Policy Results Wizard workings of blocking inheritance, Blocking Inheritance and Overriding the Block in Organizational
Unit GPOs –Summary combating slowdown due to, Combating Slowdown Due to Group Policy –Use simple queries in WMI filters GPO inheritance rules in organizational units, Standard GPO Inheritance Rules in Organizational Units linking GPOs, How Group Policies Work –GPOs and Active Directory Loopback Mode, Security Filtering and Group Policy Objects –Loopback Merge Mode and Loopback Replace Mode prioritizing application of multiple policies, GPOs and Active Directory –Prioritizing the Application of Multiple Policies refresh frequency, Summary –Group Policy Refresh Frequency security filtering and GPOs, Use simple queries in WMI filters –Security Filtering and Group Policy Objects summary of Group Policy application, Loopback Merge Mode and Loopback Replace Mode –Summarizing Group Policy Application summary of Group Policy functionality, Group Policy –Group Policy WMI filtering, WMI Filtering Group Policy Creator Owners group, creating GPO, Designing the delegation of GPO administration Group Policy Management Console (GPMC) accessing infrastructure status, Group Policy Infrastructure Status downloading, Capabilities of Group Policy Objects modeling using, Group Policy Modeling scripting capabilities of, Group Policy Backup and Restore –Scripting Group Policy using to manage Group Policy, Group Policy –Using the Group Policy Management Console Group Policy Management Editor (GPME), Capabilities of Group Policy Objects , Using the Group Policy Management Editor –Using the Group Policy Management Editor , Running Scripts with Group Policy group policy preferences, Using the Group Policy Management Editor –Item-Level Targeting , Running Scripts with Group Policy Group Policy Results Wizard, Group Policy Modeling , Group Policy Infrastructure Status –Group Policy Results Wizard Group Policy Template (GPT), How GPOs are stored in Active Directory , Running Scripts with Group Policy group scopes, Groups groupPolicyContainer class, How GPOs are stored in Active Directory groups allowing specific users to access new published
resources, Hiding Specific Personal Details for All Users in an
Organizational Unit from a Group hiding personal details of users from, Real-World Active Directory Delegation Examples –Hiding Specific Personal Details for All Users in an
Organizational Unit from a Group managing groups in AD LDS, Creating Groups –Removing Members from Groups naming and placing, Naming and placing users –Naming and placing groups understanding workings of, Groups –Converting groups GUID (globally unique identifier) assigning to objects, Uniquely Identifying Objects DSA, DSA GUIDs and invocation IDs H hardware abstraction layer (HAL), Manually removing a domain controller from Active
Directory hierarchy of organizational units, designing, Arrange the subdomain hierarchy –Delegating other rights highestCommittedUSN, Update sequence numbers (USNs) and highestCommittedUSN –Update sequence numbers (USNs) and highestCommittedUSN host service name, Service tickets HOST SPN Mappings, implicit, Service tickets hosts file, configuring for ADFS server, Federation Server Proxies –Federation Server Proxies HWMV (high-watermark vector), High-watermark vector (direct up-to-dateness vector) –High-watermark vector (direct up-to-dateness vector) , Step 5: The initiating server checks whether it is up to
date Hyper-V platform support of VM Gen IDs, RID pool reuse –Virtualization Safe Restore I IADs, System.DirectoryServices Overview IADs interface, ADSI, System.DirectoryServices Overview IADsComputer, System.DirectoryServices.Protocols Overview IADsContainer, System.DirectoryServices Overview IADsGroup, System.DirectoryServices Overview , System.DirectoryServices.Protocols Overview IADsSecurity Descriptor, Other nice things in System.DirectoryServices IADsUser, System.DirectoryServices Overview , System.DirectoryServices.Protocols Overview , Managing Users IANA (Internet Assigned Numbers Authority), X.500 and the OID Namespace iconPath attribute, Icons icons, representing different states of objects, Icons –Icons IContextMenu interface, Context Menus Identity Integration Feature Pack (IIFP), ADAM Sync identity provider (IdP), Active Directory Federation Services –Introduction to Federated Identity IFM (Install from Media), Restore from Backup –Creating and using IFM media on Windows Server 2008 and
newer ILT (Item Level Targeting), Item-Level Targeting indexing attributes, Indexed attributes –Indexed attributes infrastructure master about, Flexible Single Master Operator (FSMO) Roles –Flexible Single Master Operator (FSMO) Roles FSMO role holder, Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles importance of, Flexible Single Master Operator (FSMO) Roles placement rules, Flexible Single Master Operator (FSMO) Roles infrastructure status, accessing Group Policy, Group Policy Infrastructure Status inheritance blocking, Blocking Inheritance and Overriding the Block in Organizational
Unit GPOs objectClassCategory and, Classes (classSchema Objects) –Object Class Category and Inheritance OID numbering notation and, X.500 and the OID Namespace inherited permissions vs. explicit permissions, Property Sets, Validated Writes, and Extended Rights Install from Media (IFM), Restore from Backup –Creating and using IFM media on Windows Server 2008 and
newer Install-ADDSDomainController cmdlet, Prestaging RODC domain controller accounts Install-ADServiceAccount cmdlet, Using Group Managed Service Accounts integrated DNS, Integration issues –Using Application Partitions for DNS Inter-Site Mechanism Simple Mail Transport Protocol
(ISM-SMTP), Transport –Transport internal domain structure design, Overview of the Design Process , Arrange the subdomain hierarchy –Naming and placing groups International Organization for Standardization (ISO),
development of X.500 standard, A Brief History of Directories , X.500 and the OID Namespace International Telecommunication Union (ITU), development of
X.500 standard, A Brief History of Directories , X.500 and the OID Namespace Internet Assigned Numbers Authority (IANA), X.500 and the OID Namespace intersite topology about, Creating a Site Topology site link bridges in, Transport –Site Link Bridges: The Second Building Blocks of Intersite
Topologies site links in, Now what? –Transport Intersite Topology Generator (ISTG), The KCC , Transport intrasite topology about, Creating a Site Topology automatic site generation by KCC, The KCC invocation ID, DSA GUIDs and invocation IDs IP addresses CNAME records and updating, Resource Records Used by Active Directory DC changing, Active Directory-Integrated DNS separating from hostname, Federation Server Proxies understanding, Subnets IPv6 address deploying with IPv4, Troubleshooting subnet data problems –Troubleshooting subnet data problems in DC cloning configuration, Cloning Domain Controllers WINS and, Global Names Zones IShellExitInit interface, Property Pages , Context Menus IShellPropSheetExt interface, Property Pages ISM-SMTP (Inter-Site Mechanism Simple Mail Transport
Protocol), Transport –Transport ISO (International Organization for Standardization),
development of X.500 standard, A Brief History of Directories , X.500 and the OID Namespace ISTG (Intersite Topology Generator), The KCC , Transport Item Level Targeting (ILT), Item-Level Targeting ITU (International Telecommunication Union), development of
X.500 standard, A Brief History of Directories , X.500 and the OID Namespace K KCC (Knowledge Consistency Checker), Knowledge Consistency Checker –Knowledge Consistency Checker , Replication connection objects KCD (Kerberos constrained delegation), Delegation –Delegation KDS root key, creating, Preparing for Group Managed Service Accounts Kerberos about, Kerberos application access, Application Access delegation, Delegation –Delegation authentication (port 88), Resource Records Used by Active Directory changing passwords via, Resource Records Used by Active Directory domain controllers encrypting tickets, The Client Logon Process issues with Windows editions supporting, Groups maximum time-skew requirement between hosts, A Background to Metadata policies in configuring Active Directory for
DAC, Configuring central access policies –Kerberos policies protocol transition, Delegation RODC using, Password Replication Policies service access, User Logon –Logon and Service Access Summary user logon, User Logon –User Logon Kerberos constrained delegation (KCD), Delegation –Delegation key management server (KMS), Active Directory-Based Machine Activation key signing key (KSK), Resource records , Lookup process –Configuring DNSSEC for Active Directory DNS Knowledge Consistency Checker (KCC), Knowledge Consistency Checker , Replication connection objects , The KCC kpasswd process (port 464), Resource Records Used by Active Directory krbtgt account, RODC and, The Client Logon Process –The Client Logon Process KSK (key signing key), Resource records , Lookup process –Configuring DNSSEC for Active Directory DNS L lastLogon attribute, Last-logon statistics lastLogonTimeStamp, RID pool reuse lastLogonTimeStamp attribute, Implementing Auditing lastLogonTimeStampAttribute, Computer account password changes –Last-logon statistics LDAP (Lightweight Directory Access Protocol) about, A Brief History of Directories DNs defined in, Distinguished names Filter View, Global Search in AD LDS, Differences Between AD and AD LDS , No SRV Records , No Global Catalog referral from RODC, Application Compatibility LDAP controls modifying behavior in database search with, Modifying Behavior with LDAP Controls –Modifying Behavior with LDAP Controls using stats, Using the stats control –Using the stats control LDAP Data Interchange Format, Using LDIF to Extend the Schema LDAP filter Boolean operators in, Connecting Filter Components –Connecting Filter Components operators in, Searching the Database –Filter Operators LDAP-Display-Name (lDAPDisplayName) attribute, Structure of the Schema LDAP_CONTROL_VLVREQUEST, Modifying Behavior with LDAP Controls LDAP_PAGED_RESULT_OID_STRING, Modifying Behavior with LDAP Controls LDAP_SERVER_ASQ_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_DIRSYNC_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_DOMAIN_SCOPE_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_EXTENDED_DN_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_GET_STATS_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_NOTIFICATION_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_RANGE_OPTION_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_SD_FLAGS_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_SEARCH_OPTIONS_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_SHOW_DELETED_OID, Modifying Behavior with LDAP Controls LDAP_SERVER_SORT_OID, Modifying Behavior with LDAP Controls LDIF files AD LDS creating containers, Creating Application Partitions –Creating Containers deleting objects, Deleting Objects managing groups, Creating Groups –Removing Members from Groups managing users, Creating Users –Creating Groups creating portable schema extensions using, Using LDIF to Extend the Schema digital signatures on, Mitigating a Schema Conflict export data in LDIF format, Using LDIF to Extend the Schema extend schema using, Using LDIF to Extend the Schema –Using LDIF to Extend the Schema instance installation in AD LDS of, Installing a New AD LDS Instance LDIFDE command-line tool, for AD LDS, dsmgmt LDP about, LDP –LDP controls dialog box, Modifying Behavior with LDAP Controls for AD LDS, dsmgmt for searching database, Searching the Database querying RootDSE with, Naming Contexts and Application Partitions using in AD LDS, New and Updated Tools viewing contents of Schema container using, Structure of the Schema leaf object, displaying as container or, Display Names Less than or equal to sign (<=), as LDAP filter
operator, Filter Operators Lightweight Directory Access Protocol (LDAP) about, A Brief History of Directories DNs defined in, Distinguished names Filter View, Global Search in AD LDS, Differences Between AD and AD LDS , No SRV Records , No Global Catalog referral from RODC, Application Compatibility Limited caching of passwords, scenario for password
replication policies, Password Replication Policies lingering objects problem, Backing Up Active Directory link table, in searching directory information
tree, Link table linkID attributes, Linked Attributes , Link table –Security descriptor table -LocalAdministratorPassword
parameter, Automating the DC Build Process lockdown permissions, Permission Lockdown logging enabling extra Group Policy, Forcing Group Policy Updates –Group Policy Logging in Windows Vista/Windows Server 2008 and
Newer of available database space, Reclaiming Space logon client process, The Client Logon Process –Populating the password cache running scripts at user, Item-Level Targeting –Running Scripts with Group Policy success/fail information, Last-logon statistics tracking last interactive information, Implementing Auditing –Tracking Last Interactive Logon Information user, User Logon logonCount attribute, Last-logon statistics Loopback Mode, Security Filtering and Group Policy Objects –Loopback Merge Mode and Loopback Replace Mode , Summarizing Group Policy Application LSDOU, specific order of GPOs, GPOs and Active Directory –Prioritizing the Application of Multiple Policies LVR (Linked Value Replication), Link table M machine activation, AD-based, Active Directory-Based Machine Activation managed service accounts, Authentication Mechanism Assurance –Using Group Managed Service Accounts managedBy attribute, Administrator Role Separation management tools about, Management Tools Active Directory Administrative Center, Active Directory Administrative Center –Extensibility Active Directory Users and Computers, Active Directory Users and Computers –ADSI Edit ADSI Edit, ADSI Edit –ADSI Edit LDP, LDP MAPI ID, defined in Active Directory, MAPI IDs MaximumRodcRsoAttemptsPerCycle registry
setting, DNS updates MaximumRodocRsoQueueLength registry setting, DNS updates MDOP (Microsoft Desktop Optimization Pack), The importance of change-control procedures medial searches, of database, Filter Operators metadata, federation, Relying Party Trusts metadata, removing using ntdsutil, Manually removing a domain controller from Active
Directory metadata, replication background to, A Background to Metadata DSA GUID and invocation ID, DSA GUIDs and invocation IDs high-watermark vector, High-watermark vector (direct up-to-dateness vector) –High-watermark vector (direct up-to-dateness vector) highestCommittedUSN, Update sequence numbers (USNs) and highestCommittedUSN –Update sequence numbers (USNs) and highestCommittedUSN modifying in object during, How an Object’s Metadata Is Modified During Replication –Step 4: Password-change replication to DC A originating updates vs. replicated updates, Originating updates versus replicated updates Up-To-Dateness Vector, High-watermark vector (direct up-to-dateness vector) –Up-to-dateness vector update sequence number, Update sequence numbers (USNs) and highestCommittedUSN –Update sequence numbers (USNs) and highestCommittedUSN viewing, Step 1: Initial creation of a user on Server A Microsoft Desktop Optimization Pack (MDOP), The importance of change-control procedures Microsoft Exchange best practice guidelines for Global Catalog
servers, How many domain controllers to have deploying, Sites need for separate forest with, Create additional forests RODC and, Application Compatibility mixed mode vs. native mode, Windows 2000 domain mode modeling, Group Policy, Group Policy Modeling msDS-AuthenticatedAtDC, Password Replication Policies , Managing the password replication policy , The Client Logon Process msDS-FailedInteractiveLogonCount, Tracking Last Interactive Logon Information msDS-FailedInteractiveLogonCount
AtLastSuccessfulLogon, Tracking Last Interactive Logon Information msDS-LastFailedInteractiveLogonTime, Tracking Last Interactive Logon Information msDS-LastSuccessfulInteractiveLogonTime, Tracking Last Interactive Logon Information msDS-NeverRevealGroup, Password Replication Policies , Managing the password replication policy msds-PasswordSettings schema class, Scenarios for Fine-Grained Password Policies msDS-PasswordSettingsPrecedence attribute, Defining PSO precedence msDS-PSOAppliesTo attribute, Defining PSO precedence , Managing PSO Application msDS-Replication-Notify-First-DSA-Delay, Automatic Intrasite Topology Generation by the KCC msDS-Replication-Notify-Subsequent-DSA-Delay, Automatic Intrasite Topology Generation by the KCC msDS-ResultantPSO attribute, Defining PSO precedence msDS-ResultantPso attribute, Viewing the effective PSO , Viewing the effective PSO msDS-RevealedList, Password Replication Policies , Managing the password replication policy , The Client Logon Process msDS-RevealOnDemand, Populating the password cache msDS-RevealOnDemandGroup, Password Replication Policies , Managing the password replication policy msDSAllowedToDelegate, Delegation msDSAuthenticatedAtDC, The Client Logon Process , Populating the password cache N Name Resolution Policy Table (NRPT),
configuring, Lookup process name server (NS) records, in delegation, Client Lookup Process name servers, DNS, Active Directory-Integrated DNS namespace design, creating domain, Domain Namespace Design –Arrange the subdomain hierarchy naming context (NC) about, Naming Contexts and Application Partitions replication between two servers of, The Replication of a Naming Context Between Two Servers –Recap native mode vs. mixed mode, Windows 2000 domain mode nesting OU structures, Step 3: Design the Hierarchy of Organizational Units .NET Framework, programming Active
Directory with about, Programming the Directory with the .NET
Framework assemblies versus namespaces, Assemblies Versus Namespaces choosing development tool, Programming the Directory with the .NET
Framework –.NET Development Without an IDE choosing language, Programming the Directory with the .NET
Framework –Choosing a .NET Programming Language IDisposable interface, Connecting to the Directory programming examples about, Why use System.DirectoryServices.AccountManagement? –Connecting to the Directory connecting to Directory, Connecting to the Directory –Connecting to the Directory managing users, Modifying existing objects –Managing users with
System.DirectoryServices.AccountManagement modifying Directory, Searching the Directory –Modifying existing objects overriding SSL server certificate verification with
SDS.P, Managing users with
System.DirectoryServices.AccountManagement –Overriding SSL Server Certificate Verification with SDS.P searching Directory, Searching the Directory –Searching the Directory programming features, Which .NET Framework Comes with Which OS? –Directory Programming Features by .NET Framework Release services programming landscape about, Summary of Namespaces, Assemblies, and Framework Versions –Why use System.DirectoryServices.AccountManagement? versions of, .NET Development Without an IDE –Summary of Namespaces, Assemblies, and Framework Versions NetBIOS name resolution, Active Directory and DNS NetBIOS names, Step 4: Design the Workstation and Server Naming
Conventions NETDOM, FSMO Recovery Network Time (NTP), time synchronization based on, Time Synchronization in Active Directory NOS (Network Operating System), Evolution of the Microsoft NOS Not (negation (!) sign), as LDAP filter operator, Filter Operators NRPT (Name Resolution Policy Table),
configuring, Lookup process NS (name server) records, in delegation, Client Lookup Process NT Backup utility, Using the NT Backup Utility , Restoring with NT Backup –Restoring with Windows Server Backup NT File Replication Service (NTFRS), Group Policy replication NTDS.DIT, DSA GUIDs and invocation IDs ntdsutil, Administrator Role Separation –Administrator Role Separation changing DSRM password, Reclaiming Space –Changing the DS Restore Mode Admin Password checking integrity of DIT, Checking the Integrity of the DIT –Checking the Integrity of the DIT creating snapshots, Working with Snapshots –Working with Snapshots marking data to be restored, Partial Authoritative Restore –Partial Authoritative Restore performing offline defragmentation, Reclaiming Space –Reclaiming Space removing metadata, Manually removing a domain controller from Active
Directory seizing roles, Using LDIF to Extend the Schema , FSMO Recovery –FSMO Recovery NTFRS (NT File Replication Service), Group Policy replication nTSecurityDescriptor attribute, Permission Basics O object creation wizard, Display Names –Object Creation Wizard object identifier (OID) namespace adding branches and leaves to, X.500 and the OID Namespace –X.500 and the OID Namespace identifying manager of, Nominating Responsible People in Your Organization identifying schema objects using OID, X.500 and the OID Namespace –X.500 and the OID Namespace inheritance and numbering notation in, X.500 and the OID Namespace range of values, X.500 and the OID Namespace –X.500 and the OID Namespace requesting, X.500 and the OID Namespace –X.500 and the OID Namespace objectClass vs. objectCategory, objectClass Versus objectCategory objectClassCategory, inheritance and, Classes (classSchema Objects) –Object Class Category and Inheritance objects assigning GUID to, Uniquely Identifying Objects attributeSchema, The Global Catalog , Structure of the Schema , Attributes (attributeSchema Objects) , Property Sets and attributeSecurityGUID , Implementing Auditing bindable, Common Uses for AD LDS building hierarchies within a domain using
OUs, Organizational Units –Organizational Units connection, Connection Objects –Connection Objects controlling access in AD LDS to, Controlling Access to Objects and Attributes deleting from schema, Making Classes and Attributes Defunct deleting objects in AD LDS, Deleting Objects dynamically assigning auxiliary classes to, Dynamically Linked Auxiliary Classes modifying during metadata replication, How an Object’s Metadata Is Modified During Replication –Step 4: Password-change replication to DC A problems with lingering, Conflict due to creation of objects with names that
conflict –Lingering Objects protecting from accidental deletion, The Confidentiality Bit –Protecting Objects from Accidental Deletion storing and identifying, How Objects Are Stored and Identified –How Objects Are Stored and Identified undeleting, Undeleting Objects –Using PowerShell offline defragmentation, of DIT file, Reclaiming Space –Reclaiming Space OID (object identifier) namespace adding branches and leaves to, X.500 and the OID Namespace –X.500 and the OID Namespace identifying manager of, Nominating Responsible People in Your Organization identifying schema objects using OID, X.500 and the OID Namespace –X.500 and the OID Namespace inheritance and numbering notation in, X.500 and the OID Namespace range of values, X.500 and the OID Namespace –X.500 and the OID Namespace requesting, X.500 and the OID Namespace –X.500 and the OID Namespace Open System Interconnection (OSI) protocol, X.500 based
on, A Brief History of Directories operatingSystem attribute, objectClass Versus objectCategory OR (|) operators, as LDAP Boolean operator, Connecting Filter Components –Connecting Filter Components organizational unit (OU) as container in Active Directory, How Objects Are Stored and Identified as prefix, Distinguished names building object hierarchies within a domain
using, Organizational Units –Organizational Units , Organizational Units –Organizational Units designing hierarchy of, Arrange the subdomain hierarchy –Delegating other rights GPO inheritance rules in, Standard GPO Inheritance Rules in Organizational Units hiding personal details of users from groups, Real-World Active Directory Delegation Examples –Hiding Specific Personal Details for All Users in an
Organizational Unit from a Group impacting GPO applications, Prioritizing the Application of Multiple Policies using GPOs in designing structure for about, Using GPOs to Help Design the Organizational Unit Structure –Using GPOs to Help Design the Organizational Unit Structure examples of, Guidelines for Designing GPOs –Fabrikam guidelines for designing GPOs, Using GPOs to Help Design the Organizational Unit Structure –Guidelines for Designing GPOs identifying areas of policy, Using GPOs to Help Design the Organizational Unit Structure originating updates vs. replicated updates, Originating updates versus replicated updates OSI (Open System Interconnection) protocol, X.500 based
on, A Brief History of Directories OU (organizational unit) as container in Active Directory, How Objects Are Stored and Identified as prefix, Distinguished names building object hierarchies within a domain
using, Organizational Units –Organizational Units designing hierarchy of, Arrange the subdomain hierarchy –Delegating other rights GPO inheritance rules in, Standard GPO Inheritance Rules in Organizational Units hiding personal details of users from groups, Real-World Active Directory Delegation Examples –Hiding Specific Personal Details for All Users in an
Organizational Unit from a Group impacting GPO applications, Prioritizing the Application of Multiple Policies using GPOs in designing structure for about, Using GPOs to Help Design the Organizational Unit Structure –Using GPOs to Help Design the Organizational Unit Structure examples of, Guidelines for Designing GPOs –Fabrikam guidelines for designing GPOs, Using GPOs to Help Design the Organizational Unit Structure –Guidelines for Designing GPOs identifying areas of policy, Using GPOs to Help Design the Organizational Unit Structure P Partial Attribute Set (PAS), attributes available in
GC, The Global Catalog –Flexible Single Master Operator (FSMO) Roles password replication policies (PRPs) in RODC deployment, Password Replication Policies –Managing the loss of an RODC risk of not resetting passwords in RODC
deployment, Managing the loss of an RODC Password Settings Objects (PSOs) creating, Creating Password Settings Objects –Creating a PSO with PSOMgr defining, Defining Password Settings Objects –Defining PSO precedence delegating management of, Viewing the effective PSO managing, Understanding Password Settings Objects , Managing Password Settings Objects , Managing PSO Application –Viewing the effective PSO passwords changing DS restore mode admin, Reclaiming Space changing via Kerberos, Resource Records Used by Active Directory fine-grained password policies, Fine-Grained Password Policies managing with repadmin cached, Populating the password cache RODC and user changing, RODCs and Write Requests –DNS updates setting DS Restore Mode administrator, Changing the DS Restore Mode Admin Password storing through group policy preferences, Group Policy Preferences PDC chaining, disabling, Flexible Single Master Operator (FSMO) Roles PDC emulator FSMO role about, Flexible Single Master Operator (FSMO) Roles AdminSDHolder process and, The AdminSDHolder Process binding LDP to, The AdminSDHolder Process configuring on root domain, Time Synchronization in Active Directory –Domain and Forest Functional Levels importance of, Flexible Single Master Operator (FSMO) Roles in cloning domain controllers, Cloning Domain Controllers , The DC cloning process reconfiguring, Time Synchronization in Active Directory permission dialog boxes, Using the GUI to Examine Permissions permissions, managing about, Active Directory Security: Permissions
and Auditing –Permission Basics ACEs, Permission ACEs –Permission ACEs confidential attributes, Permission Lockdown default security descriptors, Property Sets, Validated Writes, and Extended Rights designing permission schemes about, Using the GUI to Examine Auditing planning for, Rule 5: Keep a log of changes –How to Plan Permissions rules for, The Five Golden Rules of Permissions Design –Rule 5: Keep a log of changes taking over administrator responsibilities, How to Plan Permissions –Bringing Order out of Chaos examining auditing, Using the GUI to Examine Auditing examining permissions using GUI about, Protecting Objects from Accidental Deletion –Using the GUI to Examine Permissions reverting to default permissions, Using the GUI to Examine Permissions using Delegation of Control Wizard, Using the Delegation of Control Wizard viewing Effective Permissions, Viewing the Effective Permissions for a User or Group extended rights, Property Sets, Validated Writes, and Extended Rights inherited vs. explicit permissions, Property Sets, Validated Writes, and Extended Rights lockdown of permission, Default Security Descriptors property sets, Property Sets, Validated Writes, and Extended Rights protecting objects from accidental deletion, The Confidentiality Bit –Protecting Objects from Accidental Deletion validated writes, Property Sets, Validated Writes, and Extended Rights –Property Sets, Validated Writes, and Extended Rights PKI (Public Key Infrastructure), Lookup process PolicyMaker, Using the Group Policy Management Editor , Deploying group policy preferences PowerShell automating DC build process using, Using DCPromo on Earlier Versions of Windows –Automating the DC Build Process creating gMSA, Preparing for Group Managed Service Accounts –Using Group Managed Service Accounts creating KDS root key, Preparing for Group Managed Service Accounts enabling AD LDS Recycle Bin, Enabling the Recycle Bin enabling AD Recycle Bin, Enabling the Recycle Bin Group Policy cmdlets, Scripting Group Policy –Scripting Group Policy managing DNS with, Managing DNS with Windows PowerShell managing Password Settings Objects, Understanding Password Settings Objects RODC promotion parameters, Administrator Role Separation –Prestaging RODC domain controller accounts running scripts at user client machine at
logon/logoff, Running Scripts with Group Policy undeleting objects using, Undeleting Objects –Using PowerShell PowerShell History pane, PowerShell History PowerShell Scripts node, Running Scripts with Group Policy prestaging RODC domain controller accounts, Prestaging RODC domain controller accounts primary name servers (master), Active Directory-Integrated DNS –Active Directory-Integrated DNS property pages, displaying and adding, Property Pages property sets, Property Sets and attributeSecurityGUID , Property Sets, Validated Writes, and Extended Rights Protect from Accidental Deletion checkbox, The Confidentiality Bit –Protecting Objects from Accidental Deletion protocol transition, Delegation PRPs (password replication policies) in RODC deployment, Password Replication Policies –Managing the loss of an RODC risk of not resetting passwords in RODC
deployment, Managing the loss of an RODC PSOMgr creating PSOs, Creating Password Settings Objects , Creating a PSO with the Active Directory Administrative
Center –Creating a PSO with PSOMgr downloading, Understanding Password Settings Objects managing Password Settings Objects, Applying a PSO with ADUC managing PSOs, Understanding Password Settings Objects , Managing Password Settings Objects , Managing PSO Application viewing Password Settings Objects, Viewing the effective PSO –Viewing the effective PSO PSOs (Password Settings Objects) creating, Creating Password Settings Objects –Creating a PSO with PSOMgr defining, Defining Password Settings Objects –Defining PSO precedence managing, Understanding Password Settings Objects , Managing Password Settings Objects , Managing PSO Application –Viewing the effective PSO Public Key Infrastructure (PKI), Lookup process R RAID (Redundant Array of Inexpensive Disks), transaction
logs using, Deploying with Server Manager –Deploying with Server Manager RDN (Relative Distinguished Name) about, Distinguished names –Distinguished names conflict during replication of naming context between
two servers, Conflict due to creation of objects with names that
conflict , Conflict due to creation of objects with names that
conflict Read permission, Using the GUI to Examine Permissions read-only domain controller (RODC) deploying into AD about, Cloning a domain controller –Read-Only Domain Controllers administrator role separation, Administrator Role Separation –Administrator Role Separation application compatibility, Application Compatibility –Application Compatibility chaining table in, The W32Time Service –The W32Time Service client logon process, The Client Logon Process –Populating the password cache , The W32Time Service –The W32Time Service deploying compatibility pack to clients, Read-Only Domain Controllers password replication policies in, Password Replication Policies –Managing the loss of an RODC placement considerations, RODC Placement Considerations –RODC Placement Considerations prerequisites to, Read-Only Domain Controllers promoting server to, Administrator Role Separation –Prestaging RODC domain controller accounts write requests and, RODCs and Write Requests –DNS updates deploying on Server Manager, Deploying with Server Manager filtered attribute set as part of, The filtered attribute set updating last interactive logon attributes, Tracking Last Interactive Logon Information Recycle Bin, Active Directory, Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles , Flexible Single Master Operator (FSMO) Roles , Preserving attributes in a tombstone , Backing Up Active Directory , Working with Snapshots –Using PowerShell , Enabling the Recycle Bin Recycle Bin, AD LDS, Installing an AD LDS Replica recycled objects, Deleted Object Lifecycle Redundant Array of Inexpensive Disks (RAID) transaction logs using, Deploying with Server Manager –Deploying with Server Manager refresh frequency, Summary –Group Policy Refresh Frequency registry settings, for controlling RODC DNS service
attempts, DNS updates –DNS updates relative identifier (RID) master about, Flexible Single Master Operator (FSMO) Roles –Flexible Single Master Operator (FSMO) Roles configuring pool size, Flexible Single Master Operator (FSMO) Roles importance of, Flexible Single Master Operator (FSMO) Roles pool reuse, When to Virtualize , RID pool reuse relying party (RP) about, Active Directory Federation Services –Introduction to Federated Identity trusts, Federation Server Proxies –Relying Party Trusts renaming users, in AD LDS, Renaming Users repadmin command-line tool downloading, Site and Replication Management Tools for AD LDS, repadmin managing cached passwords with, Populating the password cache replicated updates vs. originating updates, Originating updates versus replicated updates ReplicateSingleObject (RSO), Prerequisites replication about, Site Topology and Active Directory Replication , How Replication Works , Creating a Site Topology designing sites and links for creating links, Step 4: Create Site Links –Step 4: Create Site Links creating site link bridges, Step 4: Create Site Links design examples, Step 4: Create Site Links –Step 4: Create site links designing sites, Step 3: Design the Sites –Step 4: Create Site Links gathering background data, Step 2: Plan the Domain Controller Locations planning domain controller locations, Where to put domain controllers –Step 3: Design the Sites impact from integrated DNS zones, Active Directory-Integrated DNS in domain namespace design, Isolated replication installing AD LDS, Installing a New AD LDS Instance management tools, Site and Replication Management Tools metadata background to, A Background to Metadata , A Background to Metadata DSA GUID and invocation ID, DSA GUIDs and invocation IDs high-watermark vector, High-watermark vector (direct up-to-dateness vector) –High-watermark vector (direct up-to-dateness vector) highestCommittedUSN, Update sequence numbers (USNs) and highestCommittedUSN –Update sequence numbers (USNs) and highestCommittedUSN modifying in object during, How an Object’s Metadata Is Modified During Replication –Step 4: Password-change replication to DC A originating updates vs. replicated updates, Originating updates versus replicated updates Up-To-Dateness Vector, High-watermark vector (direct up-to-dateness vector) –Up-to-dateness vector update sequence number, Update sequence numbers (USNs) and highestCommittedUSN –Update sequence numbers (USNs) and highestCommittedUSN viewing, Step 1: Initial creation of a user on Server A modifying convergence intervals, Automatic Intrasite Topology Generation by the KCC problems lingering objects, Conflict due to creation of objects with names that
conflict –Lingering Objects USN rollback, USN Rollback –USN Rollback reconciling conflicts, How Replication Conflicts Are Reconciled –Replicating the conflict resolution restoring DC from, Restore from Replication –Manually removing a domain controller from Active
Directory SMTP, Transport resource records about, Zones –Resource Records overriding srv record registration, Overriding SRV Record Registration types of, Zones –Resource Records used by Active Directory, Resource Records Used by Active Directory –Overriding SRV Record Registration restartable directory service, FSMO Recovery –Restartable Directory Service restore database subcommand, Complete Authoritative Restore restoring Active Directory complete authoritative restore, Complete Authoritative Restore from NT Backup utility backup, Restoring with NT Backup –Restoring with Windows Server Backup from Windows Server backup, Restoring with Windows Server Backup nonauthoritative, Nonauthoritative Restore –Restoring with Windows Server Backup Partial Authoritative Restore, Restoring with Windows Server Backup –Partial Authoritative Restore Domain Controller from backups, Manually removing a domain controller from Active
Directory –Restore from Backup from IFM media, Restore from Backup –Creating and using IFM media on Windows Server 2008 and
newer from replication, Restore from Replication –Manually removing a domain controller from Active
Directory using Directory Services Restore Mode, FSMO Recovery Resultant Set of Policy (RSoP), Capabilities of Group Policy Objects , Scripting Group Policy , Group Policy Infrastructure Status –Group Policy Results Wizard RFC (Request for Comments) attribute types from, Distinguished names LDAP and, A Brief History of Directories , Using LDIF to Extend the Schema on basics of DNS, DNS Fundamentals on Dynamic DNS, Dynamic DNS , Dynamic DNS SRV records defined in, Resource Records Used by Active Directory RID (relative identifier) Master about, Flexible Single Master Operator (FSMO) Roles –Flexible Single Master Operator (FSMO) Roles configuring pool size, Flexible Single Master Operator (FSMO) Roles importance of, Flexible Single Master Operator (FSMO) Roles pool reuse, When to Virtualize , RID pool reuse RODC (read-only domain controller) deploying into AD about, Cloning a domain controller –Read-Only Domain Controllers administrator role separation, Administrator Role Separation –Administrator Role Separation application compatibility, Application Compatibility –Application Compatibility chaining table in, The W32Time Service –The W32Time Service client logon process, The Client Logon Process –Populating the password cache , The W32Time Service –The W32Time Service deploying compatibility pack to clients, Read-Only Domain Controllers password replication policies in, Password Replication Policies –Managing the loss of an RODC placement considerations, RODC Placement Considerations –RODC Placement Considerations prerequisites to, Read-Only Domain Controllers promoting server to, Administrator Role Separation –Prestaging RODC domain controller accounts write requests and, RODCs and Write Requests –DNS updates deploying on Server Manager, Deploying with Server Manager filtered attribute set as part of, The filtered attribute set updating last interactive logon attributes, Tracking Last Interactive Logon Information RODCMode registry, disabling RODC ability to issue write
referrals, Application Compatibility , RODC Placement Considerations rollbacks functional level, Raising the Functional Level –Functional Level Rollback SID, Backing Up Active Directory snapshots of DCs on VM Gen ID, RID pool reuse –Virtualization Safe Restore USN rollback, USN Rollback –USN Rollback , When to Virtualize , USN rollback RootDSE attributes pertaining to naming contexts, Naming Contexts and Application Partitions querying with LDP, Naming Contexts and Application Partitions RPC, legacy, applications using, Application Compatibility RRSIG (DNSSEC record), Resource records –Lookup process , Lookup process RSO (ReplicateSingleObject), Prerequisites RSoP (Resultant Set of Policy), Capabilities of Group Policy Objects , Group Policy Infrastructure Status –Group Policy Results Wizard RunDiagnosticLoggingAppDeploy, Group Policy Logging in Windows 2000, Windows XP, and Windows
Server 2003 RunDiagnosticLoggingGroupPolicy, Group Policy Logging in Windows 2000, Windows XP, and Windows
Server 2003 RunDiagnosticLoggingIntellimirror, Group Policy Logging in Windows 2000, Windows XP, and Windows
Server 2003 S SACL (System ACLs), Permission Basics Safari Books Online, Safari® Books Online safe restore, virtualization, RID pool reuse –Virtualization Safe Restore sAMAccountName, Naming and placing users –Naming and placing users , Using LDIF to Extend the Schema SAML (Security Assertion Markup Language), How It Works , SAML , The Configuration Database Saved Queries feature, of ADUC, Saved Queries scavenging, aging and, on DNS server, Aging and Scavenging –Enabling scavenging on the DNS server Schema Admins group, Nominating Responsible People in Your Organization Schema Container, Structure of the Schema schema extensions, schema master FSMO and, The Schema Master FSMO Schema Management MMC, Creating Schema Extensions schema master FSMO role about, Flexible Single Master Operator (FSMO) Roles , The Schema Master FSMO importance of, Flexible Single Master Operator (FSMO) Roles Schema NC, Schema Naming Context –Schema Naming Context schema, Active Directory about, Active Directory Schema attribute properties attribute syntax, Attribute Syntax –Attribute Syntax attributeSecurityGUID, Property Sets and attributeSecurityGUID defining MAPI ID, MAPI IDs linked attributes, Linked Attributes –Linked Attributes property sets, Property Sets and attributeSecurityGUID schemaFlagsEx attribute, schemaFlagsEx searchFlags attribute, searchFlags –The filtered attribute set systemFlags attribute, systemFlags –Category 1 objects attributeSchema objects, Attributes (attributeSchema Objects) cache, The Schema Cache –The Schema Cache classSchema (Class-Schema) objects dissecting Active Directory class, Dissecting an Example Active Directory Class –Viewing the user class with the Active Directory Schema
snap-in dynamically linked auxiliary classes, Dynamically Linked Auxiliary Classes –Summary objectClassCategory and inheritance, Classes (classSchema Objects) –Object Class Category and Inheritance considerations before changing, Thinking of Changing the Schema –The Global Picture default versions in Windows, Structure of the Schema deleting objects from, Making Classes and Attributes Defunct extensions creating, The Global Picture –Mitigating a Schema Conflict nominating people in organizations, Nominating Responsible People in Your Organization –Nominating Responsible People in Your Organization using LDIF files, Using LDIF to Extend the Schema –Using LDIF to Extend the Schema making classes and attributes defunct, Making Classes and Attributes Defunct –Making Classes and Attributes Defunct mitigating conflicts, Mitigating a Schema Conflict OID namespace, X.500 and the OID Namespace –X.500 and the OID Namespace , Nominating Responsible People in Your Organization , The Global Picture prefixes for classes and attributes, The Global Picture redefining classes and attributes, Making Classes and Attributes Defunct repurposing attributes, To Change or Not to Change structure of, Structure of the Schema –Structure of the Schema system checks when modifying, Using LDIF to Extend the Schema –Making Classes and Attributes Defunct X.500 standard and, X.500 and the OID Namespace schema, AD LDS, Common Uses for AD LDS , Schema –Schema schemaFlagsEx attribute about, schemaFlagsEx attributes defined as critical in, The filtered attribute set schemaIDGUID, Permission ACEs schemaVersion attribute, Active Directory Schema SCP (serviceConnectionPoint), in AD LDS, No SRV Records –No SRV Records SDDL (Security Descriptor Definition Language), Property Sets, Validated Writes, and Extended Rights –Default Security Descriptors , Permission Lockdown SDM Software, Third-Party Troubleshooting Tools SDs (security descriptors) about, Permission Basics assigning ACE to, Permission Basics search functionality, of ADAC, Global Search –Global Search searchFlags attribute, searchFlags –The filtered attribute set ambiguous name resolution (ANR), Ambiguous name resolution attribute change auditing, Confidentiality –Attribute change auditing bits, Permission Lockdown –The Confidentiality Bit filtered attribute set, The filtered attribute set indexing attributes, Indexed attributes –Indexed attributes on attributeSchema object, Implementing Auditing subtree index, Preserving attributes in a tombstone tuple index, The tuple index searching Active Directory about, The Directory Information Tree attribute data types for, Attribute Data Types database connecting components, Connecting Filter Components –Connecting Filter Components modifying behavior with LDAP controls, Modifying Behavior with LDAP Controls –Modifying Behavior with LDAP Controls search scopes in, Search Bases –Modifying Behavior with LDAP Controls using LDAP filter, Searching the Database –Connecting Filter Components directory information tree, The Directory Information Tree –Security descriptor table optimizing, Optimizing Searches –objectClass Versus objectCategory search flag bits, Efficient Searching secondary name servers (slaves), Active Directory-Integrated DNS –Active Directory-Integrated DNS Security Assertion Markup Language (SAML), How It Works , SAML Security Descriptor Definition Language (SDDL), Property Sets, Validated Writes, and Extended Rights –Default Security Descriptors , Permission Lockdown security descriptor table, in searching directory
information tree, Security descriptor table security descriptors (SDs) about, Permission Basics assigning ACE to, Property Sets, Validated Writes, and Extended Rights security group, converting distribution group
to, Converting groups security identifier (SID) about, Flexible Single Master Operator (FSMO) Roles –Flexible Single Master Operator (FSMO) Roles conflict during replication of naming context between
two servers, Conflict due to creation of objects with names that
conflict in Windows security, FSMOs –FSMOs security protocols Kerberos about, Kerberos application access, Application Access delegation, Delegation –Delegation protocol transition, Delegation service access, User Logon –Logon and Service Access Summary user logon, User Logon –User Logon Security tab making visible, Using the GUI to Examine Permissions of ADUC, Advanced Features security, Active Directory AdminSDHolder process, The AdminSDHolder Process –The AdminSDHolder Process auditing about, Active Directory Security: Permissions
and Auditing designing schemes, Bringing Order out of Chaos –Designing Auditing Schemes examining, Using the GUI to Examine Auditing implementing, Designing Auditing Schemes –Implementing Auditing tracking last interactive logon information, Implementing Auditing –Tracking Last Interactive Logon Information using DAC for, Auditing delegation examples, Real-World Active Directory Delegation Examples –Restricting Everyone but HR from Viewing National/Regional ID
Numbers with the Confidential Bit designing permission schemes about, Using the GUI to Examine Auditing planning for, Rule 5: Keep a log of changes –How to Plan Permissions rules for, Using the GUI to Examine Auditing –Rule 5: Keep a log of changes taking over administrator responsibilities, How to Plan Permissions –Bringing Order out of Chaos Dynamic Access Control (DAC) about, Active Directory Security: Permissions
and Auditing , The AdminSDHolder Process –Dynamic Access Control configuring Active Directory for, Configuring Active Directory for DAC –Kerberos policies using on file server, Kerberos policies permissions, managing confidential attributes, Permission Lockdown default security descriptors, Property Sets, Validated Writes, and Extended Rights examining auditing, Using the GUI to Examine Auditing extended rights, Property Sets, Validated Writes, and Extended Rights inherited vs. explicit permissions, Property Sets, Validated Writes, and Extended Rights lockdown of permission, Default Security Descriptors property sets, Property Sets, Validated Writes, and Extended Rights protecting objects from accidental deletion, The Confidentiality Bit –Protecting Objects from Accidental Deletion validated writes, Property Sets, Validated Writes, and Extended Rights –Property Sets, Validated Writes, and Extended Rights using GUI examining auditing, Using the GUI to Examine Auditing for examining permissions, Protecting Objects from Accidental Deletion –Viewing the Effective Permissions for a User or Group Server Manager accessing BPA through, Best Practices Analyzer –Best Practices Analyzer deploying domain controller with, Building Domain Controllers –Deploying with Server Manager Server Virtualization Validation Program (SVVP), When to Virtualize server, naming conventions for, Step 4: Design the Workstation and Server Naming
Conventions –Step 4: Design the Workstation and Server Naming
Conventions , Step 4: Design the workstation and server naming
conventions server-side sorting, Modifying Behavior with LDAP Controls servers, promoting to assume roles, Flexible Single Master Operator (FSMO) Roles service account, Service Account Service Principal Names (SPNs) about, User Logon –Service principal names duplicate, Service principal names outcomes of lookup process, Service tickets service tickets, Service principal names –Service tickets serviceBindingInformation, No SRV Records serviceConnectionPoint (SCP), in AD LDS, No SRV Records –No SRV Records servicePrincipalName value, Service tickets Set-ADForestMode PowerShell cmdlets, Functional Level Rollback shellContext Menu attribute, Context Menus shellPropertyPages attribute, Property Pages SID (security identifier) about, Flexible Single Master Operator (FSMO) Roles –Flexible Single Master Operator (FSMO) Roles conflict during replication of naming context between
two servers, Conflict due to creation of objects with names that
conflict in Windows security, FSMOs –FSMOs rollback, Backing Up Active Directory site link bridges, Site Link Bridges –Site Link Bridges , Transport –Site Link Bridges: The Second Building Blocks of Intersite
Topologies site links about, Site Links –Managing site links designing for replication, Site Link Bridges: The Second Building Blocks of Intersite
Topologies –Step 4: Create Site Links creating links, Step 4: Create Site Links –Step 4: Create Site Links gathering background data, Step 2: Plan the Domain Controller Locations planning domain controller locations, Where to put domain controllers –Step 3: Design the Sites site topology about, Site Topology about creating, Creating a Site Topology connection objects, Connection Objects –Connection Objects domain controllers located outside site, Resource Records Used by Active Directory intersite about, Creating a Site Topology site link bridges in, Transport –Site Link Bridges: The Second Building Blocks of Intersite
Topologies site links in, Now what? –Transport intrasite topology about, Creating a Site Topology automatic site generation by KCC, The KCC –Now what? Knowledge Consistency Checker, Knowledge Consistency Checker –Knowledge Consistency Checker , The KCC –Now what? management tools, Site and Replication Management Tools site link bridges, Site Link Bridges –Site Link Bridges site links about, Site Links –Managing site links sites, Sites –Site Links subnets, Subnets –Troubleshooting subnet data problems add in site, Subnets managing, Managing subnets troubleshooting data problems, Managing subnets –Troubleshooting subnet data problems Sites and Services MMC snap-in changing service account using, Using Group Managed Service Accounts creating site links in, Managing site links list of subnets, Managing sites managing replication topology using, Site and Replication Management Tools stopping Active Directory service using, Restartable Directory Service sites, designing for replication, Site Link Bridges: The Second Building Blocks of Intersite
Topologies –Step 4: Create Site Links designing sites, Step 3: Design the Sites –Step 4: Create Site Links gathering background data, Step 2: Plan the Domain Controller Locations smart card, logging in with, User Logon SMTP replication, Transport SMTP site link, Site Links , Managing site links snapshots rollback snapshots of DCs on VM Gen IDs, RID pool reuse –Virtualization Safe Restore working with, Working with Snapshots –Working with Snapshots sorting, server-side, Modifying Behavior with LDAP Controls sPNMappings attribute, Service tickets SPNs (Service Principal Names) about, User Logon –Service principal names duplicate, Service principal names outcomes of lookup process, Service tickets SQL Server, using instead of WID, Configuring ADFS SRV (Service Record) type, Resource Records , Resource Records Used by Active Directory –Resource Records Used by Active Directory SSL certificates, requirement for, Certificates Starter GPOs, using, Using Starter GPOs startup/shutdown scripts finding inside GPME, Running Scripts with Group Policy running scripts at user, Item-Level Targeting –Running Scripts with Group Policy stats LDAP controls, Using the stats control –Using the stats control structure, designing Active Directory about, Designing the Active Directory Structure –Designing the Active Directory Structure about design process, Overview of the Design Process –Domain Namespace Design complexities of, Designing the Active Directory Structure domain namespace design, Domain Namespace Design –Arrange the subdomain hierarchy examples of, Design Examples –Step 5: Plan for users and groups internal domain structure design, Arrange the subdomain hierarchy –Naming and placing groups setting up test environment, Overview of the Design Process subnets about, Subnets –Subnets add in site, Subnets managing, Managing subnets troubleshooting data problems, Managing subnets –Troubleshooting subnet data problems subtree index, Preserving attributes in a tombstone subzone method, for picking DNS name for Active Directory
network, Choose the forest root domain –Design the namespace naming scheme SVVP (Server Virtualization Validation Program), When to Virtualize Sync-ADObject cmdlet, Recap System ACLs (SACL), Permission Basics , Designing Auditing Schemes –Implementing Auditing system clock, changing during virtualization of
DC, RID pool reuse system-state backups, Using Windows Server Backup systemFlags attribute, systemFlags –Category 1 objects Sysvol, Deploying with Server Manager –Deploying with Server Manager , The DC cloning process creating Starter GPOs in, Using Starter GPOs GPT folder in, Running Scripts with Group Policy replicating, Group Policy replication T Taskpads, creating, Taskpads –Taskpads TGT (ticket granting ticket) krbtgt account and, The Client Logon Process –The Client Logon Process obtaining for Kerberos, User Logon –User Logon time formats, searching Active Directory using, Dates and Times –Dates and Times time synchronization, Time Synchronization in Active Directory –Domain and Forest Functional Levels time, in replication, A Background to Metadata Time-to- Live (TTL) value, Storing Dynamic Data timestamps lastLogonTimeStamp, RID pool reuse lastLogonTimeStamp attribute, Implementing Auditing lastLogonTimeStampAttribute, Computer account password changes –Last-logon statistics token bloat, Groups tombstone deleting Dynamic objects and, Storing Dynamic Data lifetime, Replicating the conflict resolution –Lingering Objects preserving attribute in, Preserving attributes in a tombstone tombStoneLifetime attribute, Backing Up Active Directory trees considerations for creating additional, Design the namespace naming scheme directory information tree as ESE database file, How Objects Are Stored and Identified maintenance, DIT Maintenance searching, The Directory Information Tree –Security descriptor table domain about, Domains and Domain Trees –Domains and Domain Trees impacting GPO applications, Prioritizing the Application of Multiple Policies trust anchors about, DNSSEC deploying, Lookup process , Configuring DNSSEC for Active Directory DNS publishing, Configuring DNSSEC for Active Directory DNS –Configuring DNSSEC for Active Directory DNS storing data, Lookup process trust relationships, Domains and Domain Trees trustedDomain, RODC Placement Considerations Trusts snap-in, functional levels set via, Domain and Forest Functional Levels tuple index, The tuple index U undeleting objects, Undeleting Objects –Using PowerShell unicodePwd in Active Directory, Step 4: Password-change replication to DC A in AD LDS, User Principal Names Uninstall-ADDSDomainController cmdlet, Automating the DC Build Process Up-To-Dateness Vector (UTDV), High-watermark vector (direct up-to-dateness vector) –High-watermark vector (direct up-to-dateness vector) , Step 5: The initiating server checks whether it is up to
date update sequence number (USN) aborted database transaction and, Originating updates versus replicated updates about, When to Virtualize domain controller maintaining, Update sequence numbers (USNs) and highestCommittedUSN –Update sequence numbers (USNs) and highestCommittedUSN HWMV tables storing, High-watermark vector (direct up-to-dateness vector) modifying metadata in object during
replication, How an Object’s Metadata Is Modified During Replication –Step 4: Password-change replication to DC A problems during replication with, USN Rollback –USN Rollback upgrading, Active Directory beginning, Beginning the Upgrade –Beginning the Upgrade functional levels, Differences in functionality –Functional Level Rollback known issues, Known Issues versions of, Upgrading Active Directory –Active Directory Versions Windows Server 2003, Active Directory Versions –Differences in functionality Windows Server 2008, Differences in functionality –Differences in functionality Windows Server 2008 R2, Differences in functionality –Differences in functionality Windows Server 2012, Windows Server 2012 –Differences in functionality UPN (userPrincipalName) attribute assigning users, Naming and placing users creating user, Naming and placing users dissecting, Dissecting an Example Active Directory Attribute –Dissecting an Example Active Directory Attribute enabling universal group caching and, Restoring a Domain Controller in AD LDS, Service Account , User Principal Names in renaming users, Renaming Users SPNs and, User Logon user accounts, administrators creating, Naming and placing users user logon, User Logon UserEnv debug log file, Group Policy Logging in Windows 2000, Windows XP, and Windows
Server 2003 –Group Policy Logging in Windows Vista/Windows Server 2008 and
Newer userPassword attribute, in AD LDS, Creating Users userPrincipalName (UPN) attribute assigning users, Naming and placing users creating user, Naming and placing users dissecting, Dissecting an Example Active Directory Attribute –Dissecting an Example Active Directory Attribute enabling universal group caching and, Restoring a Domain Controller in AD LDS, Service Account , User Principal Names in renaming users, Renaming Users SPNs and, User Logon userProxy objectClass, in AD LDS, Creating User Proxies –Special considerations users allowing access new published resources for specific
group of, Hiding Specific Personal Details for All Users in an
Organizational Unit from a Group creating UPNs for, Naming and placing users hiding from groups personal details of, Real-World Active Directory Delegation Examples –Hiding Specific Personal Details for All Users in an
Organizational Unit from a Group managing in AD LDS, Creating Users –Creating Groups naming and placing, Naming and placing users –Naming and placing users restrict viewing of national/regional ID
numbers, Restricting Everyone but HR from Viewing National/Regional ID
Numbers with the Confidential Bit USN (update sequence number) aborted database transaction and, Originating updates versus replicated updates about, When to Virtualize domain controller maintaining, Update sequence numbers (USNs) and highestCommittedUSN –Update sequence numbers (USNs) and highestCommittedUSN HWMV tables storing, High-watermark vector (direct up-to-dateness vector) modifying metadata in object during
replication, How an Object’s Metadata Is Modified During Replication –Step 4: Password-change replication to DC A problems during replication with, USN Rollback –USN Rollback replication of naming context between two
servers, The Replication of a Naming Context Between Two Servers –Recap USN rollback, USN Rollback –USN Rollback , When to Virtualize , USN rollback –USN rollback UTDV (Up-To-Dateness Vector), High-watermark vector (direct up-to-dateness vector) –Up-to-dateness vector , Step 5: The initiating server checks whether it is up to
date UUID concept, Uniquely Identifying Objects V validAccesses attribute, Property Sets, Validated Writes, and Extended Rights validated writes, Property Sets, Validated Writes, and Extended Rights –Property Sets, Validated Writes, and Extended Rights VAMT (Volume Activation Management Tool 3.0), Active Directory-Based Machine Activation versions of .NET Framework, .NET Development Without an IDE –Summary of Namespaces, Assemblies, and Framework Versions of Active Directory, Upgrading Active Directory –Active Directory Versions VHD files, manually mount and unmount, Cloning Domain Controllers , Cloning Domain Controllers , Cloning a domain controller Virtual Floppy Disk (VFD), creating custom files, Cloning Domain Controllers virtual list view (VLV), The subtree index virtual machine generation ID (VM gen ID) DC clones and, Cloning Domain Controllers resetting invocation ID, DSA GUIDs and invocation IDs rollback snapshots of DCs on, RID pool reuse –Virtualization Safe Restore virtualization of DC about, Automating the DC Build Process –Virtualization cloning DC, Cloning Domain Controllers –Cloning a domain controller considerations about, Virtualization –When to Virtualize impact of, When to Virtualize safe restore, RID pool reuse –Virtualization Safe Restore VM gen ID (virtual machine generation ID) DC clones and, Cloning Domain Controllers resetting invocation ID, DSA GUIDs and invocation IDs rollback snapshots of DCs on, RID pool reuse –Virtualization Safe Restore Volume Activation Management Tool 3.0 (VAMT), Active Directory-Based Machine Activation Volume Shadow Copy (VSS) service, Working with Snapshots VSS (Volume Shadow Copy) service, Working with Snapshots W W32Time service configuring on PDC emulator, Time Synchronization in Active Directory RODC synchronizing time, The W32Time Service –The W32Time Service WAN link, in deploying RODC, Read-Only Domain Controllers , The Client Logon Process , Populating the password cache WID (Windows Internal Database) instance, The Configuration Database , Configuring ADFS wild card (*), as LDAP filter operator, Filter Operators Windows activating in corporate environments., Active Directory-Based Machine Activation default schema versions, Structure of the Schema impacts of cloning on, Cloning Domain Controllers security identifier in, FSMOs –FSMOs Windows 2000 allowing schema modifications on, Running the AD Schema Management MMC Snap-in for the First
Time mixed and native, Windows 2000 domain mode –Windows 2000 domain mode Windows Internal Database (WID) instance, The Configuration Database , Configuring ADFS Windows Management Interface (WMI) filtering, WMI Filtering queries, Use simple queries in WMI filters Windows PowerShell automating DC build process using, Using DCPromo on Earlier Versions of Windows –Automating the DC Build Process enabling AD LDS Recycle Bin, Enabling the Recycle Bin enabling AD Recycle Bin, Enabling the Recycle Bin Group Policy cmdlets, Scripting Group Policy –Scripting Group Policy managing DNS with, Managing DNS with Windows PowerShell managing Password Settings Objects, Understanding Password Settings Objects running scripts at user client machine at
logon/logoff, Running Scripts with Group Policy undeleting objects using, Undeleting Objects –Using PowerShell Windows Server 2003, upgrades to Active Directory, Active Directory Versions –Differences in functionality Windows Server 2008 restartable directory service in, FSMO Recovery –Restartable Directory Service upgrades to Active Directory, Differences in functionality –Differences in functionality Windows Server 2008 R2, upgrades to Active
Directory, Differences in functionality –Differences in functionality Windows Server 2012 Adprep utility in, Beginning the Upgrade –Beginning the Upgrade creating ACLs on, Kerberos policies Dynamic Access Control in, The AdminSDHolder Process enabling Active Directory Recycle Bin, Enabling the Recycle Bin functional levels of, Differences in functionality –Functional Levels obtaining access token, Dynamic Access Control upgrades to Active Directory, Windows Server 2012 –Differences in functionality Windows Server Backup (WSB), Using Windows Server Backup –Using Windows Server Backup Windows Server, restoring backups from, Restoring with Windows Server Backup WINS (Windows Internet Naming Service) consolidating separate domains and using, Step 4: Design the Workstation and Server Naming
Conventions deploying IPv6 and, Global Names Zones usefulness of, Global Names Zones vs. DNS, Active Directory and DNS wizards, replacing default, Object Creation Wizard WMI (Windows Management Interface) filtering, WMI Filtering queries, Use simple queries in WMI filters workstation, naming conventions for, Step 4: Design the Workstation and Server Naming
Conventions –Step 4: Design the Workstation and Server Naming
Conventions Writable Domain Controller (RWDC) administrator changing RODC through, Administrator Role Separation Bridge all site links enabled and, Read-Only Domain Controllers replicating user password, User password changes validating user password, Read-Only Domain Controllers , Password Replication Policies , The Client Logon Process write referrals, disabling RODC ability to
issue, Application Compatibility write requests, RODC and, RODCs and Write Requests –DNS updates WS-Federation (WS-Fed), How It Works , WS-Federation WSB (Windows Server Backup), Using Windows Server Backup –Using Windows Server Backup
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.