Making Sense of Active Directory
If the devil is in the details, the details (on Active Directory) are here.
- By Paul G. Brown
- 01/01/2001
Active Directory (AD) is one of Windows 2000 Server's
key features. Like any other Windows enhancement, it's
designed to ease the system administrator's burden. Yet
to reap AD's benefits, you need time to become familiar
with it. You're fortunate — Windows 2000 Active Directory cuts that
amount of time and also offers some immediate solutions
to the challenges inherent in using AD.
The book is divided into three parts: basics, design
and scripting. The basics are exactly that - the basics.
The chapters in this section, Part 1, present the concepts
that lay the foundation for understanding and working
with AD. Domain controllers, containers and organizational
units all receive extensive coverage. By the end of Chapter
3, the reader has a firm understanding of how things are
organized and configured vis-Ã -vis AD. Chapter 4 shows
how this information is spread throughout the enterprise
using replication as it applies to Win2K. Wrap this up
with a discussion of TCP/IP and DNS to fill in the gaps,
and Part 1 is complete.
Upgrading a network has never been simple and should
always be approached with a plan. Win2K and AD make this
even more of a necessity, hence Part 2 of this tome. This
section helps you develop a plan for logically modeling
the enterprise. As with every book, migration from Windows
NT has its own chapter and is strategically mentioned
throughout other chapters. This section's real value,
however, comes from how well it covers User and Group
policies and the various levels of granularity. The book
does an excellent job of pointing out the impact and repercussions
of various settings, preventing some headaches down the
road.
Continuing with Part 2, today's large networks mean that
users and groups are accessing a network from anywhere
and everywhere. One of this book's strong points is the
recognition of delegation. By delegating, a system administrator
can offload some mundane network management tasks to other
personnel, leaving the administrator free to deal with
broader issues. For example, when a new employee comes
into the accounting department, it makes little sense
for the system administrator to add that new user to the
network. For efficiency's sake, it makes more sense if
the accounting department manager does this.
Now that you've got everything laid out, how the heck
are you going to perform all these AD-related tasks on
every server for every user? Through scripting, and now
you enter Part 3 of the book. A script is a small program
that automates a task, for example, adding that new user
in accounting. Part 3 digs deeply into scripting, leading
off with an explanation of the buzzwords that would serve
as the perfect opening for a developer's book. If you're
not familiar with the terms VB Script, ASP, HTML and WSH,
you will be by the time you finish this section. As you
progress through Part 3, you learn how to generate scripts
for a multitude of jobs, for example, task delegation
and creating single and multiple users.
In his introduction, the author states that this book
is intended for system administrators — and he means
it. If you need an AD tutorial or step-by-step walkthrough,
this isn't the book for you. It's for those who need to
know more than just the basic steps to complete an AD-related
task. Plan on spending some time reading this book, making
sure you absorb all that is presented. If you can own
only one book on AD, then this volume is definitely a
candidate.
About the Author
Paul G. Brown, MCSD, a developer, speaker, and a frequent contributor to MCPmag.com, lives in New Berlin, Illinois. When not in front of the computer, he can be found chasing Jerry, Wesley, Jordan and Dillon for Mom.