|
Index
Computers
Home
ASP
Coding
Buy
Computers
Movies
Let's
Go
To
The
Garage
Check
Out
The
Mall
Favorite
Downloads
Keywords
Free
Software
Hot
Files
HTML
Improve
Your
Site
Interesting
Stuff
Microsoft
MP3
Paint
Shop
Search
Spy
Screen
Savers
Tech
Data
Base
Tech
Republic
Web
Tools
Web
Design
To
Genealogy
Send
a
Card!
Other
Sites
Home
Computers
Family
Fine
Arts
Family
Fitness
and
Sports
Family
Movies
Family
News
Family
Playground
For
Women
Only
Garage
Home
and
Garden
I
Know
It
Money
Religion
Senior
Citizens
Science
and
Technology
Spy
Resources
Teen
Hideaway
Young
Adults
Shopping
Services
Auto
Accessories
Auto
Dealers
Auto
Price
Auto
Rental
Banks
Books
Books
for
School
Boutique
Computers
Computer
Virus
Drug
Stores
Disney
Flowers
Furniture
Hotels
Internet
Domains
Jewelry
Jobs
Loans
Men's
Clothing
Perfume
Pets
Shoes
Travel
Vitamins
Weddings
Wine
Women's
Clothing
Financial
Categories
Go
To
Financial
American
Express
Bank
Account
Book
Review
Buy
Books
Buy
a
Car
Buy
a
Computer
Cheap
Airfare
Communications
Hotels
Worldwide
Insurance
Internet
Name
Jobs
Loan
Search
Rent
a
Car
Travel
Where
To
Shop
Auto
Accessories
Business
&
Career
Clothing
&
Accessories
Computer
&
Electronics
Department
Store
Entertainment
Financial
Services
Food
&
Drink
Games
&
Toys
Gift
&
Flowers
Heath
&
Beauty
Hobbies
&
Collectibles
Home
&
Living
Internet
&
Online
Wine
and
Cheese
Miscellaneous
Office
Sports
&
Fitness
Travel
Telecommunications
|
The
Windows
2000
directory
services
are
an
essential
and
inseparable
part
of
the
Windows
2000
network
architecture,
and
are
specifically
designed
for
distributed
networking
environments.
With
Active
Directory,
organizations
can
efficiently
share
and
manage
information
about
network
resources
and
users.
Active
Directory
acts
as
the
central
authority
for
network
security,
letting
the
operating
system
readily
verify
a
user's
identity
and
control
his
or
her
access
to
network
resources.
Equally
important,
Active
Directory
acts
as
an
integration
point
for
bringing
systems
together
and
consolidating
management
tasks.
In
addition,
the
meta-directory
service
allows
Active
Directory
to
manage
identity
information
that
applications
and
network
services
store
in
places
other
than
in
a
directory,
while
synchronization
services
allow
Active
Directory
to
share
information
with
other
directory
services.
Learn
more
about
Windows
2000
directory
services,
and
find
out
how
Active
Directory
centrally
manages
network
users,
applications,
and
devices.
This
white
paper
introduces
Active
DirectoryTM
Display
Specifiers.
Display
Specifiers
are
objects
that
hold
Active
Directory
user
interface
(UI)
information
and
provide
a
flexible
UI
mechanism
to
meet
the
needs
of
the
various
user
groups
in
the
distributed
network.
Active
Directory
Service
Interfaces
(ADSI)
allows
the
integration
of
multiple
directory
services
through
a
well
defined,
open
set
of
interfaces
The
availability
of
a
standard
open
directory
service
administration
and
programming
model
for
Windows®-based
platforms
will
encourage
the
inclusion
of
directory
services
in
a
wide
range
of
commercial
and
customer-developed
applications.
To
use
the
Microsoft®
Windows® 2000
Server
operating
system
with
maximum
effectiveness,
you
must
first
understand
what
the
Active
DirectoryTM
service
is.
Active
Directory,
new
in
the
Windows 2000
operating
system,
plays
a
major
role
in
implementing
your
organization’s
network
and
therefore
in
accomplishing
its
business
goals.
This
paper
introduces
network
administrators
to
Active
Directory,
explains
its
architecture,
and
describes
how
it
interoperates
with
applications
and
other
directory
services.
Contents
What's
New
About
ADSI
Getting
and
Using
ADSI
Providers
Developer
Resources
Active
Directory
Service
Interfaces
(ADSI)
enable
systems
administrators
and
developers
of
scripts
or
C/C++
applications
to
easily
query
for
and
manipulate
directory
service
objects.
access
control
--
the
management
of
permissions
for
logging
on
to
a
computer
or
network.
ACE
--
see
access
control
entry.
access
control
entry
(ACE)
--
each
ACE
contains
a
security
identifier
(SID),
which
identifies
the
principal
(user
or
group)
to
whom
the
ACE
applies,
and
information
on
what
type
of
access
the
ACE
grants
or
denies.
access
control
list
(ACL)
--
a
set
of
data
associated
with
a
file,
directory,
or
other
resource
that
defines
the
permissions
that
users
and/or
groups
have
for
accessing
it.
In
the
Active
DirectoryTM
service,
an
ACL
is
a
list
of
access
control
entries
(ACEs)
stored
with
the
object
it
protects.
In
the
Windows
NT®
operating
system,
an
ACL
is
stored
as
a
binary
value,
called
a
security
descriptor.
ACL
--
see
access
control
list.
(etc.)
In
the
Windows® 2000
operating
system,
the
Active
DirectoryTM
service
provides
user
and
computer
accounts
and
distribution
and
security
groups.
The
operating
system
integrates
user,
computer,
and
group
security
with
the
Windows 2000
security
subsystem
as
a
whole.
This
white
paper
introduces
administrators
to
the
way
users,
computers,
and
groups
are
organized
and
how
user
authentication
and
authorization
are
used
to
provide
security.
Identity
is
the
summary
of
information
about
people,
applications,
and
resources
scattered
in
directories
and
databases
throughout
most
IT
enterprises.
This
paper
addresses
solution
requirements,
using
Microsoft®
Windows® 2000
and
the
Active
DirectoryTM
service,
for
dealing
with
disparate
identity
information,
including
the
sharing
of
identity
information
between
different
resources,
the
distribution
of
identity
changes
amongst
various
resources,
and
ensuring
that
related
data
remain
consistent
throughout
the
enterprise.
The
Schema
Documentation
Program,
also
known
as
schemadoc.exe,
is
used
to
document
extensions
made
to
your
Active
DirectoryTM
service
schema.
It
will
search
your
directory
based
on
a
prefix
that
you
give
it
and
copy
the
information
from
the
classes
and
attributes
that
match
the
prefix
into
an
XML
file.
All
data
that
is
entered
during
the
course
of
this
program,
except
the
Directory
Path
and
password
fields,
is
stored
in
a
file
called
xml.cfg.
Microsoft
recognizes
that
many
companies
moving
to
Microsoft®
Windows® 2000
Server
operating
system
have
planning
and
deployment
requirements,
such
as
consolidation
of
Windows
NT®
4.0
domains.
To
address
these
needs,
Microsoft
has
worked
with
leading
independent
software
vendors
(ISVs)
to
deliver
a
wide
range
of
accessory
products
that
speed
migration
to
Windows
2000
Server
and
the
Active
DirectoryTM
directory
service.
For
more
information,
please
see
the
vendor
descriptions
below.
Contents
Aelita
Software
Group
NetIQ
Entevo
Corporation
FastLane
Technologies
Inc.
Full
Armor
Corporation
Master
Design
and
Development
Mission
Critical
Software
NetPro
Open
Software
Associates
This
white
paper
outlines
the
planning
processes
and
considerations
when
migrating
Windows
NT®
operating
system
domains
to
Windows®
2000.
New
Windows
2000
utilities,
tools,
and
technologies
make
migrating
users
and
computers,
while
maintaining
access
to
resources,
a
straightforward
task.
Microsoft
provides
an
industry
leading
solution
for
the
challenges
of
managing
identity
data
in
an
enterprise.
Complex
challenges
such
as
maintaining enterprise
address
books
and
hire/fire
scenarios
are
solved
with
the
flexible
and
powerful
architecture
of
the
Microsoft®
Metadirectory
Service
(MMS),
formerly
named
ZOOMIT
VIA. MMS
is
a
well-established
product
with
an
extensive
customer
base,
including
many
large
organizations
throughout
the
world.
This
paper
presents
an
overview
of
the
capabilities
and
concepts
behind
MMS
and
its
relationship
to
the
concept
of
identity
management.
This
guide
introduces
you
to
administration
of
the
Windows® 2000
Active
DirectoryTM
service.
The
procedures
demonstrate
how
to
use
the
Active
Directory
Users
and
Computers
snap-in
to
add,
move,
delete,
and
alter
the
properties
for
objects
such
as
users,
contacts,
groups,
servers,
printers,
and
shared
folders.
This
step-by-step
guide
shows
how
to
delegate
control
of
objects
in
a
Windows®
2000
Active
Directory™
service
container,
using
the
Delegation
of
Control
wizard
in
the
Active
Directory
Users
and
Computers
snap-in.
Three
examples
illustrate
this
functionality:
Delegate
complete
control
of
an
organizational
unit
called
Autonomous
Unit
to
a
group
within
the
Autonomous
Unit
called
AUAdmins.
Delegate
creation
and
deletion
of
users
in
an
organizational
unit
called
Divisions
to
a
group
called
HRTeam.
Delegate
resetting
of
passwords
for
all
users
in
an
organizational
unit
called
Divisions
to
a
group
called
HelpDesk.
Following
the
Common
Infrastructure
setup,
this
guide
adds
a
new
OU
to
the
Reskit.com
root
that
is
called
Divisions,
then
adds
three
new
OU
to
Divisions
called
Operations,
Autonomous
Unit,
and
Product
Group,
adds
a
new
group
to
Operations
called
HelpDesk,
a
new
group
to
Autonomous
Unit
called
AUAdmins,
and
a
new
group
to
Product
Group
called
HRTeam.
(To
review
adding
new
OUs
and
groups,
see
the
“Common
Infrastructure”
guide.)
This
guide
demonstrates
how
to
set
up
Simple
Mail
Transfer
Protocol
(SMTP)-based
replication
between
two
Windows®
2000–based
domain
controllers,
each
belonging
to
a
different
domain.
The
Windows
2000
operating
system
offers
three
degrees
of
connectivity
for
Active
DirectoryTM
service
information:
Uniform
high
speed
(within
a
site).
Point-to-point
synchronous
low
speed
(Remote
Procedure
Call,
or
RPC,
between
sites).
SMTP
between
sites.
Windows
2000
also
allows
you
to
have
domains
that
span
multiple
sites,
provided
that
those
sites
have
at
least
point-to-point
synchronous
low
speed
RPC
connectivity
between
each
other.
A
few
points
need
to
be
made
regarding
Active
Directory
replication:
Intra-site
replication
always
uses
RPC.
Inter-site
replication
uses
RPC
or
SMTP.
Inter-site
replication
using
SMTP
is
not
supported
for
domain
controllers
(DCs)
that
are
replicas
for
the
same
domain.
Contents
Introduction
Prerequisites
Using
the
Sites
Topology
Tool
Site
Links
and
Site
Link
Bridges
Appendix:
Replication
Topology
Concepts
Related
Links
This
guide
introduces
batch
administration
of
the
Active
DirectoryTM
service,
using
both
the
LDAP
Data
Interchange
Format
(LDIF)
utility
and
a
simple
program
you
can
write
using
the
Visual
Basic®
Scripting
Edition
(VBScript)
development
system.
Using
these
tools,
you
can
export,
import,
and
modify
objects
such
as
users,
contacts,
groups,
servers,
printers,
and
shared
folders.
Contents
Introduction
Using
the
LDIFDE
utility
Using
VBScript
and
ADSI
Important
Notes
Related
Links
Contents
Introduction
Prerequisites
Installing
Static
IP
Addresses
Configuring
a
Child
Domain
Role
of
Sites
in
Active
Directory
Replication
Configuring
a
Replication
Partner
Related
Links
This
step-by-step
guide
introduces
you
to
advanced
administration
of
the
Microsoft®
Windows® 2000
Active
DirectoryTM
service,
using
the
Active
Directory
Schema
snap-in
and
display
specifier
modification.
You
can
add
and
modify
classes
and
attributes
in
the
schema
and
extend
both
the
Administrative
Tools
and
the
Windows
shell
by
modifying
attributes
in
display
specifiers.
Contents
- Introduction
- Scenarios
- Managing
the
Active
Directory
Schema
- Adding
Values
to
the
New
Attributes
- Modifying
Display
Specifiers
- Related
Links
Using
Active
DirectoryTM,
administrators
manage
a
directory
service
that
is
completely
integrated
with
the
operating
system,
which
means
that
it
provides
one
management
interface
for
many
directory
service
tasks.
In
addition,
Active
Directory
significantly
strengthens
network
security
by
acting
as
the
central
authority
for
governing
access
control
and
user
authentication.
And
in
addition
to
strengthening
the
internal
security
of
your
network,
implementing
the
Active
Directory
service
also
lets
you
take
advantage
of
advanced
security
features,
such
as
support
for
Kerberos,
smart
cards,
public
key
infrastructure
(PKI),
and
x.509
certificates,
which
are
especially
useful
for
companies
that
do
business
over
the
Internet
or
want
to
share
information
with
business
partners
over
an
extranet.
Active
Directory
builds
on
the
familiar
architecture
of
the
Windows
NT
operating
system
with
the
addition
of
standards-based
technologies—DNS
and
the
Lightweight
Directory
Access
Protocol
(LDAP)—to
access
Active
Directory
features.
Active
Directory
uses
DNS
as
a
locator
service,
resolving
domain
names
to
IP
addresses
and
LDAP,
the
industry
standard,
protocol
for
directory
service
access,
for
accessing
data.
For
example,
when
an
Active
Directory
client
wants
to
log
on
to
an
Active
Directory
domain,
the
client
queries
its
DNS
server
for
the
IP
address
of
the
LDAP
service
running
on
the
domain
controller.
To
simplify
managing
your
network,
enhance
network
security,
and
make
use
of
open
standards
that
allow
you
to
extend
and
interoperate
your
directory
service
with
other
applications,
directory
services,
and
devices,
take
a
look
at
how
to
install
Active
Directory
when
upgrading
to
Windows® 2000.
This
guide
will
lead
you
through
the
process
of
upgrading
to
a
Windows
2000
domain
controller
and
installing
Active
Directory.
After
outlining
a
strategy
for
developing
disaster
prevention
and
recovery
procedures
and
listing
new
or
enhanced
Microsoft
Windows
2000
file
system,
data
storage,
and
System
State
features,
this
paper
introduces
the
improved
Windows
2000
Backup
utility
and
provides
guidelines
for
administrators
for
recovery
of
machines
running
Windows
2000
Server.
The
discussion
includes
restoring
server
services
and
how
to
verify
the
successful
restoration
of
distributed
services.
The
intended
audience
for
this
paper
is
an
administrator
with
experience
in
backing
up
and
restoring
complex
systems,
who
is
also
familiar
with
Windows
2000,
its
Active
Directory™
service,
and
related
features
such
as
Active
Directory
replication,
the
system
volume
(Sysvol),
and
the
File
Replication
Service
(FRS).
____________________________________________
For comments send an email
to: SiteManager@comedition.com
Copyright © 1999-2000 EDA, Inc.. All rights reserved.
Revised: August 13, 2006
|
|
