active_directory_domain_services_2008_how-to.pdf

(26242 KB) Pobierz
www.it-ebooks.info
JOHN POLICELLI
Active
Directory
Domain
Services
2008
HOW-TO
800 East 96th Street, Indianapolis, Indiana 46240 USA
www.it-ebooks.info
Active Directory Domain Services 2008 How-To
Copyright © 2009 by Pearson Education, Inc.
All rights reserved. No part of this book shall be reproduced, stored in a
retrieval system, or transmitted by any means, electronic, mechanical,
photocopying, recording, or otherwise, without written permission from the
publisher. No patent liability is assumed with respect to the use of the
information contained herein. Although every precaution has been taken in
the preparation of this book, the publisher and author assume no responsi-
bility for errors or omissions. Nor is any liability assumed for damages
resulting from the use of the information contained herein.
This material may be distributed only subject to the terms and conditions
set forth in the Open Publication License, v1.0 or later (the latest version
is presently available at http://www.opencontent.org/openpub/).
ISBN-13: 978-0-672-33045-2
ISBN-10: 0-672-33045-8
Library of Congress Cataloging-in-Publication Data
Policelli, John.
Active directory 2008 how-to / John Policelli.
p. cm.
ISBN-13: 978-0-672-33045-2
ISBN-10: 0-672-33045-8
1. Directory services (Computer network technology) 2. Microsoft
Windows. I. Title.
TK5105.595.P65 2009
005.7'1376--dc22
2009011935
Printed in the United States of America
First Printing
Editor-in-Chief
Karen Gettman
Executive Editor
Neil Rowe
Development Editor
Mark Renfrow
Managing Editor
Patrick Kanouse
Project Editor
Mandie Frank
Copy Editor
Megan Wade
Indexer
Ken Johnson
Proofreader
Leslie Joseph
Technical Editor
Todd Meister
Publishing
Coordinator
Cindy Teeters
Designer
Gary Adair
Compositor
Bronkella
Publishing LLC
Trademarks
All terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. Sams Publishing cannot
attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service
mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accu-
rate as possible, but no warranty or fitness is implied. The information
provided is on an “as is” basis. The author and the publisher shall have
neither liability nor responsibility to any person or entity with respect to any
loss or damages arising from the information contained in this book.
Bulk Sales
Sams Publishing offers excellent discounts on this book when ordered in
quantity for bulk purchases or special sales. For more information, please
contact
U.S. Corporate and Government Sales
1-800-382-3419
corpsales@pearsontechgroup.com
For sales outside of the U.S., please contact
International Sales
international@pearson.com
www.it-ebooks.info
Contents at a Glance
Introduction
. ........................................................................................................................................................................
1
1
Introduction to Active Directory Domain Services
. .......................................................................
5
2
Prepare for Active Directory Domain Services Installation
. ..............................................
13
3
Install and Uninstall Active Directory Domain Services
. .....................................................
23
4
Manage Trusts and Functional Levels
. ..................................................................................................
77
5
Manage Operations Master Roles and Global Catalog Servers
. .............................
123
6
Manage Sites and Replication
. ................................................................................................................
155
7
Manage the Active Directory Domain Services Schema
. ...............................................
205
8
Manage Active Directory Domain Services Data
. ...................................................................
237
9
Manage Group Policy
. ........................................................................................................................................
327
10
Manage Password Replication Policies
. ...........................................................................................
389
11
Manage Fine-Grained Password and Account Lockout Policies
. .............................
401
12
Manage Active Directory Domain Services Backup and Recovery
. ......................
417
13
Manage Active Directory Domain Services Auditing
. ..........................................................
455
Index
. .................................................................................................................................................................................
475
www.it-ebooks.info
Table of Contents
Introduction
1
Overview of This Book
. ....................................................................................................................................
1
How-To Benefit from This Book
. ..............................................................................................................
1
How-To Continue Expanding Your Knowledge
. ..........................................................................
2
1 Introduction to Active Directory Domain Services
5
What’s New in Windows Server 2008 Active Directory Domain Services
. . . .
6
Windows Server 2008 System Requirements
. .........................................................................
7
Installing Windows Server 2008
. ...........................................................................................................
8
2 Prepare for Active Directory Domain Services Installation
13
Prepare an Existing Forest for Windows Server 2008 Active Directory
Domain Services
. ...........................................................................................................................................
14
Prepare an Existing Domain for Windows Server 2008 Active Directory
Domain Services
. ...........................................................................................................................................
18
Prepare an Existing Domain for a Read-Only Domain Controller
. ......................
20
3 Install and Uninstall Active Directory Domain Services
23
Install a New Windows Server 2008 Forest
. ..........................................................................
24
Install a New Forest by Using the Windows Interface
. .................................
24
Install a New Forest by Using the Command Line
. ..........................................
32
Install a New Forest by Using an Answer File
. .......................................................
36
Install a New Windows Server 2008 Child Domain
. ......................................................
38
Install a Child Domain by Using the Windows Interface
. ............................
39
Install a Child Domain by Using the Command Line
. .....................................
44
Install a Child Domain by Using an Answer File
. ...............................................
46
Install a New Windows Server 2008 Domain Tree
. ..........................................................
50
Install a Domain Tree by Using the Windows Interface
. .............................
50
Install a Domain Tree by Using the Command Line
. ......................................
53
Install a Domain Tree by Using an Answer File
. ...................................................
55
Install an Additional Windows Server 2008 Domain Controller
. ..........................
58
Install an Additional Domain Controller by Using the Windows
Interface
. ................................................................................................................................................
58
Install an Additional Domain Controller by Using the
Command Line
. ..............................................................................................................................
60
Install an Additional Domain Controller by Using an Answer File
. . . .
62
Perform a Staged Installation of a Read-Only Domain Controller
. ....................
64
Stage 1: Create an RODC Account in AD DS
. .......................................................
64
Stage 2: Attach Server to RODC Account
. ................................................................
67
www.it-ebooks.info
Zgłoś jeśli naruszono regulamin