Introduction
to Active Directory in Application Mode
This paper introduces Active Directory in Application
Mode (AD/AM), one of the new capabilities that is part
of Microsoft's fully integrated directory service available
with Windows Server 2003. Source:
Microsoft.com
Designing
the Site Topology
A Microsoft® Windows® .NET Active Directory® directory
service site topology is a logical representation of
your physical network and consists of sites, subnets,
site links, and site link bridges. Designing an Active
Directory site topology involves creating sites, subnets,
site links, and site link bridges to ensure efficient
routing of query and replication traffic. Source:
Microsoft.com
Enabling
Functional Levels
Windows .NET Active Directory functional levels facilitate
the safe introduction of new features into your environment.
Raising the functional level of a Windows .NET domain
or forest enables you to introduce new feature functionality
while at the same time limiting the versions of Windows
that you can run on your system. Enabling functional
levels involves identifying the operating system platforms
and the Windows features that are critical to your environment
Multiple
Forest Considerations
The goal of this paper is to present an overview of
the effort and infrastructure that might be required
to enable varying levels of collaboration among multiple
forests that have domain controllers that are running
Microsoft®
Windows® 2000 Server or
Microsoft® Windows® Server 2003 operating
systems. This paper enumerates the scenarios in which
a multiforest environment might be necessary or desirable
and analyzes the consequences of such an environment
on the total cost of ownership of the enterprise.
Planning
Domain Controller Capacity
Prior to placing domain controllers in the assigned
sites, you must determine the number of domain controllers
that you require and the hardware requirements for each
domain controller. Domain controller capacity planning
helps you place the appropriate number of domain controllers
in sites and estimate hardware requirements so you can
minimize cost and maintain an effective service level
for your users
Planning
and Implementing Federated Forests in Windows Server 2003
When you use Microsoft® Windows® Server 2003, Standard
Edition; Windows Server 2003, Enterprise Edition;
or Windows Server 2003, Datacenter Edition, you
can federate two Active Directory forests and leverage
the existing authentication and authorization infrastructure
in each forest. This white paper provides a technical
reference for enterprise administrators and describes
how to plan and implement multiple Windows Server 2003
forests and enable seamless authentication and authorization
between the two forests
HOW TO: Add Users to the Pre-Windows 2000 Compatible Access
Group in Windows Server 2003
Microsoft Knowledge Base Article: 325363 - This step-by-step
article describes the Pre-Windows 2000 Compatible Access
group, and how to add members to the group by using
either of the following methods: The Active Directory
Users and Computers snap-in The command line
HOW TO: Assign a Home Folder To a User
Microsoft Knowledge Base Article: 816313 - This step-by-step
article describes how to use the Active Directory Users
and Computers management console, the Computer Management
management console, a logon script, or the command line
to assign a home folder to a user
HOW TO: Assign a Logon Script to a Profile for a Local User
in Windows Server 2003
Microsoft Knowledge Base Article: 324803 - This article
describes how to assign a logon script to a profile
for a local user's account in Windows Server 2003. This
logon script runs when a local user logs on locally
to the computer
HOW TO: Audit Active Directory Objects in Windows Server
2003
Microsoft Knowledge Base Article: 814595 - This step-by-step
article describes how to use Windows Server 2003 auditing
to track user activities and system-wide events in Active
Directory.
HOW TO: Configure User and Group Access on an Intranet in
Windows Server 2003
Microsoft Knowledge Base Article: 326214 - This article
describes how to configure user and group access on
an intranet in Windows Server 2003. The World Wide Web
(WWW) and File Transfer Protocol (FTP) services that
are included with Microsoft Internet Information Services
(IIS) are fully integrated with Windows Server 2003
user accounts and file access permissions.
HOW TO: Bypass DNS Name Resolution to Test SMTP Service Mail
Flow in Windows Server 2003
Microsoft Knowledge Base Article: 816115 - This article
describes how to create and configure a remote domain
to forward e-mail messages to a smart host in Microsoft
Windows Server 2003
HOW TO: Configure Windows Server 2003 to Function as a Router
Microsoft Knowledge Base Article: 323355 - This step-by-step
article describes how to configure Windows Server 2003
as a router on your local area network (LAN).
HOW TO: Clear the Paging File When You Use the Sysprep Tool
Before Imaging in the Windows Server 2003 Family
Microsoft Knowledge Base Article: 326210 - This article
describes how to automate the removal of a paging file
by using the Microsoft Sysprep tool before imaging Windows
Server 2003 (to reduce the time to copy an image or
reduce its total size).
HOW TO: Convert DNS Primary Server to Active Directory Integrated
Microsoft Knowledge Base Article: 816101 - This article
describes how to convert a primary DNS server to an
Active Directory directory service Integrated Primary
server, force replication to another domain controller,
and add the new domain controller as a DNS server
How to Create a Template to Run the Recovery Console by Using
a Remote Installation Service Server
Microsoft Knowledge Base Article: 316558 - This article
describes how to create a template to run the Recovery
Console by using a Remote Installation Service (RIS)
server
HOW TO: Create an Active Directory Server in Windows Server
2003
Microsoft Knowledge Base Article: 324753 - This article
describes how to install and configure a new Active
Directory installation in a laboratory environment that
includes Windows Server 2003 and Active Directory. Note
that you will need two networked servers that are running
Windows Server 2003 for this purpose in a laboratory
environment.
HOW TO: Create a Custom Default User Profile in the Windows
Server 2003 Family
Microsoft Knowledge Base Article: 325364 - This article
describes how to create a custom default user profile.
A custom default user profile is useful if several people
use the same computer but each user wants both a separate
profile and access to shared resources
HOW TO: Create an External Trust in Windows Server 2003
Microsoft Knowledge Base Article: 816301 - This step-by-step
article describes how to create an external trust in
Windows Server 2003. An external trust is a non-transitive
trust that is used to provide access to resources that
are located either on a Microsoft Windows NT 4.0 domain
or an Active Directory domain that is located in a separate
forest that is not joined by a forest trust. A non-transitive
trust is a trust relationship that is restricted to
two domains, and can be either a one-way or a two-way
trust.
HOW TO: Create Domain Organizational Units in Windows Server
2003
Microsoft Knowledge Base Article: 325872 - This step-by-step
article describes how to create organizational units
in Windows Server 2003. Organizational units are Active
Directory containers into which you can put users, groups,
computers, and other organizational units
HOW TO: Create Organizational Units in Windows Server 2003
Microsoft Knowledge Base Article: 324743 - This article
describes how to create organizational units (OUs) in
Windows Server 2003 Active Directory. Organizational
units are Active Directory containers into which you
can put users, groups, computers, and other organizational
units.
HOW TO: Enable Verbose Startup, Shutdown, Logon, and Logoff
Status Messages in the Windows Server 2003 Family
Microsoft Knowledge Base Article: 325376 - This article
describes how to configure Windows so that you receive
verbose startup, shutdown, logon, and logoff status
messages. Verbose status messages may be helpful when
you are troubleshooting slow startup, shutdown, logon,
or logoff behavior
HOW TO: Establish Trusts with a Windows NT-Based Domain in
Windows Server 2003
Microsoft Knowledge Base Article: 325874 - This step-by-step
article describes how to establish a trust relationship
between a Microsoft Windows NT 4.0-based domain and
a Windows Server 2003-based domain.
HOW TO: Find and Clean Up Duplicate Security Identifiers
with Ntdsutil in Windows Server 2003
Microsoft Knowledge Base Article: 816099 - This article
describes how to check for and clean up or remove duplicate
security identifiers (SIDs) in the SAM database. A unique
SID identifies each security account such as users,
groups, and computers
HOW TO: Install and Configure a DHCP Server in an Active
Directory Domain in Windows Server 2003
Microsoft Knowledge Base Article: 323360 - This step-by-step
article describes how to build and configure a new Windows
Server 2003-based Dynamic Host Configuration Protocol
(DHCP) server in a Windows Server 2003 Active Directory
domain.
HOW TO: Install the Active Directory Administrative Tools
to Windows XP Professional in Windows Server 2003
Microsoft Knowledge Base Article: 324745 - This step-by-step
article describes how to install the Active Directory
administrative tools to a Microsoft Windows XP Professional
Workstation computer. With Windows Server 2003 Administration
Tools (included on the Windows Server 2003 CD-ROM),
you can manage a server remotely from any computer that
is running Windows XP Professional Workstation. Windows
Server 2003 Administration Tools contain Microsoft Management
Console (MMC) snap-ins, Active Directory administrative
tools, and other tools that are used to manage computers
that are running Windows Server 2003.
HOW TO: Install and Use RSoP in Windows Server 2003
Microsoft Knowledge Base Article: 323276 - This article
describes how to install the Resultant Set of Policy
(RSoP) snap-in and how to use the RSoP tool. RSoP is
an addition to Group Policy that makes policy implementation
and troubleshooting easier.
HOW TO: Integrate DNS with an Existing DNS Infrastructure
If Active Directory Is Enabled in Windows Server 2003
Microsoft Knowledge Base Article: 323418 - This step-by-step
article describes how to install and configure a new
Windows Server 2003-based Domain Name Services (DNS)
computer in an existing DNS server environment with
Active Directory enabled
HOW TO: Manage the Active Directory Schema in Windows Server
2003 Enterprise Edition
Microsoft Knowledge Base Article: 326310 - This article
describes how to manage the Active Directory schema
in a Windows Server 2003 Enterprise Edition environment.
The Active Directory schema is the set of definitions
that defines the kinds of objects and the types of information
about these objects. These definitions are stored in
Active Directory as objects so that Active Directory
can manage the schema objects with the same object management
operations that are used to manage the rest of the objects
in Active Directory. There are two types of definitions
in the schema: attributes and classes. Attributes and
classes are also referred to as objects or metadata
HOW TO: Manage the Application Directory Partition and Replicas
in Windows Server 2003
Microsoft Knowledge Base Article: 322669 - This article
describes how to use Ntdsutil.exe to manage the application
directory partition. An application directory partition
is a directory partition that is replicated only to
specific domain controllers
HOW TO: Manage COM+ Partitions and Partition Sets in Windows
Server 2003
Microsoft Knowledge Base Article: 324868 - This article
describes how to manage COM+ partitions in a Windows
Server 2003 Enterprise Edition environment or a Windows
Server 2003 Standard Edition environment
HOW TO: Reset the Directory Services Restore Mode Administrator
Account Password in Windows Server 2003
Microsoft Knowledge Base Article: 322672 - This article
describes how to reset the Directory Services Restore
Mode (DSRM) administrator password for any server in
your domain without restarting the server in DSRM
HOW TO: Raise Domain and Forest Functional Levels in Windows
Server 2003
Microsoft Knowledge Base Article: 322692 - This article
describes how to raise the domain and forest functional
levels that are supported by Microsoft Windows Server
2003 domain controllers. Functional levels are an extension
of the mixed/native mode concept introduced in Microsoft
Windows 2000.
HOW TO: Remove and Reinstall TCP/IP on a Windows Server 2003
Domain Controller
Microsoft Knowledge Base Article: 325356 - This article
describes how to remove and then reinstall TCP/IP on
a Windows Server 2003 domain controller.
HOW TO: Rename a Windows 2003 Domain Controller
Microsoft Knowledge Base Article: 814589 - For a Microsoft
Windows 2000 version of this article, see This step-by-step
article describes various methods to rename a Windows
Server 2003-based domain controller
HOW TO: Set Up ADMT for a Windows NT 4.0-to-Windows Server
2003 Migration
Microsoft Knowledge Base Article: 325851 - This article
describes how to set up the Active Directory Migration
Tool (ADMT) to perform a migration from a Windows NT
4.0-based domain to a Windows Server 2003-based domain.
HOW TO: Troubleshoot the File Replication Service in Windows
Server 2003
Microsoft Knowledge Base Article: 327341 - This step-by-step
article describes how to troubleshoot the File Replication
service (FRS).
HOW TO: Use the Dcpromo.exe Tool to Remove Active Directory
in Windows Server 2003
Microsoft Knowledge Base Article: 816108 - This step-by
step article describes how to remove Active Directory
from a Windows Server 2003-based domain controller by
using the Dcpromo.exe tool. You can use the Dcpromo.exe
tool on an existing domain controller to remove Active
Directory
HOW TO: Use DsFind with Attributes that Require Distinguished
Name Syntaxes
Microsoft Knowledge Base Article: 811509 - When you
perform an advanced search, for some objects' attributes
you must know the distinguished name (also known as
DN) of the object that you are searching against. Every
object is stored in the directory database according
to its relative distinguished name (also known as RDN)
and parent identifier. Therefore, if you know the relative
distinguished name of an object, you can determine the
full distinguished name by following the references
to the parent objects and finally to the root object
HOW TO: Use the Directory Service Command-Line Tools to Manage
Active Directory Objects in Windows Server 2003
Microsoft Knowledge Base Article: 322684 - This article
describes how to use the Directory Service command-line
tools to perform administrative tasks for Active Directory
in Windows Server 2003. The following tasks are broken
down into task groups.
HOW TO: Use the Netdom.exe Utility to Rename a Computer in
Windows Server 2003
Microsoft Knowledge Base Article: 325354 - This article
describes how to use the Netdom.exe utility (included
in Windows Server 2003 Support Tools) to rename a computer
that is a member of a Microsoft Windows 2000 or Windows
Server 2003 domain
How to Verify an Active Directory Installation in Windows
Server 2003
Microsoft Knowledge Base Article: 816106 - This step-by-step
article describes how to verify an Active Directory
installation. After you have performed an upgrade, you
can verify the promotion of a server to a domain controller
by verifying the following items
HOW TO: View and Transfer FSMO Roles in Windows Server 2003
Microsoft Knowledge Base Article: 324801 - This article
describes how to transfer Flexible Single Master Operations
(FSMO) roles (also known as operations master roles)
by using the Active Directory snap-in tools in Microsoft
Management Console (MMC) in Windows Server 2003
HOW TO: Use Netdom.exe to Reset Machine Account Passwords
of a Windows Server 2003 Domain Controller
Microsoft Knowledge Base Article: 325850 - This step-by-step
article describes how to use Netdom.exe to reset machine
account passwords of a Windows Server 2003 domain controller.
HOW TO: Use Ntdsutil to Manage Active Directory Files from
the Command Line in Windows Server 2003
Microsoft Knowledge Base Article: 816120 - For a Microsoft
Windows 2000 version of this article, see This step-by-step
article describes how to manage the Active Directory
database file, Ntds.dit, from the command line.
HOW TO: Upgrade a Windows NT 4.0-Based PDC to a Windows Server
2003-Based Domain Controller
Microsoft Knowledge Base Article: 326209 - This step-by-step
article describes how to upgrade a Windows NT 4.0-based
primary domain controller (PDC) to a Windows Server
2003-based domain controller. The first step in the
upgrade process is to upgrade the PDC to Windows Server
2003
How
to Upgrade Windows 2000 Domain Controllers to Windows
Server 2003
Microsoft Knowledge Base Article: 325379 - This article
discusses how to upgrade Windows 2000 domain controllers
to Windows Server 2003 and how to add new Windows Server
2003 domain controllers to Windows 2000 domains.
