Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Active Directory Tools

These tools are available in "Administrative Tools" after Active Directory is installed.

  • Active Directory Users and Computers - Active Directory Users and Computers is a Microsoft Management Console snap-in. It is started by selecting "Start", "Programs", "Administrative Tools", and "Active Directory Users and Computers". Only members of the Domain Admins or Enterprise Admins group can use this tool. This tool is used to create, configure, locate, move, and delete objects including:
    • User (automatically published) - Domain user accounts may be copied.
    • Group (automatically published)
    • Computer (Those in the domain are automatically published)
    • Contact (automatically published)
    • Domain
    • Organizational Unit (automatically published)
    • Shared folder
    • Printer (Most are automatically published) - Windows NT shared printers are not published automatically.
    Tabs from the OU Properties dialog box:
    • Group policy - Group policy object selections:
      • Windows Settings
        • Security Settings
          • Public key policies
            • Automatic certificate request menu items:
              • Action
                • New
                  • Automatic Certificate Request
  • Active Directory Domains and Trusts
  • Active Directory Sites and Services
  • DCPROMO Domain controller management tool which is run from the command line.
  • LDIFDE bulk schema modification tool.
  • CSVDE bulk schema update tool. Parameters:
    • -? - Help
    • -i - Mode for command. Choices are import, export, or modify.
    • -f - File name
    • -v - Verbose mode
    • -p - Specify the port for the socket. The LDAP default is 389.
  • Active Directory Connector (ADC) It simplifies administration among multiple directory services. The ADC can aid Windows 2000 implementations where Exchange Server is deployed. It can replicate Active Directory information, and Exchange Server 5.5 information as well. It comes with Windows 2000 and Exchange 2000. It:
    • Uses LDAP to perfrom replication.
    • Only replicates changes.
    • Hosts all active Active Directory replication components.
    • Supports multiple connections on one server.
    • Maps objects for replication.
    • Windows 2000 Server
    • Available TCP Port
    • Microsoft Exchange Server 5.5 or 2000.
    • LDAP version 3
    Connection agreements configure directory synchronization between Exchange and Active Directory and one or more are supported with ADC. Items used to configure a connection agreement:
    • Server name
    • Targer containers
    • Objects to be synchronized
    • Synchronization schedule
    ADC Installation:
    1. ADC requires a service user account and password.
    2. Put the Windows 2000 Server installation CDROM in the computer.
    3. Enter the directory \Valueadd\MSFT\Mgmt\ADC.
    4. Double click on setup.exe.
    5. Select the "Microsoft Active Directory Connector Service component" to install ADC and the"Microsoft Active Directory Connector Management component" to install the ability to manage the service. The Management component can be installed on Windows 2000 Professional computers to allow ADC management from them.
    6. Choose a directory to install the components to.
    7. Enter the account name and password for the service to use.
    8. Continue and finish the installation.
    ADC Configuration:
    1. Run the Administrative tool, "Active Directory Connector (ADC) Management".
    2. Right click the server to configure and select "properties" to see the properties dialog box. This is used to configure connection agreements between Active Directory and the Exchange 5.5 directory service. The following tabs exist in the box:
      • General - Select replication direction as "Two way", "From Exchange to Windows", or "From Windows to Exchange". Set the connection name, and the server to run the connection agreement. For slow network connections, the agreement can use Exchange Server's Site Replication Service (SRS).
      • Connections - Configure the bridgehead servers to handle the connection. The servers receiving updates only require write permission. Select the Windows server name, the Windows authentication protocol, the Exchange server, The Exchange server port, and the Exchange server authentication protocol.
      • Schedule - Set synchronization schedule. The registrey setting at "HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\MSADC\Parameters" can be used to reduce the default polling schedule. The parameters that are configurable are:
        • Name - The delay in seconds to wait between checking for updates. The default value is every 5 seconds.
        • Type - DWORD
        • Data - Seconds to wait between cycles.
      • From Exchange - Specify the objects to replicate and the Exchange receipient containers.
      • From Windows - Specify objects to be synchronized and the containers that will receive objects. The option "Replicate secured Active Directory objects to the Exchange Directory" can be checked and the objects can be filtered using Discretionary Access Control Lists (DACLs).
      • Deletion - Use this tab to configure object deletion behavior. When objects are deleted, the deletions are stored in SystemRoot\System32\MSADC\Connection_Agreement_Name\NT5.LDF for Active Directory and SystemRoot\System32\MSADC\Connection_Agreement_Name\Ex55.CSV for Exchange.
      • Advanced - Configure "Paged results" configures the quantity of entries to be synchronized for each request. The settings are "Windows Server entries per page" and "Exchange Server entries per page". Checkbox options include "This is a primary Connection Agreement for the connected Exchange organization", and "This is a primary Connection Agreement for the connected Windows Domain". Choices for "When replicating a Mailbox whose Primary Windows Account does not exist in the domain" are:
        • Create a Windows Contact
        • Create a Disabled Windows User Account
        • Create a New Windows User Account
    ADC Event logging levels:
    • None - Only log critical events
    • Minimum - Log LDAP session errors, success or failure of added or removed user accounts.
    • Medium - Log directory object events and proxy errors.
    • Maximum
    The Administrative tool "Active Directory Connector Management" is used to set up event logging. ADC Event Logging categories:
    • Replication
    • Account Management - Events while writing to or deleting an objects.
    • Attribute Mapping - Events while attributes are mapped between AD and Exchange.
    • Service Controller - Events when the ADC service is stopped or started.
    • LDAP Operations - Events when LDAP accesses the directory.