Book Reviews

Making Sense of Active Directory

If the devil is in the details, the details (on Active Directory) are here.

Active Directory (AD) is one of Windows 2000 Server's key features. Like any other Windows enhancement, it's designed to ease the system administrator's burden. Yet to reap AD's benefits, you need time to become familiar with it. You're fortunate — Windows 2000 Active Directory cuts that amount of time and also offers some immediate solutions to the challenges inherent in using AD.

The book is divided into three parts: basics, design and scripting. The basics are exactly that - the basics. The chapters in this section, Part 1, present the concepts that lay the foundation for understanding and working with AD. Domain controllers, containers and organizational units all receive extensive coverage. By the end of Chapter 3, the reader has a firm understanding of how things are organized and configured vis-à-vis AD. Chapter 4 shows how this information is spread throughout the enterprise using replication as it applies to Win2K. Wrap this up with a discussion of TCP/IP and DNS to fill in the gaps, and Part 1 is complete.

Upgrading a network has never been simple and should always be approached with a plan. Win2K and AD make this even more of a necessity, hence Part 2 of this tome. This section helps you develop a plan for logically modeling the enterprise. As with every book, migration from Windows NT has its own chapter and is strategically mentioned throughout other chapters. This section's real value, however, comes from how well it covers User and Group policies and the various levels of granularity. The book does an excellent job of pointing out the impact and repercussions of various settings, preventing some headaches down the road.

Continuing with Part 2, today's large networks mean that users and groups are accessing a network from anywhere and everywhere. One of this book's strong points is the recognition of delegation. By delegating, a system administrator can offload some mundane network management tasks to other personnel, leaving the administrator free to deal with broader issues. For example, when a new employee comes into the accounting department, it makes little sense for the system administrator to add that new user to the network. For efficiency's sake, it makes more sense if the accounting department manager does this.

Now that you've got everything laid out, how the heck are you going to perform all these AD-related tasks on every server for every user? Through scripting, and now you enter Part 3 of the book. A script is a small program that automates a task, for example, adding that new user in accounting. Part 3 digs deeply into scripting, leading off with an explanation of the buzzwords that would serve as the perfect opening for a developer's book. If you're not familiar with the terms VB Script, ASP, HTML and WSH, you will be by the time you finish this section. As you progress through Part 3, you learn how to generate scripts for a multitude of jobs, for example, task delegation and creating single and multiple users.

In his introduction, the author states that this book is intended for system administrators — and he means it. If you need an AD tutorial or step-by-step walkthrough, this isn't the book for you. It's for those who need to know more than just the basic steps to complete an AD-related task. Plan on spending some time reading this book, making sure you absorb all that is presented. If you can own only one book on AD, then this volume is definitely a candidate.

About the Author

Paul G. Brown, MCSD, a developer, speaker, and a frequent contributor to, lives in New Berlin, Illinois. When not in front of the computer, he can be found chasing Jerry, Wesley, Jordan and Dillon for Mom.

comments powered by Disqus
Most   Popular