Joined: 01 Sep 2004
|Posted: Sun Jul 31, 2005 8:40 pm Post subject: Book Review - Active Directory Cookbook
Active Directory Cookbook for Windows Server 2003 and Windows 2000
Author(s): Robbie Allen
Publisher: O'Reilly http://www.oreilly.com
Date Published: September 2003
Book Specifications: Softcover, 593 pages
Category: Network Management
Publisher's Suggested User Level: Not Rated
Reviewer's Recommended User Level: Intermediate to Advanced
Suggested Publisher Price: $44.95 US / $69.95
Amazon.com: Active Directory Cookbook US
Amazon.co.uk: Active Directory Cookbook UK
Blurb from back cover:
Active Directory is one of the linchpins of Microsoft Windows environments. A wide range of system activities, as well as services such as email, use Active Directory to store critical information. Active Directory also tends to be distributed and replicated in complex ways that are unique to each organisation. A high degree of expertise is required to manage even medium-sized Active Directory environments. A thorough understanding of Active Directory is a part of every system administrator's job requirements, and a necessary skill for programmers of directory-enabled applications as well.
Active Directory Cookbook for Windows Server 2003 & Windows 2000 gives you commands, scripts, and pointers to tools for a wide range of tasks you will likely need to do during your Active Directory installation, Robbie Allen, coauthor of O'Reilly's Active Directory, brings many years, worth of practical experience with real-world installations to identify the problems you'll need to solve and provide solutions. This book shows hundreds of useful tasks, such as batch script to add many users to the directory at once and tips for finding replication problems. This book will make you a more effective Active Directory programmer by providing concise solutions to common problems, so you will not have to wade through a sea of books, whitepapers, and online material to get the answers you need.
Active Directory is one of the most complicated parts of a Windows network, it's the technology that holds it all together and it's the technology that's most often ignored. It's very common to find Windows administrators that don't understand the full power of Active Directory and what they can do with it. Active Directory can be used to centrally manage massive networks, it has redundancy and fault tolerance built in to almost every aspect of it and it also makes a decent, although occasionally flawed, attempt at security. Using Active Directory you can manage user and computer settings, install and remove software and even set security policies across the organisation. The flexibility of this system can't be overstated. This book doesn't teach you the basics of Active Directory, it doesn't walk you through the domain model or replication and it doesn't teach you how to create and deploy GPO's. These are all things you should be aware of before using this book. The target audience for this book are Windows administrators or developers that have experience running a Windows 2000 or Windows 2003 Active Directory installation. You really have to have this base knowledge – which you can get from other O'Reilly titles such as Active Directory, which the author Robbie Allen co-authored (buying both these books on Amazon gets you a 30% discount). If you don't know how replication works, what the KCC is or how to create and administer and Active Directory domain you may want to read up on it or gain some experience before using this cookbook. If you fit the target audience for this book then you will find it extremely useful as a desk-side reference. I read it from cover to cover in order to review it and can attest to the fact that this isn't the way to use the book, it functions much better as a reference manual which is how it was designed to be. As a reference manual it is excellent and you couldn't ask for more.
Chapter Synopsis & Review Comments
As each of the chapters follows the same structure I will list the table of contents before describing the structure in more detail.
1. Getting Started
2. Forests, Domains, and Trusts
3. Domain Controllers, Global Catalogs, and FSMOs
4. Searching and Manipulating Objects
5. Organizational Units
9. Group Policy Objects (GPOs)
11. Site Topology
13. Domain Name System (DNS)
14. Security and Authentication
15. Logging, Monitoring, and Quotas
16. Backup, Recovery, DIT Maintenance, and Deleted Objects
17. Application Partitions
18. Interoperability and Integration
Each chapter is broken down into individual recipes for example, Chapter two starts out with:
2.1 Creating a Forest
2.2 Removing a Forest
2.3 Creating a Domain
Within each of the recipes we have a very regimented format which is followed almost entirely throughout the book. We start out with the “Problem” such as “You want to simulate the RsoP based on OU, site, and security group membership” or “you want to create a large number of user objects”. This gives you a basic explanation of what's going to be covered here and each recipe is listed in the table of contents so you can look up quickly how to solve a specific problem. After the problem obviously comes the solution. This is where the cookbook gets fun, not only do you get the solution, you get multiple ways to accomplish this – depending on what tools are available. As a user with more UNIX than Windows experience I found this really beneficial as it contains the command line tools and options to be used, this goes far beyond just the basic help the command gives and shows you real world solutions to carry out any Active Directory task.
The solution starts off with a look at the GUI, the most common way to interact with Active Directory and it's configuration. We get a full walkthrough from opening the required snap-in to interpreting the displayed results. Once we have seen the GUI goodness we are dropped into the command line with an example of how to run the command or query followed by some explanation of the command when it's required. We also have VBScript example with full working source code to carry out the task, containing some hints and tips for making your own scripts much better. As you get more involved with AD and Windows infrastructure in general you see a real benefit from scripting your interactions, especially if you perform repetitive tasks. Scripting gets a lot of focus in this book and it's obvious that the author considers scripting an important part of an administrators job. After we have seen all the various ways to interact with AD we are given some discussion where the author gives advice on taking backups, pitfalls of specific techniques and how to recover from mistakes. This is invaluable advice and is really handy when working on some of the more complicated recipes, even more so with the scripts. Chapter 18 is an excellent finale to the book as it covers working with AD in some of the less Microsoft focused ways, for example integrating with MIT kerberos or programming AD with Perl or Python, so if you would rather use another scripting language the scope is there within this book. Although it is not a definitive guide on the subject, combining the previous recipe chapters with this one gives you enough to begin programming.
Style and Detail
As I discussed this book isn't a cover to cover read, it is however an excellent reference manual the topics within the chapters are logically enough grouped that you can find your way around it easily and locate the answers you require quickly. Although the book contains many recipes the author strikes the right balance of detail, you can understand the techniques easily yet read them very quickly, with most recipes taking less than a page (excluding VBScript code) making reference reading a breeze. After reading this you won't be able to understand why a reference book could choose any other format than the one presented here, it makes finding what you need a pleasure. I don't believe that the author could have added much more in the way of style or detail to this book.
As someone who works on a variety of networks but doesn't spend lengthy amounts of time on any one network I constantly find myself solving new problems and having to fit in with different policies and procedures. With this book I can look up any of the less oft used techniques and commands in order to get the job done efficiently. This couldn't have been accomplished with a book which has lengthy theoretical descriptions of AD, this base knowledge stays with you but it it's often that you know the function you need to perform, know what the restrictions and consequences are but just can't for the life of you remember that unwieldy command syntax. This book shines in this respect and allows you to easily get the solution and whether the situation calls for mouse clicks, commands or scripts you'll have everything you need within these pages. There is no better desktop reference to AD. I believe all Windows IT departments need a copy of this book on the bookshelf and need to familiarise themselves with it's structure.
This book receives an honoured SFDC Rating of 9/10.
Keywords: Active Directory Cookbook 2003 2000 Windows
This review is copyright 2005 by Barrie Dempster and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of Barrie Dempster, or Security-Forums Dot Com.