Active Directory: Ultimate Reading Collection
This Wiki aims to be a collection and final destination for reading about all things Active Directory. No more searching once around the web or bouncing between domains to find what you need. TechNet, MSDN, and Microsoft.com all rolled into one.
Core Directory Service Concepts
- Attributes
- Containers and Leaves
- Object Names and Identities
- Naming Contexts and Directory Partitions
- Domain Trees
- Forests
- Active Directory Servers and Dynamic DNS
- Replication and Data Integrity
Active Directory Collection
- Active Directory on a Windows Server Network
- Active Directory Application Mode
- Structure and Storage Technologies
- Domain Controller Roles
- Replication Technologies
- Search and Publication Technologies
- Installation, Upgrade, and Migration Technologies
Active Directory Schema
Active Directory Schema - MSDN Site
Active Directory Schema - TechNet Site
- Introduction to the Active Directory Schema
- Location of the Schema in Active Directory
- Active Directory Schema Objects
- Schema Cache
- Default Security of Active Directory Objects
- Extending the Schema
Operations Masters Technical Reference
- What are Operations Masters?
- How Operations Masters Work
- Operations Masters Tools and Settings
- Monitoring Performance in Active Directory
- Active Directory Schema Technical Reference
Active Directory Sites and Services
- Overview of Active Directory Sites and Services
- Checklist: Configure an Additional Site
- Checklist: Configure the Intersite Replication Schedule
- Checklist: Add a Global Catalog Server
- Adding a Site to the Forest
- Scheduling Replication Between Sites
- Adding the Global Catalog to a Site
- Troubleshooting Active Directory Domain Services Replication
- Resources for Active Directory Sites and Services
- User Interface: Active Directory Sites and Services
Global Catalog Technical Reference
Active Directory Database
- How the Data Store Works
- Data Storage
- Extensible Storage Engine Files
- Active Directory Domain Services Database Mounting Tool (Snapshot Viewer or Snapshot Browser) Step-by-Step Guide
Authentication and Logon
- Kerberos for the Busy Admin
- Interactive Logon Technical Reference
- Logon and Authentication Technologies
- Authorization and Access Control Technologies
- Windows Kerberos Authentication
- Kerberos Protocol Transition and Constrained Delegation
- Understanding Kerberos Double Hop
- Kerberos errors in network captures
- [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol
- User Data and Settings Management
- Problems with Kerberos authentication when a user belongs to many groups (Article ID: 327825)
- Users who are members of more than 1,015 groups may fail logon authentication (Article ID: 328889)
- MaxTokenSize and Windows 8 and Windows Server 2012
Kerberos
- Kerberos Survival Guide
- RFC6113 A Generalized Framework for Kerberos Pre-Authentication
- What's New in Kerberos Authentication
- Access Control and Authorization Overview
- Kerberos Constrained Delegation Overview
- [MS-SFU]: Kerberos Protocol Extensions: Service for User and Constrained Delegation Protocol Specification
- Kerberos Authentication Overview
- Enriched Remote Access experience in Windows Server 2012
- Delegation of Authentication
- [MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol
DNS and Name Resolution
- How DNS Works
- How DNS Support for Active Directory Works
- DNS Support for Active Directory
- DNS Server Informational Events
- DNS Technical Reference
- GlobalNames Zone Deployment
- Who Moved the DNS Cheese? Auditing for AD-Integrated DNS Zone and Record Deletions
- Domain Name System (DNS) Server Cmdlets in Windows PowerShell
- Don't be afraid of DNS Scavenging. Just be patient.
- Optimizing your network to keep your DNS squeaky clean
Replication
- Active Directory Replication Topology
- How Active Directory Replication Topology Works
- Active Directory KCC Architecture and Processes
- Replication Topology Physical Structure
- Performance Limits for Replication Topology Generation
- Goals of Replication Topology
- Topology-Related Objects in Active Directory
- Replication Transports
- Replication Between Sites
- KCC and Topology Generation
- Network Ports Used by Replication Topology
- Related Information
- Active Directory Replication Model
- The Role of the Inter-Site Topology Generator in Active Directory Replication
- Understanding Urgent Replication
- How to view and set LDAP policy in Active Directory by using Ntdsutil.exe
- BridgeHead Server Selection
How FRS Works
- FRS Terminology
- FRS Architecture
- FRS Protocols
- FRS Interfaces
- FRS Physical Structures
- FRS Processes and Interactions
- Network Ports Used by FRS
- Related Information
File Replication Service Protocol - MSDN
AD Users, Computers, and Groups
- Introduction
- Active Directory User and Computer Accounts
- Active Directory Groups User Authentication
- User Authorization
- Summary
- Appendix A: Built-in, Predefined, and Special Groups
- Appendix B: User Rights
Using Active Directory Domain Services
- Binding to Active Directory Domain Services
- Searching in Active Directory Domain Services
- Creating and Deleting Objects in Active Directory Domain Services
- Moving Objects
- Reading and Writing Attributes of Objects in Active Directory Domain Services
- Controlling Access to Objects in Active Directory Domain Services
- Extending the Schema
- Extending the User Interface for Directory Objects
- Managing Users
- Managing Groups
- Tracking Changes
- Service Publication
- Service Logon Accounts
- Mutual Authentication Using Kerberos
- Storing Dynamic Data
- Application Directory Partitions
- Detecting the Operation Mode of a Domain
Administering Active Directory Domain Services
- Introduction to Administering Active Directory Domain Services
- Administering Domain and Forest Trusts
- Administering the Windows Time Service
- Administering DFS-Replicated SYSVOL
- Administering the Global Catalog
- Administering Operations Master Roles
- Administering Active Directory Backup and Recovery
- Administering Intersite Replication
- Administering the Active Directory Database
- Administering Domain Controllers
- Administering Active Directory Domain Rename
- Additional Resources
Group Policy
- Core Group Policy Technical Reference
- Group Policy API - MSDN
- Group Policy Preferences Overview
- Group Policy Components
- Group Policy Preferences Overview
- Designing a Group Policy Infrastructure
- Group Policy Management Console Technical Reference
- Group Policy Management Console - MSDN
- Group Policy Object Editor
- Exploring Windows 8.1 Start Screen and Start Button Options and Configurations
- Managing Group Policy ADMX Files Step-by-Step Guide - 2005 Document
- Administering Group Policy with Group Policy Management Console - 2003 Document
Backup and Disaster Recovery
- Planning for Active Directory Forest Recovery
- AD DS Backup and Recovery Step-by-Step Guide
- Active Directory Database Mounting Tool Step-by-Step Guide
- Recovering Missing FRS Objects and FRS Attributes in Active Directory
- Performing an Authoritative Restore of Active Directory Objects
- How to Force a Non-Authoritative Restore of the Data in the SYSVOL Folder on a Domain Controller in Windows 2000 Server and in Windows Server 2003
- How to Perform an Authoritative Restore to a Domain Controller in Windows 2000
- Performing a Non-Authoritative Restore of a Domain Controller
- How to perform a disaster recovery restoration of Active Directory on a computer with a different hardware configuration
- How to restore deleted user accounts and their group memberships in Active Directory
- Windows Server 2012: Planning for Active Directory Forest Recovery
- How to Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion
- Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
Planning and Architecture
-
- Understanding AD DS Design
- FSMO placement and optimization on Active Directory domain controllers
- Identifying Your AD DS Design and Deployment Requirements
- Mapping Your Requirements to an AD DS Deployment Strategy
- Designing the Logical Structure for Windows Server 2008 AD DS
- Designing the Site Topology for Windows Server 2008 AD DS
- Enabling Advanced Features for AD DS
- Evaluating AD DS Deployment Strategy Examples
- Appendix A: Reviewing Key AD DS Terms
Read-Only Domain Controller Planning and Deployment Guide
- Understanding Planning and Deployment for Read-Only Domain Controllers
- Read-Only Domain Controller Branch Office Guide
- Appendix A: RODC Technical Reference Topics
- Appendix B: Read-Only Domain Controller Related Events
- Appendix C: Acronyms Used in This Planning and Deploying Read-Only Domain Controller Guide
Active Directory Domain Services in the Perimeter Network (Windows Server 2008)
- Planning Deployment of AD DS in the Perimeter Network
- Designing RODCs in the Perimeter Network
- Deploying RODCs in the Perimeter Network
Running Domain Controllers in Hyper-V
- Backup and Restore Considerations for Virtualized Domain Controllers
- Operational Considerations for Virtualized Domain Controllers
- Deployment Considerations for Virtualized Domain Controllers
- Planning Considerations for Virtualized Domain Controllers
- USN and USN Rollback
Deployment and Migration
-
ADMT Guide: Migrating and Restructuring Active Directory Domains
Establishing Migration Accounts for Your Migration
Migration Troubleshooting
- ADMT 3.2: Common Installation Issues
- Migrated Users Get Prompted To Change Password at First Logon Even After Migrating Their Password with the PES
- Migration of some user accounts does not succeed when you try to migrate user accounts from one forest to another forest in Windows Server 2003
- Troubleshooting Password Migration Issues
- Troubleshooting Computer Migration Issues
- ADMT, RODC’s, and Error 800704f1
-
- Checklist: Deploying AD DS in a New Organization
- Checklist: Deploying AD DS in a Windows Server 2003 Organization
- Checklist: Deploying AD DS in a Windows 2000 Organization
- Deploying a Windows Server 2008 Forest Root Domain
- Deploying Windows Server 2008 Regional Domains
- Upgrading Active Directory Domains to Windows Server 2008 and Windows Server 2008 R2 AD DS Domains
Best Practices for Securing Active Directory
Getting Started Step-by-Step
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
Applies To: Windows Server 2008 and 2012
LDAP
- LDAP Query Basics
- Active Directory: LDAP Syntax Filters
- Override the hardcoded LDAP Query limits introduced in Windows Server 2008 and Windows Server 2008 R2
Troubleshooting
Developer Audience
Other Great Places to Visit
- Active Directory Features in Different Versions of Windows Server
- Wiki: Active Directory Domain Services (AD DS) Portal
- Active Directory Domain Services (AD DS) Troubleshooting Survival Guide and Content Map
- DCDIAG Technical Reference: What does DCDIAG actually… do