Active Directory Cookbook by Brian Svidergol and Robbie Allen describes various active directory-related tasks.
Active Directory is a directory service implementation by Microsoft for Windows domain networks. The initial concepts discussion in the book involves an architectural description of major components of Active Directory servers such as domains, trusts, forests. The plan of the authors is to explain up to three ways for doing each task. In some cases, the authors have stretched themselves to provide multiple options for each of the three solutions.
A directory service is a shared information infrastructure for locating, managing, administering, and organizing common items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is an important component of NOS (Network Operating System).
In the more complex scenarios, a directory service is the central information repository for a Service Delivery Platform. For example, looking up “computers” using a directory service might yield a list of available computers and information for accessing them. There are further advanced uses for directory service for a single sign on application throughout the infrastructure assets of an organization.
The directory service is also called a naming service because it maps the names of network resources to their respective network addresses. With the name service type of directory, a user does not have to remember the physical address of a network resource; providing a name will locate the resource. Each resource on the network is considered an object on the directory server. Information about a particular resource is stored as attributes of that object. Information within objects can be made secure so that only users with the available permissions are able to access it. More sophisticated directories are designed with namespaces as Subscribers, Services, Devices, Entitlements, Preferences, Content and so on.
At an architectural level business requirements for isolation of different business units and/or their products, the level of integration desired from backend databases, analytics servers through the front-end website logins, the organization email service, the basic office laptop, office desktop logins, any integration with PKI infrastructure via tokenized logins, various forms of identity management are some of the minimum considerations taken into account.
The first Microsoft product to rely on Powershell was Exchange 2007. Since Exchange 2007, almost all major Microsoft product releases include a Powershell module for management. The set of 76 Powershell cmdlets was released in sync with Windows Server 2008 R2. By the release of Windows Server 2012, additional cmdlets were introduced taking the total count of cmdlets to 145. Usage of Powershell is one of the features of the recipes mentioned in this cookbook. The recipes mentioned in this book take advantage of many of the cmdlets across Windows Server 2008 R2 and later release.
There were early implementations of active directory releases such as Windows 2000, Windows 2003 Server, Windows 2003 Server incremental update through the later versions of Windows Server 2008 and Windows Server 2008 R2. One of the recent versions being Windows Server 2012. The book under discussion has focus area on Windows Server 2008 R2 and later versions. Enabling the Active Directory Management Gateway Service allows the Powershell solutions to work with domain controllers running older versions than the release under focus.
Once the basic concepts such as domains, trusts and forests are explained, the discussion moves on to problem-solution recipes. These include ways solutions such as create forest, remove forest, create domain, remove domain, finding domains in a forest, renaming the domain, raising the functional level of domain, various uses of Adprep utility, checking upgradeability of windows domain controller, trust and Kerberos-setting related recipes. There are also large numbers of recipes covering almost all the major activities to be faced by a regular or advanced level AD administrator.
To summarize, the book is a very useful guide for technicians to advanced AD administrators in specific and windows or LDAP administrators in general.