| Foreword | xiii |
| Acknowledgments | xvii |
| Introduction | xix |
| PART I OVERVIEW OF ACTIVE DIRECTORY | |
| 1 Introduction to Directory Services | 3 |
| Network Computing Long Ago | 3 |
| What Is a Directory? | 6 |
| What Is a Directory Service? | 7 |
| A Brief History of Directories | 8 |
| Domain Name System | 9 |
| X.500 Directory Service | 10 |
| The Advent of LDAP | 12 |
| The Present State of Directories | 13 |
| Active Directory Features | 14 |
| 2 Active Directory Architecture | 17 |
| Active Directory Concepts | 17 |
| Objects and Attributes | 18 |
| Schema | 18 |
| Domains | 19 |
| Namespaces | 23 |
| Trees and Forests | 23 |
| Organizational Units | 25 |
| Security | 26 |
| Directory Partitions and Naming Contexts | 26 |
| Global Catalog | 28 |
| Multimaster Operations | 28 |
| Replication | 30 |
| Active Directory Components | 36 |
| Directory System Agent | 37 |
| Security Accounts Manager | 37 |
| Database Layer | 37 |
| Extensible Storage Engine | 38 |
| Examples of Services That Use Active Directory | 39 |
| Network Services | 39 |
| Dynamic DNS Service | 40 |
| IntelliMirror Service | 40 |
| Tools for Active Directory | 42 |
| Administrative Tools | 42 |
| Active Directory Schema | 43 |
| ADSI Edit | 45 |
| Ldp | 45 |
| Ntdsutil | 46 |
| ADSI Viewer | 47 |
| Summary | 48 |
| 3 Programming Interfaces for Active Directory | 49 |
| Incredibly Simple Sample | 49 |
| Interfaces to Active Directory | 51 |
| Lightweight Directory Access Protocol | 51 |
| Active Directory Service Interfaces | 57 |
| Relationship Between ADSI and Active Directory | 60 |
| Deciding on the Best Interface | 60 |
| The Programming Language Makes a Difference | 60 |
| Platform Considerations | 61 |
| Performance | 62 |
| Documentation and Resources | 62 |
| What This Book Uses | 62 |
| But First … a COM Primer | 63 |
| What Is COM? | 63 |
| COM Interfaces | 64 |
| Methods and Properties | 66 |
| Automation | 66 |
| COM Example | 67 |
| Accessing Objects | 68 |
| ADSI and COM | 72 |
| What Is an ADSI Object? | 72 |
| ADSI Interfaces | 72 |
| Summary | 76 |
| PART II PROGRAMMING WITH ACTIVE DIRECTORY | |
| 4 Connecting to Active Directory | 79 |
| Step by Step | 79 |
| Binding | 80 |
| Getting an ADSI Object | 81 |
| ADsPath | 83 |
| Distinguished Name and Relative Distinguished Name | 84 |
| Naming Attributes | 85 |
| Objects and Containers | 87 |
| Stringing It Together | 87 |
| Got Object? | 87 |
| Binding Options | 92 |
| Serverless Binding | 92 |
| RootDSE | 94 |
| Global Catalog | 98 |
| GUID Binding | 101 |
| Authentication | 107 |
| Performance Considerations When Binding | 112 |
| Summary | 114 |
| 5 Searching Active Directory | 115 |
| Search Technologies | 115 |
| A Searching Sample Using ADO and VBScript | 117 |
| Phone Sample | 118 |
| Gathering Input | 122 |
| Query Statement | 124 |
| Using ADO | 135 |
| Using IDirectorySearch | 142 |
| Search Options | 146 |
| Referrals | 146 |
| Asynchronous Searches | 149 |
| Authentication and Security | 150 |
| Search Limits | 151 |
| Performance | 152 |
| Summary | 153 |
| 6 Reading and Writing Directory Data | 155 |
| Directory Attributes | 155 |
| Naming Conventions | 156 |
| Terminology | 157 |
| Attributes vs. Properties | 157 |
| Reading Attributes | 158 |
| The Get Method | 162 |
| Handling Errors in ADSI | 163 |
| Properties and Attributes Revisited | 166 |
| Reading Multivalued Attributes | 168 |
| The GetEx Method | 172 |
| Named Properties or the Get Method: Which Is Better? | 173 |
| Accessing Properties in Yet Another Way | 174 |
| The Property Cache | 174 |
| The GetInfo Method | 175 |
| The GetInfoEx Method | 176 |
| Writing Attributes | 177 |
| ADSI Properties | 177 |
| The Put Method | 182 |
| The SetInfo Method | 183 |
| Writing Multivalued Attributes | 184 |
| The PutEx Method | 184 |
| Containers | 188 |
| Enumerating Containers | 189 |
| Adding Objects | 194 |
| Deleting Objects | 195 |
| Easy Deleting with IADsDeleteOps | 195 |
| Creating and Deleting Objects Sample | 196 |
| Summary | 198 |
| 7 Advanced Properties and Values | 199 |
| Trolling for Properties | 199 |
| The Property Cache Interfaces | 202 |
| IADsPropertyList | 204 |
| PropertyEntry and PropertyValue Objects | 206 |
| Value Data Types | 208 |
| Monster Property Cache Interfaces Sample | 212 |
| IDirectoryObject | 221 |
| Using IDirectoryObject from C and C++ | 221 |
| GetObjectInformation | 226 |
| GetObjectAttributes | 227 |
| Writing Attributes with SetObjectAttributes | 231 |
| Summary | 232 |
| 8 The Active Directory User Interface | 233 |
| But First, a Note from Our Sponsor… | 233 |
| Common Dialog Boxes | 234 |
| Container Browser Dialog Box | 234 |
| Domain Browser Dialog Box | 244 |
| Object Picker Dialog Box | 246 |
| Display Specifiers | 253 |
| Display Specifiers Background | 256 |
| International Support | 258 |
| IDsDisplaySpecifier | 259 |
| Display Specifier Sample | 260 |
| Summary | 264 |
| PART III SPECIAL TOPICS | |
| 9 Active Directory Schema | 267 |
| Understanding the Schema | 267 |
| Object Classes | 267 |
| Object Attributes | 268 |
| Syntaxes | 268 |
| Object Identifiers | 269 |
| Schema Structure | 270 |
| Abstract Schema | 274 |
| Tools for Exploring the Schema | 278 |
| Working with Classes | 282 |
| Class Inheritance | 283 |
| Security | 285 |
| Class Categories | 287 |
| Object Classes and Object Categories | 289 |
| Object Naming | 293 |
| IADsClass | 295 |
| Working with Attributes | 300 |
| Types of Attributes | 302 |
| IADsProperty | 303 |
| Attribute Syntaxes | 306 |
| IADsSyntax | 310 |
| Extending the Schema | 310 |
| The Process for Extending the Schema | 311 |
| When to Extend the Schema | 311 |
| Determining the Method of Extension | 313 |
| Enabling Schema Changes | 313 |
| Obtaining an Object Identifier | 324 |
| Creating Schema Objects | 326 |
| Updating the Schema Cache | 333 |
| ExtendSchema Sample | 336 |
| Summary | 340 |
| 10 Active Directory Administration Using Windows Script | 341 |
| Windows Scripting | 341 |
| Windows Script Host | 342 |
| Windows Script Files | 342 |
| Windows Script Object Model | 343 |
| Type Libraries | 345 |
| Creating and Editing Scripts | 347 |
| Managing Users | 348 |
| The IADsUser Interface | 348 |
| Creating Users | 351 |
| Passwords | 357 |
| Managing Groups | 360 |
| Types of Groups | 361 |
| ADSI Group Interfaces | 362 |
| Creating a Group | 363 |
| Enumerating Groups | 366 |
| Modifying Group Membership | 367 |
| Managing Computers | 371 |
| Managing Services | 374 |
| Managing Print Queues | 375 |
| Volumes | 379 |
| Summary | 383 |
| 11 The Web and Beyond | 385 |
| Active Directory and ASP | 385 |
| Authentication | 391 |
| Basic Authentication | 395 |
| COM+ Components | 396 |
| Windows Platform Considerations | 397 |
| Using the WinNT Provider with Active Directory | 399 |
| ADSI Versions | 399 |
| Determining the ADSI Version | 400 |
| Whistler | 402 |
| Dynamic Objects | 404 |
| Application Partitions | 406 |
| inetOrgPerson | 406 |
| Virtual List View Searching | 409 |
| User Interface Enhancements | 416 |
| Summary | 417 |
| APPENDIX Active Directory Resources | 419 |
| INDEX | 423 |
