Post-Graduate AD Studies

Hello world, Ned here again. I was out of the office late last week so there was no mail sack; Jonathan pretended like he was going to do one but he lied. He’ll try to claim that things got “busy” and there were “customers” who wanted “their issues fixed” or some other nonsense, but we all know it was due to him daydreaming about bubble baths.

Too weird?

Anyway, what with the hiring we’re doing now, a month ago I promised you some further reading around how you can amp up your Active Directory skills. Rather than burying it in another mail sack, I figured I’d lay it all out here in one spot. If you feel like you need to fill in the cracks on your directory service knowledge, here’s what we force feed our new hires:

Core Technology Reading

If you read nothing else, read these core pieces. While they are Win2003/XP specific, that’s still at least 75% of the business install base and highly relevant. For the most part things don’t change that much architecturally between versions either (ignoring GP and User Profiles). They give you the fundamentals to build on later.

Active Directory Collection Active Directory Replication Model Active Directory Replication Topology Authentication Authorization DNS Technical Reference Group Policy Interactive Logon Kerberos Authentication Technical Reference Public Key Infrastructure (PKI) TCP/IP Technical Reference User Profiles

Post Graduate Technology Reading

Then we get to the more advanced subjects, the specific features added in later models, and the things that will take you into rarefied air. Much of this is Windows Server 2008 and later too, so if you haven’t started rolling out our later OS this will get you ready. If you can get through these, you’re ready to run AD in the environments with 100,000+ computers. And as I always tell people, if you know how something works, you can troubleshoot any kind of problem– even if the issue has never seen seen before.

Active Directory Domain Services in the Perimeter Network Active Directory and Active Directory Domain Services Port Requirements Active Directory Schema ADMT Guide: Migrating and Restructuring Active Directory Domains AppLocker AD DS Design Guide CA Certificates Certificates Certificate Services Core Group Policy Technical Reference Designing a Group Policy Infrastructure DFSR DFS Replication: Frequently Asked Questions (FAQ) Distributed File System (DFS) DNS Support for Active Directory Domain and Forest Trusts Technical Reference File Replication Service FRS Global Catalog Technical Reference Group Policy Components Group Policy Management Console Group Policy Object Editor Logon and Authentication Technologies Managed Service Accounts Managing Roaming User Data Deployment Guide Operations Masters Technical Reference Read-Only Domain Controller Planning and Deployment Guide Running Domain Controllers in Hyper-V Security Auditing Security Compliance Manager Security Identifiers Technical Reference Security Descriptors and Access Control Lists Technical Reference Security Principals Technical Reference Staging Group Policy Deployments SYSVOL Replication Migration Guide: FRS to DFS Replication User Account Control Technical Reference What's New in Active Directory Domain Services in Win2008 What's New in Active Directory Domain Services in Win2008 R2 Windows Smart Card Technical Reference Windows Time Service Technical Reference WINS Technical Reference

Lab Materials

You can use these free trial editions below in order to do live repros of all this, and repros are highly suggested. Especially with the use of Netmon 3.4 to see how things look on the wire and learn how we troubleshoot here – with network captures. Running these in Hyper-V, in Virtualbox, etc. will also make the materials more understandable.

http://www.microsoft.com/windowsserver2008/en/us/trial-software.aspx http://technet.microsoft.com/en-us/evalcenter/cc442495.aspx

As an alternative, for a few hundred bucks you can get the amazingly packed TechNet or MSDN subscriptions that provide you with copies of so much MS software it’s ridiculous; way better than using trialware. Check those out here:

http://technet.microsoft.com/en-us/subscriptions/buy.aspx http://msdn.microsoft.com/en-us/subscriptions/buy.aspx

Thanks to the Blue Devil Demon* who reminded me to do this. :-)

Ned “nutty professor” Pyle

* Apologies to Coach K and the ghost of Ray Meyer. I've been away from Chicago too long, it seems. Maybe I really am no longer a 'damyankee', as my wife puts it?