Active Directory Basics

  • Article

Friday I did a webcast on Active Directory Basics.  Here is the questions and answers log from that webcast. Come to www.microsoft.com/webcast I am doing two webcast this week on SQL 2005. Today is Reporting Services and Friday is Data Mining!!  Enjoy!

Answer: What John's going over--no, there are some functional differences between 2000 and 2003 AD see https://www.microsoft.com/technet/community/events/ad/add-04.mspx

Question: Does the Group Policy Management work with 2000?

Answer: Yes.... Check out -- https://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887\&displaylang=en

Question: Earlier there was a slide about Printers being under an OU. Where is that type of OU accessed?

Answer: There are two things at play here--I can have OU's for servers that act as print servers for ease of centralized administration and you can publish network printers into AD so that they are discoverable see https://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/s3sgch08.mspx and https://support.microsoft.com/kb/321837

Question: If I were to search my domain (i.e. contoso.com) for an object, how do I know what OU it belongs to?

Answer: if you are using Saved Queries in ADU&C to do this search, once the results come back, you can go to the properties of an object, select the OBJECT tab, and the OU path is revealed there.

Question: Can you confirm than Vista Home use active directory?

Answer: Vista Home does not have Domain Join functionality. You need Business or later.

Question: Can you just as easily uncheck Global Catalog server after it is set as a global catalog server without too much negative effects?

Answer: As long as you have at least one other GC, yes......

Question: How do you get to the Active Directory Schema?

Answer: Log in as a user who is a member of the Schema admins group register the schema management dll and load it in an MMC snap in https://www.microsoft.com/windows2000/en/advanced/help/SchmMgmt\_Install\_Snapin.htm

Question: What command do I use to verify that a server authenticated to a local DC? Do I use set, netdiag or dcdiag?

Answer: Use the nltest /dsgetdc:domainname command to verify that a domain controller can be located for a specific domain. The NLTest tool is installed with the Windows XP support tools.

Question: Can the User Templates in SBS 2003 be used with Windows Server 2003 R2. How would you import the templates?

Answer: No. Those templates are specific to the SBS Product.

Question: If you programmatically extend the AD and add attributes to a group or user object, what implications are there for not updating the schema?

Answer: I'm not sure I understand the question: By definition programmatically extending AD object attributes is a schema extension. The schema is the repository of object classes and attributes. I cannot extend those without updatingthe schema because that's where I do that. https://technet2.microsoft.com/WindowsServer/en/library/eeb3f5d2-03ac-4e9c-bac3-83758c6bd42e1033.mspx?mfr=true

Question: Is Schema replicated to all DCs? Is the snap in applicable to all DCs ?

Answer: The schema is replicated to all DC's, and while the snap-in can be loaded on any server, a connection to Schema Master is required and any changes are replicated from the Schema Master to all other DC's

Question: What happens if the Schema master goes offline?

Answer: No changes can be made to the schema. see https://technet2.microsoft.com/WindowsServer/en/library/7fffd300-bbf1-4d9f-a46c-43252c3641161033.mspx?mfr=true and related links

Question: If you extend the property sheet of an object by creating a display specifier and the DS references attributes that currently do not exist for the object in the schema, what implications might there be?

Answer: First, I think the world stops spinning, then all of our left feet disappear, then.....well now I am just being silly. This is a very specific question that should be directed to tech Support if you have a tech issue or to the newsgroups if you are looking for info.