AD - Active Directory Web Sites Active Directory Product Operations Guide - This guide describes processes and procedures for improving the management of Windows Server 2003 Active Directory in an IT infrastructure. This material should be useful for anyone planning to deploy this product into an existing IT infrastructure, especially one based on ITIL. Domain and Forest Trust Tools and Settings - This site has useful information on the configuration and administration of trusts, including what communication is used in various trust scenarios. How can I add employee IDs and employee numbers to Active Directory? - Nice little step-by-step guide showing how to activate the Employee ID attribute in Active Directory. How do I tune Active Directory replication? - In Windows Server 2003 the replication notification interval has been decreased from 5 minutes to 15 secunds. This page shows what registry keys determine replication behaviour in Active Directory and puts you in control. How do I use Windows 2000 to generate a CSV containing all the computer names, IP addresses, and MAC addresses in my domain? - Compact little script that enumerates all computernames, IP addresses and MAC addresses in the domain (uses the GetMac utility from Resource Kit Supplement One). How to configure a firewall for domains and trusts (179442) - This article describes how to configure a firewall for domains and trusts. This article applies to NT 4.0, Windows 2000 and Windows Server 2003. How to Enable/Disable Windows 2000 Dynamic DNS Registrations (Q246804) - If you want full control of how your services update DNS, they can be configured individually. The services are the DHCP client, DNS server, NetLogon, RAS Client and DHCP server service. How to Find the FSMO Role Owners Using ADSI and WSH (Q235617) - Simple VB script that uses LDAP to find FSMO roles in AD. Could inspire for more AD related scripts? How to Remove Data in the Active Directory After an Unsuccessful Domain Controller Demotion (Q216498) - A step-by-step guide to remove "zombie" domain controllers from AD. Simple and effectively. How to Remove Orphaned Domains from Active Directory (Q230306) - I denne artikel findes en trin-for-trin beskrivelse af hvorledes man manuelt fjerner "døde" domæner fra AD. Simpelt og effektivt. How to upgrade Windows 2000 domain controllers to Windows Server 2003 - This article discusses how to upgrade Microsoft Windows 2000 domain controllers to Microsoft Windows Server 2003 and how to add new Windows Server 2003 domain controllers to Windows 2000 domains. How to Use the MoveTree Utility to Move Objects Between Domains in a Single Forest (Q238394) - Description of the MoveTree utility. Mandatory reading before using the tool. Lets you know you should only run the tool from RID master to RID master among other things! HOW TO: Use DNSLint to Troubleshoot Active Directory Replication Issues - DNSLint is a Microsoft Windows utility that runs on Windows 2000-and-later operating systems. Among other uses, it can help you troubleshoot Active Directory replication issues. Specifically, it can help you determine whether all DNS servers that are supposed to be authoritative for the root of an Active Directory forest actually have the necessary DNS records to successfully synchronize partition replicas among domain controllers in an Active Directory forest, and it can tell you whether a particular Active Directory domain controller can resolve all of the necessary DNS records to successfully synchronizing partition replicas among domain controllers in an Active Directory forest. HOW TO: Use Netdom.exe to Reset Machine Account Passwords of a Windows 2000 Domain Controller (260575) - Each Windows-based computer maintains a machine account password history containing the current and previous passwords used for the account. When two computers attempt to authenticate with each other and a change to the current password is not yet received, Windows then relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may be unable to communicate, and you may receive error messages (for example, "Access Denied" error messages when Active Directory replication occurs). You can reset the password using the Netdom.exe tool included in the Windows Support Tools. Initiating Replication Between Active Directory Direct Replication Partners (Q232072 ) - This article describes four ways of initiating active directory replication: Using the AD sites and services MMC snap-in, using the command-line repadmin.exe from support tools, using a COM object from the support tools via VB script and using the GUI program, replmon.exe, from the support tools. Inside Active Directory, Scripts and Files - On this site you find a lot of useful scripts for getting and setting various information in Active Directory. The site is about the book "Inside Active Directory", and you can download all the scripts that come with the book. MSA: Enterprise Data Center - The Microsoft Systems Architecture guidance addresses fundamental infrastructure issues such as availability, security, scalability, and manageability of the platform. It also supports the IT life cycle stages of plan, build, deploy, and operate. Additionally, the guidance is designed to be used at either a component level or as a comprehensive guide to building a complete infrastructure. Using Active Directory Service Interfaces - The online version of the ADSI part of the Platform SDK. Here you find the documentation for programming against the Active Directory Service Interface. Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller (Q255504) - A nice step-by-step guide to using the ntdsutil utility to seize FSMO roles in AD when a domain controller has crashed. White Papers Active Directory Glossary - Here's a list of the main concepts of Active Directory Active Directory Service Interfaces - Description of ADSI - the interface for Active Directory and other directory services. 20 pages. Active Directory Service Interfaces Overview - Short introduction to ADSI - the interface for programming Active Directory. 2 pages. Introduction to Active Directory in Application Mode - White paper from Microsoft about Active Directory Application Mode. With AD/AM developers can exploit Active Directory and create new costumized directory service based solutions, eg. a costumer database for use in an e-commerce solution. AD/AM invites integration and consolidation of existing directory services. 13 pages. Understanding the Role of Directory Services Versus Relational Databases - What's the pros of using hierarcical databases in comparison to using relational when dealing with distributed systems? Se this explanation. 10 pages. Programs ADMT v3.0 - Use ADMT v3 to migrate users, groups, and computers from Microsoft® Windows NT® 4.0 domains to Active Directory® directory service domains; between Active Directory domains in different forests (interforest migration); and between Active Directory domains in the same forest (intraforest migration). ADMT v3 also performs security translation. Description and download of the DNSLint Utility - DNSLint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues. Very useful - check out the vaious options and download the program on this site. Remote Control Add-on for Active Directory Users & Computers - Remote Control is a small add-on that adds the option to right-click a computer account in the Active Directory MMC and choose Remote Control on that computer by opening a Terminal/Remote Desktop connection to that computer. Unlock Locked User Accounts with WSH and ADSI - With this script you can unlock all locked out accounts in AD regardless the underlying OU structure. The script is WSH based and uses ADSI 2.0. Windows Server 2003 Tools - On this page you'll find downloadable tools that will help you support Windows Server 2003 systems.