Active Directory Users and Computers

The Active Directory Users and Computers (ADUC) MMC is Microsoft's primary graphical administration tool for user, group, and computer objects in Active Directory. ADUC focuses on providing task-oriented property pages and menus for performing common administrative tasks, such as creating and deleting users and groups, managing passwords and other account features, and maintaining group memberships.

While for programming work, we prefer lower-level tools such as LDP, ADSI Edit, and ADFind (discussed shortly), there is a lot to be said for using ADUC to get common administrative tasks done. We also like using ADUC for reverse-engineering work. It is often helpful to check the state of an object with LDP, perform a common administrative task in ADUC, and then check the object again with LDP to see what data changed. This type of approach is even more successful when applied to security descriptor modification, as it is often difficult to figure out how to achieve specific security behaviors simply by studying the SDK reference. With ADUC, we can use the friendly graphical UI to get the behavior we want and then reverse engineer the resulting security descriptor data with a lower-level tool to learn how to accomplish the same thing in code.

The ADUC tree view metaphor tends to break down when dealing with containers that contain many objects, but this is a limitation of nearly all browsing utilities. When a large number of objects are involved, search becomes the only practical way to deal with them individually.

ADUC does not work well at all on machines that are not joined to the domain. If we are using nondomain machines, we suggest using one of the tools we mentioned previously, or BeaverTail or Softerra's LDAP Browser, which we will discuss shortly.

Microsoft Exchange Server provides tight integration with ADUC via the Exchange System Management tools. When installed, these tools provide additional functions and property pages for common Exchange management tasks, such as mail- and mailbox-enabling groups and users. It also includes an extensibility mechanism that allows developers to add their own property pages and such, but this currently requires programming in unmanaged C++.

Microsoft also ships a variety of other task-oriented MMC snap-ins for Active Directory management, including Sites and Services, Domains and Trusts, and Schema. Depending on the task at hand, these other tools may also be of use.

Part I: Fundamentals

Introduction to LDAP and Active Directory

Introduction to .NET Directory Services Programming

Binding and CRUD Operations with DirectoryEntry

Searching with the DirectorySearcher

Advanced LDAP Searches

Reading and Writing LDAP Attributes

Active Directory and ADAM Schema

Security in Directory Services Programming

Introduction to the ActiveDirectory Namespace

Part II: Practical Applications

User Management

Group Management

Authentication

Part III: Appendixes

Appendix A. Three Approaches to COM Interop with ADSI

Appendix B. LDAP Tools for Programmers

Appendix C. Troubleshooting and Help

Index



The. NET Developer's Guide to Directory Services Programming
The .NET Developers Guide to Directory Services Programming
ISBN: 0321350170
EAN: 2147483647
Year: 2004
Pages: 165

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net