Active Directory 2003 book recommendations
February 23, 2005 7:41 AM Subscribe
I'm a senior Unix system administrator who will shortly be responsible for maintaining an Active Directory 2003 installation as well. I'd like to build up a small ad2k3 reference library. I've had training and am finding my way around fine so far and I'm not a stranger to NT4, so I'm not lost, just trying to be prepared. What books do you recommend for an experienced sysadmin who is new to Active Directory 2003?
I'm kind of going through this myself. I manage our iPlanet LDAP directory on Solaris, and we now have a Windows sysadmin who runs AD.
As a Mac/UNIX guy, AD makes me angry, daily. It obfuscates everything. Simple things like finding out what the actual attribute name of some value (for if, say, you want to write to it through a script) is like jumping through hoops of fire. The way it handles groups internally is a complete fucking mystery to me. God, I could go on.
I'd love to know a good resource for this. I generally Google my way to some maillist archive.
posted by mkultra at 4:13 PM on February 23, 2005
As a Mac/UNIX guy, AD makes me angry, daily. It obfuscates everything. Simple things like finding out what the actual attribute name of some value (for if, say, you want to write to it through a script) is like jumping through hoops of fire. The way it handles groups internally is a complete fucking mystery to me. God, I could go on.
I'd love to know a good resource for this. I generally Google my way to some maillist archive.
posted by mkultra at 4:13 PM on February 23, 2005
This thread is closed to new comments.
The best information about AD doesn't come in dead tree format. I've found the best sources to be experienced AD admins, followed by TechNet, followed by anything that's been printed (the worst subset of printed material would have the acronym MCSE on the cover). To get anything from any of those sources, however, you need to read the O'Reilly book first. Learn to script AD, everything you need to get started can be found in the TechNet Script Center. Yes, you can technically use Perl for ADSI scripting, but it's easier to learn ADSI with VBScript and then port to Perl.
Some unsolicited advice: very few organizations need multiple domains. Spend a few thousand dollars on new hardware and suffer replication lag before you lose tens of thousands of dollars dealing with all of the fallout of managing multiple AD domains. Set up an off-network test forest and test everything first. Adopt a change management policy for AD and follow it to the letter. If you can't script it, don't do it.
posted by idlemind at 10:51 AM on February 23, 2005