うーん、これって昔から出てました?恥ずかしながら、私はつい先日知りました。
【Windows Server 2003 Active Directory Operations Guide】
http://www.microsoft.com/downloads/details.aspx?familyid=6a238df8-115c-4e1a-89f1-ee9bc9486c0f&displaylang=en
Active Directory 周りで実際に発生するさまざまな操作手順が、ひとつのドキュメントとしてまとめられています。
とりえあえず目次(見出しレベル1)だけ貼り付けておきますが、かなりの分量(500ページ超)です。その分 内容もかなり充実しており、いろいろな場面で再利用できそうな予感です。
Windows Server 2003 Active Directory Operations Guide
Contents
Active Directory Operations Guide
Administering Active Directory Operations
Introduction to Administering Active Directory
New in This Guide for Administering Active Directory
Administering Domain and Forest Trusts
Introduction to Domain and Forest Trusts
Best Practices for Domain and Forest Trusts
Managing Domain and Forest Trusts
Creating Domain and Forest Trusts
Known Issues for Creating Domain and Forest Trusts
Creating External Trusts
Create a one-way, incoming, external trust for one side of the trust
Create a one-way, incoming, external trust for both sides of the trust
Create a one-way, outgoing, external trust for one side of the trust
Create a one-way, outgoing, external trust for both sides of the trust
Create a two-way, external trust for one side of the trust
Create a two-way, external trust for both sides of the trust
Creating Shortcut Trusts
Create a one-way, incoming, shortcut trust for one side of the trust
Create a one-way, incoming, shortcut trust for both sides of the trust
Create a one-way, outgoing, shortcut trust for one side of the trust
Create a one-way, outgoing, shortcut trust for both sides of the trust
Create a two-way, shortcut trust for one side of the trust
Create a two-way, shortcut trust for both sides of the trust
Creating Forest Trusts
Create a one-way, incoming, forest trust for one side of the trust
Create a one-way, incoming, forest trust for both sides of the trust
Create a one-way, outgoing, forest trust for one side of the trust
Create a one-way, outgoing, forest trust for both sides of the trust
Create a two-way, forest trust for one side of the trust
Create a two-way, forest trust for both sides of the trust
Creating Realm Trusts
Create a one-way, incoming, realm trust
Create a one-way, outgoing, realm trust
Create a two-way, realm trust
Configuring Domain and Forest Trusts
Validating and removing trusts
Validate a trust
Remove a manually created trust
Modifying Name Suffix Routing Settings
Modify the routing status of a name suffix
Enable or disable an existing name suffix for routing
Exclude name suffixes from routing to local forests
Securing Domain and Forest Trusts
Configuring SID Filtering Settings
Disable SID filtering
Reapply SID filtering
Configuring Selective Authentication Settings
Enable selective authentication over an external trust
Enable selective authentication over a forest trust
Enable domain-wide authentication over an external trust
Enable forest-wide authentication over a forest trust
Grant the Allowed to Authenticate permission on computers in the trusting domain or forest
Appendix: New Trust Wizard Pages
Administering the Windows Time Service
Introduction to Administering the Windows Time Service
Managing the Windows Time Service
Configuring a time source for the forest
Configure the Windows Time service on the PDC emulator
Change the Windows Time service configuration on the previous PDC emulator
Configure a domain controller in the parent domain as a reliable time source
Configure the PDC emulator to synchronize from its internal hardware clock
Disable the Windows Time service
Configuring Windows-based clients to synchronize time
Configure a manual time source for a selected client computer
Configure a client computer for automatic domain time synchronization
Restoring Windows Time service to default settings
Restore Windows Time service on local computer to default settings
Administering SYSVOL
Introduction to Administering SYSVOL
Managing SYSVOL
Changing the Space Allocated to the Staging Area
Stop the File Replication service
Change the space allocated to the Staging Area folder
Start the File Replication service
Relocating the Staging Area
Identify replication partners
Check the status of the shared SYSVOL
Verify replication with other domain controllers
Gather the SYSVOL path information
Reset the File Replication service staging folder to a different logical drive
Relocating SYSVOL Manually
Identify replication partners
Check the status of the shared SYSVOL
Verify replication with other domain controllers
Gather the SYSVOL path information
Stop the File Replication service
Create the SYSVOL folder structure
Set the SYSVOL path
Set the staging area path
Prepare a domain controller for nonauthoritative SYSVOL restart
Update security on the new SYSVOL
Start the File Replication service
Updating the System Volume Path
Gather the SYSVOL path information
Stop the File Replication service
Set the SYSVOL path
Set the staging area path
Start the File Replication service
Restoring and Rebuilding SYSVOL
Identify replication partners
Check the status of the shared SYSVOL
Verify replication with other domain controllers
Restart the domain controller in Directory Services Restore Mode locally
Gather the SYSVOL path information
Stop the File Replication service
Prepare a domain controller for nonauthoritative SYSVOL restart
Import the SYSVOL folder structure
Start the File Replication service
Administering the Global Catalog
Introduction to Administering the Global Catalog
Managing the Global Catalog
Configuring a Global Catalog Server
Determine whether a domain controller is a global catalog server
Designate a domain controller to be a global catalog server
Monitor global catalog replication progress
Determining Global Catalog Readiness
Verify global catalog readiness
Verify global catalog DNS registrations
Removing the Global Catalog
Clear the global catalog setting
Monitor global catalog removal in Event Viewer
Administering Operations Master Roles
Introduction to Administering Operations Master Roles
Managing Operations Master Roles
Designating a standby operations master
Determine whether a domain controller is a global catalog server
Create a connection object on the current operations master
Create a connection object on the standby operations master
Verify successful replication to a domain controller
Transferring an operations master role
Verify successful replication to a domain controller
Determine whether a domain controller is a global catalog server
Install the Schema snap-in
Transfer the schema master
Transfer the domain naming master
Transfer the domain-level operations master roles
View the current operations master role holders
Seizing an operations master role
Verify successful replication to a domain controller
Seize the operations master role
View the current operations master role holders
Reducing the workload on the PDC emulator master
Change the weight for DNS SRV records in the registry
Change the priority for DNS SRV records in the registry
Administering Active Directory Backup and Restore
Introduction to Administering Active Directory Backup and Restore
Managing Active Directory Backup and Restore
Backing Up Active Directory Components
Back up system state
Back up system state and the system disk
Performing a Nonauthoritative Restore of a Domain Controller
Restart the domain controller in Directory Services Restore Mode locally
Restart the domain controller in Directory Services Restore Mode Remotely
Restore from backup media
Verify Active Directory restore
Performing an Authoritative Restore of Active Directory Objects
Restore from backup media
Mark the object or objects authoritative
Synchronize replication with all partners
Run an LDIF file to recover back-links
Restart the domain controller in Directory Services Restore Mode locally
Create an LDIF file for recovering back-links for authoritatively restored objects
Turn off inbound replication
Turn on inbound replication
Performing an Authoritative Restore of an Application Directory Partition
Restore from backup media
Mark the application directory partition as authoritative
Performing an Authoritative Restore of a Group Policy Object
Restore a Group Policy Object
Restoring a Domain Controller Through Reinstallation and Subsequent Restore from Backup
Restore from backup media
Verify Active Directory restore
Restoring a Domain Controller Through Reinstallation
Clean up server metadata
Delete a Server object from a site
Delete a Computer object from the Domain Controllers OU
Verify DNS registration and functionality
Verify communication with other domain controllers
Verify the availability of the operations masters
Install Active Directory
Administering Intersite Replication
Introduction to Administering Intersite Replication
Managing Intersite Replication
Adding a New Site
Create a site object and add it to an existing site link
Create a subnet object or objects and associate them with the new site
Associate an existing subnet object with the new site
Create a site link object and add the appropriate sites
Remove the site from the site link
Linking Sites for Replication
Create a site link object and add the appropriate sites
Determine the ISTG role owner for a site
Generate the replication topology on the ISTG
Changing Site Link Properties
Configure the site link schedule to identify times during which intersite replication can occur
Configure the site link interval to identify how often replication polling can occur during the schedule window
Configure the site link cost to establish a priority for replication routing
Determine the ISTG role owner for a site
Generate the replication topology on the ISTG
Moving a Domain Controller to a Different Site
Change the static IP address of a domain controller
Create a delegation for a domain controller
Verify that an IP address maps to a subnet and determine the site association
Determine whether the server is a preferred bridgehead server
Configure the server to not be a preferred bridgehead server
Move the Server object to the new site
Removing a Site
Determine whether a Server object has child objects
Delete a Server object from a site
Delete the Site Link object
Associate the subnet or subnets with the appropriate site
Delete the Site object
Determine the ISTG role owner for a site
Generate the replication topology on the ISTG
Administering the Active Directory Database
Introduction to Administering the Active Directory Database
Managing the Active Directory Database
Relocating Active Directory Database Files
Determine the database size and location online
Determine the database size and location offline
Compare the size of the directory database files to the volume size
Back up system state
Restart the domain controller in Directory Services Restore Mode locally
Restart the domain controller in Directory Services Restore Mode Remotely
Move the directory database and log files to a local drive
Copy the directory database and log files to a remote share
Returning Unused Disk Space from the Active Directory Database to the File System
Change the garbage collection logging level to 1
Back up system state
Restart the domain controller in Directory Services Restore Mode locally
Restart the domain controller in Directory Services Restore Mode Remotely
Compact the directory database file (offline defragmentation)
If database integrity check fails, perform semantic database analysis with fixup
Administering Domain Controllers
Introduction to Administering Domain Controllers
Managing Domain Controllers
Preparing for Active Directory Installation
Install the DNS Server service
Verify DNS registration and functionality
Verify that an IP address maps to a subnet and determine the site association
Verify communication with other domain controllers
Verify the availability of the operations masters
Installing a Domain Controller in an Existing Domain
Install Active Directory
Installing a Domain Controller in an Existing Domain Using Restored Backup Media
Back up system state
Restore system state to an alternate location
Install Active Directory from restored backup media
Include application directory partitions in an Active Directory installation from backup media
Adding Domain Controllers in Remote Sites
Known Issues for Adding Domain Controllers in Remote Sites
Best Practices for Adding Domain Controllers in Remote Sites
Preparing a Server Computer for Shipping and Installation from Backup Media
Back up system state
Restore system state to an alternate location
Enable Remote Desktop
Create an answer file for domain controller installation
Create a Remote Desktop Connection
Install Active Directory from restored backup media
Include application directory partitions in an Active Directory installation from backup media
Preparing an Existing Domain Controller for Shipping and Long-Term Disconnection
Determine the tombstone lifetime for the forest
View the current operations master role holders
Transfer the domain-level operations master roles
Transfer the schema master
Transfer the domain naming master
Prepare a domain controller for nonauthoritative SYSVOL restart
Enable strict replication consistency
Synchronize replication with all partners
Verify successful replication to a domain controller
Reconnecting a Domain Controller After a Long-Term Disconnection
Determine when intersite replication is scheduled to begin
Use Repadmin to remove lingering objects
Verify successful replication to a domain controller
Performing an Unattended Installation of Active Directory
Create an answer file for domain controller installation
Install Active Directory using an answer file
Verifying Active Directory Installation
Determine whether a Server object has child objects
Verify that an IP address maps to a subnet and determine the site association
Move the Server object to the new site
Configure DNS server forwarders
Verifying DNS configuration
Create a delegation for a domain controller
Create a secondary zone
Configure the DNS client settings
Check the status of the shared SYSVOL
Verify DNS registration and functionality
Verify communication with other domain controllers
Verify replication with other domain controllers
Verify the availability of the operations masters
Verify domain membership for a new domain controller
Renaming a Domain Controller
Rename a domain controller using System Properties
Rename a domain controller using Netdom
Update the FRS member object
Decommissioning a Domain Controller
View the current operations master role holders
Transfer the schema master
Transfer the domain naming master
Transfer the domain-level operations master roles
Determine whether a domain controller is a global catalog server
Verify DNS registration and functionality
Verify communication with other domain controllers
Verify the availability of the operations masters
Uninstall Active Directory
Determine whether a Server object has child objects
Delete a Server object from a site
Forcing the Removal of a Domain Controller
Identify replication partners
Force domain controller removal
Clean up server metadata
Additional Resources for Administering Active Directory
Troubleshooting Active Directory Operations
Configuring a Computer for Troubleshooting Active Directory
Troubleshooting Active Directory Replication Problems
Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
Event ID 1388 or 1988: A lingering object is detected
A deleted account remains in the Address Book, e-mail is not received, or a duplicate account exists
Event ID 2042: It has been too long since this machine replicated
Fixing Replication Security Problems
An "Access denied" or other security error has caused replication problems
Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
Event ID 1925: Attempt to establish a replication link failed due to DNS lookup problem
Event ID 2087: DNS lookup failure caused replication to fail
Event ID 2088: DNS lookup failure occurred with replication success
Fixing Replication Connectivity Problems (Event ID 1925)
Event ID 1925: Attempt to establish a replication link failed due to connectivity problem
Fixing Replication Topology Problems (Event ID 1311)
Event ID 1311: Replication configuration does not reflect the physical network
Additional Resources for Troubleshooting Active Directory
以上、目次ここまで。ナガッ!!