Approach to the Book

If you are familiar with the O'Reilly Cookbook format that can be seen in other popular books, such as the Perl Cookbook, Java Cookbook, and DNS and BIND Cookbook, then the layout of this book will not be anything new to you. The book is composed of 18 chapters, each containing 10-30 recipes for performing a specific Active Directory task. Within each recipe are four sections: problem, solution, discussion, and see also. The problem section briefly describes the task the recipe focuses on. The solution section contains step-by-step instructions on how to accomplish the task. The discussion section contains detailed information about the problem or solution. The see also section contains references to additional sources of information that can be useful if you still need more information after reading the discussion. The see also section may reference other recipes, MS Knowledge Base (MS KB) ( articles, or documentation from the Microsoft Developers Network (MSDN) (

At Least Three Ways to Do It!

When I first began developing the content for the book, I struggled with how to capture the fact that you can do things multiple ways with Active Directory. You may be familiar with the famous Perl motto: There Is More Than One Way To Do It; well with Active Directory, there are often At Least Three Ways To Do It. You can perform a task with a graphical user interface (GUI), such as ADSI Edit, LDP, or the Active Directory Users and Computers snap-in; you can use a command-line interface (CLI), such as the ds utilities (i.e., dsadd, dsmod, dsrm, dsquery, dsget), nltest, netdom, or ldifde; and, finally, you can perform the same task using a scripting language, such as VBScript or Perl.

Since people prefer different methods, and no one method is necessarily better than another, I decided to write solutions to the recipes using one of each. That means instead of just a single solution per recipe, I include up to three solutions using GUI, CLI, and programmatic examples. That said, some recipes cannot be accomplished with one of the three methods or it is very difficult to do so. In that case, only the applicable methods are covered.

In the GUI and CLI solutions, I use standard tools that are readily accessible. There are other tools that I could have used, which would have made some of the tasks easier to accomplish, but I wanted to make this book as useful as possible without requiring you to hunt down the tools I use.

I also took this approach with the programmatic solutions; I use VBScript for the programming language, primarily because it is widely used among Windows administrators and is the most straightforward from a code perspective when using Active Directory Service Interface (ADSI) and Windows Script Host (WSH). For those familiar with other languages, such as Visual Basic, Perl and JScript, it is very easy to convert code from VBScript.

The downside to using VBScript is that it does not have all of the facilities necessary to accomplish some complicated tasks. It is for this reason that I use Perl in a few recipes that required a complicated programmatic solution. For those of you who wish that all of the solutions were written with Perl instead of VBScript, you are in luck. On the book's web site, I've posted companion Perl solutions for every recipe that had a VBScript solution. Go to to download the code.

Windows 2000 Versus Windows Server 2003

Another challenge with writing this book is there are now two versions of Active Directory. The initial version was released with Windows 2000 and recently, Microsoft released Windows Server 2003, which provides a lot of updates and new features. Since Windows Server 2003 Active Directory is the latest and greatest version, and includes a lot of new tools that aren't present in Windows 2000, I've decided to go with the approach of making everything work under Windows Server 2003 Active Directory first, and Windows 2000 second. In fact, the majority of the solutions will work with Windows 2000 unchanged. For the recipes or solutions that are specific to a particular version, I include a note mentioning the version it is targeted for. Most GUI and programmatic solutions will work with either version unchanged, but Microsoft introduced several new CLIs with Windows Server 2003, most of which cannot be run on the Windows 2000 operating system. Typically, you can still use these newer tools on a Windows XP or Windows Server 2003 computer to manage Windows 2000 Active Directory.

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List