RE: [ActiveDir] Active Directory and LDAP

[joe]

I saw a couple of these given out by Gil himself at DEC Wednesday... I
didn't get one though. 

  joe 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E.
Sent: Sunday, March 13, 2005 9:10 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Late in replying - been at the Publisher's Conference this week.

> 
> I recommend your book a lot as well, in fact there is at least one 
> list member that has been trying to buy the darn thing based on my 
> recommendation but can't find it anywhere I have pointed at a 
> couple of resources, it was actually ordered from one resource (ebay) 
> and the member got a note back saying, oh sorry, I haven't had that in 
> stock for over a year So get with it Gil! Reprints! And don't 
> forget about getting me royalties for people I send that way. ;oP
> 

Uhhh...yeah, that list member would be me.  :-)  Reprints!  Reprints!
REPRINTS!  :-)

Laura
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: :: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

[Hunter, Laura E.]

> 
> AD: Help! I broke it, and I can't go home!
> 

*scribbles down*  *steals for future usage*  :-)

Laura
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Hunter, Laura E.]

Late in replying - been at the Publisher's Conference this week.

> 
> I recommend your book a lot as well, in fact there is at 
> least one list member that has been trying to buy the darn 
> thing based on my recommendation but can't find it 
> anywhere I have pointed at a couple of resources, it was 
> actually ordered from one resource (ebay) and the member got 
> a note back saying, oh sorry, I haven't had that in stock for 
> over a year So get with it Gil! Reprints! And don't 
> forget about getting me royalties for people I send that way. ;oP
> 

Uhhh...yeah, that list member would be me.  :-)  Reprints!  Reprints!
REPRINTS!  :-)

Laura
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: :: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

[joe]

Hey that is pretty snazzy for a 
title.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rich 
MilburnSent: Tuesday, March 08, 2005 6:31 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: :: Horribly OT :: RE: 
[ActiveDir] Active Directory and LDAP


Active Directory – 
The Sorcerer’s Guide
OR
AD: Help! I 
broke it, and I can’t go home!
 
Rich
 
-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Tuesday, March 08, 2005 5:07 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: :: Horribly OT :: RE: [ActiveDir] 
Active Directory and LDAP
 
LOL. 
 
I have been gathering all of the various ideas together 
over the years for
applications into one place. I am sort of gathering 
ideas and posts I have
written too in hopes I can slap that stuff together and 
come up with some
sort of book.
 
I don't expect writing a techy book is the way to riches 
and fame though. I
doubt I will get the penetration in the market of say a 
Da Vinci Code or a
Harry Potter though maybe if I tried to call it Harry 
Potter and the miracle
of Active Directory
 
   joe
 
 
-Original Message-
From: 
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 
Mulnick, Al
Sent: Tuesday, March 08, 2005 9:18 
AM
To: 
ActiveDir@mail.activedir.org
Subject: :: Horribly OT :: RE: [ActiveDir] Active 
Directory and LDAP
 
1,000,000.00 - 3.00 = the first step taken and a down 
payment on a
Starbuck's coffee :) 
 
-Original Message-
From: 
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 
Rich Milburn
Sent: Tuesday, March 08, 2005 9:07 
AM
To: 
ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and 
LDAP
 
Joe - 
 
Write. A. Book.
 
Your own.
 
I'll buy it, if no one else will 
:p
 
Rich
 

---
Rich Milburn
MCSE, Microsoft MVP - Directory Services Sr Network 
Analyst, Field Platform
Development Applebee's International, 
Inc.
4551 W. 
107th St
Overland 
Park, KS 
66207
913-967-2819

---
"I am always doing that which I can not do, in order 
that I may learn how to
do it." - Pablo Picasso -Original 
Message-
From: 
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 
joe
Sent: Monday, March 07, 2005 9:46 
PM
To: 
ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and 
LDAP
 
What can I say... I didn't win the Lotto. :) 

 
It seems more and more like I am going to have to 
actually earn my first
million.
 
   joe
 
-Original Message-
From: 
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 
Rick Kingslan
Sent: Monday, March 07, 2005 10:14 
PM
To: 
ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and 
LDAP
 
" The Cat Book rocks. Actually I should get royalties 
for that one too, I
have made a bunch of people buy 
it"
 
 
Here we go again
 
-rtk
 
P.S  :p
 
 
-Original Message-
From: 
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 
joe
Sent: Monday, March 07, 2005 11:11 
AM
To: 
ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and 
LDAP
 
Hey now... Don't forget about Alistair. He did that 
first edition himself
and did it well. :)
 
The Cat Book rocks. Actually I should get royalties for 
that one too, I have
made a bunch of people buy it and have bought and given 
away multiple copies
myself. I still have my first copy though it is quite 
dog-eared and I put
laminating plastic on the covers so they wouldn't get 
too torn up. 
 
Here is the actual AD Org Books link 
-
http://www.activedir.org/Books.aspx 
,
actually it would be kind of cool if we could rate them. 
How about it Tony?
Have a couple of fields for each, number of people who 
have the book, number
of people who recommend it, number of people who don't 
recommend it. 
 
I am surprised AD Developers Reference Library by 
Iseminger is on the list.
That is a great book but wouldn't expect a lot of the 
list users to have
read it. I recall reading it back in like 2001 or so and 
getting a bit
scared at what a really pissed off AD programmer could 
pull off. 
 
 
  joe
 
 
-Original Message-
From: 
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 
Mulnick, Al
Sent: Monday, March 07, 2005 11:58 
AM
To: 
ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and 
LDAP
 
Personally?  I like to think of AD as a GUI to 
Microsoft's implementation of
LDAP.  That simplifies a lot of things for 
me.  However, there is more to it
than that and the books you ordered should help in 
clarifying that.  
 
You don't need to know LDAP to make AD work, but it 
helps.  It's a great
help to me to understand the differences between 
Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of 
the others

RE: [ActiveDir] Active Directory and LDAP

[joe]

Ah ok. I think an easy way to configure that then would be in AD/AM.

You could set up each domain as a root in a single AD/AM directory. For
instance

You have an empty ADAM directory

C:\WINDOWS\ADAM>adfind -h . -config -rb cn=partitions -s one ncname

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: fastmofo.joe.com
Directory: Active Directory Application Mode
Base DN:
cn=partitions,CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B9757DB796}

dn:CN=Enterprise
Configuration,CN=Partitions,CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B
9757DB796}
>nCName: CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B9757DB796}

dn:CN=Enterprise
Schema,CN=Partitions,CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B9757DB7
96}
CN=Schema,CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B9757DB796}

2 Objects returned


You add your two domain roots


C:\WINDOWS\ADAM>admod -h . -betaadd -b dc=etherpunk,dc=com
objectclass::domaindns instancetype::5

AdMod V01.03.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

DN Count: 1
Using server: fastmofo.joe.com
Adding specified objects...
   DN: dc=etherpunk,dc=com...

The command completed successfully


C:\WINDOWS\ADAM>admod -h . -betaadd -b dc=set-con,dc=org
objectclass::domaindns instancetype::5

AdMod V01.03.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

DN Count: 1
Using server: fastmofo.joe.com
Adding specified objects...
   DN: dc=set-con,dc=org...

The command completed successfully



So now they are there for use:

C:\WINDOWS\ADAM>adfind -h . -config -rb cn=partitions -s one ncname

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: fastmofo.joe.com
Directory: Active Directory Application Mode
Base DN:
cn=partitions,CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B9757DB796}

dn:CN=6ef70b45-31ab-4fc5-9b7a-4d296ede6370,CN=Partitions,CN=Configuration,CN
={E28AE3C2-1228-4F6B-917C-56B9757DB796}
>nCName: DC=set-con,DC=org

dn:CN=a33cec78-fead-46f3-9242-d9de46b69fdd,CN=Partitions,CN=Configuration,CN
={E28AE3C2-1228-4F6B-917C-56B9757DB796}
>nCName: DC=etherpunk,DC=com

dn:CN=Enterprise
Configuration,CN=Partitions,CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B
9757DB796}
>nCName: CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B9757DB796}

dn:CN=Enterprise
Schema,CN=Partitions,CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B9757DB7
96}
>nCName:
CN=Schema,CN=Configuration,CN={E28AE3C2-1228-4F6B-917C-56B9757DB796}


4 Objects returned




C:\WINDOWS\ADAM>adfind -h . -b dc=etherpunk,dc=com -s one -dn

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: fastmofo.joe.com
Directory: Active Directory Application Mode

dn:CN=LostAndFound,DC=etherpunk,DC=com
dn:CN=NTDS Quotas,DC=etherpunk,DC=com
dn:CN=Roles,DC=etherpunk,DC=com

3 Objects returned


C:\WINDOWS\ADAM>adfind -h . -b dc=set-con,dc=org -s one -dn

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: fastmofo.joe.com
Directory: Active Directory Application Mode

dn:CN=LostAndFound,DC=set-con,DC=org
dn:CN=NTDS Quotas,DC=set-con,DC=org
dn:CN=Roles,DC=set-con,DC=org

3 Objects returned



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Tuesday, March 08, 2005 9:52 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

By domain I mean domain names.
Two of which are etherpunk.com and set-con.org (just to give some examples).

To be honest, I really don't know what I'm after. I'm kinda just playing
around doing two things. Making my life easier to manage these things for my
friends / family and learning stuff that (hopefully) will get me experience
at corporate level stuff.

Wow, AD/AM seems *really* cool and worth a couple weeks of play time. =)

Thanks!


Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 9:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Oh Kenny, something I intended to mention but forgot to... 

You mention your "hobby" of spinning up new domains, etc. By domain do you
mean a new Windows NT Authentication Realm or Kerberos Realm or just a new
LDAP Hierarchy?

If the latter, AD/AM can be quite useful here as well since you can have
multiple writeable partitions with completely different roots. In AD if you
need a new root, you need to spin up another domain tree which means a whole
other machine (virtual or real).

For instance, here is one of my Adam test instances


F:\Dev\CPP\AdMod>adfind -h . -b -s base namingcontexts

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: 2k38500
Directory: Active Directory Application Mode

dn:
>namingContexts: 
>CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts:
CN=Schema,CN=Configuration,CN={3BF96A23-C6

RE: [ActiveDir] Active Directory and LDAP

[Rick Kingslan]

I'd buy it, too.  But, only if I get to review it.  I know joe well enough
that I know the difference between uggh, and ugh.  I can interpret the
grunts fairly accurately.

-rtk

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Tuesday, March 08, 2005 8:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Joe - 

Write. A. Book.

Your own.

I'll buy it, if no one else will :p

Rich


---
Rich Milburn
MCSE, Microsoft MVP - Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819

---
"I am always doing that which I can not do, in order that I may learn
how to do it." - Pablo Picasso
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 9:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

What can I say... I didn't win the Lotto. :) 

It seems more and more like I am going to have to actually earn my first
million.

   joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 10:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

" The Cat Book rocks. Actually I should get royalties for that one too,
I
have made a bunch of people buy it"


Here we go again

-rtk

P.S  :p


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics.  

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as t

Re: :: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

[Tomasz Onyszko]

joe wrote:
I don't expect writing a techy book is the way to riches and fame though. I
doubt I will get the penetration in the market of say a Da Vinci Code or a
Harry Potter though maybe if I tried to call it Harry Potter and the miracle
of Active Directory
write it - I'll buy it :) and then will study for five years at AD 
Hoghwart :)

--
Tomasz Onyszko [MVP]
[EMAIL PROTECTED]
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: :: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

[Rich Milburn]

Active Directory – The Sorcerer’s Guide

OR

AD: Help! I broke it, and I can’t go home!

 

Rich

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, March 08, 2005 5:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: :: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

 

LOL. 

 

I have been gathering all of the various ideas together over the years
for

applications into one place. I am sort of gathering ideas and posts I
have

written too in hopes I can slap that stuff together and come up with
some

sort of book.

 

I don't expect writing a techy book is the way to riches and fame
though. I

doubt I will get the penetration in the market of say a Da Vinci Code
or a

Harry Potter though maybe if I tried to call it Harry Potter and the
miracle

of Active Directory

 

   joe

 

 

-Original Message-

From: [EMAIL PROTECTED]

[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al

Sent: Tuesday, March 08, 2005 9:18 AM

To: ActiveDir@mail.activedir.org

Subject: :: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

 

1,000,000.00 - 3.00 = the first step taken and a down payment on a

Starbuck's coffee :) 

 

-Original Message-

From: [EMAIL PROTECTED]

[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn

Sent: Tuesday, March 08, 2005 9:07 AM

To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] Active Directory and LDAP

 

Joe - 

 

Write. A. Book.

 

Your own.

 

I'll buy it, if no one else will :p

 

Rich

 



---

Rich Milburn

MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field
Platform

Development Applebee's International, Inc.

4551 W. 107th St

Overland Park,
 KS 66207

913-967-2819



---

"I am always doing that which I can not do, in order that I may
learn how to

do it." - Pablo Picasso -Original Message-

From: [EMAIL PROTECTED]

[mailto:[EMAIL PROTECTED] On Behalf Of joe

Sent: Monday, March 07, 2005 9:46 PM

To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] Active Directory and LDAP

 

What can I say... I didn't win the Lotto. :) 

 

It seems more and more like I am going to have to actually earn my
first

million.

 

   joe

 

-Original Message-

From: [EMAIL PROTECTED]

[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan

Sent: Monday, March 07, 2005 10:14 PM

To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] Active Directory and LDAP

 

" The Cat Book rocks. Actually I should get royalties for that one
too, I

have made a bunch of people buy it"

 

 

Here we go again

 

-rtk

 

P.S  :p

 

 

-Original Message-

From: [EMAIL PROTECTED]

[mailto:[EMAIL PROTECTED] On Behalf Of joe

Sent: Monday, March 07, 2005 11:11 AM

To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] Active Directory and LDAP

 

Hey now... Don't forget about Alistair. He did that first edition
himself

and did it well. :)

 

The Cat Book rocks. Actually I should get royalties for that one too, I
have

made a bunch of people buy it and have bought and given away multiple
copies

myself. I still have my first copy though it is quite dog-eared and I
put

laminating plastic on the covers so they wouldn't get too torn up. 

 

Here is the actual AD Org Books link -

http://www.activedir.org/Books.aspx ,

actually it would be kind of cool if we could rate them. How about it
Tony?

Have a couple of fields for each, number of people who have the book,
number

of people who recommend it, number of people who don't recommend it. 

 

I am surprised AD Developers Reference Library by Iseminger is on the
list.

That is a great book but wouldn't expect a lot of the list users to
have

read it. I recall reading it back in like 2001 or so and getting a bit

scared at what a really pissed off AD programmer could pull off. 

 

 

  joe

 

 

-Original Message-

From: [EMAIL PROTECTED]

[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al

Sent: Monday, March 07, 2005 11:58 AM

To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] Active Directory and LDAP

 

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of

LDAP.  That simplifies a lot of things for me.  However, there is more
to it

than that and the books you ordered should help in clarifying that.  

 

You don't need to know LDAP to make AD work, but it helps.  It's a
great

help to me to understand the differences between Microsoft's AD and
Sun's

implementation of LDAP or IBM's implementation or any of the others for
the

basics.  

 

When you start getting into managing the directory and the objects in
the

directory, Microsoft really differentiates itself with GPO's and the

multi-master replicat

RE: :: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

[joe]

LOL. 

I have been gathering all of the various ideas together over the years for
applications into one place. I am sort of gathering ideas and posts I have
written too in hopes I can slap that stuff together and come up with some
sort of book.

I don't expect writing a techy book is the way to riches and fame though. I
doubt I will get the penetration in the market of say a Da Vinci Code or a
Harry Potter though maybe if I tried to call it Harry Potter and the miracle
of Active Directory

   joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, March 08, 2005 9:18 AM
To: ActiveDir@mail.activedir.org
Subject: :: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

1,000,000.00 - 3.00 = the first step taken and a down payment on a
Starbuck's coffee :) 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Tuesday, March 08, 2005 9:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Joe - 

Write. A. Book.

Your own.

I'll buy it, if no one else will :p

Rich


---
Rich Milburn
MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform
Development Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819

---
"I am always doing that which I can not do, in order that I may learn how to
do it." - Pablo Picasso -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 9:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

What can I say... I didn't win the Lotto. :) 

It seems more and more like I am going to have to actually earn my first
million.

   joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 10:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

" The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it"


Here we go again

-rtk

P.S  :p


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec

RE: [ActiveDir] Active Directory and LDAP

[Myrick, Todd (NIH/CC/DNA)]

Agreed, and with ADAM and MIIS in the mix, I am sure solutions that
incorporate them as well would be useful.  Robbie was looking for
suggestions on an ADAM Cookbook or Missing Manual.  Could be an interesting
collaboration, of course that would require the 28th hour of the day.

Todd

-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 07, 2005 4:28 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Yeah, I don't own the rights , but I might be able to get them. I'll have to
look into it.

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 2:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Probably depends on his agreement with the publisher on whether he can
do it
or not. Gil may not own the rights to the book to do this even if he
wants
to. Personally I think he should update it and sell it. The first time
around it was pretty early in the AD world without a huge number of
adopters. Different market now.

  joe 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Monday, March 07, 2005 2:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

If it's out of print, Gil should just make the PDF available free to
list
members online... :-) Unless of course, he's planning to actually DO
those
reprints and make some money off of them...


**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of joe
> Sent: Monday, March 07, 2005 9:39 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> I recommend your book a lot as well, in fact there is at least one 
> list member that has been trying to buy the darn thing based on my 
> recommendation but can't find it anywhere I have pointed at a 
> couple of resources, it was actually ordered from one resource (ebay) 
> and the member got a note back saying, oh sorry, I haven't had that in

> stock for over a year So get with it Gil! Reprints! And don't 
> forget about getting me royalties for people I send that way. ;oP
> 
> Anyway, for this person, I am not sure throwing them into AD 
> programming book is the best course at least initially. :o)  It is 
> like someone who wants to use kerberos and you point them at the MIT 
> dist.
> 
>   joe
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Gil 
> Kirkpatrick
> Sent: Monday, March 07, 2005 12:19 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Aww, man... How come my book isn't up there?
> 
> -gil
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of joe
> Sent: Monday, March 07, 2005 10:11 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Hey now... Don't forget about Alistair. He did that first edition 
> himself and did it well. :)
> 
> The Cat Book rocks. Actually I should get royalties for that one too, 
> I have made a bunch of people buy it and have bought and given away 
> multiple copies myself. I still have my first copy though it is quite 
> dog-eared and I put laminating plastic on the covers so they wouldn't 
> get too torn up.
> 
> Here is the actual AD Org Books link - 
> http://www.activedir.org/Books.aspx , actually it would be kind of 
> cool if we could rate them. How about it Tony?
> Have a couple of fields for each, number of people who have the book, 
> number of people who recommend it, number of people who don't 
> recommend it.
> 
> I am surprised AD Developers Reference Library by Iseminger is on the 
> list.
> That is a great book but wouldn't expect a lot of the list users to 
> have read it. I recall reading it back in like 2001 or so and getting 
> a bit scared at what a really pissed off AD programmer could pull off.
> 
> 
>   joe
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
> Sent: Monday, March 07, 2005 11:58 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Personally?  I like to think of AD as a GUI to Microsoft's 
> implementation of LDAP.  That simplifies a lot of things for me.  
> However, there is more to it than that and the books you ordered 
> should help in clarify

RE: [ActiveDir] Active Directory and LDAP

[Kenny Mann]

By domain I mean domain names.
Two of which are etherpunk.com and set-con.org (just to give some
examples).

To be honest, I really don't know what I'm after. I'm kinda just playing
around doing two things. Making my life easier to manage these things
for my friends / family and learning stuff that (hopefully) will get me
experience at corporate level stuff.

Wow, AD/AM seems *really* cool and worth a couple weeks of play time. =)

Thanks!


Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 9:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Oh Kenny, something I intended to mention but forgot to... 

You mention your "hobby" of spinning up new domains, etc. By domain do
you mean a new Windows NT Authentication Realm or Kerberos Realm or just
a new LDAP Hierarchy?

If the latter, AD/AM can be quite useful here as well since you can have
multiple writeable partitions with completely different roots. In AD if
you need a new root, you need to spin up another domain tree which means
a whole other machine (virtual or real).

For instance, here is one of my Adam test instances


F:\Dev\CPP\AdMod>adfind -h . -b -s base namingcontexts

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: 2k38500
Directory: Active Directory Application Mode

dn:
>namingContexts: 
>CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts:
CN=Schema,CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts: DC=adam,DC=joeware2,DC=net
>namingContexts: DC=joe,DC=local
>namingContexts: CN=testcontainer


1 Objects returned


You will note the standard config and schema NCs. But I also have 3
other writeable NCs each with a different root.
DC=adam,DC=joeware2,DC=net - DC=joe,DC=local - CN=testcontainer.

That last "CN=testcontainer" can't be done on AD.

To create a new NC you simply do an object add. I believe you can use
any container type objectclass for the NC root. So I could spin up a new
NC that was say an organizational unit on a given server and port like
so

admod -h server:port -b ou=newroot objectclass::organizationalunit
instancetype::5 -betaadd


F:\Dev\CPP\AdMod>admod -h 2k38500:389 -b ou=newroot
objectclass::organizationalunit instancetype::5 -betaadd

AdMod V01.03.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

DN Count: 1
Using server: 2k38500
Adding specified objects...
   DN: ou=newroot...

The command completed successfully


[Mon 03/07/2005 22:46:59.73]
F:\Dev\CPP\AdMod>adfind -h . -b -s base namingcontexts

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: 2k38500
Directory: Active Directory Application Mode

dn:
>namingContexts: 
>CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts:
CN=Schema,CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts: DC=adam,DC=joeware2,DC=net
>namingContexts: DC=joe,DC=local
>namingContexts: CN=testcontainer
>namingContexts: OU=newroot


1 Objects returned

[Mon 03/07/2005 22:47:05.60]
F:\Dev\CPP\AdMod>adfind -h . -b ou=newroot -dn

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: 2k38500
Directory: Active Directory Application Mode

dn:OU=newroot
dn:CN=LostAndFound,OU=newroot
dn:CN=NTDS Quotas,OU=newroot
dn:CN=Roles,OU=newroot
dn:CN=Administrators,CN=Roles,OU=newroot
dn:CN=Users,CN=Roles,OU=newroot
dn:CN=Readers,CN=Roles,OU=newroot

7 Objects returned

[Mon 03/07/2005 22:47:26.52]
F:\Dev\CPP\AdMod>




  joe



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 4:20 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

AD/AM is primarily just the LDAP directory part of AD. It doesn't do
kerberos nor the NSPI stuff. So if you want to play say with Exchange
you have to go to AD. If you want to kerberize authentications, you need
AD. 

If you are simply playing with adding/removing/reading/querying data for
users in a directory, AD/AM should be fine for you. It is generally
easier to play with because you don't have the DNS requirements behind
it and there is basically less to break down and cause issues. It is
really nice because you don't have much worry about updating the schema
as you can quickly wipe out the instance and rebuild it or you could
have multiple instances running on one single machine listening on
different ports, etc. 

If you want to learn all about Windows domain functionality, load AD. If
you just want to learn the LDAP pieces, get AD/AM. 




   joe



 

-Original Message
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 2:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active 

:: Horribly OT :: RE: [ActiveDir] Active Directory and LDAP

[Mulnick, Al]

1,000,000.00 - 3.00 = the first step taken and a down payment on a
Starbuck's coffee :) 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Tuesday, March 08, 2005 9:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Joe - 

Write. A. Book.

Your own.

I'll buy it, if no one else will :p

Rich


---
Rich Milburn
MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform
Development Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819

---
"I am always doing that which I can not do, in order that I may learn how to
do it." - Pablo Picasso -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 9:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

What can I say... I didn't win the Lotto. :) 

It seems more and more like I am going to have to actually earn my first
million.

   joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 10:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

" The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it"


Here we go again

-rtk

P.S  :p


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Per

RE: [ActiveDir] Active Directory and LDAP

[Rich Milburn]

Joe - 

Write. A. Book.

Your own.

I'll buy it, if no one else will :p

Rich


---
Rich Milburn
MCSE, Microsoft MVP - Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819

---
"I am always doing that which I can not do, in order that I may learn
how to do it." - Pablo Picasso
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 9:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

What can I say... I didn't win the Lotto. :) 

It seems more and more like I am going to have to actually earn my first
million.

   joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 10:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

" The Cat Book rocks. Actually I should get royalties for that one too,
I
have made a bunch of people buy it"


Here we go again

-rtk

P.S  :p


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics.  

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info

RE: [ActiveDir] Active Directory and LDAP

[Rick Kingslan]

I'm glad to hear that it's finally dawned on you that you're more like the
rest of us than you want to admit

Actually have to EARN your first million  Yeah.  I suspect you're closer
than I am.

Yur killin' me, joe.

;o)

-rtk

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 9:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

What can I say... I didn't win the Lotto. :) 

It seems more and more like I am going to have to actually earn my first
million.

   joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 10:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

" The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it"


Here we go again

-rtk

P.S  :p


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link - http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:

RE: [ActiveDir] Active Directory and LDAP

[Gil Kirkpatrick]

Ahh, my ego has been assuaged... :)
 
You're welcome!



From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Mon 3/7/2005 8:25 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP



Oh, and mine's signed!  Thanks again, Gil!

:)

-rtk

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 9:16 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

It's the best Nuts and bolts book on programming to AD that I've got on the
shelf.

"Active Directory Programming" by Gil Kirkpatrick

-rtk

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up.

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it.

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off.


  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that. 

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics. 

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure. 

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app.

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org


Al


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the
archives.
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archi

RE: [ActiveDir] Active Directory and LDAP

[joe]

What can I say... I didn't win the Lotto. :) 

It seems more and more like I am going to have to actually earn my first
million.

   joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 10:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

" The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it"


Here we go again

-rtk

P.S  :p


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link - http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[joe]

Oh Kenny, something I intended to mention but forgot to... 

You mention your "hobby" of spinning up new domains, etc. By domain do you
mean a new Windows NT Authentication Realm or Kerberos Realm or just a new
LDAP Hierarchy?

If the latter, AD/AM can be quite useful here as well since you can have
multiple writeable partitions with completely different roots. In AD if you
need a new root, you need to spin up another domain tree which means a whole
other machine (virtual or real).

For instance, here is one of my Adam test instances


F:\Dev\CPP\AdMod>adfind -h . -b -s base namingcontexts

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: 2k38500
Directory: Active Directory Application Mode

dn:
>namingContexts: CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts:
CN=Schema,CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts: DC=adam,DC=joeware2,DC=net
>namingContexts: DC=joe,DC=local
>namingContexts: CN=testcontainer


1 Objects returned


You will note the standard config and schema NCs. But I also have 3 other
writeable NCs each with a different root. DC=adam,DC=joeware2,DC=net -
DC=joe,DC=local - CN=testcontainer.

That last "CN=testcontainer" can't be done on AD.

To create a new NC you simply do an object add. I believe you can use any
container type objectclass for the NC root. So I could spin up a new NC that
was say an organizational unit on a given server and port like so

admod -h server:port -b ou=newroot objectclass::organizationalunit
instancetype::5 -betaadd


F:\Dev\CPP\AdMod>admod -h 2k38500:389 -b ou=newroot
objectclass::organizationalunit instancetype::5 -betaadd

AdMod V01.03.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

DN Count: 1
Using server: 2k38500
Adding specified objects...
   DN: ou=newroot...

The command completed successfully


[Mon 03/07/2005 22:46:59.73]
F:\Dev\CPP\AdMod>adfind -h . -b -s base namingcontexts

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: 2k38500
Directory: Active Directory Application Mode

dn:
>namingContexts: CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts:
CN=Schema,CN=Configuration,CN={3BF96A23-C621-442F-8FA4-46452D708C97}
>namingContexts: DC=adam,DC=joeware2,DC=net
>namingContexts: DC=joe,DC=local
>namingContexts: CN=testcontainer
>namingContexts: OU=newroot


1 Objects returned

[Mon 03/07/2005 22:47:05.60]
F:\Dev\CPP\AdMod>adfind -h . -b ou=newroot -dn

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005

Using server: 2k38500
Directory: Active Directory Application Mode

dn:OU=newroot
dn:CN=LostAndFound,OU=newroot
dn:CN=NTDS Quotas,OU=newroot
dn:CN=Roles,OU=newroot
dn:CN=Administrators,CN=Roles,OU=newroot
dn:CN=Users,CN=Roles,OU=newroot
dn:CN=Readers,CN=Roles,OU=newroot

7 Objects returned

[Mon 03/07/2005 22:47:26.52]
F:\Dev\CPP\AdMod>




  joe



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 4:20 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

AD/AM is primarily just the LDAP directory part of AD. It doesn't do
kerberos nor the NSPI stuff. So if you want to play say with Exchange you
have to go to AD. If you want to kerberize authentications, you need AD. 

If you are simply playing with adding/removing/reading/querying data for
users in a directory, AD/AM should be fine for you. It is generally easier
to play with because you don't have the DNS requirements behind it and there
is basically less to break down and cause issues. It is really nice because
you don't have much worry about updating the schema as you can quickly wipe
out the instance and rebuild it or you could have multiple instances running
on one single machine listening on different ports, etc. 

If you want to learn all about Windows domain functionality, load AD. If you
just want to learn the LDAP pieces, get AD/AM. 




   joe



 

-Original Message
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 2:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I'll probably want programmer side later, when I understand what I'm doing.

BTW, someone posted this link:
http://www.microsoft.com/windowsserver2003/adam/default.mspx
Here is Microsoft's definition:
Windows Server 2003 Active Directory Application Mode

For organizations that require flexible support for directory-enabled
applications, Microsoft has developed Active Directory(r) Application Mode
(ADAM). ADAM is a Lightweight Directory Access Protocol (LDAP) directory
service that runs as a user service, rather than as a system service. Active
Directory Application Mode represents a breakthrough in directory services
technology that provides flexibil

RE: [ActiveDir] Active Directory and LDAP

[Rick Kingslan]

Oh, and mine's signed!  Thanks again, Gil!

:)

-rtk

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 9:16 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

It's the best Nuts and bolts book on programming to AD that I've got on the
shelf.

"Active Directory Programming" by Gil Kirkpatrick

-rtk

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics.  

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activ

RE: [ActiveDir] Active Directory and LDAP

[Rick Kingslan]

It's the best Nuts and bolts book on programming to AD that I've got on the
shelf.

"Active Directory Programming" by Gil Kirkpatrick

-rtk

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics.  

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Rick Kingslan]

" The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it"


Here we go again

-rtk

P.S  :p


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link - http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Gil Kirkpatrick]

Yeah, I don't own the rights , but I might be able to get them. I'll have to
look into it.

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 2:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Probably depends on his agreement with the publisher on whether he can
do it
or not. Gil may not own the rights to the book to do this even if he
wants
to. Personally I think he should update it and sell it. The first time
around it was pretty early in the AD world without a huge number of
adopters. Different market now.

  joe 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Monday, March 07, 2005 2:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

If it's out of print, Gil should just make the PDF available free to
list
members online... :-) Unless of course, he's planning to actually DO
those
reprints and make some money off of them...


**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of joe
> Sent: Monday, March 07, 2005 9:39 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> I recommend your book a lot as well, in fact there is at least one 
> list member that has been trying to buy the darn thing based on my 
> recommendation but can't find it anywhere I have pointed at a 
> couple of resources, it was actually ordered from one resource (ebay) 
> and the member got a note back saying, oh sorry, I haven't had that in

> stock for over a year So get with it Gil! Reprints! And don't 
> forget about getting me royalties for people I send that way. ;oP
> 
> Anyway, for this person, I am not sure throwing them into AD 
> programming book is the best course at least initially. :o)  It is 
> like someone who wants to use kerberos and you point them at the MIT 
> dist.
> 
>   joe
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Gil 
> Kirkpatrick
> Sent: Monday, March 07, 2005 12:19 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Aww, man... How come my book isn't up there?
> 
> -gil
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of joe
> Sent: Monday, March 07, 2005 10:11 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Hey now... Don't forget about Alistair. He did that first edition 
> himself and did it well. :)
> 
> The Cat Book rocks. Actually I should get royalties for that one too, 
> I have made a bunch of people buy it and have bought and given away 
> multiple copies myself. I still have my first copy though it is quite 
> dog-eared and I put laminating plastic on the covers so they wouldn't 
> get too torn up.
> 
> Here is the actual AD Org Books link - 
> http://www.activedir.org/Books.aspx , actually it would be kind of 
> cool if we could rate them. How about it Tony?
> Have a couple of fields for each, number of people who have the book, 
> number of people who recommend it, number of people who don't 
> recommend it.
> 
> I am surprised AD Developers Reference Library by Iseminger is on the 
> list.
> That is a great book but wouldn't expect a lot of the list users to 
> have read it. I recall reading it back in like 2001 or so and getting 
> a bit scared at what a really pissed off AD programmer could pull off.
> 
> 
>   joe
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
> Sent: Monday, March 07, 2005 11:58 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Personally?  I like to think of AD as a GUI to Microsoft's 
> implementation of LDAP.  That simplifies a lot of things for me.  
> However, there is more to it than that and the books you ordered 
> should help in clarifying that.
> 
> You don't need to know LDAP to make AD work, but it helps.  
> It's a great
> help to me to understand the differences between Microsoft's AD and 
> Sun's implementation of LDAP or IBM's implementation or any of the 
> others for the basics.
> 
> When you start getting into managing the directory and the objects in 
> the directory, Microsoft really differentiates itself with GPO's and 
> the multi-master repl

RE: [ActiveDir] Active Directory and LDAP

[joe]

Probably depends on his agreement with the publisher on whether he can do it
or not. Gil may not own the rights to the book to do this even if he wants
to. Personally I think he should update it and sell it. The first time
around it was pretty early in the AD world without a huge number of
adopters. Different market now.

  joe 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Monday, March 07, 2005 2:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

If it's out of print, Gil should just make the PDF available free to list
members online... :-) Unless of course, he's planning to actually DO those
reprints and make some money off of them...


**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of joe
> Sent: Monday, March 07, 2005 9:39 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> I recommend your book a lot as well, in fact there is at least one 
> list member that has been trying to buy the darn thing based on my 
> recommendation but can't find it anywhere I have pointed at a 
> couple of resources, it was actually ordered from one resource (ebay) 
> and the member got a note back saying, oh sorry, I haven't had that in 
> stock for over a year So get with it Gil! Reprints! And don't 
> forget about getting me royalties for people I send that way. ;oP
> 
> Anyway, for this person, I am not sure throwing them into AD 
> programming book is the best course at least initially. :o)  It is 
> like someone who wants to use kerberos and you point them at the MIT 
> dist.
> 
>   joe
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Gil 
> Kirkpatrick
> Sent: Monday, March 07, 2005 12:19 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Aww, man... How come my book isn't up there?
> 
> -gil
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of joe
> Sent: Monday, March 07, 2005 10:11 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Hey now... Don't forget about Alistair. He did that first edition 
> himself and did it well. :)
> 
> The Cat Book rocks. Actually I should get royalties for that one too, 
> I have made a bunch of people buy it and have bought and given away 
> multiple copies myself. I still have my first copy though it is quite 
> dog-eared and I put laminating plastic on the covers so they wouldn't 
> get too torn up.
> 
> Here is the actual AD Org Books link - 
> http://www.activedir.org/Books.aspx , actually it would be kind of 
> cool if we could rate them. How about it Tony?
> Have a couple of fields for each, number of people who have the book, 
> number of people who recommend it, number of people who don't 
> recommend it.
> 
> I am surprised AD Developers Reference Library by Iseminger is on the 
> list.
> That is a great book but wouldn't expect a lot of the list users to 
> have read it. I recall reading it back in like 2001 or so and getting 
> a bit scared at what a really pissed off AD programmer could pull off.
> 
> 
>   joe
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
> Sent: Monday, March 07, 2005 11:58 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Personally?  I like to think of AD as a GUI to Microsoft's 
> implementation of LDAP.  That simplifies a lot of things for me.  
> However, there is more to it than that and the books you ordered 
> should help in clarifying that.
> 
> You don't need to know LDAP to make AD work, but it helps.  
> It's a great
> help to me to understand the differences between Microsoft's AD and 
> Sun's implementation of LDAP or IBM's implementation or any of the 
> others for the basics.
> 
> When you start getting into managing the directory and the objects in 
> the directory, Microsoft really differentiates itself with GPO's and 
> the multi-master replication and the tools to support the 
> infrastructure.
> 
> As you're looking at this, remember that name resolution is one of the 
> most important things you can deal with when making AD a solid 
> enterprise app.
> 
> The book from O'Reilly sounds like Robbie's book.  I haven't re

RE: [ActiveDir] Active Directory and LDAP

[joe]

AD/AM is primarily just the LDAP directory part of AD. It doesn't do
kerberos nor the NSPI stuff. So if you want to play say with Exchange you
have to go to AD. If you want to kerberize authentications, you need AD. 

If you are simply playing with adding/removing/reading/querying data for
users in a directory, AD/AM should be fine for you. It is generally easier
to play with because you don't have the DNS requirements behind it and there
is basically less to break down and cause issues. It is really nice because
you don't have much worry about updating the schema as you can quickly wipe
out the instance and rebuild it or you could have multiple instances running
on one single machine listening on different ports, etc. 

If you want to learn all about Windows domain functionality, load AD. If you
just want to learn the LDAP pieces, get AD/AM. 




   joe



 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 2:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I'll probably want programmer side later, when I understand what I'm doing.

BTW, someone posted this link:
http://www.microsoft.com/windowsserver2003/adam/default.mspx
Here is Microsoft's definition:
Windows Server 2003 Active Directory Application Mode

For organizations that require flexible support for directory-enabled
applications, Microsoft has developed Active Directory(r) Application Mode
(ADAM). ADAM is a Lightweight Directory Access Protocol (LDAP) directory
service that runs as a user service, rather than as a system service. Active
Directory Application Mode represents a breakthrough in directory services
technology that provides flexibility and helps organizations avoid increased
infrastructure costs.

My interpreation is:
We use LDAP and some other common nifty stuff, but also have our usual
secret sauce that makes it special.
So, I would then assume that LDAP is a specific section of AD and other
parts can (and probably are/will) be included in most domains.
I guess my next step is to get a 2k3 active directory book and figure out
the different parts of it and get more books from there as needed.

Right now I'm assuming I don't know jack about AD aside from what the GUI
shows (and even then...) and I know AD is allot more powerful that what I'm
using it for where I work.

/curious george mode engages


As for my personal hobby at home, I just want the easiest thing to manage. I
sometimes add a domain, sometimes a user, sometimes an alias.
The reason LDAP appealed to me was that a domain is the root. A user is
under that, and the user's special things (like having SSH access, or their
own website) could be implemented easily through that (given I wrote some
code or did some special things...).


Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Stella has been scrounging the dusty antiquarian bookshops in New York and
London and has managed to snag a few copies. We'll have a handful of my
books available at DEC. For some reason Pearson never wanted to do a 2nd
edition. What a bunch of poopy-heads (according to my 4 year old).

Yeah, it doesn't sound like Kenny is looking for the programmers end of
things.

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I recommend your book a lot as well, in fact there is at least one list
member that has been trying to buy the darn thing based on my recommendation
but can't find it anywhere I have pointed at a couple of resources, it
was actually ordered from one resource (ebay) and the member got a note back
saying, oh sorry, I haven't had that in stock for over a year So get
with it Gil! Reprints! And don't forget about getting me royalties for
people I send that way. ;oP

Anyway, for this person, I am not sure throwing them into AD programming
book is the best course at least initially. :o)  It is like someone who
wants to use kerberos and you point them at the MIT dist. 

  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edi

RE: [ActiveDir] Active Directory and LDAP

[Kenny Mann]

Ah, thank you for pointing that out.
I did confused them.

Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 2:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hmm... Although based on the same technology, don't confuse ADAM with
AD.
ADAM is the lightweight version of AD technology.  I.E. it's an LDAP
server vs. an identification, authentication, and authorization
infrastructure (aka special sauce ingredients). 

Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 2:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I'll probably want programmer side later, when I understand what I'm
doing.

BTW, someone posted this link:
http://www.microsoft.com/windowsserver2003/adam/default.mspx
Here is Microsoft's definition:
Windows Server 2003 Active Directory Application Mode

For organizations that require flexible support for directory-enabled
applications, Microsoft has developed Active Directory(r) Application
Mode (ADAM). ADAM is a Lightweight Directory Access Protocol (LDAP)
directory service that runs as a user service, rather than as a system
service. Active Directory Application Mode represents a breakthrough in
directory services technology that provides flexibility and helps
organizations avoid increased infrastructure costs.

My interpreation is:
We use LDAP and some other common nifty stuff, but also have our usual
secret sauce that makes it special.
So, I would then assume that LDAP is a specific section of AD and other
parts can (and probably are/will) be included in most domains.
I guess my next step is to get a 2k3 active directory book and figure
out the different parts of it and get more books from there as needed.

Right now I'm assuming I don't know jack about AD aside from what the
GUI shows (and even then...) and I know AD is allot more powerful that
what I'm using it for where I work.

/curious george mode engages


As for my personal hobby at home, I just want the easiest thing to
manage. I sometimes add a domain, sometimes a user, sometimes an alias.
The reason LDAP appealed to me was that a domain is the root. A user is
under that, and the user's special things (like having SSH access, or
their own website) could be implemented easily through that (given I
wrote some code or did some special things...).


Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Stella has been scrounging the dusty antiquarian bookshops in New York
and London and has managed to snag a few copies. We'll have a handful of
my books available at DEC. For some reason Pearson never wanted to do a
2nd edition. What a bunch of poopy-heads (according to my 4 year old).

Yeah, it doesn't sound like Kenny is looking for the programmers end of
things.

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I recommend your book a lot as well, in fact there is at least one list
member that has been trying to buy the darn thing based on my
recommendation but can't find it anywhere I have pointed at a couple
of resources, it was actually ordered from one resource (ebay) and the
member got a note back saying, oh sorry, I haven't had that in stock for
over a year So get with it Gil! Reprints! And don't forget about
getting me royalties for people I send that way. ;oP

Anyway, for this person, I am not sure throwing them into AD programming
book is the best course at least initially. :o)  It is like someone who
wants to use kerberos and you point them at the MIT dist. 

  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it and have bought and given away
multiple copies myself. I still have my first copy though it is quite
dog-eared and I put laminating plastic on the covers so they wouldn't
get too 

RE: [ActiveDir] Active Directory and LDAP

[Mulnick, Al]

Hmm... Although based on the same technology, don't confuse ADAM with AD.
ADAM is the lightweight version of AD technology.  I.E. it's an LDAP server
vs. an identification, authentication, and authorization infrastructure (aka
special sauce ingredients). 

Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 2:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I'll probably want programmer side later, when I understand what I'm doing.

BTW, someone posted this link:
http://www.microsoft.com/windowsserver2003/adam/default.mspx
Here is Microsoft's definition:
Windows Server 2003 Active Directory Application Mode

For organizations that require flexible support for directory-enabled
applications, Microsoft has developed Active Directory(r) Application Mode
(ADAM). ADAM is a Lightweight Directory Access Protocol (LDAP) directory
service that runs as a user service, rather than as a system service. Active
Directory Application Mode represents a breakthrough in directory services
technology that provides flexibility and helps organizations avoid increased
infrastructure costs.

My interpreation is:
We use LDAP and some other common nifty stuff, but also have our usual
secret sauce that makes it special.
So, I would then assume that LDAP is a specific section of AD and other
parts can (and probably are/will) be included in most domains.
I guess my next step is to get a 2k3 active directory book and figure out
the different parts of it and get more books from there as needed.

Right now I'm assuming I don't know jack about AD aside from what the GUI
shows (and even then...) and I know AD is allot more powerful that what I'm
using it for where I work.

/curious george mode engages


As for my personal hobby at home, I just want the easiest thing to manage. I
sometimes add a domain, sometimes a user, sometimes an alias.
The reason LDAP appealed to me was that a domain is the root. A user is
under that, and the user's special things (like having SSH access, or their
own website) could be implemented easily through that (given I wrote some
code or did some special things...).


Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Stella has been scrounging the dusty antiquarian bookshops in New York and
London and has managed to snag a few copies. We'll have a handful of my
books available at DEC. For some reason Pearson never wanted to do a 2nd
edition. What a bunch of poopy-heads (according to my 4 year old).

Yeah, it doesn't sound like Kenny is looking for the programmers end of
things.

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I recommend your book a lot as well, in fact there is at least one list
member that has been trying to buy the darn thing based on my recommendation
but can't find it anywhere I have pointed at a couple of resources, it
was actually ordered from one resource (ebay) and the member got a note back
saying, oh sorry, I haven't had that in stock for over a year So get
with it Gil! Reprints! And don't forget about getting me royalties for
people I send that way. ;oP

Anyway, for this person, I am not sure throwing them into AD programming
book is the best course at least initially. :o)  It is like someone who
wants to use kerberos and you point them at the MIT dist. 

  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who do

RE: [ActiveDir] Active Directory and LDAP

[Charlie Kaiser]

If it's out of print, Gil should just make the PDF available free to
list members online... :-)
Unless of course, he's planning to actually DO those reprints and make
some money off of them...


**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of joe
> Sent: Monday, March 07, 2005 9:39 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> I recommend your book a lot as well, in fact there is at 
> least one list
> member that has been trying to buy the darn thing based on my 
> recommendation
> but can't find it anywhere I have pointed at a couple of 
> resources, it
> was actually ordered from one resource (ebay) and the member 
> got a note back
> saying, oh sorry, I haven't had that in stock for over a 
> year So get
> with it Gil! Reprints! And don't forget about getting me royalties for
> people I send that way. ;oP
> 
> Anyway, for this person, I am not sure throwing them into AD 
> programming
> book is the best course at least initially. :o)  It is like 
> someone who
> wants to use kerberos and you point them at the MIT dist. 
> 
>   joe
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Gil 
> Kirkpatrick
> Sent: Monday, March 07, 2005 12:19 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Aww, man... How come my book isn't up there?
> 
> -gil 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of joe
> Sent: Monday, March 07, 2005 10:11 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Hey now... Don't forget about Alistair. He did that first 
> edition himself
> and did it well. :)
> 
> The Cat Book rocks. Actually I should get royalties for that 
> one too, I have
> made a bunch of people buy it and have bought and given away 
> multiple copies
> myself. I still have my first copy though it is quite 
> dog-eared and I put
> laminating plastic on the covers so they wouldn't get too torn up. 
> 
> Here is the actual AD Org Books link -
> http://www.activedir.org/Books.aspx ,
> actually it would be kind of cool if we could rate them. How 
> about it Tony?
> Have a couple of fields for each, number of people who have 
> the book, number
> of people who recommend it, number of people who don't recommend it. 
> 
> I am surprised AD Developers Reference Library by Iseminger 
> is on the list.
> That is a great book but wouldn't expect a lot of the list 
> users to have
> read it. I recall reading it back in like 2001 or so and getting a bit
> scared at what a really pissed off AD programmer could pull off. 
> 
> 
>   joe
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
> Sent: Monday, March 07, 2005 11:58 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Active Directory and LDAP
> 
> Personally?  I like to think of AD as a GUI to Microsoft's 
> implementation of
> LDAP.  That simplifies a lot of things for me.  However, 
> there is more to it
> than that and the books you ordered should help in clarifying that.  
> 
> You don't need to know LDAP to make AD work, but it helps.  
> It's a great
> help to me to understand the differences between Microsoft's 
> AD and Sun's
> implementation of LDAP or IBM's implementation or any of the 
> others for the
> basics.  
> 
> When you start getting into managing the directory and the 
> objects in the
> directory, Microsoft really differentiates itself with GPO's and the
> multi-master replication and the tools to support the 
> infrastructure.  
> 
> As you're looking at this, remember that name resolution is 
> one of the most
> important things you can deal with when making AD a solid 
> enterprise app. 
> 
> The book from O'Reilly sounds like Robbie's book.  I haven't 
> read it, but
> have heard good things about it (what can I say Robbie, I don't have a
> budget for it :)  If it's not Robbie's book for AD, then it 
> would be a good
> idea to grab that one as well.
> http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405
> 
> Sakari Kouti also has written a good book, called, "Inside 
> Active Directory"
> that would be worth picking up. http://www.kouti.com/
> 

RE: [ActiveDir] Active Directory and LDAP

[Kenny Mann]

I'll probably want programmer side later, when I understand what I'm
doing.

BTW, someone posted this link:
http://www.microsoft.com/windowsserver2003/adam/default.mspx
Here is Microsoft's definition:
Windows Server 2003 Active Directory Application Mode

For organizations that require flexible support for directory-enabled
applications, Microsoft has developed Active Directory(r) Application
Mode (ADAM). ADAM is a Lightweight Directory Access Protocol (LDAP)
directory service that runs as a user service, rather than as a system
service. Active Directory Application Mode represents a breakthrough in
directory services technology that provides flexibility and helps
organizations avoid increased infrastructure costs.

My interpreation is:
We use LDAP and some other common nifty stuff, but also have our usual
secret sauce that makes it special.
So, I would then assume that LDAP is a specific section of AD and other
parts can (and probably are/will) be included in most domains.
I guess my next step is to get a 2k3 active directory book and figure
out the different parts of it and get more books from there as needed.

Right now I'm assuming I don't know jack about AD aside from what the
GUI shows (and even then...) and I know AD is allot more powerful that
what I'm using it for where I work.

/curious george mode engages


As for my personal hobby at home, I just want the easiest thing to
manage. I sometimes add a domain, sometimes a user, sometimes an alias.
The reason LDAP appealed to me was that a domain is the root. A user is
under that, and the user's special things (like having SSH access, or
their own website) could be implemented easily through that (given I
wrote some code or did some special things...).


Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Stella has been scrounging the dusty antiquarian bookshops in New York
and London and has managed to snag a few copies. We'll have a handful of
my books available at DEC. For some reason Pearson never wanted to do a
2nd edition. What a bunch of poopy-heads (according to my 4 year old).

Yeah, it doesn't sound like Kenny is looking for the programmers end of
things.

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I recommend your book a lot as well, in fact there is at least one list
member that has been trying to buy the darn thing based on my
recommendation but can't find it anywhere I have pointed at a couple
of resources, it was actually ordered from one resource (ebay) and the
member got a note back saying, oh sorry, I haven't had that in stock for
over a year So get with it Gil! Reprints! And don't forget about
getting me royalties for people I send that way. ;oP

Anyway, for this person, I am not sure throwing them into AD programming
book is the best course at least initially. :o)  It is like someone who
wants to use kerberos and you point them at the MIT dist. 

  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it and have bought and given away
multiple copies myself. I still have my first copy though it is quite
dog-eared and I put laminating plastic on the covers so they wouldn't
get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number of people who recommend it, number of people who don't recommend
it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir

RE: [ActiveDir] Active Directory and LDAP

[Myrick, Todd (NIH/CC/DNA)]

One sorta word for you Gil...

PDF

Toddler

-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 07, 2005 12:56 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Stella has been scrounging the dusty antiquarian bookshops in New York
and London and has managed to snag a few copies. We'll have a handful of
my books available at DEC. For some reason Pearson never wanted to do a
2nd edition. What a bunch of poopy-heads (according to my 4 year old).

Yeah, it doesn't sound like Kenny is looking for the programmers end of
things.

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I recommend your book a lot as well, in fact there is at least one list
member that has been trying to buy the darn thing based on my
recommendation
but can't find it anywhere I have pointed at a couple of resources,
it
was actually ordered from one resource (ebay) and the member got a note
back
saying, oh sorry, I haven't had that in stock for over a year So get
with it Gil! Reprints! And don't forget about getting me royalties for
people I send that way. ;oP

Anyway, for this person, I am not sure throwing them into AD programming
book is the best course at least initially. :o)  It is like someone who
wants to use kerberos and you point them at the MIT dist. 

  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics.  

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP a

RE: [ActiveDir] Active Directory and LDAP

[Gil Kirkpatrick]

Stella has been scrounging the dusty antiquarian bookshops in New York
and London and has managed to snag a few copies. We'll have a handful of
my books available at DEC. For some reason Pearson never wanted to do a
2nd edition. What a bunch of poopy-heads (according to my 4 year old).

Yeah, it doesn't sound like Kenny is looking for the programmers end of
things.

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

I recommend your book a lot as well, in fact there is at least one list
member that has been trying to buy the darn thing based on my
recommendation
but can't find it anywhere I have pointed at a couple of resources,
it
was actually ordered from one resource (ebay) and the member got a note
back
saying, oh sorry, I haven't had that in stock for over a year So get
with it Gil! Reprints! And don't forget about getting me royalties for
people I send that way. ;oP

Anyway, for this person, I am not sure throwing them into AD programming
book is the best course at least initially. :o)  It is like someone who
wants to use kerberos and you point them at the MIT dist. 

  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics.  

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD
just a GUI for LDAP?
Perhaps there is a book

RE: [ActiveDir] Active Directory and LDAP

[Mulnick, Al]

Potatoe/Potato sort of thing.  

It is LDAP and it is an upgrade path from legacy systems such as WINNT.  

How you use it plays a part.  If you use it as a LDAP directory, then it
*is* a LDAP directory right?  If you use it as a WINNT 5.x domain, then it
*is* a WINNT 5.x domain.  

To say it's a GUI for ldap is one way to look at it as Gil alluded to; you
can maintain AD 95% of the time with command line (using built in tools) vs.
GUI.  It is LDAP at it's core with a lot of other features added on to make
it useable for new as well as legacy apps. 


Kind of like Apple OS is a GUI for BSD ;)

Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Monday, March 07, 2005 12:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

joe wrote:
> O'Reilly's Active Directory book is a good primer. That is the first 
> AD book I read (it was first edition back then though). Once you have 
> the basics down I would recommend moving into Active Directory 
> Cookbook also by O'Reilly and Inside Active Directory, 2e from 
> Addison-Wesley; both excellent books with very different goals.  The 
> cookbook gives you "recipes" for getting common tasks done. Inside AD 
> is a great book for understanding a lot of the details. It is probably 
> the only book I have tech reviewed where I was often saying... "Wow, I 
> didn't know that" followed quickly by, "How did Mika and Sakari get 
> this info?".
> 
It was my impression that AD is MS's version of a ldap dir sevice with
certain properitary schema to allow for MS specific objects/attributes and
Kerberos realms in place of domains to allow for transisitve trusts and
mutal auth with support for external domain trusts and ntlm only for
backwards compatibilty.
And aside from the schema additions and a different replication topolgy and
the way the dir is sliced and diced(config namming context,domain namming
context,etc), its a true ldap server no different from NDS or Open-LDAP.
Esp since win2k3 and the InterOrgPerson.
Am I totally off base here?
Its def not a gui for ldap but just a ldap server with those changes/mods




> Active Directory is the implementation of the Windows Domain 
> environment. It incorporates Kerberos and LDAP and other technologies 
> to provide domain and directory services.
> 
> I guess I can see where people could come to the same conclusion that 
> AD is simply a GUI, but it is much more than that and in fact, you 
> don't even have to use GUI tools to work on it, though for many it is 
> much easier to do so. I spend most of my AD time not in the GUI, 
> though others spend all of their AD time in the GUI. Depends on the 
> person and what they have to accomplish and what tools they have in 
> their toolbox to accomplish it.
> 
>   joe
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
> Sent: Monday, March 07, 2005 11:41 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Active Directory and LDAP
> 
> I don't understand LDAP and Active Directory as much as I should.
> So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
> I'm curious as to how much LDAP and Active Directory have in common.
> Is AD just a GUI for LDAP?
> Perhaps there is a book everyone here recommends or will my LDAP books 
> hopefully cover enough so I could be able to feel my way around Active 
> Directory good enough?
> 
> Doing a search with the word 'book' gives a ton of irrelvent searches 
> in the archives.
> I saw one book but it's out of print.
> 
> Kenny Mann
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Mulnick, Al]

Certainly didn't want to imply... 

Maybe it's time for the next book? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Yeah, well there's that... 

But that doesn't mean it isn't *good* :)

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 10:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

The one that's out of print?
http://www.amazon.com/gp/product/product-description/0672315874/103-8355
416-0173405?_encoding=UTF8&n=283155 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ  

RE: [ActiveDir] Active Directory and LDAP

[joe]

Simple to think out

You doing mostly reads of string data, go LDAP.
You doing mostly writes go SQL.

You want fast complicated adhoc queries, business rules, triggers, searching
of binary data, etc, go SQL.

To play with AD, you don't need to spin up a domain controller, go grab
AD/AM and play with it. The bar is much lower to play with it though the
tools to work with it aren't quite as nice yet - i.e. no ADUC.

http://www.microsoft.com/windowsserver2003/adam/default.mspx

 
  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 12:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Ahh, thank you very much (both of you).
Strange. Ad.org's site seems to noe be responding.
Here's the story.
As a personal hobby I run a a few domains.
I used the Gentoo Virtual Hosts setup. I'm currently writing my own but
that's besides the point.
It uses MySQL as a database.
I get curious and start poking around LDAP wondering if LDAP would be better
than MySQL.
I have a Windows 2003 AD at my place of employment, so I start poking around
to see some stuff and realize that any changes I make could break things.
So, I'm going to setup a Linux and Windows 2k3 test lab at home to play with
it.
Now I know I should get books on both LDAP and AD. Since I have some LDAP,
I'll start looking at AD books.

I really don't know what career I want in life, so I'm currently poking and
stabbing thigns just to learn and see what I like.

I really appreicate your advice!

Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx , actually it would be kind of cool if
we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.
However, there is more to it than that and the books you ordered should help
in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common

RE: [ActiveDir] Active Directory and LDAP

[joe]

I recommend your book a lot as well, in fact there is at least one list
member that has been trying to buy the darn thing based on my recommendation
but can't find it anywhere I have pointed at a couple of resources, it
was actually ordered from one resource (ebay) and the member got a note back
saying, oh sorry, I haven't had that in stock for over a year So get
with it Gil! Reprints! And don't forget about getting me royalties for
people I send that way. ;oP

Anyway, for this person, I am not sure throwing them into AD programming
book is the best course at least initially. :o)  It is like someone who
wants to use kerberos and you point them at the MIT dist. 

  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-arc

RE: [ActiveDir] Active Directory and LDAP

[Gil Kirkpatrick]

Yeah, well there's that... 

But that doesn't mean it isn't *good* :)

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 10:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

The one that's out of print?
http://www.amazon.com/gp/product/product-description/0672315874/103-8355
416-0173405?_encoding=UTF8&n=283155 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics.  

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http:/

RE: [ActiveDir] Active Directory and LDAP

[Kern, Tom]

joe wrote:
> O'Reilly's Active Directory book is a good primer. That is the first
> AD book I read (it was first edition back then though). Once you have
> the basics down I would recommend moving into Active Directory
> Cookbook also by O'Reilly and Inside Active Directory, 2e from
> Addison-Wesley; both excellent books with very different goals.  The
> cookbook gives you "recipes" for getting common tasks done. Inside AD
> is a great book for understanding a lot of the details. It is
> probably the only book I have tech reviewed where I was often
> saying... "Wow, I didn't know that" followed quickly by, "How did
> Mika and Sakari get this info?". 
> 
It was my impression that AD is MS's version of a ldap dir sevice with certain 
properitary schema to allow for MS specific objects/attributes and Kerberos 
realms in place of domains to allow for transisitve trusts and mutal auth with 
support for external domain trusts and ntlm only for backwards compatibilty.
And aside from the schema additions and a different replication topolgy and the 
way the dir is sliced and diced(config namming context,domain namming 
context,etc), its a true ldap server no different from NDS or Open-LDAP.
Esp since win2k3 and the InterOrgPerson.
Am I totally off base here?
Its def not a gui for ldap but just a ldap server with those changes/mods




> Active Directory is the implementation of the Windows Domain
> environment. It incorporates Kerberos and LDAP and other technologies
> to provide domain and directory services.
> 
> I guess I can see where people could come to the same conclusion that
> AD is simply a GUI, but it is much more than that and in fact, you
> don't even have to use GUI tools to work on it, though for many it is
> much easier to do so. I spend most of my AD time not in the GUI,
> though others spend all of their AD time in the GUI. Depends on the
> person and what they have to accomplish and what tools they have in
> their toolbox to accomplish it. 
> 
>   joe
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
> Sent: Monday, March 07, 2005 11:41 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Active Directory and LDAP
> 
> I don't understand LDAP and Active Directory as much as I should.
> So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
> I'm curious as to how much LDAP and Active Directory have in common.
> Is AD just a GUI for LDAP?
> Perhaps there is a book everyone here recommends or will my LDAP books
> hopefully cover enough so I could be able to feel my way around Active
> Directory good enough?
> 
> Doing a search with the word 'book' gives a ton of irrelvent searches
> in the archives.
> I saw one book but it's out of print.
> 
> Kenny Mann
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/ 
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/ 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Mulnick, Al]

Great way to do it.  

For what it's worth, anytime you're trying to decide between SQL-type DB's
and LDAP, the usual differentiator is how you intend to use it.  LDAP is
highly-optimized for read access.  SQL db's typically are more read/write
(compared) optimized since you inject data into them and then process it.
SQL db's also are useful for reporting and such.  

They're both DB's in the truest sense of the word.  Different intended uses.

Good luck,

Al  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 12:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Ahh, thank you very much (both of you).
Strange. Ad.org's site seems to noe be responding.
Here's the story.
As a personal hobby I run a a few domains.
I used the Gentoo Virtual Hosts setup. I'm currently writing my own but
that's besides the point.
It uses MySQL as a database.
I get curious and start poking around LDAP wondering if LDAP would be better
than MySQL.
I have a Windows 2003 AD at my place of employment, so I start poking around
to see some stuff and realize that any changes I make could break things.
So, I'm going to setup a Linux and Windows 2k3 test lab at home to play with
it.
Now I know I should get books on both LDAP and AD. Since I have some LDAP,
I'll start looking at AD books.

I really don't know what career I want in life, so I'm currently poking and
stabbing thigns just to learn and see what I like.

I really appreicate your advice!

Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx , actually it would be kind of cool if
we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.
However, there is more to it than that and the books you ordered should help
in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is 

RE: [ActiveDir] Active Directory and LDAP

[Kenny Mann]

Sorry, all three of you :-)
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:24 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Ahh, thank you very much (both of you).
Strange. Ad.org's site seems to noe be responding.
Here's the story.
As a personal hobby I run a a few domains.
I used the Gentoo Virtual Hosts setup. I'm currently writing my own but
that's besides the point.
It uses MySQL as a database.
I get curious and start poking around LDAP wondering if LDAP would be
better than MySQL.
I have a Windows 2003 AD at my place of employment, so I start poking
around to see some stuff and realize that any changes I make could break
things.
So, I'm going to setup a Linux and Windows 2k3 test lab at home to play
with it.
Now I know I should get books on both LDAP and AD. Since I have some
LDAP, I'll start looking at AD books.

I really don't know what career I want in life, so I'm currently poking
and stabbing thigns just to learn and see what I like.

I really appreicate your advice!

Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it and have bought and given away
multiple copies myself. I still have my first copy though it is quite
dog-eared and I put laminating plastic on the covers so they wouldn't
get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx , actually it would be kind of cool
if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book,
number of people who recommend it, number of people who don't recommend
it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of LDAP.  That simplifies a lot of things for me.
However, there is more to it than that and the books you ordered should
help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's implementation of LDAP or IBM's implementation or any of the
others for the basics.  

When you start getting into managing the directory and the objects in
the directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most important things you can deal with when making AD a solid
enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but have heard good things about it (what can I say Robbie, I don't have
a budget for it :)  If it's not Robbie's book for AD, then it would be a
good idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http

RE: [ActiveDir] Active Directory and LDAP

[Mulnick, Al]

The one that's out of print?
http://www.amazon.com/gp/product/product-description/0672315874/103-8355416-
0173405?_encoding=UTF8&n=283155 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Kenny Mann]

Ahh, thank you very much (both of you).
Strange. Ad.org's site seems to noe be responding.
Here's the story.
As a personal hobby I run a a few domains.
I used the Gentoo Virtual Hosts setup. I'm currently writing my own but
that's besides the point.
It uses MySQL as a database.
I get curious and start poking around LDAP wondering if LDAP would be
better than MySQL.
I have a Windows 2003 AD at my place of employment, so I start poking
around to see some stuff and realize that any changes I make could break
things.
So, I'm going to setup a Linux and Windows 2k3 test lab at home to play
with it.
Now I know I should get books on both LDAP and AD. Since I have some
LDAP, I'll start looking at AD books.

I really don't know what career I want in life, so I'm currently poking
and stabbing thigns just to learn and see what I like.

I really appreicate your advice!

Kenny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it and have bought and given away
multiple copies myself. I still have my first copy though it is quite
dog-eared and I put laminating plastic on the covers so they wouldn't
get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx , actually it would be kind of cool
if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book,
number of people who recommend it, number of people who don't recommend
it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of LDAP.  That simplifies a lot of things for me.
However, there is more to it than that and the books you ordered should
help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's implementation of LDAP or IBM's implementation or any of the
others for the basics.  

When you start getting into managing the directory and the objects in
the directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most important things you can deal with when making AD a solid
enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but have heard good things about it (what can I say Robbie, I don't have
a budget for it :)  If it's not Robbie's book for AD, then it would be a
good idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http:/

RE: [ActiveDir] Active Directory and LDAP

[Gil Kirkpatrick]

Aww, man... How come my book isn't up there?

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition
himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I
have
made a bunch of people buy it and have bought and given away multiple
copies
myself. I still have my first copy though it is quite dog-eared and I
put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link -
http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it
Tony?
Have a couple of fields for each, number of people who have the book,
number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the
list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's
implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more
to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and
Sun's
implementation of LDAP or IBM's implementation or any of the others for
the
basics.  

When you start getting into managing the directory and the objects in
the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the
most
important things you can deal with when making AD a solid enterprise
app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it,
but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a
good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active
Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Mulnick, Al]

Didn't forget, just haven't heard of it.  I will remember now though :) 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 12:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link - http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[joe]

Hey now... Don't forget about Alistair. He did that first edition himself
and did it well. :)

The Cat Book rocks. Actually I should get royalties for that one too, I have
made a bunch of people buy it and have bought and given away multiple copies
myself. I still have my first copy though it is quite dog-eared and I put
laminating plastic on the covers so they wouldn't get too torn up. 

Here is the actual AD Org Books link - http://www.activedir.org/Books.aspx ,
actually it would be kind of cool if we could rate them. How about it Tony?
Have a couple of fields for each, number of people who have the book, number
of people who recommend it, number of people who don't recommend it. 

I am surprised AD Developers Reference Library by Iseminger is on the list.
That is a great book but wouldn't expect a lot of the list users to have
read it. I recall reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Gil Kirkpatrick]

To get a basic understanding of what AD is and how it relates to LDAP,
see 

But briefly, Active Directory is a multi-master directory service that
is tightly integrated with the Windows security system. LDAP is a
standardized protocol that defines how programs on a network can
communicate with a directory server. Active Directory supports the LDAP
protocol, along with several other protocols, e.g. Kerberos, NTLM, etc.
Active Directory ships with several GUI based management programs, but
Active Directory is certainly not a "GUI for LDAP".

The "What is Active Directory" section of this doc:
http://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.
mspx is a pretty good overview.

This document describes Active Directory's LDAP compliance:
http://download.microsoft.com/download/d/c/8/dc83e0b8-fc2c-4af4-bd27-45b
5963ad98d/AD%20LDAP%20Compliance.doc.

-gil

Gil Kirkpatrick
CTO, NetPro
"To fly, flip away backhanded. Flat flip flies straight. Tilted flip
curves. Experiment!"


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 9:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is
AD just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in
the archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[joe]

O'Reilly's Active Directory book is a good primer. That is the first AD book
I read (it was first edition back then though). Once you have the basics
down I would recommend moving into Active Directory Cookbook also by
O'Reilly and Inside Active Directory, 2e from Addison-Wesley; both excellent
books with very different goals.  The cookbook gives you "recipes" for
getting common tasks done. Inside AD is a great book for understanding a lot
of the details. It is probably the only book I have tech reviewed where I
was often saying... "Wow, I didn't know that" followed quickly by, "How did
Mika and Sakari get this info?". 

Active Directory is the implementation of the Windows Domain environment. It
incorporates Kerberos and LDAP and other technologies to provide domain and
directory services.

I guess I can see where people could come to the same conclusion that AD is
simply a GUI, but it is much more than that and in fact, you don't even have
to use GUI tools to work on it, though for many it is much easier to do so.
I spend most of my AD time not in the GUI, though others spend all of their
AD time in the GUI. Depends on the person and what they have to accomplish
and what tools they have in their toolbox to accomplish it.

  joe



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and LDAP

[Mulnick, Al]

Personally?  I like to think of AD as a GUI to Microsoft's implementation of
LDAP.  That simplifies a lot of things for me.  However, there is more to it
than that and the books you ordered should help in clarifying that.  

You don't need to know LDAP to make AD work, but it helps.  It's a great
help to me to understand the differences between Microsoft's AD and Sun's
implementation of LDAP or IBM's implementation or any of the others for the
basics.  

When you start getting into managing the directory and the objects in the
directory, Microsoft really differentiates itself with GPO's and the
multi-master replication and the tools to support the infrastructure.  

As you're looking at this, remember that name resolution is one of the most
important things you can deal with when making AD a solid enterprise app. 

The book from O'Reilly sounds like Robbie's book.  I haven't read it, but
have heard good things about it (what can I say Robbie, I don't have a
budget for it :)  If it's not Robbie's book for AD, then it would be a good
idea to grab that one as well.
http://www.amazon.com/exec/obidos/ASIN/0596004664/103-8355416-0173405

Sakari Kouti also has written a good book, called, "Inside Active Directory"
that would be worth picking up. http://www.kouti.com/

You should be able to find some other information about books at
http://www.activedir.org 


Al
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kenny Mann
Sent: Monday, March 07, 2005 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory and LDAP

I don't understand LDAP and Active Directory as much as I should.
So, I've ordered 2 LDAP books (O'Reilly and another) to learn.
I'm curious as to how much LDAP and Active Directory have in common. Is AD
just a GUI for LDAP?
Perhaps there is a book everyone here recommends or will my LDAP books
hopefully cover enough so I could be able to feel my way around Active
Directory good enough?

Doing a search with the word 'book' gives a ton of irrelvent searches in the
archives. 
I saw one book but it's out of print.

Kenny Mann
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/