Looking into some of the Active Directory administration tools can help to give you an idea of Active Directory, what data is in there, and what can be done programmatically.
The system administrator has many tools to enter new data, update data, and configure Active Directory:
- The Active Directory Users and Computers MMC snap-in is used to enter new users and update user data.
- The active Directory Sites and Services MMC snap-in is used to configure sites in a domain and for replication between these sites.
- The Active Directory Domains and Trusts MMC snap-in can be used to build up a trust relationship between domains in a tree.
- ADS! Edit is the editor for Active Directory, where every object can be viewed and edited.
To run ‘these tools on Windows Vista or Windows XP, you need to install Windows Server 2003 Admin Pack. ADSI Edit is available with the Windows Server 2003 Support tools.
The following sections get into the functionality of the tools Active Directory Users and Computers and ADSI, Edit because these tools are important in regard to creating applications using Active Directory.
Active Directory Users and Computers
The Active Directory Users and Computers/snap-in is the tool that system administrators use to manage users. Select Start > Programs > Administrative > Tools Active Directory Users and Computers to start this program (see Figure 46-4).
With this tool you can add new users, groups, contacts, organizational units, printers, shared folders, or computers, and modify existing ones. Figure 46-5 shows the attributes that can be entered for a user object: office, phone numbers, email addresses, Web pages, organization information, addresses, groups, and soon.
Active Directory Users and Computers can also be used in big enterprises with millions of objects. It’s not necessary to look through a list with a thousand objects, because you can select a custom filter to display only some of the objects. You can also perform an LDAP query to search for the objects in the enterprise. You explore these possibilities later in this chapter.
ADSI Edit is the editor of Active Directory, This tool is not installed automatically; on the Windows Server 2003 CD, you can find a directory named Support Tools. When the support tools are installed, you can access ADSI Edit by invoking the program adsiedit.mse.
ADS! Edit offers greater control than the Active Directory Users and Computers tool (see Figure 46-6); with ADSI Edit, everything can be configured, and you can also look at the schema and the configuration. This tool is not very intuitive to use, however, and it is very easy to enter wrong data.
By opening the properties window of an object, you can view and change every attribute of an object in Active Directory. With this tool, you can see mandatory and optional attributes, with their types and values (see Figure 46-7).