Anyone recommend a good book for Windows AD stuff? I find I may need to know a bit more, but here’s the special reasons:
I am not, nor to I intend to become, an AD admin. I have some standards. 
However, I do run an annoyingly complex DDI (DNS, DHCP, IPAM) system and it integrates with AD in several interesting ways… So I need to know more about AD terminology and such.
Any suggestions?
Suicide is a viable alternative to managing AD.
Good news for me is I just have to talk to the people that do!
I feel it is the moral choice to be understanding and offer counseling.
I can’t say that I know of any quick type books. I teach AD, and I’m pretty familiar with it, though, so maybe I can answer any specific questions you might have.
“What is it, and how does it work?”
More useful, I guess my focus is how it interacts with DNS and DHCP. We found an issue yesterday where no one knew we needed to add AD servers to an Access List that lets them update a DNS zone, which has been causing issues.
I’m used to Active Directory being where I control both DHCP and DNS. DNS is a pain to deal with once you start dealing with forward and reverse lookup zones. If you have a forward lookup zone, you need to have a matching reverse lookup zone. When you create a forward/reverse lookup zone, you will need to add an A or AAAA record for the DNS server on the network that you are looking to. An A record is the IP v4 address, the AAAA record is the IP v6 address.
My company basically hands off DNS/DHCP to the Network Team, so that’s devolved to me. And the hand-off from the guy that set it up was… brief. The basics I get: We use Infoblox which costs a large fortune but handles ‘DDI’ with tons of features. (DDI: DNS, DHCP, IPAM; IPAM: IP Address Management, I.E. replacing the Spreadsheet of IP Addresses most orgs have.) IB makes reverse zones easy and automates a few things that can be interesting. (For example, with IB you generally don’t make raw A records and PTR record, but use a Host record that is a combo of the two so the whole thing gets deleted at one time.
The issue I’m dealing with is AD seems to want to manage all these weird _ldap* SRV records that do various things. And I’m getting asked weird questions about them.
Looking at books: There is an Active Directory for Dummies book, but it looks outdated. O’reilly has a book on AD, but it looks outdated and is out of print. Packt has one, but not sure if there’s any value to it.
I might order the O’reilly one, as the local used book shop has copies for around $5.It’s 2012, but hopefully the basics apply. I’m just looking to be able to talk to my coworkers like I know what’s going on.
If it’s for 2012, you should be fine.
It’s worth a shot… $5 is not a huge investment, after all.
I also somehow missed that O’Reilly seems to be edging out of book publishing. It looks like they’re still doing some, but it’s definitely secondary to pushing training. Kind of a shame: some of their books are basically the gold standard for reference books for various IT topics.
Dangit. Just realized the copy I got only covers through 2003.
So, yes, bought a second used copy, but now paying about 4x as much for the 5th edition vs. the first edition. Still cheaper than new for something I don’t know I’ll use that much.
2008, 2012 and 2016 aren’t that far removed from 2003.
Sure here and there some things may have changed, but the basics remain the same.
Any AD install requires a properly working DNS. DHCP can be done by the AD server (recommended) or done by another DHCP device.
If DNS have an issue, or it is not working, then you will have allsorts of issues with AD.
I have inherited a server whose clients are NOT on AD or joined to the domain, and its DNS is not working. At least it is from a project that is winding down (but I’m not getting paid for that extra responsibility).
Want to take some time and see if I can get DNS to work.
Yeah, I’m coming at this from the DNS/DHCP side and would otherwise let the Microsoft stuff go it’s own way, but I’ve learned a few things to make it easier when integrating with my DNS environment. It’s still a slow process.
You can use a non-Microsoft DNS if you prefer: We use Infoblox, but that’s the expensive option.