AD Explict tasks

8/7/2019 AD Explict tasks

1/16

Service Managemen Task

Schema management task

Installation managementtask

Operation Master rolemanagement task

LDAP Policy managementtask


2/16

Trust management task

Replication management

Task


3/16


4/16

Backup/Restore

Management task

Directory Database FileManangement task

Directory ServiceConfiguration Management

Tasks


5/16

DNS Management Tasks

Data Management

Group Management Tasks

Security Policy ManagementTasks

Organizational Unit (OU)Management Tasks


6/16

Computer Management

Tasks

User Account ManagementTasks


7/16


8/16

Print Queue ManagementTasks

Service Connection PointsManagement Tasks

Group Policy ManagementTasks


9/16

Sub-TaskCreate the first domain in a new tree in a new/existing forest

Create a child domain in an existing domain tree

Create a replica (additional Domain Controller)

Remove a replica

Demote the last Domain Controller in a child domain

Demote the last Domain Controller in a tree-root domain

Demote the last Domain Controller in a forest

Designate a Domain Controller as a Global Catalog

Undesignate a Domain Controller as a Global Catalog

Raise Forest Functionality Level

Raise Domain Functionality Level

Migrate SID-History

Create the first domain in a new tree in a new/existing forest

Create a child domain in an existing domain tree

Create a replica (additional Domain Controller)Enable Schema modification on a DC in the enterprise

Change the current Schema Master

Add a Class definition in the Schema

Add an Attribute definition in the Schema

Modify a Class definition in the Schema

Modify an Attribute definition in the Schema

Update the Schema cache on demand

Deactivate a Schema Class object /

Resurrect a deactivated Schema Class object

Deactivate an Attribute Class object /

Resurrect a deactivated Schema Attribute object

Make an attribute indexedAdd attributes to the ANR Set

Transfer the Schema Master Role

Transfer the Domain Naming Master Role

Transfer the RID Master Role

Transfer the PDC Emulator Master Role

Transfer the Infrastructure Master Role

Seize the Schema Master Role

Seize the Domain Naming Master Role

Seize the RID Master Role

Seize the PDC Emulator Master Role

Seize the Infrastructure Master Role

Configure the server to require all LDAP traffic to be signed

Create a new Query Policy object

Designate an attribute as a member of the partial attribute-set that is replicated to the Global Catalog

Remove an attribute from the partial attribute-set that isreplicated to the Global Catalog

Modify the LDAP admin limits associated with a query policyobject

Affect the LDAP query policies associated with a specific

Affect the LDAP query policies associated with all domaincontrollers in a site


10/16

Create a shortcut (cross-link) trust relationship

Create an external trust relationship

Create a non-Windows Kerberos realm trust relationship

Create an Outbound Forest TrustCreate an Inbound Forest Trust

Delete a shortcut (cross-link) trust relationship

Delete an external trust relationship

Delete a non-Windows Kerberos realm trust relationship

Delete a forest trust

Verify that a trust is working properly

Change the direction of a trust

Enable Name Suffix Routing (for a given suffix) in a forest

Disable Name Suffix Routing (for a given suffix) in a forest

Reset the trust passwords shared by a trust-pairForce the removal of a trust

Enable/Disable SID History on an outbound forest trust

Enable/Disable SID Filtering

Add/remove top-level names from a realm trust

Add/remove top-level name exclusions from a realm trust

Modify the transitivity of a realm-trust

Create a Site / Add a Site

Specify the location of a Site

Associate a Group Policy with a Site

Specify the maximum time (in seconds) that the server waitsfor the initial request before the connection closes

Specify the maximum number of concurrent LDAPconnections allowed on the server

Specify the maximum amount of time (in seconds) that theclient is allowed to be idle before the connection is closed

Specify the maximum number of concurrent search

operations allowed on the serverSpecify the maximum number of concurrent notificationrequests allowed per connection on the server

Specify the maximum number of objects the server willreturn to any single search request

Specify the maximum elapsed time (in seconds) allowed fora query to complete

Specify the limit (in candidate objects) of the temporarydatabase table the server might create for intermediateresults during the course of query

Specify the total amount of intermediate data that the serverwill store for the client between the individual searches that

make up a paged result search (in order to speed up thenext leg of the search)

Specify the maximum number of threads per processor thatcan be simultaneously allocated to answer LDAP requests

Specify the maximum size of datagrams that can bereceived by the server

Specify the maximum sized LDAP request (in bytes) that theserver will attempt to process

Add/Remove an exception to a name suffix for a givenforest trust

Enable Selective Authentication on an outboundforest/external trust

Enable/Disable placing of Name Suffix (Top Level Names)information on a realm trust


11/16

Modify Site Group Policy Options

Disable automatic topology generation for a site

Disable automatic topology cleanup for a site

Disable minimum hops topology for a site

Disable automatic stale server detection for a site

Disable automatic inter-site topology generation for a site

Disable Inbound Replication on a DC

Disable Outbound Replication on a DC

Delete a Site

Create a Subnet / Add a Subnet

Specify the location of a Subnet

Associate a Subnet with a Site

Delete a Subnet

Create a Site Link

Add/Remove sites to/from a Site Link

Modify the cost associated with a site link

Modify the replication schedule for a site linkDelete a Site Link

Create a Site Link bridge (object)

Add/Remove sites to/from a Site Link Bridge

Delete a Site Link bridge (object)

Create a Connection (object)

Take ownership of a KCC-generated connection objectManually set a schedule for connection objects

Enable/disable data compression for intersite replication

Delete a Connection (object)

Designate / Remove a preferred bridgehead server

Replace a failed Preferred Bridgehead Server

Specify a fixed-port for RPC-based replication

Force Replication Topology Generation

Force replication between two servers

Force a synchronization between two servers

Modify the replication period associated with a site link /Control link availability

Create a single bridge for the entire network / Turn off theBridge all site links option for IP/SMTP transport

Enable Reciprocal Replication between sites (only for IPtransport links)

Enable Change Notification between sites (only for IPtransport links)

Change the default setting for the intra-site replicationschedule within a site

Adjust default size of packets that transport Active Directoryreplication data

Increase the level of detail logged by the KCC in the event

Modify the interval at which the KCC runs its first replicationtopology after the DC starts

Modify the interval at which the KCC checks the replicationtopology (after it has run the first time)

Modify the holdback timer that determines the intervalbetween the time a change is made and the time that thesource server notifies its replication partners within a site

Modify the default delay between notifications to all thereplication partners of a DC

Set a DC not to contact the PDC emulator if the PDCemulator role owner is not in the current site


12/16

Get Replication Latency Information

Get Pending operations on DC ( Queue Length )

Check Replication Status

Back up Active Directory

Perform an online defragmentation of the Ntds.dit database

Perform an offline defragmentation of the Ntds.dit database

Move the Ntds.dit file to a new location

Move the directory service log files to a new location

Perform a soft recovery of the database

Specify the location of the Ntds.dit fileSpecify the location of the log files

Specify the Active Directory working directory

Restore Database/Subtree of database

Perform semantic database analysis

Designate a DC as a Global Catalog

Force the directory service to do garbage collection

Specify the directory service garbage collection period

Update the Schema cache on demand

Force the directory service to check stale phantom objects

Reanimate Tombstones

Adjust ANR searching behavior

Put the directory in the special List Object mode

Specify which SPN types are mapped to host

Modify the level of detail logged for Security Events

Modify the thresholds that make the KCC exclude non-responding servers when it recognizes that a DC has failedor is unresponsive

Perform an Non-Authoritative restore of Active Directoryfrom Backup Media

Perform an Authoritative restore of Active Directory fromBackup Media

Force the directory service to recalculate the ExchangeAddress Book information hierarchy

Force directory service to recompute ACL inheritance on a

naming context

Force the directory service to immediately refresh the groupcache by contacting an available GC

Force the directory service to remove lingering objects froma Domain Controller

Force the directory service to perform an online defrag on aDomain Controller

Specify the default amount of time a dynamic object willexist in the directory

Specify the minimum amount of time a dynamic object will

exist in the directorySpecify the delay between deleting a server object and itbeing permanently removed from the replication topology

Specify the number of days before a deleted object isremoved from the directory (tombstone lifetime)

Restrict anonymous operations (other than rootDSEsearches and binds) through LDAP

Control the behavior of the userPasswordattribute

Increase the level of detail logged by the KCC in the event


13/16

Modify the level of detail logged by directory access events

Modify the level of detail logged by directory service events

Modify the level of detail logged by events related to LDAP

Designate a DC as a Global Catalog

Modify the default Domain Controller Group Policy

Modify the default Domain PolicyCreate a new Active Directoryintegrated zone

Delete an Active Directoryintegrated zone

Write Active Directoryintegrated zone parametersWrite the RootHints (stored in Active Directory)

Create a new name in the Active Directoryintegrated zone

Write the records in the Active Directoryintegrated zone

Create an Organizational Unit

Delete an Organizational Unit

Rename an Organizational Unit

Move an Organizational Unit

Modify Description of an Organizational Unit

Modify Street of an Organizational Unit

Modify City/Province an Organizational Unit

Modify State of an Organizational Unit

Modify Zip/Postal Code of an Organizational Unit

Modify Country/Region of an Organizational Unit

Modify Managed-By Information of an OU

Modify the Group Policy applied to an Organizational Unit

Delegate Control of an Organizational Unit

Create a group

Delete a group

Move a group

Rename a group

Modify the description of a group

Modify the level of detail logged by events related tocommunication between Active Directory and Exchangeclients

Modify the level of detail logged when objects marked fordeletion are actually deleted

Modify the level of detail logged by directory service

Modify the level of detail logged by internal operation ofdirectory service code

Modify the level of detail logged by events related to loadingand unloading the NTDS performance object andperformance counters

Modify the level of detail logged by events related to startingand stopping the directory service

Modify the level of detail logged by the events related toaddress resolution and Active Directory names

Modify the level of detail logged by the events related to thebackup of Active Directory

Modify the level of detail logged by events related to runningthe Active Directory Installation wizard

Modify the level of detail logged by events related to theGlobal Catalog

Modify the level of detail logged by events the Inter-sitemessaging service

Change the COM+ partition set that an Organizational Unitis a member of

group


14/16

Modify the e-mail address for a group

Modify the scope of the group

Modify the type of the group

Modify notes for a group

Modify group membership

Specify Managed-By Information of a Group

Create a computer account

Delete a computer account

Rename a computer account

Move a computer account

Disable a computer account

Reset a computer account

Add a computer account to a group

Set a computers DNS name

Specify a computers role

Specify the computers description

Specify the computers location

Specify Managed-By information for a computer account

Specify the Operating System running on a computer

Specify the Operating System Service Pack for a computer

Specify the Operating System Version for the Computer

Specify a computers physical location

Specify that a computer account be trusted for delegation

Specify Use Kerberos Only

Specify Use any authentication protocol

Create a user account in disabled state

Create a user account

Delete a user account

Rename a user account

Move a user account

Disable a user account

Unlock a user account

Enable a disabled user account

Reset a user accounts password

Modify a users first name

Modify a users initials

Modify a users last name

Modify a users display name

Modify a user accounts description

Modify a users office location

Modify a users telephone number

Modify the location of a users primary web page

Modify a users e-mail address

Modify a users street address

Modify a users P.O box

Modify a users city/province

Modify a users state

Modify a users zip/postal code

computer

Specify whether a computer account can be trusted fordelegation to any service (Kerberos only)

Specify that a computer account be trusted for delegation tospecific services only

Add/Remove the services to which a computer account canbe present delegated credentials

logon


15/16

Modify a users country/region

Modify a users UPN

Modify a users Pre-Windows 2000 user logon name

Modify the hours during which a user can log on

Specify the computers from which a user can log on


Specify the date when a user account expires

Specify a profile path for a userSpecify a logon script for a user

Specify a users home folder local path

Specify the home folder to connect to for a user account

Specify a users home telephone number

Specify the users other Home Telephone numbers

Specify a users pager number

Specify other pager numbers for a user

Specify a users mobile number

Specify other mobile numbers for a user

Specify a users facsimile number

Specify other facsimile numbers for a user

Specify a users IP phone number

Specify other IP phone numbers for a user

Modify notes for a user account

Specify a users title

Specify a users department

Specify a users manager

View certificates issued to a user

Add certificates from store for a user

Add certificates from file for a user

Remove a certificate for a userCopy a users certificate to a file

Add a user account to a group

Remove the user from a group

Create a user account in disabled state

Create a user account

Delete a user account

Rename a user account

Move a user account


Unlock a user account

Enable a disabled user accountReset a user accounts password

Set User cannot change passwordfor a user account

Set Password Never Expires for a user account

Set Store Password Using Reversible Encryption for a useraccount

Set Smart card is required for interactive logon for a useraccount

Set Account is sensitive and cannot be delegatedfor a useraccount

Set Use DES encryption types for this accountfor a useraccount

Set Do not require Kerberos pre-authentication for a useraccount

Specify the drive letter to which to map the UNC pathspecified by the home directory for a user account

user

logon


16/16

Modify a users first name

Modify a users initials

Modify a users last name

Modify a users display name

Modify a user accounts description

Modify a users office location

Modify a users telephone number

Modify the location of a users primary web page

Modify a users e-mail address

Modify a users street address

Modify a users P.O box

Modify a users city/province

Modify a users state

Modify a users zip/postal code

Modify a users country/region

Modify a users UPN

Modify a users Pre-Windows 2000 user logon name

Modify the hours during which a user can log on

Specify the computers from which a user can log on

Create a print-queue

Delete a print-queue

Rename a print-queue

Move a print-queue

Specify the display name of an attached printer

Specify the server name for a print server

Create a service-specific container in the System container

Publish service-related objects in the System containerCreate a connection-point object

Specify service-specific binding information for a service

Specify an application or other vendor name

Specify a general purpose version number for a service

Create a service-specific container in the System container

Edit a Group Policy object

Modify security on a Group Policy object

Link a GPO to an OU, domain, or site.

Specify the Pre-Windows 2000 compatible server name forprint servers

on

Specify the string name of the service that an administrationpoint represents

Specify the type of DNS Record that an application wouldlookup for a service

serviceservice

Perform Group Policy Modeling analysis for objects in adomain or OU

Perform Group Policy Results analysis for objects in adomain or OU

AD Explict tasks

Documents