8/7/2019 AD Explict tasks
1/16
Service Managemen Task
Schema management task
Installation managementtask
Operation Master rolemanagement task
LDAP Policy managementtask
8/7/2019 AD Explict tasks
2/16
Trust management task
Replication management
Task
8/7/2019 AD Explict tasks
3/16
8/7/2019 AD Explict tasks
4/16
Backup/Restore
Management task
Directory Database FileManangement task
Directory ServiceConfiguration Management
Tasks
8/7/2019 AD Explict tasks
5/16
DNS Management Tasks
Data Management
Group Management Tasks
Security Policy ManagementTasks
Organizational Unit (OU)Management Tasks
8/7/2019 AD Explict tasks
6/16
Computer Management
Tasks
User Account ManagementTasks
8/7/2019 AD Explict tasks
7/16
8/7/2019 AD Explict tasks
8/16
Print Queue ManagementTasks
Service Connection PointsManagement Tasks
Group Policy ManagementTasks
8/7/2019 AD Explict tasks
9/16
Sub-TaskCreate the first domain in a new tree in a new/existing forest
Create a child domain in an existing domain tree
Create a replica (additional Domain Controller)
Remove a replica
Demote the last Domain Controller in a child domain
Demote the last Domain Controller in a tree-root domain
Demote the last Domain Controller in a forest
Designate a Domain Controller as a Global Catalog
Undesignate a Domain Controller as a Global Catalog
Raise Forest Functionality Level
Raise Domain Functionality Level
Migrate SID-History
Create the first domain in a new tree in a new/existing forest
Create a child domain in an existing domain tree
Create a replica (additional Domain Controller)Enable Schema modification on a DC in the enterprise
Change the current Schema Master
Add a Class definition in the Schema
Add an Attribute definition in the Schema
Modify a Class definition in the Schema
Modify an Attribute definition in the Schema
Update the Schema cache on demand
Deactivate a Schema Class object /
Resurrect a deactivated Schema Class object
Deactivate an Attribute Class object /
Resurrect a deactivated Schema Attribute object
Make an attribute indexedAdd attributes to the ANR Set
Transfer the Schema Master Role
Transfer the Domain Naming Master Role
Transfer the RID Master Role
Transfer the PDC Emulator Master Role
Transfer the Infrastructure Master Role
Seize the Schema Master Role
Seize the Domain Naming Master Role
Seize the RID Master Role
Seize the PDC Emulator Master Role
Seize the Infrastructure Master Role
Configure the server to require all LDAP traffic to be signed
Create a new Query Policy object
Designate an attribute as a member of the partial attribute-set that is replicated to the Global Catalog
Remove an attribute from the partial attribute-set that isreplicated to the Global Catalog
Modify the LDAP admin limits associated with a query policyobject
Affect the LDAP query policies associated with a specific
Affect the LDAP query policies associated with all domaincontrollers in a site
8/7/2019 AD Explict tasks
10/16
Create a shortcut (cross-link) trust relationship
Create an external trust relationship
Create a non-Windows Kerberos realm trust relationship
Create an Outbound Forest TrustCreate an Inbound Forest Trust
Delete a shortcut (cross-link) trust relationship
Delete an external trust relationship
Delete a non-Windows Kerberos realm trust relationship
Delete a forest trust
Verify that a trust is working properly
Change the direction of a trust
Enable Name Suffix Routing (for a given suffix) in a forest
Disable Name Suffix Routing (for a given suffix) in a forest
Reset the trust passwords shared by a trust-pairForce the removal of a trust
Enable/Disable SID History on an outbound forest trust
Enable/Disable SID Filtering
Add/remove top-level names from a realm trust
Add/remove top-level name exclusions from a realm trust
Modify the transitivity of a realm-trust
Create a Site / Add a Site
Specify the location of a Site
Associate a Group Policy with a Site
Specify the maximum time (in seconds) that the server waitsfor the initial request before the connection closes
Specify the maximum number of concurrent LDAPconnections allowed on the server
Specify the maximum amount of time (in seconds) that theclient is allowed to be idle before the connection is closed
Specify the maximum number of concurrent search
operations allowed on the serverSpecify the maximum number of concurrent notificationrequests allowed per connection on the server
Specify the maximum number of objects the server willreturn to any single search request
Specify the maximum elapsed time (in seconds) allowed fora query to complete
Specify the limit (in candidate objects) of the temporarydatabase table the server might create for intermediateresults during the course of query
Specify the total amount of intermediate data that the serverwill store for the client between the individual searches that
make up a paged result search (in order to speed up thenext leg of the search)
Specify the maximum number of threads per processor thatcan be simultaneously allocated to answer LDAP requests
Specify the maximum size of datagrams that can bereceived by the server
Specify the maximum sized LDAP request (in bytes) that theserver will attempt to process
Add/Remove an exception to a name suffix for a givenforest trust
Enable Selective Authentication on an outboundforest/external trust
Enable/Disable placing of Name Suffix (Top Level Names)information on a realm trust
8/7/2019 AD Explict tasks
11/16
Modify Site Group Policy Options
Disable automatic topology generation for a site
Disable automatic topology cleanup for a site
Disable minimum hops topology for a site
Disable automatic stale server detection for a site
Disable automatic inter-site topology generation for a site
Disable Inbound Replication on a DC
Disable Outbound Replication on a DC
Delete a Site
Create a Subnet / Add a Subnet
Specify the location of a Subnet
Associate a Subnet with a Site
Delete a Subnet
Create a Site Link
Add/Remove sites to/from a Site Link
Modify the cost associated with a site link
Modify the replication schedule for a site linkDelete a Site Link
Create a Site Link bridge (object)
Add/Remove sites to/from a Site Link Bridge
Delete a Site Link bridge (object)
Create a Connection (object)
Take ownership of a KCC-generated connection objectManually set a schedule for connection objects
Enable/disable data compression for intersite replication
Delete a Connection (object)
Designate / Remove a preferred bridgehead server
Replace a failed Preferred Bridgehead Server
Specify a fixed-port for RPC-based replication
Force Replication Topology Generation
Force replication between two servers
Force a synchronization between two servers
Modify the replication period associated with a site link /Control link availability
Create a single bridge for the entire network / Turn off theBridge all site links option for IP/SMTP transport
Enable Reciprocal Replication between sites (only for IPtransport links)
Enable Change Notification between sites (only for IPtransport links)
Change the default setting for the intra-site replicationschedule within a site
Adjust default size of packets that transport Active Directoryreplication data
Increase the level of detail logged by the KCC in the event
Modify the interval at which the KCC runs its first replicationtopology after the DC starts
Modify the interval at which the KCC checks the replicationtopology (after it has run the first time)
Modify the holdback timer that determines the intervalbetween the time a change is made and the time that thesource server notifies its replication partners within a site
Modify the default delay between notifications to all thereplication partners of a DC
Set a DC not to contact the PDC emulator if the PDCemulator role owner is not in the current site
8/7/2019 AD Explict tasks
12/16
Get Replication Latency Information
Get Pending operations on DC ( Queue Length )
Check Replication Status
Back up Active Directory
Perform an online defragmentation of the Ntds.dit database
Perform an offline defragmentation of the Ntds.dit database
Move the Ntds.dit file to a new location
Move the directory service log files to a new location
Perform a soft recovery of the database
Specify the location of the Ntds.dit fileSpecify the location of the log files
Specify the Active Directory working directory
Restore Database/Subtree of database
Perform semantic database analysis
Designate a DC as a Global Catalog
Force the directory service to do garbage collection
Specify the directory service garbage collection period
Update the Schema cache on demand
Force the directory service to check stale phantom objects
Reanimate Tombstones
Adjust ANR searching behavior
Put the directory in the special List Object mode
Specify which SPN types are mapped to host
Modify the level of detail logged for Security Events
Modify the thresholds that make the KCC exclude non-responding servers when it recognizes that a DC has failedor is unresponsive
Perform an Non-Authoritative restore of Active Directoryfrom Backup Media
Perform an Authoritative restore of Active Directory fromBackup Media
Force the directory service to recalculate the ExchangeAddress Book information hierarchy
Force directory service to recompute ACL inheritance on a
naming context
Force the directory service to immediately refresh the groupcache by contacting an available GC
Force the directory service to remove lingering objects froma Domain Controller
Force the directory service to perform an online defrag on aDomain Controller
Specify the default amount of time a dynamic object willexist in the directory
Specify the minimum amount of time a dynamic object will
exist in the directorySpecify the delay between deleting a server object and itbeing permanently removed from the replication topology
Specify the number of days before a deleted object isremoved from the directory (tombstone lifetime)
Restrict anonymous operations (other than rootDSEsearches and binds) through LDAP
Control the behavior of the userPasswordattribute
Increase the level of detail logged by the KCC in the event
8/7/2019 AD Explict tasks
13/16
Modify the level of detail logged by directory access events
Modify the level of detail logged by directory service events
Modify the level of detail logged by events related to LDAP
Designate a DC as a Global Catalog
Modify the default Domain Controller Group Policy
Modify the default Domain PolicyCreate a new Active Directoryintegrated zone
Delete an Active Directoryintegrated zone
Write Active Directoryintegrated zone parametersWrite the RootHints (stored in Active Directory)
Create a new name in the Active Directoryintegrated zone
Write the records in the Active Directoryintegrated zone
Create an Organizational Unit
Delete an Organizational Unit
Rename an Organizational Unit
Move an Organizational Unit
Modify Description of an Organizational Unit
Modify Street of an Organizational Unit
Modify City/Province an Organizational Unit
Modify State of an Organizational Unit
Modify Zip/Postal Code of an Organizational Unit
Modify Country/Region of an Organizational Unit
Modify Managed-By Information of an OU
Modify the Group Policy applied to an Organizational Unit
Delegate Control of an Organizational Unit
Create a group
Delete a group
Move a group
Rename a group
Modify the description of a group
Modify the level of detail logged by events related tocommunication between Active Directory and Exchangeclients
Modify the level of detail logged when objects marked fordeletion are actually deleted
Modify the level of detail logged by directory service
Modify the level of detail logged by internal operation ofdirectory service code
Modify the level of detail logged by events related to loadingand unloading the NTDS performance object andperformance counters
Modify the level of detail logged by events related to startingand stopping the directory service
Modify the level of detail logged by the events related toaddress resolution and Active Directory names
Modify the level of detail logged by the events related to thebackup of Active Directory
Modify the level of detail logged by events related to runningthe Active Directory Installation wizard
Modify the level of detail logged by events related to theGlobal Catalog
Modify the level of detail logged by events the Inter-sitemessaging service
Change the COM+ partition set that an Organizational Unitis a member of
group
8/7/2019 AD Explict tasks
14/16
Modify the e-mail address for a group
Modify the scope of the group
Modify the type of the group
Modify notes for a group
Modify group membership
Specify Managed-By Information of a Group
Create a computer account
Delete a computer account
Rename a computer account
Move a computer account
Disable a computer account
Reset a computer account
Add a computer account to a group
Set a computers DNS name
Specify a computers role
Specify the computers description
Specify the computers location
Specify Managed-By information for a computer account
Specify the Operating System running on a computer
Specify the Operating System Service Pack for a computer
Specify the Operating System Version for the Computer
Specify a computers physical location
Specify that a computer account be trusted for delegation
Specify Use Kerberos Only
Specify Use any authentication protocol
Create a user account in disabled state
Create a user account
Delete a user account
Rename a user account
Move a user account
Disable a user account
Unlock a user account
Enable a disabled user account
Reset a user accounts password
Modify a users first name
Modify a users initials
Modify a users last name
Modify a users display name
Modify a user accounts description
Modify a users office location
Modify a users telephone number
Modify the location of a users primary web page
Modify a users e-mail address
Modify a users street address
Modify a users P.O box
Modify a users city/province
Modify a users state
Modify a users zip/postal code
computer
Specify whether a computer account can be trusted fordelegation to any service (Kerberos only)
Specify that a computer account be trusted for delegation tospecific services only
Add/Remove the services to which a computer account canbe present delegated credentials
logon
8/7/2019 AD Explict tasks
15/16
Modify a users country/region
Modify a users UPN
Modify a users Pre-Windows 2000 user logon name
Modify the hours during which a user can log on
Specify the computers from which a user can log on
Disable a user account
Specify the date when a user account expires
Specify a profile path for a userSpecify a logon script for a user
Specify a users home folder local path
Specify the home folder to connect to for a user account
Specify a users home telephone number
Specify the users other Home Telephone numbers
Specify a users pager number
Specify other pager numbers for a user
Specify a users mobile number
Specify other mobile numbers for a user
Specify a users facsimile number
Specify other facsimile numbers for a user
Specify a users IP phone number
Specify other IP phone numbers for a user
Modify notes for a user account
Specify a users title
Specify a users department
Specify a users manager
View certificates issued to a user
Add certificates from store for a user
Add certificates from file for a user
Remove a certificate for a userCopy a users certificate to a file
Add a user account to a group
Remove the user from a group
Create a user account in disabled state
Create a user account
Delete a user account
Rename a user account
Move a user account
Disable a user account
Unlock a user account
Enable a disabled user accountReset a user accounts password
Set User cannot change passwordfor a user account
Set Password Never Expires for a user account
Set Store Password Using Reversible Encryption for a useraccount
Set Smart card is required for interactive logon for a useraccount
Set Account is sensitive and cannot be delegatedfor a useraccount
Set Use DES encryption types for this accountfor a useraccount
Set Do not require Kerberos pre-authentication for a useraccount
Specify the drive letter to which to map the UNC pathspecified by the home directory for a user account
user
logon
8/7/2019 AD Explict tasks
16/16
Modify a users first name
Modify a users initials
Modify a users last name
Modify a users display name
Modify a user accounts description
Modify a users office location
Modify a users telephone number
Modify the location of a users primary web page
Modify a users e-mail address
Modify a users street address
Modify a users P.O box
Modify a users city/province
Modify a users state
Modify a users zip/postal code
Modify a users country/region
Modify a users UPN
Modify a users Pre-Windows 2000 user logon name
Modify the hours during which a user can log on
Specify the computers from which a user can log on
Create a print-queue
Delete a print-queue
Rename a print-queue
Move a print-queue
Specify the display name of an attached printer
Specify the server name for a print server
Create a service-specific container in the System container
Publish service-related objects in the System containerCreate a connection-point object
Specify service-specific binding information for a service
Specify an application or other vendor name
Specify a general purpose version number for a service
Create a service-specific container in the System container
Edit a Group Policy object
Modify security on a Group Policy object
Link a GPO to an OU, domain, or site.
Specify the Pre-Windows 2000 compatible server name forprint servers
on
Specify the string name of the service that an administrationpoint represents
Specify the type of DNS Record that an application wouldlookup for a service
serviceservice
Perform Group Policy Modeling analysis for objects in adomain or OU
Perform Group Policy Results analysis for objects in adomain or OU