Upgrading and Repairing Networks

Finding Objects in the Active Directory

If you've gotten this far into this chapter without falling asleep, it's time to put your knowledge to work. That is to say, it's time to get practical and look at a few things you can accomplish using the Active Directory.

When viewing the property pages for a user account in the directory, you see that you can add much more information than was possible before. There are eight tabs on the properties page for a user object.

If you select each tab and look at the different fields, you can see that the user object now contains a wealth of information that can be quickly accessed by searching the directory, including the following:

• Who Is This User? The user's full name, the user's logon name, and a description of the user. The user's title, department, company, manager, and reporting information.

• Address The office in which the user can be found, the user's address.

• Telephone Phone numbers, fax numbers, pagers, mobile phone, IP phone, email addresses, and home page URLs.

• Logon Which servers the user can log on to, during which hours, password information, and expiration and account information. The user's profile, logon path, and home directory.

• Dial-In Whether this user can log on using remote access, and from where. Callback options and addressing information.

• Groups User groups to which this user belongs.

The main benefit of having this information available in the directory might not become apparent at first. Most of this information could have been found in the old User Manager utility, in the Remote Access Administration utility, or in the human resources department. But now it all can be centrally located in a global, searchable directory. With the proper rights and permissions, the administrator or user can search the directory for any of the attributes associated with users. And because the Active Directory schema can be extended, you can add additional attributes that contain information specific to your business.

Finding a User Account

For example, instead of being limited to queries such as "Show me everything about user John Doe," you now can execute queries such as "Show me all users that work in the accounting department in Florida" or "Show me all users who work in the accounting department in Florida that are in the Administrators group and have dial-in access."

If you look at the total number of attributes associated with the user object, it's quite large. For example, suppose you want to "find" a user in the Active Directory. It's a simple thing to do by using the Active Directory Users and Computers MMC Snap-In in the Administrative Tools Folder. For example:

1.	Click Start, Administrative Tools, and then click Active Directory Users and Computers.
2.	In the left pane of the MMC console, highlight the domain you want to search and select Find. In Figure 30.12, you can see the Find Users, Contacts, and Groups dialog box that is used to search the directory for these sorts of objects. Figure 30.12. You can easily search the entire directory for a user or user group using this dialog box. [View full size image]
3.	To find a user, simply enter the name or a description. If you want to narrow the search, use the In field. Here, you can select to perform the search throughout the entire directory, or a specific container object, such as a domain. Then, simply click the Find Now button.

If that all seems too simple, it is. This simple search function on the User, Contacts, and Groups tab enables you to perform a search by specifying just a little information.

Even though we've invoked the "find" dialog box in the Active Directory Users and Computers tool, you still can search for other objects in the directory. After we finish going over how to search for a user object, we'll use a similar dialog box, for example, to search for a printer. As you can see, other objects you can search for include the following:

• Users, contacts, and groups

• Computers

• Printers

• Shared folders

• Organizational units

• Custom search

The next field (named In) is also a drop-down menu, which enables you to further specify the container object, such as a domain, that you want to search. If you already know in what domain a user account exists, narrowing the search using this field will save time. Finally, when you've entered a user's name, and/or a description, and narrowed the search to the container object in which you want to look, click the Find Now button.

However, to show you the power of the search capability in the Active Directory, let's use the Advanced tab. In Figure 30.13, you can see the same dialog box, with the Advanced tab selected. Here, the Field drop-down menu enables you to refine your search criteria to a user, a group, or a contact.

Figure 30.13. The Field menu enables you to search for a user, group, or contact using the Advanced tab.

[View full size image]

Notice in Figure 30.13, however, that when you click on User in the Field menu, a whole range of attributes is displayed that you can use to specify the search criteria. The number of attributes is so large that it won't fit on my computer screen, so there's a down arrow at the bottom that can be used to select even more attributes. There are actually more than 60 attributes you can use to specify search criteria, from the simple username, telephone number (and mobile telephone number), to the Web page address for a user or the manager of the user. Of course, the search will succeed only if you actually use these fields when you create user accounts. You don't have to fill in every attribute when you create a new user. However, the more information you store in the directory about a user, the easier it's going to be to locate that user when you have only a little information to go on.

After you specify an attribute, you can enter a value that will be used for the search in the Value field. Use the Condition field to specify how this value will be evaluated in the search. These are the conditions you can set for this attribute's value in the search:

• Starts with

• Ends with

• Is (exactly)

• Is not

• Present

• Not present

As you add search criteria (an attribute, a selection condition, and a value to use for comparison in the search), they appear in the pane at the bottom of the dialog box.

After you have specified values for the attributes to be used for the advanced search, click the Find Now button. Next the dialog box expands to add another pane, which displays the results of the search.

One or more entries can show up in the results pane, depending on the search conditions you used. To view the detailed attributes for objects in the results pane, simply double-click an entry and a property sheet appears for the object.

Finding a Printer in the Active Directory

The directory doesn't just contain information about users; it holds information about many resource types in the network. An object that represents a printer resource might contain the name of the printer, the type of hardware associated with it, and its location. With directory services you do not even have to know the name of a printer. You can execute a query such as "Show me all printers located on the third floor of the accounting department in the Florida office," and then pick the printer you want to use, based on the information returned from the query.

For example, in a Windows Server 2003 network that has the Active Directory enabled, you'll find that there's a button (Find) on the Print dialog box that wasn't there in previous versions of Windows NT. This button first appeared in Windows 2000.

When you click Find Printer, a dialog box similar to the one used to search for users pops up. This should be an indication to you that the Active Directory is tightly integrated into the Windows 2000 Server and Server 2003 operating systems.

At the top of this dialog box, use the In drop-down menu to narrow your search. For example, you can use the default to search the entire directory, or you can use this menu to specify a particular domain or other container object.

There are three tabs on the Find Printers dialog box that you can use for a search:

• Printers If you know the name, location, or model of the printer you want to find, you can specify it on this tab and click Find Now.

• Features This tab enables you to specify attributes the printer must have, such as whether it can print double-sided (duplex printing) or whether it is a color printer. You also can select the resolution, the printer speed, and whether the printer can staple the document after it's printed, among other features, depending on the capabilities of the particular printer.

• Advanced This tab works in the same way that the Find Users dialog box worked. You can use the Field drop-down menu to specify any of the attributes associated with the Printer object, and then specify a condition and a value to be used for the search.

After you've specified the search criteria using any of these tabs, click the Find Now button and you'll get a listing of the printers that match your search. You then can select which printer to use.

After you've found the printer you want to use, it's a simple matter to make a connection to the printer. In the search Results pane, just right-click on the printer and select Connect. Or, if you're in a real hurry, just double-click on the printer in the Results pane.

The Active Directory is accessible from within many other applications in Windows 2000. You can search for file shares and objects that you create yourself. The important thing to remember about the Active Directory is that, after you begin to use it in your network, it is not something to be taken lightly. Use caution when making modifications to the directory.

Using Start/Search

In the previous examples, we searched for users by using an Administrative Toolthe Active Directory Users and Computers Snap-In. To search for a printer, we used the Find Printer button on the print dialog box. However, there is a simpler way to find almost anything in the directory, provided that your logon account has the necessary access permissions to locate the object. Simply click Start and then Search.

The Search function in Windows 2000 Server and Professional is found from the Windows Start menu and allows you to

• Search for files or folders

• Search the Internet

• Search for printers

• Search using Microsoft Outlook

• Search for people

If you use the For Printers or the For People options in the menu, you'll get dialog boxes similar to the ones used in the examples earlier in this chapter.

Thus, the Active Directory is not just a tool that can be used by administrative personnel to administer the network, but it also is something that can be used by everyday users to locate objects or information they need to perform their jobs.